BYOK in Zoho Connect

BYOK in Zoho Connect

Overview
Encryption is how Zoho Connect protects your data. Normally, Zoho creates and manages the encryption key for you. With Bring Your Own Encryption Key (BYOK), you create and control the key instead. Zoho Connect uses your key to lock and unlock your data, but only you own that key.
InfoThis is useful if your organization has strict security rules or compliance requirements that say you must manage your own encryption keys.
Notes
This feature is available in all paid plans and only in Intranet. To configure it, customers must purchase the BYOK add-on in Zoho Directory.

Who can use BYOK?

  • BYOK is available only on request through Zoho Connect support.
  • Only Super Admin and Network Admins can set up and manage encryption keys.


How encryption works in Zoho Connect

To understand BYOK, learn how Zoho Connect encrypts your data before storing it.
This encryption uses two keys:
  • DEK (Data Encryption Key)- Encrypts your actual data
  • KEK (Key Encryption Key)- Protects the DEK 

By default, Zoho Connect manages the KEK.
When you enable BYOK,
  • Zoho Connect stops using its own KEK.
  • Your private key replaces it and you control when and how data can be decrypted.
Nothing changes about how Zoho Connect encrypts data but only who controls the key changes.

What data is covered?

BYOK applies to encrypted data in Zoho Connect, including:
  • File uploads
  • Images
  • Signatures
  • Audio and video files
  • Form fields where Encrypt data is enabled
For more information on what data we cover, refer to this guide.


Steps to configure your encryption key

  1. Sign in to Zoho Connect.
  2. Click the gear icon from the right menu and select Settings.



  3. Under Zoho Directory & SSO, select BYOK.



  4. Click Go to Zoho Directory.



    You will be redirected to Zoho Directory, where encryption keys are managed.
 
Where your key is managed
Zoho Directory is used to manage encryption keys for Zoho Connect.
You can add your key using one of these supported Key Management Services:
  • Google Cloud Key Management Service
  • AWS Key Management Service
  • Thales CipherTrust Manager
  • Fortanix Data Security Manager
  • HSM
  • Futurex
Once redirected, Zoho Directory will guide you through adding, uploading, or managing your key.
Helpful related guides

Points to remember

  • Your key replaces Zoho Directory's default encryption key.
  • If you remove your key, Zoho Directory automatically switches back to its own encryption.
  • If you permanently delete your key (DEK), encrypted data cannot be recovered.
  • The data will still exist, but it will be unreadable without the key.
 We hope you find this guide useful! For any assistance, get in touch with us at support@zohoconnect.com. We're happy to help!