9_Encrypting Data at Rest

Flashcards about data encryption at rest using AWS Key Management Service (KMS).

What is encryption?

The process of using a code (cipher) to turn readable data into unreadable data.

What is symmetric encryption?

Uses the same key to encrypt and decrypt data.

What is asymmetric encryption?

Uses a public key to encrypt and a private key to decrypt the data.

What is envelope encryption?

Encrypting the key used to encrypt your data.

What is client-side encryption(CSE)?

Your application encrypts data before sending it to AWS.

What is server-side encryption (SSE)?

AWS encrypts data on your behalf before writing it to disk.

What is AWS KMS?

A managed service that allows you to create and control keys for encrypting data.

What are cryptographic operations?

API calls that use AWS KMS keys to protect data (e.g., encrypt, decrypt, generate data key).

What is an AWS KMS key?

The primary resource in AWS KMS used to encrypt, decrypt, and re-encrypt data.

Name two important storage services that integrate with AWS KMS.

Amazon S3 and Amazon EBS

Why is protecting data at rest important?

It's an extra layer of protection if your system access has been compromised.

Which type of encryption is faster: Symmetric or Asymmetric?

Symmetric

Which type of encryption is slower: Symmetric or Asymmetric?

Asymmetric

Where is the encrypted key kept after Amazon S3 encrypts an object using a data key?

The encrypted key is kept in the object metadata.