Amazon’s popular S3 cloud storage service will now automatically encrypt all new objects added on buckets on the server side, using AES-256 encryption.
In the announcement, Amazon further clarified that while AWS will now apply server-side encryption (SSE-S3) by default, users do have the option to manually specify a different encryption setting.
Database leaks have been a bane for organizations all across the world for many years now. In fact, IBM Security’s 2022 edition of the Cost of a Data Breach report, ranked the Middle East second only behind the US, on the list of data breach losses. The report also pegged the average total cost of a data breach at $4.35 million.
It’s important to understand that while encryption, in and of itself, doesn’t prevent data breaches, it can significantly reduce the impact of the leaks, as the hackers wouldn’t be able to make sense of the encrypted data.
Read more: Amazon MENA: A supportive work culture vital for success
While cloud storage services such as Amazon S3 have robust security and encryption standards in place, poor implementation and compliance practices at the user’s end, coupled with configuration errors often aggravated the loss resulting from a data breach.
Eliminating complexities
Server-side encryption, for instance, has been available on AWS since 2011. However, it was offered as an opt-in feature, which meant that it was left to the users to ensure that it was properly configured on all new buckets.
Amazon’s move to make server-side encryption a “zero-click” process removes the operational complexity from the process.
Furthermore, Amazon has said the default encryption will have no impact on performance, which has been one of the main reasons why many business users don’t encrypt their cloud data even when the option is available.
Another reason that has prevented businesses from implementing encryption is the added overhead costs. To put this issue to rest, Amazon has announced that the default encryption will be turned on at no extra cost for users across all regions.
“This change puts another security best practice into effect automatically—with no impact on performance and no action required on your side,” noted Sébastien Stormacq, AWS’ Principal Developer Advocate, in the announcement.
AES-256 is considered one of the strongest encryptions on offer, with no known weaknesses. Many security organizations, such as the US government publicly advocate its use.
Note that SSE-S3 will be applied to new S3 buckets that don’t use default encryption. But you’ll have to follow the official guide to retroactively encrypt objects already in S3 buckets. Also, the change will have no impact on buckets that are already encrypted.