A company is storing sensitive customer data in an S3 bucket. They need to ensure data is encrypted at rest and that the encryption keys are managed by the cloud provider. Which encryption strategy should they use?
Trap 1: SSE-C (Server-Side Encryption with Customer-Provided Keys)
SSE-C uses customer-provided keys, not provider-managed.
Trap 2: Client-side encryption
Client-side encryption encrypts data before sending to cloud, not server-side encryption.
Trap 3: SSE-KMS (Server-Side Encryption with AWS KMS)
SSE-KMS uses customer-managed keys via KMS, not provider-managed.
- A
SSE-C (Server-Side Encryption with Customer-Provided Keys)
Why wrong: SSE-C uses customer-provided keys, not provider-managed.
- B
Client-side encryption
Why wrong: Client-side encryption encrypts data before sending to cloud, not server-side encryption.
- C
SSE-KMS (Server-Side Encryption with AWS KMS)
Why wrong: SSE-KMS uses customer-managed keys via KMS, not provider-managed.
- D
SSE-S3 (Server-Side Encryption with S3-Managed Keys)
SSE-S3 uses keys managed by AWS, meeting the requirement.