You can use any Visual Studio edition you need and you can afford. See a comparison of features here:
http://www.visualstudio.com/en-us/products/compare-visual-studio-products-vs.aspx[
^], I suggest you try
Community edition[
^]. It is also free, and can be also used for commertial applications (check
this[
^] article), but much better than Express.
You wrote, that you want to host your application and data in the cloud. First of all, if you don't trust your provider, forget it. In general you don't encrypt data on server side. You can, but in case you need to dechyper data on server side, it has no use. So le't suppose you trust your provider, and data is stored unencrypted. You wrote you need to enctrypt the communication of the web application. The mechanism you described is existing, it is called
https[
^]. All the data is travelling encrypted from server to client. You can combine http and https as encryption costs. It's resource cost might or might not be charged by the provider, but if you want regular or extended (green bar) certificate it will cost you for sure. Still, this is the only way to assure your clients that your site is trustworthy. Self-signed certificates are for development purposes only. If you want, you can build your application in a way where GUI elements are served over http, and all data is travelling via https, but if you can afford, deliver all contetn over https.
But https won't assing fixed key to the clients. If you need that you can implement PKI on javascript side (
http://pkijs.org/[
^]), but I don't think it is the way to do this. If you want to restrict access to the site, and harden the application, you can use client side cerificate authentication. You issue certificates for the clients, which they install. You can
configure IIS[
^] to use authenticate the client based on this. Windows certificate store is secure, I can't figure out a situation where certificate authentication and https are not enough. Yes, it is automatic, thus client don't need to povide any key, but you still can add username-password authentication on top of it.