Zilliz, the company behind the popular open-source vector database Milvus, has announced a new feature on Zilliz Cloud called Customer-Managed Encryption Keys (CMEK). This update gives enterprises more control over their data security, especially for AI workloads that involve sensitive information. With CMEK, organizations can now manage their own encryption keys, ensuring data sovereignty and compliance with strict industry regulations.

Why CMEK Is a Game-Changer for Regulated Industries

Many industries like healthcare, finance, and government face strict rules about how they handle data. Standard encryption at rest protects data from unauthorized access, but it doesn’t always give organizations full control. CMEK changes that by allowing companies to retain ownership of their encryption keys. This means they can prove that no one, not even the cloud provider, can access their data without permission.

This is especially important for vector database deployments, where embeddings are created from highly sensitive assets like medical images or financial transactions. Regulations such as GDPR, HIPAA, PCI-DSS, and SOC 2 require organizations to demonstrate control over their encryption keys, not just the data itself. CMEK helps meet these demands by providing a clear separation of duties and enhanced security controls.

How CMEK Enhances Data Security and Compliance

With CMEK on Zilliz Cloud, organizations get several key benefits. First, it offers true segregation of duties, meaning Zilliz processes the data but never has access to the encryption keys. This setup reassures auditors and compliance teams that data access is tightly controlled. Second, the feature allows instant revocation of keys. If a key is disabled in AWS Key Management Service (KMS), all data protected by that key becomes immediately inaccessible without needing to coordinate with Zilliz or wait for manual intervention.

Additionally, the system logs every key access event in AWS CloudTrail. This creates a comprehensive audit trail that integrates with existing security monitoring tools. Setting up CMEK is straightforward and quick—users can configure it via the Zilliz Cloud console. Auto-generated IAM policies support seamless, zero-downtime key rotation, making ongoing security management easier.

Availability and Getting Started

The new CMEK feature is now generally available for dedicated clusters on the Zilliz Cloud Business-Critical plan, starting with AWS. Organizations interested in implementing this security layer can visit the Zilliz Cloud console to get started or contact the Zilliz team to discuss their specific deployment needs. This update aims to remove barriers for deploying AI at scale in highly regulated sectors, offering a stronger level of data protection and compliance assurance.

Overall, CMEK on Zilliz Cloud represents a significant step forward in enterprise data security for AI workloads. It provides organizations with the peace of mind that their most sensitive data remains under their control, supporting compliance and building trust in cloud-based AI solutions.

Inspired by

• https://ai-techpark.com/zilliz-cloud-launches-customer-managed-encryption-keys/