S3 Data Encryption – SSE-C and SSE-S3
- Tran Khanh Ngoc
Overview
With the increasing security threats and stricter legal requirements, it is essential to implement strong measures to secure data transit consistently. This includes data not only in transit but also at rest.
Protecting data stored on physical devices or in the cloud is crucial to any organization's IT security strategy. In this context, there are two main approaches to encrypting this data: client-side encryption (CSE) and server-side encryption (SSE).
|
|
|---|---|
| Allows customers to encrypt their data on their devices before sending it to the Fstorage server for storage. This ensures that the data remains encrypted throughout its entire lifecycle, providing a high level of security because the customer manages the encryption keys, which are never shared with Fstorage or any third parties. This approach requires customers to manage their keys carefully, but it is an ideal solution for those needing complete data security control. |
| Provides an alternative solution where data is encrypted when it reaches the Fstorage server. This is Fstorage’s responsibility, significantly reducing the security management burden on customers. There are two methods of server-side encryption:
HI GIO S3 Storage does not store your keys. If the key is lost, all data will be lost, and there is no way to recover it. |
End.