AWS Encryption

  • The data is plain to see and can be seen and understood by any recipient. There is no problem with that as long as the data is not sensitive in any way and doesn’t need to be restricted.
  • However, on the other hand, if you do have data that sensitive and you need to ensure the contents of this data are only viewable by a particular recipient or recipients. then you need to add a level of encryption to that data.

What is encryption?

  • Data encryption is a mechanism in which information is altered, rendering the plaintext data unreadable through the use of a mathematical algorithm and encryption keys.
  • When encrypted, the original plaintext data is now known as ciphertext which is unreadable. To decrypt the data, an encryption key is required to revert the ciphertext back into a readable format or plaintext.
  • A key is a string of characters; the longer the key, the more robust in the encryption
  • This encryption can be categorized as symmetric or asymmetric cryptography

Symmetric Cryptography

  • If the data was being read by a different person, that person would need to be issued the same key
  • If the key is intercepted during the transmission, any data associated cloud be easily decrypted
  • Some commonly used symmetric cryptography algorithms are AES (Advanced Encryption Standard), DES(Digital Encryption Standard), Triple DES (Triple Digital Encryption Standard), Blowfish

Asymmetric Cryptography

  • The private key should be kept by a single party and should never be shared
  • The public key can be shared with anyone without a secure transmission
  • Both keys are required to decrypt the data
  • Symmetric encryption is a lot faster from a performance perspective than asymmetric
  • Symmetric cryptography carries additional risk
  • Examples of asymmetric cryptography algorithms are RSA(Rivest-Shamir-Adleman), Diffie-Hellman, Digital Signature Algorithm

When should you use encryption?

  • When sensitive data is stored at rest should be encrypted
  • When your sensitive data is being moved, it should be done via a secure mechanism providing encryption in transit
  • If encryption in transit is not possible, the data should be encrypted prior to transmission
  • When you must adhere to specific compliance and legal controls to meet governing standards
Nadtakan Futhoem — Sr. Software Engineer

--

--

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store