I’m Necati Demir, a PhD Computer Scientist with 20 years of industry experience, who transforms experimental ML projects into production-ready systems through expertly crafted data pipelines and infrastructure. With experience in end-to-end MLOps implementation, I bridge the gap between data science innovation and real-world production deployment.
Now as an independent consultant based in the US, I help organizations reduce model deployment time from months to days, and achieve significant performance gains through systematic approaches to data engineering. My unique combination of not only developing end-to-end ML pipelines but also building ML models helps me see the process end to end.
Envelope Encryption: The Security Pattern Every Cloud Developer Should Know
When building cloud applications that handle sensitive data, encryption isn’t optional, it’s essential. But there’s an important difference between just doing the basic encryption vs. implementing it correctly at scale. In this article, we’ll explore envelope encryption, a pattern that AWS, Google Cloud, and Azure all use internally and recommend for production applications.
What Is Envelope Encryption? Envelope encryption is a cryptographic pattern where you use two layers of keys:
Data Encryption Key (DEK): A symmetric key that encrypts your actual data locally Key Encryption Key (KEK): A KMS-managed master key that encrypts the DEK Think of it like a safety deposit box inside another safety deposit box. Your jewelry (I mean ‘data’) are locked in the inner box (encrypted with DEK), and the key to that inner box is itself locked in the outer box (DEK encrypted with KEK stored in cloud KMS).
...
