Amazon S3 users can now bring their own encryption keys

Up until this week, users of Amazon’s S3 storage had to rely on Amazon Web Services(s amzn) to provide and manage their server-side encryption keys.

Now those users can instead opt to supply their own keys and manage them on site themselves or use Amazon’s Cloud HSM dedicated hardware to manage them. Or they can just continue to let Amazon manage the keys in its cloud, according to the AWS Blog.

This is a step forward, but users still need to be vigilant. Most security experts recommend that users encrypt their own files locally before uploading them,  said David Mytton, CEO of Server Density.

In other Amazon encryption news, controversy erupted earlier this week over Amazon’s continued use of TrueCrypt encryption for files moving into and out of S3 storage after TrueCrypt itself was shut down a few weeks ago by its creators, citing security concerns.

Update: An AWS spokewoman later noted that AWS Import/Export is the only AWS service that uses TrueCrypt. “AWS is aware of the statement on the TrueCrypt website and contines to monitor it closely,” she said via email.


This story was updated at 7:57 p.m. PST with Amazon comment on TrueCrypt.