AWS s3 Encryption and Data Protection

By Ameesh Divatia, CEO and co-founder | August 2, 2022

Having just returned from AWS’s security event, re:Inforce, in Boston, after a three-year hiatus, I was inspired and encouraged by what I learned looking around the busy show floor, my first thought was, “We’re back!” Conferences energize me and give me a way to get first-hand perspectives about market trends and where companies are focusing their time and budgets.

One main takeaway from the show is that data security is rapidly emerging. Kurt Kufeld, VP of AWS Platforms, said in his keynote, “Encryption is the core component of a good data protection strategy,” along with a call to action to “Encrypt Everything”! Focusing on tools that discover which data is subject to compliance is one thing, but companies must mitigate risk and protect their data. Data is really where the threats will persist, so companies must build security into the data pipeline as new data gets created, transported, and processed.

Why data security? Why now? Compliance. If the data shows up in the wrong place, a company can get into a lot of trouble with compliance. We gleaned some interesting results from a survey conducted with Enterprise Management Associates. Not only did 93% of respondents say that they have lots of compliance-related effects on their budgets, but 75% of companies believe that it makes them better. They consider their security posture as a competitive differentiator. So, compliance is more than a nice-to-have proposition; it’s a critical business strategy.

In my conversation with Silicon ANGLE’s John Furrier, we talked about the volume of data growing exponentially. Companies need to address this growth by replacing traditional legacy tokenization with a more modern and efficient solution that protects data through the pipeline, not merely at each endpoint. Baffle does that as an inline reverse proxy layer that is invisible to the data storer, which encrypts and decrypts data on the fly. A proxy is the most efficient way of encrypting data, and it eliminates the need for app development resources. The cloud is uniquely suited for this kind of solution, with providers offering scalable processing and containerization, built-in redundancy, and reliable load balancing.

Baffle Data Protection Services provide a range of data encryption, tokenization, and de-identification methods to protect data in data stores and cloud storage environments with enhanced encryption configuration. Common methods that Baffle employs include:

  • A column or field-level encryption.
  • Format-preserving encryption (FPE).
  • Dynamic data masking.
  • Record-level encryption.

Baffle integrates with key management stores via a key virtualization layer. It also provides a local key store so you can use your own keys for data protection and authentication in the cloud.

With cyber-attacks increasing and the costs of data breaches and non-compliance rising, enterprises are adopting more security controls. However, hackers are always one step ahead. They have found more sophisticated methods, such as infiltrating the supply chain for software and embedding zero-day vulnerabilities that can be exploited. Reactive measures, such as observation and detection, cannot keep up. So, the protection model must transform to ensure that the controls are fail-safe and proactively protect sensitive data.

You can view Ameesh’s conversation on theCUBE here.

Learn more about Baffle’s ‘no-code’ proxy architecture for data security.