Home › Forums › AWS › AWS Certified Security – Specialty › S3 client-side PLUS server side encryption as solution to implement?
-
S3 client-side PLUS server side encryption as solution to implement?
-
So far I came across 2 quite similar scenarios regarding S3 encryption, where the question is like ‘Which combination of actions should the engineer implement… (select TWO)’ and ‘Which of the following should the Administrator implement… (select TWO)’.
For both scenarios, the 2 as correct marked answers are ‘implement client-side encryption’ AND ‘implement server-side encryption’
Does this make any sense, to have a solution where you first do a client-side encryption, and *on top of that* apply another server-side encryption of the already at the client-side encrypted data?
This sounds a bit weird to me?
And to make things even more confusing, of the 5 possible answers, 3 are mutually exclusive, but picking one of these 3, and combing it with one of the 2 other options, ends-up in this client-side PLUS server-side encryption as the solution to implement…
Cheers,
Robert -
Hi Robert,
In my point of view, it depends on the use case of a particular scenario. I understand that implementing both client-side AND server-side encryption might be an overkill. However, for financial applications or sensitive government data, implementing strict security measures and encryption is suitable.
Client-side encryption is preferable if you want the data encryption/decryption process is all done on the client-side and to ensure that the private encryption keys never leave your application for compliance purposes. And since the data is already encrypted before you send it to Amazon S3 (via a public Internet connection / VPN) it also acts as an encryption in transit against packet sniffing.
It’s also suitable for cases where you have to ensure that the data are encrypted at rest using an encryption key that is both provided and managed by your company.
Additional Reading:
https://docs.aws.amazon.com/AmazonS3/latest/dev/UsingClientSideEncryption.html
https://aws.amazon.com/articles/client-side-data-encryption-with-the-aws-sdk-for-java-and-amazon-s3/
Let us know if you need further assistance. The Tutorials Dojo team is dedicated to help you pass your AWS exam on your first try!
Regards,
Jon Bonso @ Tutorials Dojo
Log in to reply.