Amazon Web Services (AWS) officially released a new feature for their Simple Storage Solution (S3) called Server Side Encryption (SSE) on October 4, 2011. According to the official release, “Amazon S3 handles both the encryption and decryption of your data transparently”.
SSE offers five main advantages:
SSE is offered at no additional cost. All S3 users are able to use SSE free of charge for their data. SSE allows you to encrypt your data at the bucket level (high level) or the object level (low level). Think of an S3 bucket as a folder and an S3 object as a file. Essentially, you are able to encrypt a folder and all of it’s contents or encrypt just an individual file. SSE allows you to encrypt the data you are storing on S3 with very little added overhead. S3 offers two main ways to get your data in and out: web application interface and APIs for programming. Both options require a single extra option. The web interface requires a checkbox when uploading new files (Use server side encryption). The API simply requires a variable with the encryption algorithm (i.e. ‘encryption’ => ‘AES256′). SSE requires no extra work to get the decrypted files back out of S3. By default, if a file has been encrypted on the S3 servers, S3 will automatically decrypt the file prior to delivering the file. SSE “handles all encryption, decryption, and key management in a totally transparent fashion” according to the Amazon Web Services Blog.
Providing a way of easily and effectively securing the data stored on the S3 servers, AWS has added a key advantage to their ever growing feature list. The Amazon S3 FAQs explain that “SSE uses one of the strongest block ciphers available, 256-bit Advanced Encryption Standard (AES-256)”. This level of data security opens up S3 to an entirely new market of possibilities.
TimT@AWS, “Release: Amazon S3 on 2011-10-04″, Amazon Web Services Release Notes.
Jeff Barr, “New – Amazon S3 Server Side Encryption for Data at Rest”, Amazon Web Services Blog
Unknown, “What options do I have for encrypting data stored on Amazon S3?”, Amazon Web Services FAQ