Zilliz has launched Customer-Managed Encryption Keys (CMEK) for its Zilliz Cloud platform, enabling enterprises to maintain exclusive control over the encryption keys securing their data.
This release targets organisations operating under regulatory frameworks such as General Data Protection Regulation (GDPR), Health Insurance Portability and Accountability Act (HIPAA), Payment Card Industry Data Security Standard (PCI-DSS), and System and Organization Controls 2 (SOC 2). These regulations require demonstrable separation between cloud databases and the cryptographic keys that protect sensitive data.
Go deeper with GlobalData
Access deeper industry intelligence
Experience unmatched clarity with a single platform that combines unique data, AI, and human expertise.
The CMEK capability on Zilliz Cloud establishes a model where customers retain ownership of encryption keys while Zilliz handles data processing without ever accessing those keys.
Enterprises can disable access to encrypted datasets immediately by revoking keys through AWS Key Management Service (KMS), without engaging the vendor in the process. All key interactions are auditable via integration with AWS CloudTrail, supporting compliance and security monitoring requirements, said Zilliz.
Zilliz founder and CEO Charles Xie said: “Security teams in regulated industries don’t just want encryption—they want proof that no one else, including their database vendor, can access their data.
“CMEK gives enterprises the strongest form of data sovereignty available in a managed service, removing one of the last barriers to deploying AI at scale in healthcare, financial services, and government.”
CMEK is now generally available for dedicated clusters on the Zilliz Cloud Business-Critical plan, initially launched with support for AWS.
The feature is intended for AI workloads that process sensitive assets, including customer records, medical images, and financial transactions. Embedding vectors in these contexts creates additional security concerns beyond standard encryption at rest.
Zilliz developed Milvus, an open-source vector database used to power large-scale AI applications in production.
Zilliz Cloud provides a managed environment for Milvus deployments, offering scalable vector search and hybrid retrieval with features designed to optimise latency and throughput for generative AI use cases such as semantic search and retrieval-augmented generation (RAG).
According to Zilliz, the addition of CMEK addresses industry demand for granular data sovereignty controls in managed cloud offerings. As AI becomes integrated into critical enterprise workflows, security architecture must accommodate requirements for exclusive tenant access to cryptographic keys and immediate revocation capabilities in event response scenarios.
Recently, Zilliz also released memsearch as an open-source project under the MIT licence. Memsearch is a library intended to provide persistent memory to AI agents across sessions.
Unlike typical implementations that abstract memory behind proprietary formats, memsearch stores agent state in plain-text files. These files are indexed by Milvus for semantic retrieval and can be edited or version-controlled by developers.
Last month, Zilliz extended its Bring Your Own Cloud (BYOC) deployment option to Microsoft Azure, joining existing support on AWS and Google Cloud Platform. This BYOC model allows enterprises to deploy fully managed vector databases within their own public cloud accounts, maintaining operational control and regulatory compliance without the overhead of self-hosting.
Based in Redwood Shores, California, Zilliz is backed by investors including Prosperity 7 Ventures from Aramco, Pavilion Capital from Temasek, Hillhouse Capital, 5Y Capital, Trustbridge Partners, and Yunqi Partners.
