[1] Public-key cryptosystems are convenient in that they do not require the sender and receiver to share a common secret in order to communicate securely.
[2] However, they often rely on complicated mathematical computations and are thus generally much more inefficient than comparable symmetric-key cryptosystems.
In many applications, the high cost of encrypting long messages in a public-key cryptosystem can be prohibitive.
[10] In addition to the normal advantages of a hybrid cryptosystem, using asymmetric encryption for the KEK in a cloud context provides easier key management and separation of roles, but can be slower.
[13] Envelope encryption makes centralized key management easier because a centralized key management system only needs to store KEKs, which occupy less space, and requests to the KMS only involve sending wrapped and unwrapped DEKs, which use less bandwidth than transmitting entire messages.