
New - Amazon S3 Server Side Encryption for Data at Rest - jeffbarr
http://aws.typepad.com/aws/2011/10/new-amazon-s3-server-side-encryption.html
======
freedompeace
So they're allowing us to store our data in encrypted form, but they keep the
encryption key, and will decrypt requests for the data?

How exactly will this protect my data?

~~~
flog
Well it's another link in the security chain.

You would be negligent not to implement this if you're storing sensitive data
on AWS. No?

~~~
soult
As I understand it the encryption adds both latency and more points of failure
to S3 (keys stored on separate servers). How is adding both of that negligent?

From a security point of view the encryption adds no value at all: Either I
trust Amazon to not look at my data, or I don't trust them. If I don't trust
them with my data, surely I also can't trust them with my encryption keys.

------
mark242
The reason why this is a big deal is that it appears to satisfy PCI DSS
requirements for key management (though I'm curious about their key rotation
strategy). E-commerce hosts just got a lot more interested in S3.

------
wslh
From the business perspective I believe that we are talking about a whole new
market, not just a feature.

I compare this business initiative with the past "e-mail managed service"
market, where companies moved their own e-mail infrastructure to third parties
(postini, messagelabs, mxlogic), something unthinkable (from a security or
control point of view). Now security is moving to a managed service, seems
strange but it can follow a similar route (new companies in this space +
acquisitions by leaders).

Adding Identity Cryptography [<http://en.wikipedia.org/wiki/ID-
based_cryptography>] to the game it will attract a lot of corporations.

------
redguava
A big advantage to this is for applications that require HIPAA compliance. One
of the rules for HIPAA is to encrypt data at rest. There may be better ways to
encrypt your information, but this will tick a box for compliance purposes
(the advantage of this shouldn't be underestimated).

It basically allows HIPAA abiding applications to use S3 for data storage
without the complexity of dealing with the encryption themselves, or using a
3rd party provider that offers this by proxy.

The only remaining step is to trial and error your way through using it due to
the "light" documentation.

~~~
kevin_morrill
I don't see how this can work at all if Amazon has access to your keys but
doesn't sign a Business Associate Agreement under HIPAA. They've refused to do
this for us.

It might be viable to encrypt yourself and keep the keys, because then you're
not giving them PHI---just goblety gook.

------
Joakal
Could someone duplicate this server side encryption by inputting a key to hold
in RAM that handles encryption? Or possibly a second server that accepts
encrypted data and sends back decrypted data?

Which means that every time a system needs to reboot, losing key in RAM,
someone needs to put in the key.

My naive view means someone with a tank can't run off with unencrypted data.

~~~
soult
Google cold boot attack. Someone with a tank, a screwdriver and a can of
coolant spray can.

~~~
mike-cardwell
These are virtual machines right? You can easily read the contents of a
virtual machines RAM from the host machine whilst it's running if you want the
encryption key.

~~~
lsc
I'm not sure why they'd virtualize pure storage nodes. There'd be no benefit.

~~~
mike-cardwell
I neither stated, nor implied, that Amazon are doing that.

------
rizumu
Configuring duplicity/rsync to use encryption, for example with database
backups, was simple. There are a few guides around and in the end you retain
control of your own encryption.

------
jpalomaki
This can provide protection for example against a scenario where some of the
hard disks used in S3 happen to end up in wrong place - for a reason or
another. One should keep in mind that all data that is once put to the cloud
can stay there forever - even if you try to delete it.

------
latch
It'd be nice if they added first class support for accept-encoding after all
these years.

~~~
riffraff
or for custom headers, so that I could, for example, serve all my fonts from
S3.

~~~
thamer
You can, but maybe not from the web interface. I use s3cmd to upload files,
and it sets the content-type just fine.

~~~
mattlong
Sure, you can set custom headers as long as they are prefaced with x-amz-
meta...Other than that, you're limited to just a handful of headers. This is a
big deal for fonts because the Access-Control-Allow-Origin must be set
appropriately to be able to use custom fonts from a different origin (i.e.
host&port) and S3 will pretty much always be on a different origin than the
rest of your website.

You can read more on the AWS forum post about the issue:
<https://forums.aws.amazon.com/thread.jspa?threadID=34281>

Edit: For those interested the complete list of allowed headers is here:
[http://docs.amazonwebservices.com/AmazonS3/latest/API/index....](http://docs.amazonwebservices.com/AmazonS3/latest/API/index.html?RESTObjectPUT.html)

------
StavrosK
This is slightly off topic, but does anyone else find the AWS dashboard
impenetrable? You have to hunt for each of the services you need to add,
configuration is very well hidden and I can never find my S3 keys. I had to
bookmark the link from the email because otherwise I kept going around in
circles. I haven't used EC2 yet just because I'm intimidated by the complexity
of that management interface...

Is it just me?

~~~
jamongkad
No you're definitely not the only one. My company uses EC2 for our production
environment and I loathe the management interface with a passion. Amazon
should definitely hire a UI expert to give that damn thing a face lift.

~~~
corin_
It's a mix really, some of it works beautifully, some of it leaves me thinking
"I like this but... why haven't they tweaked _x_ " and some really is just
horrible.

------
S3Browser
New version of S3 Browser Freeware supports Amazon S3 Server Side Encryption:
<http://s3browser.com/amazon-s3-server-side-encryption.php>

------
donpark
So now we can just point to Amazon when FBI asks for the keys, allowing us to
blame Amazon when users raise their pitchfork? I like that.

~~~
freedompeace
Unless, of course, you are the victim.

------
ck2
This is excellent for backups to reduce server load on the client side (no
more need to encrypt locally).

I assume there is no extra charge for this from Amazon? (ah I see the
footnote, no charge for SSE)

I guess this also means you can upload very large objects without having the
hassle of local pre-encryption too - this assumes you have a secure https link
to aws though.

Of course this also means aws has your keys stored somewhere which is less
secure.

------
bdonlan
Hmm - if there's no additional charge, why not do this by default?

~~~
sunchild
Always a risk of data corruption, key management issues, etc. when encrypting
at rest.

