Pro
Security

Amazon S3 will now encrypt data by default

By Luke Hughes published 9 January 2023

Server-side encryption is now a given

When you purchase through links on our site, we may earn an affiliate commission. Here’s how it works.

(Image credit: Daniel Hessel)

Amazon’s cloud storage Simple Storage Service (S3) now encrypts all new objects added on buckets server-side at no extra cost.

In an announcement on the Amazon Web Services (AWS) blog, the company claimed that while encryption had always been easy to enable, administrators always had to be mindful of the feature, whereas now the encryption process is “zero click”, with no impact on performance.

Existing Amazon S3 customers can verify that their objects are encrypted in the S3 section of the AWS management console, and confirm the change by configuring AWS CloudTrail to log data events, albeit at an additional cost.

AWS Encryption

Amazon S3’s default encryption method, SSE-S3, uses the AES-256 standard, which has been an optional feature of Amazon S3 since 2011, as a default. Here, Amazon generates and manages the keys, with no action required from an end user.

In the announcement, Sébastien Stormacq, a Senior Developer Advocate at AWS, wrote that “the opt-in nature of SSE-S3 meant that you had to be certain that it was always configured on new buckets and verify that it remained configured properly over time.”

“For organizations that require all their objects to remain encrypted at rest with SSE-S3, this update helps meet their encryption compliance requirements without any additional tools or client configuration changes.”

For advanced users looking for more control over the encryption process, the service also offers customer-provided encryption keys (SSE-C), AWS Key Management Service keys (SSE-KMS), as well as client-side encryption, via a library such as the Amazon S3 encryption client, as means to protect data.

Are you a pro? Subscribe to our newsletter

Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!

Contact me with news and offers from other Future brandsReceive email from us on behalf of our trusted partners or sponsors

By submitting your information you agree to the Terms & Conditions and Privacy Policy and are aged 16 or over.

> AWS sets its sights on space for the future of cloud capabilities

> AWS launches data lake to help you spot your next big security threat

> We’ve also listed the best encryption software right now

Many IT admins will appreciate the variety of ways to keep data secure, the straightforward nature of SSE-S3, requiring no additional knowledge (and now input) on their part may appeal to smaller businesses looking to keep data safe.

According to Amazon, the change has been rolled out across all regions where AWS is available. Existing customers can also retroactively encrypt data by following instructions in a separate AWS blog post.

Here’s our list of the best firewalls right now

Luke Hughes

Social Links Navigation

Staff Writer

Luke Hughes holds the role of Staff Writer at TechRadar Pro, producing news, features and deals content across topics ranging from computing to cloud services, cybersecurity, data privacy and business software.