Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
mhummerstone
Viewer
‎03-06-2018 04:41 PM
‎03-06-2018 04:41 PM

Encryption on multi-tenant platforms - regulation?

Hi there.

 

I have a query regarding standards and regulations.

 

I have a scenario where data for a service provider will be housed on a private cloud and this needs to be encrypted. One solution considered will only issue one key per service provider so the data for all clients under that service provider will be encrypted by the same key.

 

Is there a standard or regulation that specifies that sensitive data for all clients must be partitioned and encrypted using individual keys? Is so, what is the standard.

 

Thanks in advance.

Reply
0 Kudos
1 Reply
Deyan
Contributor I
‎03-07-2018 01:47 AM
‎03-07-2018 01:47 AM

Hey,

 

From experience - I'd say - no. I know HIPAA, PCI, and other country specific government enforced data protection frameworks but have never seen encryption at rest as a must for tenant segregation. This thing is usually contractually agreed - client->service provider, which means that each service provider would need to ensure that the private cloud they would use to store their clients' data has the capability to encrypt data at rest. When the service provider is given 1 key for their space though, they would further need to implement another layer of encryption in order to provide their clients with encryption at rest with different keys for each.

Reply
0 Kudos