My TechDecisions

IT Infrastructure, News

Amazon S3 Will Now Encrypt Objects by Default

AWS has announced that Amazon S3 will encrypt all new objects by default and automatically apply server-side encryption for each new object.

Leave a Comment

AWS S3
stock.adobe.com/Sundry Photography

AWS has announced that Amazon S3 will encrypt all new objects by default and automatically apply server-side encryption for each new object unless specified otherwise.

Server side encryption (SSE) for Amazon’s Simple Storage Service (Amazon S3) was first introduced in 2011, with users given the ability to request encrypted storage when storing a new object or copying an existing object.

Encryption by default puts another security best practice into effect automatically and the change has no impact on performance, according to AWS. No user action is needed, and S3 buckets that do not use default encryption will now automatically apply SSE-S3 as the default setting.

However, users can choose one of three encryption options: the new default SSE-S3 setting, customer-provided encryption keys or AWS Key Management Service keys.

“To have an additional layer of encryption, you might also encrypt objects on the client side, using client libraries such as the Amazon S3 encryption client,” the company says in a blog post.

Previously, opting in to SSE-S3 meant that users had to certain that it was always configured on new buckets and verify that it remained configured property over time. For organizations that require all objects to remain encrypted at rest with SSE-S3, this update helps meet those compliance requirements without any additional effort, the company says.

“With today’s announcement, we have now made it ‘zero click’ for you to apply this base level of encryption on every S3 bucket,” the company says.

The change is visible in AWS CloudTrail data event logs, and users can also see changes in the S3 section of the  AWS Management ConsoleAmazon S3 InventoryAmazon S3 Storage Lens, and as an additional header in the AWS CLI and in the AWS SDKs over the next few weeks.

To verify the change, users can configure CloudTrail to log data events.

Read AWS’ blog for more information.

If you enjoyed this article and want to receive more valuable industry content like this, click here to sign up for our digital newsletters!

Reader Interactions

Leave a Reply

Your email address will not be published.

Get the FREE Tech Decisions eNewsletter

Sign up Today!

Latest Downloads

Download TechDecisions' Blueprint Series report on Security Awareness now!
Blueprint Series: Why Your Security Awareness Program is Probably Falling Short

Learn about the evolution of phishing attacks and best practices for security awareness programs to ensure your organization is properly prepared t...

Workplace Collaboration Tools for Corporate Spaces
Workplace Collaboration Tools for Corporate Spaces

From lobbies and shared spaces to conference rooms and multipurpose facilities, you need high-performing AV technology to effectively share informa...

ChatGPT, generative AI, enterprise, workplace
Blueprint Series: ChatGPT and Generative AI in the Workplace

This latest release of the TechDecisions Blueprint Series explores the new phenomenon of tools such as ChatGPT and how IT leaders should go about d...

View All Downloads

Would you like your latest project featured on TechDecisions as Project of the Week?

Apply Today!
Sharp Microsoft Collaboration HQ Logo

Learn More About the
Windows Collaboration Display

More from Our Sister Publications

Get the latest news about AV integrators and Security installers from our sister publications:

Commercial IntegratorSecurity Sales

AV-iQ