Browse Definitions:

encryption as a service (EaaS)

Contributor(s): Mike Byrnes

Encryption as a Service (EaaS) is a subscription model that allows cloud service customers to take advantage of the security that encryption offers without having to install and use encryption on their own. 

EaaS takes advantage of the “as a service” concept to make data encryption a simple, pay-as-you go service the customer purchases from their cloud provider. This approach can provide customers who lack the resources to manage encryption themselves with a way to address regulatory compliance concerns and protect data in a multi-tenant environment. Cloud encryption offerings may include full-disk encryption, database encryption or file encryption. EaaS is often marketed as a value-added enhancement for desktop as a service (DaaS), hosted virtual desktop infrastructure (VDI), software as a service (SaaS) and infrastructure as a service (IaaS) offerings. Some subscription models allow the customer to create and manage their own encryption keys

EaaS may also be referred to as cryptography as a service or crypto as a service.  The concept of EaaS can be contrasted with BYOE (bring your own encryption), an approach that allows customers to use a virtual instance of their own encryption software. 




This was last updated in February 2014

Continue Reading About encryption as a service (EaaS)

Start the conversation

Send me notifications when other members comment.

By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Please create a username to comment.


File Extensions and File Formats

Powered by:


  • risk map (risk heat map)

    A risk map, also known as a risk heat map, is a data visualization tool for communicating specific risks an organization faces. A...

  • internal audit (IA)

    An internal audit (IA) is an organizational initiative to monitor and analyze its own business operations in order to determine ...

  • pure risk (absolute risk)

    Pure risk, also called absolute risk, is a category of threat that is beyond human control and has only one possible outcome if ...


  • federated identity management (FIM)

    Federated identity management (FIM) is an arrangement that can be made among multiple enterprises to let subscribers use the same...

  • cross-site scripting (XSS)

    Cross-site scripting (XSS) is a type of injection security attack in which an attacker injects data, such as a malicious script, ...

  • firewall

    In computing, a firewall is software or firmware that enforces a set of rules about what data packets will be allowed to enter or...




  • bad block

    A bad block is an area of storage media that is no longer reliable for storing and retrieving data because it has been physically...

  • all-flash array (AFA)

    An all-flash array (AFA), also known as a solid-state storage disk system, is an external storage array that uses only flash ...

  • volume manager

    A volume manager is software within an operating system (OS) that controls capacity allocation for storage arrays.


  • hybrid hard disk drive (HDD)

    A hybrid hard disk drive is an electromechanical spinning hard disk that contains some amount of NAND Flash memory.