Find answers, ask questions, and connect with our
community around the world.

Home Forums AWS AWS Certified Security – Specialty S3 client-side PLUS server side encryption as solution to implement? Reply To: S3 client-side PLUS server side encryption as solution to implement?

  • Jon-Bonso

    Administrator
    May 5, 2020 at 9:12 am

    Hi Robert,

    In my point of view, it depends on the use case of a particular scenario. I understand that implementing both client-side AND server-side encryption might be an overkill. However, for financial applications or sensitive government data, implementing strict security measures and encryption is suitable.

    Client-side encryption is preferable if you want the data encryption/decryption process is all done on the client-side and to ensure that the private encryption keys never leave your application for compliance purposes. And since the data is already encrypted before you send it to Amazon S3 (via a public Internet connection / VPN) it also acts as an encryption in transit against packet sniffing.

    It’s also suitable for cases where you have to ensure that the data are encrypted at rest using an encryption key that is both provided and managed by your company.

    Additional Reading:

    https://docs.aws.amazon.com/AmazonS3/latest/dev/UsingClientSideEncryption.html

    https://aws.amazon.com/articles/client-side-data-encryption-with-the-aws-sdk-for-java-and-amazon-s3/

    Let us know if you need further assistance. The Tutorials Dojo team is dedicated to help you pass your AWS exam on your first try!

    Regards,

    Jon Bonso @ Tutorials Dojo

Skip to content