Skip to main content
Woohoo! Qlik Community has won “Best in Class Community” in the 2024 Khoros Kudos awards!
Announcements
Nov. 20th, Qlik Insider - Lakehouses: Driving the Future of Data & AI - PICK A SESSION
Katie_Davis
Digital Support
Digital Support

Customer Managed Keys is a new security offering in Qlik Cloud.

This allows users to bring their own encryption keys (BYOK) to protect the data stored in their Qlik Cloud tenant, giving you complete control of the data encryption at rest.

What’s the big deal?

Customer Managed Keys can:

  • Help you meet additional Security and Compliance requirements
  • Allow for HIPAA & Protected Health Information (PHI) Data Use Cases
  • Provide further safeguards for Financial Data
  • Increase your organization’s trust/adoption of Qlik Cloud as you take steps to migrate on-premise platforms.

How to start using feature:

  1. You will need to have an AWS Account and AWS KMS Key available.
  2. A tenant admin can configure from the Qlik Cloud Management Console:
    • Qlik Cloud Management Console -> Configuration > Settings > Tenant encryption. There you will be able to Change the Key Provider.Katie_Davis_0-1667304755827.png
  3. Customer managed keys can only be used with new tenants that do not contain any data, apps, or content when you set up tenant encryption.
    • Therefore, it is strongly recommended that you configure encryption settings immediately after you create the tenant.
    • If you already have a tenant deployed and wish to utilize CMK, hold tight, that will be available soon!

Please note: Once your tenant is configured with CMK, if you disable or delete your CMK, tenant data cannot be decrypted using these keys and access to the data will be permanently lost. Once configured with Customer Managed Keys, if the Key is disabled, tenant data cannot be decrypted using the key. If a key is deleted, access to the data will be permanently lost.

 

Additional Resources:

 

6 Comments
Alastair_Ometis
Partner - Contributor III
Partner - Contributor III

Hi, 

 

This is great but we have a lot of customers who are Azure based and don't have any footprint in AWS at all.

Is encryption via Azure Key-Vault on the horizon?

 

1,745 Views
PaulPeterson
Employee
Employee

Good Morning  Al,  Customer Managed Keys via Azure's KMS is on the roadmap. We don't have a specific date for it yet, there are some other core capabilities we need to add before expanding vendor support.

The next release of this capability will add the ability to convert an existing tenant that has data in it, to a CMK. Whereas, currently, the tenant has to be a raw or empty tenant.  Along with that,  we will be adding public API support for CMK. The CMK UX will be updated greatly as well to allow for the conversion experience.

Paul

1,707 Views
mgranillo
Specialist
Specialist

@PaulPeterson is there a roadmap calendar or any update on when Azure KMS will be implemented? 

1,310 Views
mgranillo
Specialist
Specialist

@Katie_Davis Do you know if Azure KMS support is on the horizon? 

1,260 Views
PaulPeterson
Employee
Employee

@mgranillo  We do not have an updated date for Azure KMS. We are getting close to releasing the CMK 2 release I mention above. That has been the main focus for this set of Qlik's developers. Shortly after CMK 2 comes out we will have a smaller incremental capability that will add support for AWS Multi-Region Symmetric Keys in addition to the current Single Region Keys. 

 

Paul

1,224 Views
PaulPeterson
Employee
Employee

Good Morning Everyone, please see @RoccoP_Qlik's  Product Innovation Blog entry for CMK Release 2!  

Please also see @MarkGeurtsen's great Getting Started Guide for  "How to get started with the Amazon KMS connector and Qlik's Encryption API using Qlik Application Au..."  

 

Paul

931 Views