Cryptographic keys for encrypted data stored in the cloud should be ______________.

The rationale behind the choice that cryptographic keys for encrypted data stored in the cloud should not be stored with the cloud provider revolves around security and control over sensitive data. When keys are stored separately from the encrypted data, it reduces the risk of unauthorized access. If cloud providers have access to the encryption keys, they may be able to decrypt the data, posing a significant security risk if the provider's systems are compromised or if there is a legal demand for access to that data.

By managing keys independently, organizations retain greater control over their own security measures, ensuring that only authorized personnel or systems have the ability to decrypt sensitive information. This practice aligns with the security principle of separation of duties, where access rights are restricted to minimize potential risks.

While key length and redundancy are important for ensuring the strength and reliability of cryptography, and splitting keys can be a method of distributing risk, the foundational aspect of control over keys lies in not relinquishing them to the same entity that stores the encrypted data. This choice emphasizes the importance of maintaining robust key management practices in cloud environments to safeguard data integrity and confidentiality.