What is PCI DSS?
To begin with, the Payment Card Industry Data Security Standards (PCI-DSS) provides a checklist with which organizations dealing with online credit card payments have to comply. Such list ascertains organizations follow the appropriate security standards to prevent any breach cases from occurring. Otherwise, merchants who refuse to comply face with great financial penalties thereafter.
What is HIPAA?
Health Insurance Portability and Accountability Act (HIPAA) is legislation which is concerned with making the medical information as safe as possible through making sure of data privacy and other security provisions.
Cyber attacks and ransomware attacks deploy upon health insurance data including both insurers and providers of such service. Such attacks are of a great concern of HIPAA. HIPAA aims to protect such sensitive data from any potential breaches on contaminated systems.
Why Data Encryption at Rest?
An essential requirement which both PCI DSS and HIPAA enforces to be applied inside an organization’s system is to have the sensitive data either cardholder data or health insurance data respectively in an encrypted format.
Before we proceed on to this point, let’s get some more insight about the notion of data encryption. Encrypting data means having data in another form, or code. This is such that having access to the decryption key is a must to understand such stored data.
Almost all organizations depend on this technique since it has been extremely popular and effective in securing data. Getting into more details, there are two sorts of encryption commonly in use around the globe. These are asymmetric encryption or the public key encryption method, and the symmetric encryption.
Symmetric encryption has privilege over the asymmetric encryption due to its speed. During the process, an exchange of the encryption key occurs between the sender and recipient before decrypting it.
Accordingly, huge quantities of keys have to get distributed and managed by companies in order for them to be capable of utilizing such encryption method. Therefore, it has become usual for companies to use a symmetric algorithm to encrypt data. After this, we use an asymmetric algorithm for the sake of exchanging the secret key.
On the other hand, asymmetric encryption or public-key cryptography uses two different keys: one public and one private. At the same time when a public key is known and everyone can share it, the private key is highly protected for security purposes.
One of the most widely used encryption algorithms is Sharmir-Adleman (RSA) algorithm. One could secure sensitive data through such an algorithm which depends on the public key cryptography technique. The insecure network just as the internet is a perfect place to harness such an algorithm.
The confidentiality, integrity, authenticity, and non-reputability of electronic communications and data are assured by the use of such algorithm which encrypts data using both the public and private keys before sending it to an insecure network. Digital signatures are used within such process as well.
What is AES?
The Advanced Encryption Standard (AES) also known as Rijndael is a means of encrypting data. Originally, the U.S. National Institute of Standards and Technology created such specification back in 2001.
With the evolution of such standard, the Data Encryption Standard (DES) became superseded and not used anymore for any advanced encryption purposes in organizations seeking high levels of security. The US government also adopted AES and made use of it in data encryption.
The symmetric key encryption algorithm is adopted by such standard, which means that encrypting and decrypting the data both use the exact same key.
What does Amazon S3 offer in this regard?
Amazon Simple Storage Service is a service where collecting, storing, and analyzing data of different formats and sizes could be possible and easy. Through Amazon Web Services (AWS), one can store and retrieve back.
Sources of such data could vary from websites and mobile apps to corporate applications, and data from sensors or devices of the Internet of Things (IoT). Media storage and distribution have the capability to depend on Amazon S3. This is such as the “data lake” for big data analytics. Even computation applications which are serverless can utilize Amazon S3.
Mobile device photos and videos or other captured data, backups of mobile or other devices, backups of a machine, log files generated by a machine, streams created by an IoT sensor and images which are of a high resolution could all efficiently make use of Amazon S3.
It is then possible to configure Buckets of Amazon S3 for server-side encryption (SSE) making use of AES-256 encryption.
What can Amazon EC2 offer for decryption?
One could use instance storage on Amazon EC2. Such instance storage allows for data to become stored in a temporary period of time. Information that frequently changes, such as buffers, caches, and scratch data are the mostly stored on such instance storage but in an unencrypted format.
One could utilize Linux dm-crypt in this process. It is essentially a Linux kernel-level encryption mechanism. It is possible to mount an encrypted file system, making it available to the operating system. Then, applications can easily deal with all files in the file system with no more needed interactions.
Dm-crypt basically resides between the physical disk and the file system. Data becomes encrypted when writing it from the operating system into the disk as shown in the following figure.
Finally, it is important to note that an application never knows a thing about such encryption. That is due to the fact that applications use a specific mount point to store and retrieve files. In the meanwhile, encryption occurs on such data during storage in the disk. Therefore, there is no use of data if the hard disk becomes stolen or lost.