Category Archives: Data-At-Rest

Encryption Requirements Driven by Data State

Posted on by

Have you ever had that feeling that something is amiss? While conducting research on when data encryption is required, I noticed something that seemed a little off. It is commonplace for regulations to require measures be taken to protect data. Many r… Continue reading Encryption Requirements Driven by Data State

Encryption – CISSP Domain 3

Posted on by

We’re circling back to some more CISSP-related materials.  Today’s topic will be encryption, which can be found in CISSP Domain 3. By its very nature, encryption is meant to hide the meaning or intent of a communication from unintended… Continue reading Encryption – CISSP Domain 3

Bringing Real-Time Data Discovery to the Cybersecurity Puzzle

Posted on by

One solution is helping organizations keep data private at rest and in motion, easing the data discovery process and helping organizations meet compliance regulations While protecting consumer privacy has always been a concern for enterprises, recent … Continue reading Bringing Real-Time Data Discovery to the Cybersecurity Puzzle

AWS CloudFront Field Data Encryption, Protection for the Rest of Us

Posted on by

Superlative AWS blog post by Alex Tomic and Cameron Worrell, detailing some of the best news yet in encryption capability on Amazon Web Services – table contained field level encrytion. With prudent end-to-end cryptographically protected data objects,… Continue reading AWS CloudFront Field Data Encryption, Protection for the Rest of Us

New S3 Encryption Feature, Is Amazon’s Encryption Move Enough?

Posted on by

data-sleeping.png

You be the judge… Essentially, all are targeted at data-and-objects-at-rest, rather than in-motion (except, perhaps the new cross-region replication feature with KMS).

Regardless, all of the annouced new features are welcome (in my currently rather jaded opinion). Now, if we can just overcome human error (not to mention blatant developer and data-owner lack-of-attention-to-detail, read about that here)…

  • Default Encryption – You can now mandate that all objects in a bucket must be stored in encrypted form without having to construct a bucket policy that rejects objects that are not encrypted.
  • Permission Checks – The S3 Console now displays a prominent indicator next to each S3 bucket that is publicly accessible.
  • Cross-Region Replication ACL Overwrite – When you replicate objects across AWS accounts, you can now specify that the object gets a new ACL that gives full access to the destination account.
  • Cross-Region Replication with KMS – You can now replicate objects that are encrypted with keys that are managed by AWS Key Management Service (KMS).
  • Detailed Inventory Report – The S3 Inventory report now includes the encryption status of each object. The report itself can also be encrypted. – via Jeff Barr, writing at the AWS Blog

And, thanks for the H/T go out to Trey Blalock over at rapidly growing Firewall Consultants!

Permalink

The post New S3 Encryption Feature, Is Amazon’s Encryption Move Enough? appeared first on Security Boulevard.

Continue reading New S3 Encryption Feature, Is Amazon’s Encryption Move Enough?

New S3 Encryption Feature, Is Amazon’s Encryption Move Enough?

Posted on by

data-sleeping.png

You be the judge… Essentially, all are targeted at data-and-objects-at-rest, rather than in-motion (except, perhaps the new cross-region replication feature with KMS).

Regardless, all of the annouced new features are welcome (in my currently rather jaded opinion). Now, if we can just overcome human error (not to mention blatant developer and data-owner lack-of-attention-to-detail, read about that here)…

  • Default Encryption – You can now mandate that all objects in a bucket must be stored in encrypted form without having to construct a bucket policy that rejects objects that are not encrypted.
  • Permission Checks – The S3 Console now displays a prominent indicator next to each S3 bucket that is publicly accessible.
  • Cross-Region Replication ACL Overwrite – When you replicate objects across AWS accounts, you can now specify that the object gets a new ACL that gives full access to the destination account.
  • Cross-Region Replication with KMS – You can now replicate objects that are encrypted with keys that are managed by AWS Key Management Service (KMS).
  • Detailed Inventory Report – The S3 Inventory report now includes the encryption status of each object. The report itself can also be encrypted. – via Jeff Barr, writing at the AWS Blog

And, thanks for the H/T go out to Trey Blalock over at rapidly growing Firewall Consultants!

Permalink

The post New S3 Encryption Feature, Is Amazon’s Encryption Move Enough? appeared first on Security Boulevard.

Continue reading New S3 Encryption Feature, Is Amazon’s Encryption Move Enough?