This is about … .
- Keys should be rotated regularly.
- Keys should not be able to decrypt all the data.
- Keys should not be permamnently deleted at once by one person.
- Plan for a massive availability risk by ensuring master keys are durable in the face of hardware failure or other unexpected events that may destroy a single copy of it
- In case of a breack, remove access to master keys to protect the data encrypted under this master key