Protecting your Data on AWS

Article 32 of the GDPR requires that organizations must “[…] implement appropriate technical and organisational measures to ensure a level of security appropriate to the risk, including […] the pseudonymization and encryption of personal data [...]”. In addition, organizations must safeguard against the unauthorized disclosure of, or access to personal data.

Encryption reduces the risks associated with the storage of personal data because data is unreadable without the correct key. A thorough encryption strategy can help mitigate the impact of various security events, including some security breaches.

AWS and AWS Marketplace partners offer a variety of solutions for protecting sensitive data within the AWS platform, but for applications and data subject to rigorous contractual or regulatory requirements for managing cryptographic keys, additional protection is sometimes necessary. Previously, the only option to store sensitive data (or the encryption keys protecting the sensitive data) may have been in on-premises datacenters. This might have prevented you from migrating these applications to the cloud, or significantly slowed their performance.

AWS supports encryption at rest and in transit, provides key management options through AWS KMS and AWS CloudHSM, and enables client-side encryption through libraries like the AWS Encryption SDK. These services help customers comply with data protection regulations and align with industry security standards.

Warning Javascript is disabled or is unavailable in your browser.

To use the Amazon Web Services Documentation, Javascript must be enabled. Please refer to your browser's Help pages for instructions.

Document Conventions

Using AWS Services to Strengthen Compliance and Governance

Encrypt Data at Rest