AWS Security Blog

Three Data-at-Rest Encryption Announcements

We’re excited to make three announcements around encryption of data at rest in AWS:

  • We’ve published a new whitepaper: Securing Data at Rest with Encryption, which describes the various options for encrypting data at rest in AWS. It describes these options in terms of where encryption keys are stored and how access to those keys is controlled. Both server-side and client-side encryption methods are discussed with examples of how each can be accomplished with specific AWS services.
  • Amazon Redshift now allows you to use an industry-standard hardware security module (HSM) to protect the encryption keys used to encrypt your Redshift cluster. HSMs are designed to provide the highest levels of security for your encryption keys. AWS CloudHSM and on-premises SafeNet Luna SA HSMs are supported. See the Redshift documentation on using HSMs for more information.
  • Amazon RDS for Microsoft SQL Server now supports the use of Transparent Data Encryption (TDE). Once enabled, the database instance encrypts data before it is stored in the database and decrypts it after it is retrieved. You can use this feature in conjunction with our previously announced support for SSL connections to SQL Server to protect data at rest and in transit. See the announcement on the AWS Blog for more details.

If you’re at AWS re:Invent 2013 this week, come to session SEC304 Encrypting and Key Management in AWS to learn more about how to protect your data using encryption.

– Ken