Use your own encryption keys for Amazon S3 storage
Posted on 13 June 2014.
Amazon Web Services has some good news for users of S3, its popular online file storage web service: they can now use their own encryption keys to protect their data at rest.

"As the number of use cases for S3 has grown, so have the requests for additional ways to protect data in motion (as it travels to and from S3) and at rest (while it is stored)," Jeff Barr, Chief Evangelist for the Amazon Web Services, explained in a blog post on Thursday.

"The first requirement is met by the use of SSL, which has been supported by S3 from the very beginning. There are several options for the protection of data at rest. First, users of the AWS SDKs for Ruby and Java can also use client-side encryption to encrypt data before it leaves the client environment. Second, any S3 user can opt to use server-side encryption."

Then he announced that S3's server-side encryption now comes with the option of users providing their own encryption keys.

"You now have a choice - you can use the existing server-side encryption model and let AWS manage your keys, or you can manage your own keys and benefit from all of the other advantages offered by server-side encryption."


More details about how to use your own keys and how to manage it can be found here.

Some security experts have expressed their doubts about the security of server-side encryption, but Barr tried to assure them that the users' key is passed in with their PUT object, and that S3 forgets the key after encrypting and storing the data.

Others have pointed out that server-side anything can't be trusted by clients, and that advertising server-side encryption gives a false sense of security to users. Others still have pointed out that it's better to encrypt everything on the client side.









Spotlight

eBook: Cybersecurity for Dummies

Posted on 16 December 2014.  |  APTs have changed the world of enterprise security and how networks and organizations are attacked. These threats, and the cybercriminals behind them, are experts at remaining hidden from traditional security while exhibiting an intelligence, resiliency, and patience that has never been seen before.


Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.
  



Daily digest

Receive a daily digest of the latest security news.
  
DON'T
MISS

Thu, Dec 18th
    COPYRIGHT 1998-2014 BY HELP NET SECURITY.   // READ OUR PRIVACY POLICY // ABOUT US // ADVERTISE //