Concerns Over Data Storage Vendor Using Same Encryption Key for All Customers

The author is evaluating a PII storage vendor for their organization. The vendor uses AES-256 to encrypt storage volumes but is vague about the uniqueness of keys per customer or per volume. The author expresses concern about the possibility of multiple customers sharing the same key, thereby increasing the attack surface.