Applying Encryption in Cloud Services

This set of flashcards covers key concepts related to encryption practices in cloud services, as discussed in the lecture.

What is encryption?

The process of converting plaintext into ciphertext to protect sensitive information.

What are the two types of encryption discussed?

Symmetric encryption and asymmetric encryption.

What is symmetric encryption?

Encryption method where the same key is used for both encryption and decryption.

What is asymmetric encryption?

Encryption method that uses two different keys, a public key for encryption and a private key for decryption.

What does KMS stand for in cloud services?

Key Management Service.

What is the purpose of Key Management Services (KMS)?

To generate, store, and manage encryption keys securely.

What is plaintext?

The original human-readable form of information before encryption.

What is ciphertext?

The non-human readable form of information that results from encryption.

What is an encryption key?

A string that, together with an encryption algorithm, can encode or decode ciphertext.

What is Advanced Encryption Standard (AES)?

A widely used symmetric encryption standard that supports various key sizes, commonly 256-bit.

What is an important security measure when dealing with encryption keys?

Regularly rotating encryption keys to mitigate the risk of exposure.

What is AWS KMS?

Amazon's key management service that allows users to create and control encryption keys.

How frequently should encryption keys be rotated according to best practices?

Every 365 days.

What is a Customer Master Key (CMK)?

A master key used in AWS KMS to encrypt and decrypt data encryption keys.

What is AWS Secrets Manager used for?

To manage and store sensitive data such as credentials and API keys securely.

What best practice involves separating privileges for accessing Azure Key Vault?

Using Azure Role-Based Access Control (RBAC) to configure minimal access.

What should you do to secure access to Google Cloud Secret Manager?

Use Google IAM and IAM roles to enforce minimal access to secrets.