Chapter 3. Foundations of Encryption
Cloud resources are backed by physical infrastructure that is often shared among multiple clients. AWS resources and data can be isolated by either restricting unauthorized access to them (authorization or access control) or by encoding sensitive information into a format that can be read only by its intended audience (encryption). In most cases, both are combined to secure user data, which is why encryption is an essential topic in cloud security. Ideas discussed in this chapter are not specific to microservices, but they will provide a general overview of security in the cloud. Later chapters will apply concepts covered here to different use cases that focus on microservices.
I have already introduced you to the CIA triad of information security impact. Encryption provides protection against a specific class of potential threats where malicious actors either want to read sensitive data (thus affecting the confidentiality of the data) or want to alter the content of this data (thus affecting the integrity of the data) without having the right access.
Users require a key to read encrypted data, even if they have already been authenticated and authorized.
Tip
Encryption can serve as a great fail secure mechanism in secure systems. When other threat-prevention controls such as authentication and authorization fail, encryption protects your sensitive data from being read or modified by unauthorized users who don’t have access to the encryption ...