Zilliz Cloud Launches Customer-Managed Encryption Keys for Enterprise Data Sovereignty

New CMEK capability gives regulated enterprises full control over encryption keys for AI-scale vector workloads

Zilliz, the company behind Milvus, the world’s most widely adopted open-source vector database, today announced the general availability of Customer-Managed Encryption Keys (CMEK) on Zilliz Cloud. The new capability allows enterprises to retain full ownership of their encryption keys, delivering true data sovereignty for AI workloads in regulated industries.

Catch more IT Insights: RAG vs Domain-Specific Language Models: Which Is Better for Enterprises?

As enterprises embed AI into mission-critical workflows, the sensitivity of the underlying data—customer records, medical images, financial transactions—demands security controls that go beyond standard encryption at rest. Regulatory frameworks such as GDPR, HIPAA, PCI-DSS, and SOC 2 increasingly require organizations to demonstrate exclusive control over their encryption keys, not just the data they protect. For vector database deployments—where embeddings are derived from highly sensitive assets—this requirement is especially acute.

“Security teams in regulated industries don’t just want encryption—they want proof that no one else, including their database vendor, can access their data. CMEK gives enterprises the strongest form of data sovereignty available in a managed service, removing one of the last barriers to deploying AI at scale in healthcare, financial services, and government,” said Charles Xie, Founder and CEO at Zilliz.

Why CMEK Matters for Enterprise AI

CMEK on Zilliz Cloud separates key ownership from data processing, ensuring that Zilliz never possesses or accesses customer encryption keys. Key benefits include:

Catch more IT Insights: Why Retail and E-commerce Leaders Are Investing in Domain-Specific Language Models

• True Segregation of Duties: Zilliz processes data while the customer retains exclusive control over encryption keys, creating the clean separation auditors and compliance teams require.
• Instant Revocability: Disabling a key in AWS KMS immediately renders all associated cluster data cryptographically inaccessible—no vendor coordination needed.
• Unified Audit Trails: Every key access event is logged in AWS CloudTrail, integrating directly with existing enterprise security monitoring infrastructure.

Write to us [⁠wasim.a@demandmediaagency.com] to learn more about our exclusive editorial packages and programmes.