Encryption protects your data from being accessed or stolen by unauthorized users. The process involves turning your plain and easily understandable data into a random and unreadable string. You can think of the process as placing your data inside a locked box and having only one key. Without the key used to lock or “encrypt” the data, unauthorized users will find it hard to access the data and make sense of it.
At Google, we make use of multiple layers of encryption, including envelope encryption to help protect customer data. The key used to encrypt your data is called a data encryption key (DEK) which you can further encrypt or “wrap” by using a key encryption key (KEK). This process of encrypting a key with another key is called envelope encryption.