Amazon recently announced a new server side encryption facility for their popular S3 service.  It employs AES-256 to encrypt objects much the same way KEYBOX does with secrets on your iPhone.  In and of itself there is nothing wrong with this, except perhaps the marketing.

My biggest gripe with Amazon’s server side encryption solution is how they promote encryption as something best not done by the client.  They cite messiness and difficulty as reasons for this.

It’s Called Wiretapping for a Reason

The objects transferred to/from S3 should be encrypted end-to-end.  They traverse a wide array of devices on their way from the client to S3 including home Wi-Fi networks, ISP networks etc…  Each of which may be monitored.

The only way to be certain the objects are kept secure is to perform encryption on the client side before any objects make it out onto the network.  If HTTPS is available, it should be used to shuttle the data to S3  (I can find no indication that the objects transferred to and from their servers are encrypted en route, as in HTTPS).

The Value in Encrypted Storage

Once the objects are stored in S3 there still may be value in encrypting them.  Machines break, get hacked into, get confiscated by law enforcement.  If you need to encrypt data in the first place it’s a good bet you want to be able to provide guarantees that it’ll remain secret despite these threats and not being the true master of the physical machines in which this data resides.  From this perspective server side encryption as an additional layer of security is valuable.

Conclusion

Everybody knows security is hard.  To pretend otherwise is irresponsible.  Amazon should exercise more caution in how it promotes this facility and not try to convince developers that it’s a magic bullet for their encryption woes.  The old adage: If you want it done right you gotta do it yourself applies here.