Article

Using S3 Encryption to Protect Your Data

S3 encryption can deliver added protection to your cloud storage infrastructure. Learn about the types of S3 encryption and how to set them up.

 S3 object storage can be used to address virtually any kind of storage need. This makes object storage a choice option for storing vital data that can be protected, as well as readily accessed or backed up when needed. When paired with the added flexibility, usability, and security of Seagate Lyve Cloud, enterprise data lakes can become vital components of a greater multicloud environment. In this article, we will specifically speak to data encryption—namely S3 data encryption and how it protects data.  

What Is Data Encryption? 

Data encryption is a way of transforming data to a form that cannot be understood by non-eligible actors. Eligibility of data access is established through the possession of a key that should be used to view the original content behind the encrypted text. Once encrypted, the text is called a ciphertext.  

Broadly, there are two types of encryption mechanisms:

  • Symmetric Key Encryption: This uses the same key for encrypting and decrypting text. 
  • Asymmetric Key Encryption: This uses both a public key and a private key.  

Is Encryption safe? 

Encryption is a safe way to keep your data secret, provided you select a decent length for your encryption key. 256-bit encryption, which is standard for most encryption requirements, is still not crackable in a realistic timeframe—even after the advent of quantum computers. This is not to say, however, that encryption will be safe forever.  

While cracking the encryption through brute force is a near impossibility at this stage, encryption often gets compromised because of the following reasons: 

  • Backdoors: Some organizations are alleged to leave a backdoor to their code in case they themselves need to view the customer data or debug in the event of a disaster. Backdoors are a means to bypass the encryption system and access the data directly. 
  • Private Key Handling: The success of an encryption mechanism depends on the secure handling of the key that was used to encrypt the data. This is often overlooked, and the key makes it into the hands of attackers. 
  • Government Pressure: There might be pressure on the companies to let go of the encryption keys in the case of national security concerns. 

Lyve Cloud: Secure Service Standards  

Lyve Cloud’s data security possesses a mature information security management system that delivers high performance across five areas: 

  • Privacy: Access control, two-factor authentication, encryption  
  • Security: Network firewalls, two-factor authentication, intrusion detection 
  • Availability: Performance monitoring, disaster recovery, security incident handling 
  • Processing Integrity: Quality assurance, processing monitoring 
  • Confidentiality: Encryption, access controls, network firewalls 

Lyve Cloud Security Feature: Privacy and Encryption 

Lyve Cloud prioritizes encryption of data in flight to maintain the integrity of information, comply with data governance, and uphold data privacy standards. It does this through the user-friendly Lyve Cloud console.

  • Login Security: Within the Lyve Cloud portal, users can create user accounts to manage S3 buckets and S3 subscriptions. This is done using two-factor identification for added privacy.  
  • Data Compliance: When creating buckets within the Lyve Cloud portal, users can enable compliance mode and object versioning to ensure data cannot be tampered with or changed for a fixed amount of time.  
  • S3 Policies: Users can easily create custom permissions for buckets developed within the Lyve Cloud portal. The account through which permissions were created will have its own access key.  

How Does Lyve Cloud S3 Encryption Work?  

When data is transmitted over to Lyve Cloud’s storage, Seagate assures confidentiality starting with the transport layer security (TLS). Data first moves through the TLS, then continues through authentication, as well as integrity validation via Lyve Cloud’s API protocol. Next, data undergoes encryption with secure key management, followed by a cryptographically secure erasure process.  

What is Lyve Cloud Encryption and Key Management?  

Data encryption and key management are key security features of Lyve Cloud. With Lyve Cloud, all data is encrypted before it’s stored Data goes through the Lyve Cloud encryption process regardless of whether it was already encrypted.  

Types of Lyve Cloud S3 Encryption 

S3 comes with built-in support for encryption. Encryption can be enabled at both the object level or the bucket level and offers two kinds of encryption:  

  • Server-side encryption with a client-provided key  
  • Client-side encryption with a key generated by the Lyve Cloud key management system 

In both cases, the object encryption key (OEK) is generated using a cryptographically secure pseudorandom number generator, never being stored in text but rather in encrypted form.  
 
The difference between the two types of Lyve Cloud S3 encryption occurs when the OEK becomes encrypted by the key encrypting key. The key encrypting key is generated by an algorithm using either the client-provided key or the Lyve Cloud key management system.  
 
S3 encryption is a great way to ensure your data is not accessible to unwanted actors or attackers. The wide variety of options and the ease of configuring the settings through the console make it a good way to get maximum security with minimal overhead.