Hold Your Own Key (HYOK)
What is Hold Your Own Key (HYOK)?
Hold Your Own Key (HYOK)A key-management model where encryption keys never leave the customer's own HSM or key store; the cloud provider must call out to it to use the key.
HYOK is the strongest customer-controlled key model: the master key material remains entirely under the customer's control, typically in an on-premises HSM or a sovereign external key manager, and the cloud service performs cryptographic operations by calling back into that system. Unlike BYOK, the cloud provider never has the raw key inside its environment, so any access requires an authenticated, logged call to the customer. This is used for highly regulated data (financial, defense, healthcare, sovereign cloud) where the threat model includes the cloud provider itself or lawful access by foreign authorities. Trade-offs are higher latency, more operational complexity, and limited service coverage. Examples include external key stores such as AWS KMS XKS, Google Cloud EKM, and Salesforce Shield with Cache-Only Key Service.
● Examples
- 01
Google Cloud EKM with keys hosted by a third-party key manager.
- 02
AWS KMS External Key Store (XKS) fronted by a customer HSM.
● Frequently asked questions
What is Hold Your Own Key (HYOK)?
A key-management model where encryption keys never leave the customer's own HSM or key store; the cloud provider must call out to it to use the key. It belongs to the Cloud Security category of cybersecurity.
What does Hold Your Own Key (HYOK) mean?
A key-management model where encryption keys never leave the customer's own HSM or key store; the cloud provider must call out to it to use the key.
How do you defend against Hold Your Own Key (HYOK)?
Defences for Hold Your Own Key (HYOK) typically combine technical controls and operational practices, as detailed in the full definition above.
What are other names for Hold Your Own Key (HYOK)?
Common alternative names include: HYOK, External key management.