An improved method or security solution for securing cryptographic keys in a virtual machine RAM. A security solution is proposed to hide cryptographic keys in the cloud, without the necessity of any architectural modifications. The present solution requires the availability of a Trusted Platform Module (TPM) capable of creating and holding a protected public/private key pair. It lends itself to security-as-a-service scenarios where third parties perform encryption or decryption on behalf of data owners. This allows the present solution to be easily integrated and coupled with other existing cloud architectures. A decrypt-scatter or gather-decrypt solution which allows users to carry out encryption or decryption while protecting keys from unauthorized peeks by the cloud administrators is proposed.