1. Home
  2. Training Library
  3. Designing Storage solutions in AWS - Level 3

Client-Side Encryption with Customer Provided Keys (CSE-C)

Start course
Overview
Difficulty
Advanced
Duration
1h 9m
Students
1
Description

This course covers the core learning objective to meet the requirements of the 'Designing storage solutions in AWS - Level 3' skill

Learning Objectives:

  • Evaluate the different Amazon S2 encryption meachanisms available for both client and serfver cryptographic operations
  • Create a file storage strategy for complex organizations
  • Analyze the differenr AWS storage services available to implement a hybid storage solution based upon different data set sizes, business requirements, and cost optimization
Transcript

Client-Side Encryption with Customer Provided Keys, CSEC. The encryption process is as follows. Using an AWS SDK, such as the Java client, it will randomly generate a plain text data key which is used to encrypt the object data. The customer provided CMK is then used to encrypt this client-generated data key. The encrypted object data and encrypted data key are then sent to S3. S3 will then store the encrypted object data and associate the encrypted data key as metadata of the encrypted object data. The decryption process is as follows. A request is made by the client to S3 to retrieve the object data. S3 sends both the encrypted object data and the encrypted data key back to the client. The customer-provided CMK is then used to decrypt the encrypted data key. The plain text data key is then used to decrypt the object data. You should now have a deeper understanding of the process of encryption and decryption for each of the encryption methods that S3 offers. 

It is a simple process to apply encryption, but understanding what's happening behind the scenes, is essential from a security standpoint. Especially when you are responsible for maintaining the integrity of the data stored in S3. Many of us have seen and heard the news whereby large, international organizations have failed to apply either correct level of permissions, or, indeed, an encryption mechanism to customer data which has been accidentally exposed. Causing a detrimental effect to all organizations involved. 

To accompany this course, I've also created an infographic which shows all five encryption options and this can be found using the link on screen. I have also added this URL within the transcript of this lecture. 

If you have any feedback on this course, positive or negative, please do get in touch with us here at Cloud Academy by sending an email to support@cloudacademy.com.

Thank you for your time, and good luck with your continued learning of cloud computing. Thank you.

About the Author
Students
207448
Labs
1
Courses
211
Learning Paths
163

Stuart has been working within the IT industry for two decades covering a huge range of topic areas and technologies, from data center and network infrastructure design, to cloud architecture and implementation.

To date, Stuart has created 150+ courses relating to Cloud reaching over 180,000 students, mostly within the AWS category and with a heavy focus on security and compliance.

Stuart is a member of the AWS Community Builders Program for his contributions towards AWS.

He is AWS certified and accredited in addition to being a published author covering topics across the AWS landscape.

In January 2016 Stuart was awarded ‘Expert of the Year Award 2015’ from Experts Exchange for his knowledge share within cloud services to the community.

Stuart enjoys writing about cloud technologies and you will find many of his articles within our blog pages.