Some cloud services are offering Bring Your Own Key (BYOK) options, where the user holds encryption keys for their own cloud data. Microsofts Key Vault is intended to be a single, audited, versioned, secure vault that integrates with Azure Active Directory for authentication. Google Compute Engine started offering a preview service for encrypting both data and compute with your own keys this summer. Amazon offers both soft key management and the much pricier (and slower to set up) Cloud HSM service for EC2 and S3 instances.”]
Source: https://www.csoonline.com/article/2986995/is-byok-the-key-to-secure-cloud-computing.html