Hello,
In the CCSK self-paced training I ran into, what seems like a contradictory statement. When talking about externally managed encryption for encrypting the whole volume storage, it says to store the key separately from the encryption engine. But in Unit 5 Encrypting PaaS, as it talks about encryption in the application layer, it says the key is integrated into the encryption server/service where the encryption engine is.
Why is the key stored away from the encryption engine in the IaaS model but with the encryption engine in the PaaS & SaaS model?
------------------------------
Jenna Morrison
Training Department Intern
Cloud Security Alliance
------------------------------