-
How to secure your SaaS tenant data in DynamoDB with ABAC and client-side encryption
If you’re a SaaS vendor, you may need to store and process personal and sensitive data for large numbers of customers across different geographies. When processing sensitive data at scale, you have an increased responsibility to secure this data end-to-end. Client-side encryption of data, such as your customers’ contact information, provides an additional mechanism that…
-
AWS launches AWS Wickr ATAK Plugin
AWS is excited to announce the launch of the AWS Wickr ATAK Plugin, which makes it easier for ATAK users to maintain secure communications. The Android Team Awareness Kit (ATAK)—also known as Android Tactical Assault Kit for military use—is a smartphone geospatial infrastructure and situational awareness application. It provides mapping, messaging, and geofencing capabilities to…
-
Enable post-quantum key exchange in QUIC with the s2n-quic library
January 25, 2023: AWS KMS, ACM, Secrets Manager TLS endpoints have been updated to only support NIST’s Round 3 picked KEM, Kyber. s2n-tls and s2n-quic have also been updated to only support Kyber. BIKE or other KEMs may still be added as the standardization proceeds. At Amazon Web Services (AWS) we prioritize security, performance, and…
-
How to tune TLS for hybrid post-quantum cryptography with Kyber
January 30, 2024: The API in this blog post has been changed in newer version of the AWS CRT Client. See this page for more info. January 25, 2023: AWS KMS, ACM, Secrets Manager TLS endpoints have been updated to only support NIST’s Round 3 picked KEM, Kyber. s2n-tls and s2n-quic have also been updated…
-
How to use AWS KMS RSA keys for offline encryption
October 28, 2022: This blog post has been updated to reflect that CBC has changed to CTR, as well as a few more modifications. This blog post discusses how you can use AWS Key Management Service (AWS KMS) RSA public keys on end clients or devices and encrypt data, then subsequently decrypt data by using…
-
Introducing s2n-quic, a new open-source QUIC protocol implementation in Rust
At Amazon Web Services (AWS), security, high performance, and strong encryption for everyone are top priorities for all our services. With these priorities in mind, less than a year after QUIC ratification in the Internet Engineering Task Force (IETF), we are introducing support for the QUIC protocol which can boost performance for web applications that…
-
Hardening the security of your AWS Elastic Beanstalk Application the Well-Architected way
April 7, 2022: This post has been updated with sample Elastic Beanstalk application with hardened security configurations on GitHub. Launching an application in AWS Elastic Beanstalk is straightforward. You define a name for your application, select the platform you want to run it on (for example, Ruby), and upload the source code. The default Elastic Beanstalk configuration…
-
How to use tokenization to improve data security and reduce audit scope
April 25, 2023: We’ve updated this blog post to include more security learning resources. Tokenization of sensitive data elements is a hot topic, but you may not know what to tokenize, or even how to determine if tokenization is right for your organization’s business needs. Industries subject to financial, data security, regulatory, or privacy compliance…