Microsoft 365


Active Directory


Windows Server


Chance to win $250 in Petri 2023 Audience Survey


Amazon Web Services

Amazon Simple Storage Service (Amazon S3) Now Encrypts New Objects By Default

Rabia Noureen


Amazon Web Services announced yesterday that Amazon Simple Storage Service (Amazon S3) can now encrypt all new objects by default. The company says that S3 can automatically apply server-side encryption (SSE-S3) for each new object without any performance degradation.

Amazon Simple Storage Service (also known as Amazon S3) is a web-based cloud storage service. It’s designed to securely back up and archive applications and data on Amazon Web Services. It provides support for several security and compliance certifications and helps to make web-scale computing easier for developers. Some popular use cases include software delivery, disaster recovery, application hosting, and more.

Currently, AWS provides three encryption methods that enable customers to encrypt their objects. These include default S3 default encryption (SSE-S3), AWS Key Management Service keys (SSE-KMS), and customer-provided encryption keys (SSE-C). It’s also possible to protect the client side with add an additional layer of encryption using the Amazon S3 encryption client and other libraries.

AWS server-side encryption

How does the Amazon S3 Server Side Encryption work?

Previously, IT Pros had to ensure that SSE-S3 is properly configured on all new S3 buckets. The latest update brings a “zero-click” approach to apply the base level of encryption on each bucket. Moreover, it makes it easier for organizations to meet their compliance requirements.

“Amazon S3 Server Side Encryption handles all encryption, decryption, and key management in a totally transparent fashion. When you PUT an object and request encryption (in an HTTP header supplied as part of the PUT), we generate a unique key, encrypt your data with the key, and then encrypt the key with a master key. For added protection, keys are stored in hosts that are separate and distinct from those used to store your data,” Amazon Web Services explained.

Amazon S3 Can Now Encrypt New Objects By Default

Amazon Web Services says that the default object-level encryption is available for S3 customers in all AWS Regions. IT administrators can configure AWS CloudTrail data event logs to verify that it’s enabled on their buckets. They can view the changes in the S3 section of the Amazon S3 Inventory, AWS Management Console, and Amazon S3 Storage Lens in the next couple of weeks.

Article saved!

Access saved content from your profile page. View Saved