Meanwhile, in a LinkedIn post about DSSE-KMS by Joshua Bregler, a senior security manager at McKinsey Digital, Kieran Miller, a chief architect at Garantir, commented:ĭual encryption is great if the keys are stored separately and under control of different entities. DSSE-KMS makes it easier for highly regulated customers to fulfill the rigorous security standards, such as the US Department of Defense (DoD) customers. In addition, Irshad A Buchh, a principal solutions architect at AWS, states in an AWS News blog post:Īmazon S3 is the only cloud object storage service where customers can apply two layers of encryption at the object level and control the data keys used for both layers. If you didn't see this, please go have your cloud teams (or if that's you) enable this today (or your next maintenance window). Regarding the DSSE-KMS, Rob Fuller, a Red Team tactics trainer, tweeted: Users can leverage DSSE-KMS via the AWS CLI, AWS Management Console, or using the Amazon S3 REST API. Furthermore, DSSE-KMS helps protect sensitive data against the low probability of vulnerability in a single layer of cryptographic implementation. Each encryption layer employs a distinct cryptographic implementation library with its own data encryption keys. By leveraging IAM and bucket policies, users can also enforce DSSE-KMS. Additionally, they can set up their S3 bucket so that DSSE is automatically applied to all new objects.
The company designed DSSE-KMS to meet National Security Agency CNSSP 15 for FIPS compliance and Data-at-Rest Capability Package (DAR CP) Version 5.0 guidance for two layers of CNSA encryption.
Recently AWS launched Amazon S3 dual-layer server-side encryption with keys stored in AWS Key Management Service (DSSE-KMS), a new encryption option in Amazon S3 that applies two layers of encryption to objects when they are uploaded to an Amazon Simple Storage Service (Amazon S3) bucket.
0 kommentar(er)
