Back to Databricks Navigator

Governance Blueprint

Home / Technologies / Customer-Managed Keys (CMK)

Customer-Managed Keys (CMK)

Data ProtectionMedium Complexity📚 Medium

You control the encryption keys, not just the data

Decision Guide

✓

When to Use

→HIPAA BAA requires customer-controlled encryption
→Financial services regulations mandate key custody
→Enterprise security policy requires BYOK (Bring Your Own Key)
→Need the ability to 'crypto-shred' data by revoking keys
→Government or defense contracts with strict key management requirements

✗

When NOT to Use

→No regulatory requirement for key custody
→Small team without dedicated security operations

Controls Using This Technology

The following 1 controls use Customer-Managed Keys (CMK) for implementation:

Customer-Managed Encryption Keys (CMK)

Data Security • 4-8 hours

Need to Compare Options?

See how Customer-Managed Keys (CMK) compares to other access control approaches with our detailed comparison table.

Compare Technologies →

← Back to Technologies Browse Controls →