Encryption
Definition
Scrambling data so only authorized people can read it. Like writing in a secret code that only you and your friend know.
Use Cases
- Netflix: Protecting sensitive data stored in AWS (encryption at rest) and controlling access to encryption keys — Uses AWS KMS integrated with AWS services (such as storage and databases) to encrypt data at rest and enforce key access through IAM policies; keys can be rotated and audited via AWS logging services (Reduced risk of data exposure, improved access control and auditability for sensitive data, and stronger compliance posture for regulated workloads)
- Dropbox: Securing customer files stored in the cloud with encryption at rest — Encrypts stored content and manages encryption keys to ensure only authorized systems can decrypt data; encryption is applied to protect data if storage media is accessed without authorization (Improved protection of customer content and reduced impact of unauthorized access to underlying storage)
- Google: Encrypting customer data across Google Cloud infrastructure by default — Uses encryption at rest and in transit across services, with centralized key management (Cloud KMS and internal key management systems) and options for customer-managed keys in many services (Helps customers meet security and compliance requirements while reducing the operational burden of implementing encryption from scratch)
Provider Equivalents
- AWS: AWS Key Management Service (KMS)
- Azure: Azure Key Vault
- GCP: Cloud Key Management Service (Cloud KMS)
- OCI: OCI Vault
Frequently Asked Questions
- What's the difference between encryption and hashing?
- Encryption scrambles data in a way that can be reversed (decrypted) with the right key, so authorized people can read it again. Hashing turns data into a fixed-length fingerprint that is not meant to be reversed. Hashing is commonly used for password storage and integrity checks, while encryption is used to keep data confidential.
- When should I use encryption?
- Use encryption whenever data could be exposed to someone who shouldn’t see it—especially for sensitive data like payment details, personal information, health records, API keys, and backups. In cloud systems, common places to encrypt are: data in transit (TLS/HTTPS), data at rest (disks, object storage, databases), and sensitive fields inside an application (application-level or field-level encryption).
- How much does encryption cost?
- The encryption algorithms themselves are typically built into services and libraries, but costs often come from key management and operations. For example, managed key services may charge for active keys, API requests (encrypt/decrypt), and hardware-backed key options (HSM). You may also see small performance overhead (extra CPU) and operational costs for key rotation, access controls, and auditing.
Category: security
Difficulty: basic
Related Terms
See Also