Where cloud cryptography fits in a security strategy
Data encryption methods
Cloud cryptography is applied to data via encryption, which comes in two forms: symmetric and asymmetric. The differences between the two are significant.
Symmetric encryption. In symmetric encryption, the same key is used to perform both encryption and decryption. Someone in possession of a copy of the key can decrypt and encrypt information. Any exposure of the key renders the data encryption, and therefore the privacy and protection, useless. It also presents problems with how to securely get the key into the hands of the originator.
Asymmetric encryption. The asymmetric encryption process involves two keys: a public key and a private key. Anyone with the public key can easily send information securely; only those with the private key can decrypt it. It’s a one-way function if you have only the public key. Because it doesn’t present the same security issues as that of symmetric encryption, a team can comfortably distribute a public key.
Encryption in transit refers to encrypting the data as it moves across the network between servers, users and infrastructure. For example, when someone browses a secure HTTPS-enabled website, they use encryption in transit. HTTPS demonstrates how asymmetric and symmetric encryption can work together to make improvements.
The downside of asymmetric encryption is that it consumes a lot of CPU, meaning a web server can handle fewer sessions. To work around this, consider asymmetric encryption for the initial connection and then securely negotiate a symmetric key to use for that session. This method lowers CPU overhead and keeps away attackers and snoopers.