Amazon Web Services and Data Security - Why this Tech-giant Recommends Encryption
This article has been updated in March 2019.
It is not really news that Werner Vogels, CTO of Amazon, recommends encryption. In 2015, in an interview with the German newspaper “Die Zeit” he asked everybody using the cloud to encrypt their data, at the very least their sensitive data. In 2016, he repeated this demand to Business Insider: "We really want to be in the position where only the customer has access to the data …. Not us and not anybody else." What is the motivation behind this request? It turns out that encrypted data is not only a minimized risk for the owner of the data, but also for the cloud provider that stores it.
Market Leader in Cloud Services: Amazon AWS
Amazon is the uncontested market leader in cloud services at this moment, with two third of market shares. Microsoft comes in second with over 13% (last checked March 2019). AWS (Amazon Web Services) offers its services for 13 years now. They are not only about cloud storage, but also offer server capacity, networks, databases and administration tools. These extensive cloud solutions are relevant for large companies and enterprises. The streaming provider Netflix stores all its data (more than 1 petabyte/1000 terabyte in movies) at Amazon S3, as well as Airbnb, Pinterest, or Expedia. However, Amazon also has a lot to offer for small businesses.
Encryption and International Compliance
At this year’s Mobile World Congress in Barcelona Vogels stated that
You cannot have a connected business, or an Internet-connected business and not make security and protection of your customers your number one priority.
By now, the vast majority of business are Internet-connected, so neglecting the issue of security is very risky. But, the security of their customers is not the only reason for Amazon pushing encryption. Amazon, as well as any other international company, faces a huge dilemma in terms of privacy.
Amazon has to comply with privacy laws in every country in which they are active. It is an American enterprise with server locations spread worldwide. When Amazon collaborates with a European company they have to honor European privacy regulations. At the same time, American laws have to be abode. This can lead to conflicts, in the case of American authorities demanding data of a European company, for example for ongoing investigations.
Encryption is the key for this dilemma: If the provider has no access to the customer’s data, it is not able to hand information over to authorities. It is in the interest of Amazon not to get negative press through such conflicts. To comply with different national privacy laws is easier if the data is encrypted and the users manage the keys.
Amazon’s AWS for Small Companies
For smaller and medium sized companies as well as private use, the storage service S3 (Amazon Simple Storage Service) and Amazon Cloud Drive are most relevant. At S3 you only pay for the storage you actually use. The offer is very flexible in this respect, and can of course be used in combination with other cloud offers by Amazon. By now, the customer can even choose in which country the data should be stored. This is especially relevent for companies with compliance regulations that require storage in certain countries. AWS offers a global infrastructure, with a list of 60 availability zones in 20 geographical regions to choose from.
For compliance reasons it is very convenient for companies to be able to choose. This is why e.g. Box also offers storage zones.
S3 is designed as a cost-efficient storage solution, not for working with your data in the cloud. This is the main difference to other providers, such as Dropbox, Google Drive, or OneDrive. These use a sync-client so you can share, edit and sync your data in the cloud comfortably.
Compared to that, Amazon Cloud Drive is connected to your Amazon account and is designed mainly to store and use music, images and videos. 5 GB are free, so you can store about 1000 songs. Amazon Prime customers can store all their pictures at Amazon Cloud Drive, without any additional costs.
Amazon and Cloud Encryption
Amazon is promoting encryption, and of course they offer it themselves, too. But an independent encryption solution adds another layer of security with “zero knowledge” standard. You can use Amazon S3 and Amazon Cloud Drive with additional encryption by Boxcryptor.
The Amazon.com chief technology officer said he supported “zero knowledge” hosting in which encryption allows the cloud provider to have no knowledge of what the customer uses the services for. “It's something we've been pushing our customers for years now,” he said.
A reliable and user friendly solution for that is Boxcryptor, the encryption solution with the quality feature “Made in Germany”. With this encryption solution you alone manage the keys. Your data is encrypted before you upload it to the cloud. We have no access to your password or encryption key. The password is securely hashed, and therefore unidentifiable, before it reaches our servers. The keys are generated directly in your browser. You keep full control and neither Amazon, nor us, can access your unencrypted data at any time.
Encryption is carried out with a combination of AES-256 and RSA-encryption. The first is one of the most frequently used and most secure encryption techniques. In combination with the asymmetric RSA encryption, your data is protected at the highest possible standards.
Zero Knowledge Encryption by Boxcryptor Protects Your Data
Start protecting your company's data in the cloud or on your NAS with zero knowledge encryption. Find out how we enable your team to collaborate easily, while your company's data is secure all the way.