Amazon has made encryption the default setting for all of its Simple Storage Service (S3) is a cloud storage service provided by Amazon Web Services (AWS).
The S3 service automatically encrypts data at rest with 256-bit keys using the Advanced Encryption Standard (AES) algorithm. This means that all data stored in an S3 bucket is automatically encrypted, adding an extra layer of protection to the data. Additionally, users can encrypt data using their own encryption keys (SSE-C) or bring their own encryption keys (SSE-KMS, SSE-S3). This feature assists customers in meeting data privacy and regulatory requirements, as well as securing sensitive data in the cloud.
Since January 5, the S3 platform has encrypted by default all new objects added to buckets, using server-side encryption (SSE-S3) with 256-bit AES for each new object, unless the user specifies a different encryption option. This change is now in effect across all AWS Regions.
Server-side encryption (SSE) of data at rest is supported by Amazon S3, which means that data stored in an S3 bucket is automatically encrypted before it is written to disk and decrypted when it is read. S3 supports the following encryption methods for data at rest.
Amazon S3 manages the encryption and decryption process for the user in SSE-S3. Amazon S3 manages and protects the keys. Amazon S3 uses the AWS Key Management Service (KMS) to manage the encryption and decryption process in SSE-KMS. The user has complete control over the encryption keys and has the ability to audit and manage their use. In SSE-C, the user supplies their own encryption keys, which Amazon S3 uses to encrypt and decrypt data.
The user is in charge of managing and safeguarding the encryption keys. While S3 does support client-side encryption, which allows the user to encrypt data locally before uploading it to an S3 bucket. Overall, S3 encryption adds another layer of security to data stored in the cloud and assists customers in meeting data privacy and regulatory requirements.
The sources for this piece include an article in TheRegister.