Purposeful View on Amazon S3 Encryption (by Walt Lapinsky, 27 October 2011)
Earlier this month, Amazon announced a new encryption feature that allows you to encrypt data at rest stored in Amazon S3. Amazon S3 is “Amazon Simple Storage Service,” designed to make web-scale computing easier for developers. “Amazon S3 provides a simple web services interface that can be used to store and retrieve any amount of data, at any time, from anywhere on the web. It gives any developer access to the same highly scalable, reliable, secure, fast, inexpensive infrastructure that Amazon uses to run its own global network of web sites. The service aims to maximize benefits of scale and to pass those benefits on to developers.” There are not many businesses that need web services on a larger scale than what Amazon uses in its own business.
Amazon S3 allows the storage of arbitrary “objects.” These might be documents, database files, images, music or movies, software, or anything else you can store on a computer. Each individual object can be up to 5 terabytes in size plus have up to 2 kilobytes of metadata that describes the object. The owner assigns each object to a “bucket.” Each bucket belongs to an Amazon Web Services (AWS) account.
This is the Cloud. You pay for what you use. The pricing is fairly complex, based on the amount of storage you are using, the amount of data that is moving out of Amazon S3 and the number of transactions per day. A back of an envelope calculation says you could have a lot of activity against a total of 1 terabyte of data for less than $200 per month, with full redundancy.
Amazon S3 supports four different access control mechanisms that allow you to control who can access your data as well as how, when, and where they can access it.
People responsible for the security of their data are concerned about three things:
Amazon S3 uses checksums stored with the data to periodically verify the integrity of your data. If Amazon S3 detects data corruption, it automatically repairs it using redundant data.
In terms of availability and disaster recovery, it will be hard to beat what Amazon S3 can provide: 99.99% availability over a year. More importantly, Amazon S3 is designed to provide 99.999999999% durability and survive the concurrent loss of data in two facilities.
What is left to worry about is confidentiality. Enter Amazon S3 Encryption.
Amazon S3 Encryption has two options: server-side encryption, which is managed by Amazon, and client-side encryption, which is managed by you. In either case, you can use SSL encryption to protect data being uploaded or downloaded to Amazon S3. SSL (HTTPS) is the same encryption you use for your on-line banking and other secure on-line applications. Server-side encryption uses AES-256, a block cipher encryption standard adopted by the U.S. and other governments. Each individual object has its own unique key, and these keys are themselves encrypted with a master key, which is periodically changed. This rekeying means that someone without current valid credentials will not be able to access an object using information obtained before the rekeying.
Server-side encryption means you manage your own keys. While not an easy task, it does leave you in complete control of who has access to your data. No one at Amazon, or anyplace else, can decrypt your data unless you give them the keys (accidentally or deliberately).
Our view: Amazon S3 encryption may allow you to solve many of your data-at-rest security problems and is well worth looking at. For the most demonstrable security, use the client-side encryption. Just be very careful to not lose the keys.
Purposeful Clouds helps companies assess and plan their best options for Cloud technology adoption, with before-the-fact consideration of contingencies, ROI, and further migration strategies. To discuss how we would be able to help you make the best decisions, contact us at firstname.lastname@example.org.