Amazon S3 Encryption

Olga Weis

With the security concerns on the rise, one needs to carefully choose a cloud service provider and keep in mind that your organization should comply with certain regulations when uploading data online. Any strategy you choose for keeping your data safe and secure should include encryption. Cloud encryption solutions convert your data into a code unreadable without a decryption key. So even if an unauthorized party gets access to your encrypted files, they will not be able to make use of its contents without the key.

Amazon S3 encryption

Here we will talk about Amazon S3 encryption options

Data on Amazon S3 (Simple Storage Service) is organized into buckets. Within the buckets, the data, or objects, are identified by a unique user-assigned key. To use Amazon S3 one needs to create an account on Amazon Web Services (AWS). What adds to Amazon S3 data protection is that access to it is restricted according to the control list defined for each bucket and object. Bucket owners can create an authenticated URL with limited validity, e.g. 30 minutes, to share the contents of their buckets with others.

Amazon S3 data security starts with protecting a connection to the service while moving data to from your computer to the cloud – it’s done with the help of SSL scheme. When the data is already on the cloud, there are two ways to protect it – client side and server side encryption. Client side encryption is designed in such a way that AWS never receives encryption keys and unencrypted data. All encryption and decryption is done in cloud encryption software – a symmetric key is generated by Amazon S3 client, then your data is encrypted by the master key and stored in Amazon S3.

In case of server side encryption AWS S3 uses its own encryption key and removes from the memory once the encryption is done. When a client provides the decryption key, the encrypted symmetric key is retrieved and decrypted with client’s real key, then it is used for decrypting the data. Here is a catch – since the symmetric key is stored at AWS side, the client does not fully control the keys and their use.

Server side encryption allows customers to use their own encryption keys. AWS S3 encrypts the data and removes the decryption key from the memory. To get your object data you have to provide the same encryption key as part of your request. If a client loses the key, there is no way to retrieve it – the data will be lost.

CloudMounter encryption

Apart from data encryption what matters is the way you manage your data on Amazon S3 – the best option would be to get a special Amazon app for Mac to do it for you. CloudMounter by Eltima Software enables you to mount Amazon cloud drive on your machine so you can browse through it as if it were just another local or network drive. Unlike in the case with the native Amazon S3 client Mac owners do not have to duplicate data locally and online, thus saving precious space on your hard drive. You can choose to connect your entire account on Amazon S3 or only specified buckets. Keep your data safe and secure at all times.

/ / / Amazon S3 Encryption


Requirements: OS X 10.10+ , 13.1Mb free space
Version 3.4.546 (9th Sep, 2018) Release notes
Category: System Utilities