AWS Storage Blog
Category: AWS Key Management Service
Large scale migration of encrypted objects in Amazon S3 using S3 Batch Operations
Many organizations have data governance strategies or compliance requirements that mandate their data be replicated and redundant across different management accounts and global regions. Moving encrypted data at scale can often take a few additional steps due to the need to decrypt and re-encrypt objects as part of the replication process. Amazon Simple Storage Service […]
Modern data protection architecture on Amazon S3: Part 2
Keeping data secure and usable in unforeseen circumstances like accidental breaches, human error, and hacking is critical to business continuity and success. To effectively mitigate the impact of these events on business-critical assets, one of the recommended strategies is creating immutable, unchangeable copies of those assets and storing them in isolated, secondary accounts with restricted […]
Modern data protection architecture on Amazon S3: Part 1
Keeping data secure and usable in unforeseen circumstances like accidental breaches, human error, and hacking is critical to business continuity and success. To effectively mitigate the impact of these events on business-critical assets, one of the recommended strategies is creating immutable, unchangeable copies of those assets and storing them in isolated, secondary accounts with restricted […]
How to audit an Amazon S3 bucket’s default encryption configuration at scale
Encrypting data at rest fulfills compliance and security standards while providing an extra layer of defense to protect against unauthorized access. As organizations scale, it is critical to develop standardize encryption to minimize the administrative burden of managing encryption keys. Organizations that lack encryption standardization may find themselves unable to access critical data when required. […]
Protecting your high-performance file systems with Amazon FSx for Lustre
As companies shift high-performance workloads toward cloud solutions, data storage and data protection go side-by-side. Many companies have both internal and external security rules and regulations they must adhere to when storing their data. Amazon FSx for Lustre offers fully managed, scalable file systems for fast-processing workloads, providing secure, shared access to your users. In […]
Protecting encrypted Amazon RDS instances with cross-account and cross-Region backups
Organizations are looking for solutions to protect their valuable data against ransomware attacks, natural disasters, and operational errors. Many of these organizations operate in regulated industries and must maintain data long-term to meet compliance obligations and business continuity goals. In AWS, customers can accomplish these goals by backing up mission-critical databases into centralized backup storage […]
How Simon Data reduced encryption costs by using Amazon S3 Bucket Keys on existing objects
As more organizations look to operate faster and at scale, they need ways to meet critical compliance requirements and improve data security. Encryption is a critical component of a defense in depth strategy, and when used correctly, can provide an additional layer of protection above basic access control. However, workloads that access millions or billions […]
Create and share encrypted backups across accounts and Regions using AWS Backup
Enterprises and organizations in more security-conscious industries often protect their data through encryption, restricting data access to those with the necessary permissions and improving their security posture. Creating backups of data resources is often another critical component of a secure and resilient architecture. Additionally, backing up encrypted data is also important, even across geographical regions […]
Secure data recovery with cross-account backup and Cross-Region copy using AWS Backup
UPDATE: On April 12, 2021, AWS announced support for copying Amazon FSx file system backups across AWS Regions and AWS accounts. For more information, read this blog post on cross-Region and cross-account backups for Amazon FSx using AWS Backup. There are many benefits to using more than one AWS account, including resource and operational isolation, disaster […]
Automating copying encrypted Amazon EBS snapshots across AWS accounts
UPDATE: The screenshots of the Amazon DLM interface in this post were updated on 7/14/2021. Many customers have disaster recovery (DR) best practices that require them to copy their Amazon EBS snapshots to an isolated account in a different Region and encrypt those snapshots with a different key. In doing so, customers are able to […]