Aws S3 encryption. Why use it?

amazon-web-services amazon-s3

Hypothetically speaking, imagine if a rogue Amazon employee bypassed the normal access restrictions and got physical access to your S3 storage media. They would have access to your cleartext data. There are various unfortunate scenarios that I could think of that might put your unencrypted data at risk of exposure. This is why S3 encryption at-rest is a very good idea if you feel your data is at all sensitive. By not encrypting at-rest, you are basically giving absolute trust to any individual who comes in physical contact with your data. You should trust nobody.

With that said, if you truly are dealing with sensitive data being stored in S3, you SHOULD NOT be transmitting this data in the clear at all. If you want to truly be as secure as possible, you should implement client-side encryption of the data, before it is ever sent to S3. On top of this, I would use TLS encryption of the connection to S3. At this point, your data in encrypted before it ever gets to S3, and you can optionally decide whether to turn on S3 server-side encryption for yet another layer of encryption, because why not? It's free to do so, right?

I'll admit I'm not a HIPPA expert - it's not something I personally have to deal with, but I do understand the nature of securing sensitive customer data. If you are in a position to be responsible for such things, then I don't know why you wouldn't default to using the most layers of security possible. Only trying to do the bare minimum is how companies end up in the news headlines due to "unexpected" (negligent) data leaks. Don't be the person responsible for bad news headlines for your company. Secure your sensitive data as much as possible, and certainly as much as is required.


S3 encryption is largely a tick in the compliance checkbox for PCI / HIPPA and similar standards. It prevents anyone who gets access to the physical media accessing your data, which while possible is extremely unlikely given the physical controls and media disposal that AWS uses.

If the same company that holds your data also holds the encryption keys then they can decrypt your data. AWS no doubt has significant controls that prevents employees getting access to both encryption keys and data, but nothing is perfect and all software has bugs.

As @guzzijason says, if your data is critical then you should encrypt your data before it is sent to S3. If you're running your servers in EC2 they're still AWS controlled, but at least it's another layer of encryption and another hoop to jump through for an attacker to access the data.

There's no reason not to encrypt your data in S3, as it does increase security - the only question is by how much.

2021 update - encryption does also incur KMS costs, but using S3 bucket keys can reduce this cost.

Related

Copying files to remote server failed
how to replace all occurrences of a string inside tags <> using regex in java
Find largest element in matrix and its column and row indexes using SSE and AVX
How can we define Script Scope in javaScript, how it is different from block scope [duplicate]
Db2 rollforward "to end of backup" vs. "to end of logs"?
What parts of a URL are protected by TLS? [duplicate]
What is wrong with this code. Why can't I use SqlConnection?
Is it possible to receive image as a response in postman using spring boot + rest API. Or is there any other method using anything else? [duplicate]
Dynamic multi level hierarchy JSON to Java Pojo. Re-use for multiple projects
scala annotation argument needs to be constant but final val does not make it
Do operation on two Observables in angular
Why am I getting a "requestMappingHandlerMapping" error when I have 2 controller methods which has same exact endpoint string value