Key escrow is frequently a necessary evil. Given that encrypted data cannot be decrypted if the key is lost or otherwise destroyed (in a process called data shredding), many entities opt to store and back up cryptographic keys—frequently offsite—to use at a later time, often as part of a disaster recovery or business continuity plan. Risks associated with key escrow are simple: making copies of keys and storing them in other locations increases the attack surface. A compromised, escrowed key is just as impactful as compromising the original copy. Key escrow systems may be online or offline. Like other elements of key management systems, they should be operated in secure enclaves and use HSMs for all key storage.