From a security point-of-view, the core idea is that instead of trusting a single cloud service provider (CSO) you just have to trust that some (chosen) number of CSPs do not collaborate against you or that the same number of providers are not compromised or subpoenaed simultaneously. We call this threshold trust.
The way threshold trust works is that an instance of the Sepior Key Server will be running on multiple servers provided by different CSPs (e.g. AWS, Rackspace, Google, etc.). If desired these can also be in different jurisdictions (EU, US, etc.).
As an example assume that the number of CSPs you think are needed before collusion is unrealistic (called the trust threshold) is 2. Assume further for high-availability, you believe that no more than 1 out of 3 CSPs will have outages simultaneously. In threshold trust we would denote this as a 2/3 setup. As long as no two servers are compromised the confidentiality of system is intact, and as long as no more than one server is down the system is available.
Our protocols are designed to work for any T/N setup as long as 1 ≤ T ≤ N. In practice a realistic configuration may be an 8/10 setup, and Sepior KMaaS may scale to a setup as large as 97/100 with further optimization using tailored algorithms (such a setup would be extreme and it may not be a best practice to expect 97 servers to be available at all times).
In other words, if you use an 8/10 setup, the two core threat actors against the system are mitigated as follows:
● A malicious insider at 1 CSP must work together with insiders at 7 CSPs.
● The outside attacker must compromise 8 different CSPs.
With respect to availability, even if two of the 10 CSPs running key servers are down, the system will still work.