Ends in
00
days
00
hrs
00
mins
00
secs
SHOP NOW

Get $4 OFF in AWS Solutions Architect & Data Engineer Associate Practice Exams for $10.99 each ONLY!

Find answers, ask questions, and connect with our
community around the world.

Home Forums AWS AWS Certified Security – Specialty S3 client-side PLUS server side encryption as solution to implement?

  • S3 client-side PLUS server side encryption as solution to implement?

     Jon-Bonso updated 3 years, 11 months ago 2 Members · 2 Posts
    AWS Certified Security – Specialty

  • kung

    Member
    May 3, 2020 at 10:27 pm

    So far I came across 2 quite similar scenarios regarding S3 encryption, where the question is like ‘Which combination of actions should the engineer implement… (select TWO)’ and ‘Which of the following should the Administrator implement… (select TWO)’.

    For both scenarios, the 2 as correct marked answers are ‘implement client-side encryption’ AND ‘implement server-side encryption’

    Does this make any sense, to have a solution where you first do a client-side encryption, and *on top of that* apply another server-side encryption of the already at the client-side encrypted data?

    This sounds a bit weird to me?

    And to make things even more confusing, of the 5 possible answers, 3 are mutually exclusive, but picking one of these 3, and combing it with one of the 2 other options, ends-up in this client-side PLUS server-side encryption as the solution to implement…

    Cheers,
    Robert

  • Jon-Bonso

    Administrator
    May 5, 2020 at 9:12 am

    Hi Robert,

    In my point of view, it depends on the use case of a particular scenario. I understand that implementing both client-side AND server-side encryption might be an overkill. However, for financial applications or sensitive government data, implementing strict security measures and encryption is suitable.

    Client-side encryption is preferable if you want the data encryption/decryption process is all done on the client-side and to ensure that the private encryption keys never leave your application for compliance purposes. And since the data is already encrypted before you send it to Amazon S3 (via a public Internet connection / VPN) it also acts as an encryption in transit against packet sniffing.

    It’s also suitable for cases where you have to ensure that the data are encrypted at rest using an encryption key that is both provided and managed by your company.

    Additional Reading:

    https://docs.aws.amazon.com/AmazonS3/latest/dev/UsingClientSideEncryption.html

    https://aws.amazon.com/articles/client-side-data-encryption-with-the-aws-sdk-for-java-and-amazon-s3/

    Let us know if you need further assistance. The Tutorials Dojo team is dedicated to help you pass your AWS exam on your first try!

    Regards,

    Jon Bonso @ Tutorials Dojo

Viewing 1 - 2 of 2 replies

Log in to reply.

Original Post
0 of 0 posts June 2018
Now