Use your own encryption keys for Amazon S3 storage
Posted on 13 June 2014.
Amazon Web Services has some good news for users of S3, its popular online file storage web service: they can now use their own encryption keys to protect their data at rest.

"As the number of use cases for S3 has grown, so have the requests for additional ways to protect data in motion (as it travels to and from S3) and at rest (while it is stored)," Jeff Barr, Chief Evangelist for the Amazon Web Services, explained in a blog post on Thursday.

"The first requirement is met by the use of SSL, which has been supported by S3 from the very beginning. There are several options for the protection of data at rest. First, users of the AWS SDKs for Ruby and Java can also use client-side encryption to encrypt data before it leaves the client environment. Second, any S3 user can opt to use server-side encryption."

Then he announced that S3's server-side encryption now comes with the option of users providing their own encryption keys.

"You now have a choice - you can use the existing server-side encryption model and let AWS manage your keys, or you can manage your own keys and benefit from all of the other advantages offered by server-side encryption."


More details about how to use your own keys and how to manage it can be found here.

Some security experts have expressed their doubts about the security of server-side encryption, but Barr tried to assure them that the users' key is passed in with their PUT object, and that S3 forgets the key after encrypting and storing the data.

Others have pointed out that server-side anything can't be trusted by clients, and that advertising server-side encryption gives a false sense of security to users. Others still have pointed out that it's better to encrypt everything on the client side.









Spotlight

Whitepaper: Zero Trust approach to network security

Posted on 20 November 2014.  |  Zero Trust is an alternative security model that addresses the shortcomings of failing perimeter-centric strategies by removing the assumption of trust.


Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.
  



Daily digest

Receive a daily digest of the latest security news.
  

DON'T
MISS

Fri, Nov 21st
    COPYRIGHT 1998-2014 BY HELP NET SECURITY.   // READ OUR PRIVACY POLICY // ABOUT US // ADVERTISE //