Deploying cryptographic keys on vulnerable end points such as mobile phones is risky. This presentation proposes a Cryptography as a Service (CaaS) model which allows operations to be performed without exposing cryptographic keys and recommends how to overcome the many pitfalls associated with this technology. How CaaS can be used to secure data in flight, data at rest in the Public Cloud and data at rest on the phone are reviewed.