Data protection strategies for the cloud
Introduction
Welcome! To this lesson AWS's Key Management Service. Today, I will discuss data protection strategies
for the cloud, focusing on KMS and our overall approach to key management, key encryption, and data
encryption in AWS. We will cover an overview of KMS design, best practices for system performance,
protection, and policy management, as well as tips and guidance on new features in KMS. Let's dive in!
Why Use Data Protection on AWS?
There are two main reasons why customers come to the cloud for data protection. First, they want to
ensure the protection of valuable assets and data they bring into the cloud. This data could include
patents, pharmaceutical research, or customer data. Protecting this data is crucial for maintaining
customer trust and brand reputation. Second, many customers are required to protect data due to
privacy rules, regulations, and industry-specific compliance standards. Data protection can also unlock
data for faster agility and provide tools for automation and faster cloud workloads.
Building Cryptographic Tools
AWS builds cryptographic tools across every component, from layer one fiber optic encryption in data
center connections to layer 4 secure session communications. We are leaders in TLS technologies and
have advanced toolkits for building secure tunneling. We also invest in academic research for post-
quantum cryptography and crypto agility to provide protection in a post-quantum world.
Data Encryption in AWS
Data encryption in AWS is primarily focused on data at rest. This includes data written to storage such as
EBS, S3, or used in analytic workloads with EMR or Kinesis. AWS provides mechanisms for data
protection in all these services. Key Management Service (KMS) acts as an architectural building block for
data protection.
Services Supporting Data Encryption Integration
Starting in 2020, AWS set a goal for all services that handle customer data to provide an option to
integrate with KMS for data encryption. As a result, over 103 services currently support data encryption
integration with KMS, including S3, EBS, EC2, Lambda, Kinesis, Secrets Manager, CloudTrail, and many
more. This number is continuously growing as AWS launches new services.
Introduction
Welcome! To this lesson AWS's Key Management Service. Today, I will discuss data protection strategies
for the cloud, focusing on KMS and our overall approach to key management, key encryption, and data
encryption in AWS. We will cover an overview of KMS design, best practices for system performance,
protection, and policy management, as well as tips and guidance on new features in KMS. Let's dive in!
Why Use Data Protection on AWS?
There are two main reasons why customers come to the cloud for data protection. First, they want to
ensure the protection of valuable assets and data they bring into the cloud. This data could include
patents, pharmaceutical research, or customer data. Protecting this data is crucial for maintaining
customer trust and brand reputation. Second, many customers are required to protect data due to
privacy rules, regulations, and industry-specific compliance standards. Data protection can also unlock
data for faster agility and provide tools for automation and faster cloud workloads.
Building Cryptographic Tools
AWS builds cryptographic tools across every component, from layer one fiber optic encryption in data
center connections to layer 4 secure session communications. We are leaders in TLS technologies and
have advanced toolkits for building secure tunneling. We also invest in academic research for post-
quantum cryptography and crypto agility to provide protection in a post-quantum world.
Data Encryption in AWS
Data encryption in AWS is primarily focused on data at rest. This includes data written to storage such as
EBS, S3, or used in analytic workloads with EMR or Kinesis. AWS provides mechanisms for data
protection in all these services. Key Management Service (KMS) acts as an architectural building block for
data protection.
Services Supporting Data Encryption Integration
Starting in 2020, AWS set a goal for all services that handle customer data to provide an option to
integrate with KMS for data encryption. As a result, over 103 services currently support data encryption
integration with KMS, including S3, EBS, EC2, Lambda, Kinesis, Secrets Manager, CloudTrail, and many
more. This number is continuously growing as AWS launches new services.
