According to the video, Ryan says that Encryption is a shared responsibility because the user has to select the encryption option and then AWS has to deliver on it. However, the aws documentation contradicts this, see below.
"Customers are responsible for managing their data (including encryption options), classifying their assets, and using IAM tools to apply the appropriate permissions."
https://aws.amazon.com/compliance/shared-responsibility-model/
Please could you provide more guidance on this.
1 Answers
Hi,
I understand it this way:
AWS offers encryption options like SSE (S3) and KMS encryption for your data. Just like any other service offered by AWS, the correct functioning and availability of these encryption services is AWS’s responsibility.
The document you refer to talks about your responsibility to ensure sensitive data is encrypted, as AWS would not choose to encrypt everything by default.
To simply put, Encryption at rest is Customer’s responsibility and Encryption in transfer is AWS’s responsibility