Data encryption on the AWS Cloud

And when they happen, they impact hundreds of millions of current or potential customers as well as employees. The solution to secure this valuable asset is at the industry’s fingertips: easier than ever cloud data encryption. 

Data security for banking and financial sectors - what requirements to follow?

With a number of data security requirements for the financial sector, encryption is a sine qua non condition for these institutions to even exist. According to a report by Allianz, both cyber incidents and changes in regulation and legislation made it to the list of top 5 risks in financial institutions. What regulations are the most popular ones and do financial organizations from the EU need to comply with all of them?

• EU GDPR
  The European General Data Protection Regulation is a mandatory security framework by the European Union designed to protect its citizens’ personal data.  Businesses that process data in their operations, either manually or through automated mechanisms, must comply with the GDPR provisions or they will be fined with a maximum of  €20 million or 4% of annual turnover - depending on which one is larger.
  
   
• ISO/IEC 27001
  ISO/IEC 27001 is a global standard for reducing security risks and protecting information systems in the areas of: cyber attacks and resilience. It offers organizations guidance on how to improve their security and is not mandatory, but highly recommended to implement in financial sectors as it focuses on golden standards for sensitive data processing.
  
   
• PCI DSS
  Payment Card Industry Data Security Standards is a set of standards for reducing credit card fraud and protecting the personal details of credit card holders that is mandatory and globally recognized. Failure to comply with PCI DSS, which focuses mainly on securing data in the processing, storing and transferring stage, may result in fines from $5,000 to $100,000 per month until compliance is achieved.

How can AWS cloud secure my company data through encryption?

Encryption in the AWS cloud can help financial institutions meet the highest standards for security and compliance. The cloud provides more comprehensive data protection capabilities than on-premise solutions especially for companies intending to scale up thanks to its pay-as-you-go billing model which translates into traceable cost management as well as greater, faster and easier access to adding new resources on the cloud.  AWS cloud data encryption is a critical component of the security strategy designed so that if one security mechanism fails, there’s at least one more still operating. When used correctly, it can provide an additional layer of protection above the standard level. And to protect your data on the cloud, you need to first decide how to manage your encryption keys. 

Cryptographic encryption keys can be either created by AWS or by you (as in Customer Managed Keys or Bring Your Own Key approach). The best practice to maximize key security is to use a hardware security module (HSM) - a specialized computing device equipped with a number of security mechanisms preventing encryption keys from leaving the device.

With AWS you can use two models of securing encryption keys. These are:

• AWS Key Management Service in which keys are managed by AWS on your behalf. 
• AWS CloudHMS in which a cloud object is used by only one company managing its own keys. This solution provides the highest possible encryption level.

What makes AWS HMS solution exceptionally secure is its HMS tamper response mechanism in which when the device detects physical or attempts to access keys without authorization, it destroys the keys before the attack succeeds. No API interface means no one can access encryption keys once they have been placed in HMS. And so, your data, data of your clients and your reputation is safe and secure with AWS.