Amazon Simple Storage Service (S3) is as the name suggests: an online storage service from online giant Amazon. The service can store and retrieve any amounts of data at any time and is designed to make web-scale computing easier for developers. It allows them access to the scalable, secure, fast and inexpensive infrastructure that Amazon themselves use to run their websites.
But how secure is the service? Are you thinking of using it to host your website’s files on? Even if you’re not, you should probably still be aware of the security that Amazon S3 offers. This is because a lot of sites use S3 to store their data on, some of which could be yours. For example, Dropbox (the popular cloud storage service) uses S3 as their storage facility, so if you use that service then your data is only as secure as Amazon makes it.
According to Amazon, “S3 is secure by default”. This is because only the owners have access to the resources that they create and there is user authentication to control access to data. Methods such as bucket policies and Access Control Lists mean that you can pick and choose the permissions of users. Uploads and downloads are also processed via SSL endpoints and using the HTTPS protocol.
There are lots of ways that you can control who has access to the data stored on S3. The first method is Identity and Access Management policies, which lets businesses with multiple employees to create and manage users under a single account. Users can have control granted to them for only single objects or folders if wished. A second method is bucket policies. These allow you to restrict access based on an aspect of the request, like where the users were referred from or what their IP address is. There is also query string authentication as a method to control access, where users can create a URL to an unloaded file that is only active for a limited period.
Data stored on Amazon S3 can be encrypted for extra protection. You can control the keys used to encrypt for an extra layer of security, or you can let Amazon handle this for you. If you use Server Side Encryption then 256-bit Advance Encryption Standard will be used, which is one of the strongest block ciphers possible. These keys themselves are encrypted by a separate master key that changes at least monthly. All the keys and encrypted data are stored on separate hosts, offering even greater protection.
Nothing is ever truly secure when it is stored online, but Amazon S3 makes sure that it does everything in its power to keep your data protected – it has even been certificated compliance with low level government protection. You can read more in a document they produced in 2011 called Overview of Security Processes, which goes in to great technical detail about how the data is stored and how it is accessed. For a storage service, Amazon S3 is pretty impressive in the steps it takes to keep your data safe.
Amazon S3: Security Considerations
Comments
No comments yet. Sign in to add the first!