Amazon S3 now encrypts your data by default

The archiving service cloud Amazon’s Simple Storage Service (S3) now encrypts all new objects added to server-side bucketsno additional cost.

In an announcement on the Amazon Web Services (AWS) blog, the company he claims that while encryption has always been easy to enable, administrators always needed to be aware of this feature, whereas now the encryption process is “zero click”, with no impact on performance.

Existing Amazon S3 customers can verify that their objects are encrypted in the S3 section of the AWS Management Console and confirm the change via configuring AWS CloudTrail to log data-related events, although this incurs an additional cost.

Amazon S3’s default encryption method, SSE-S3, uses the AES-256 standardwhich is an optional feature of Amazon S3 since 2011. Here, Amazon generates and manages the keys, with no end-user intervention required.

In the announcement, Sébastien Stormacq, Senior Developer Advocate at AWS, writes that “the opt-in nature of SSE-S3 meant you had to make sure it was always configured on new buckets and verify that it stayed configured correctly over time“. “For organizations that require all of their objects to remain encrypted at rest with SSE-S3, this update helps meet encryption compliance requirements without additional tools or customer configuration changes“.

Good news

For power users looking for more control over the encryption process, the service also delivers customer-provided encryption keys (SSE-C)of the AWS Key Management Service (SSE-KMS) keysas well as client-side encryption, from a library such as the Amazon S3 Encryption Client, as a means of protecting your data.

Many IT administrators will appreciate the variety of ways to protect data, but the simple nature of SSE-S3, requiring no additional knowledge (and now input) on their part, may appeal to small businesses looking to protect their data.

According to Amazon, the change has been implemented in all regions where AWS is available. Existing customers can also retroactively encrypt their data following another’s instructions AWS blog post.

Cookie	Duration	Description
cookielawinfo-checkbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.

Good news

Leave a Comment Cancel reply