Amazon has introduced a variety of new security features to address the series of issues that have plagued the cloud system since its inception. The stand out feature for us: encryption.
After a sequence of misconfigurations and data breaches involving Amazon’s cloud software, the company has finally said ‘enough is enough’ and on Monday announced the release of five new security features for Amazon’s Simple Storage Service (S3). The objective: to help customers store and manage their data in a more secure manner with one of the key features being encryption. This means that users can instruct that all objects in a AWS bucket to be stored in encrypted form by installing a bucket encryption configuration. Should an item that is unencrypted be located within S3, the item will be encrypted (if necessary) using an encryption option specified for the bucket.
Companies that are seeking a system that offers total security that can be integrated alongside any cloud service then the eperi Gateway looks to encrypt information before it goes into the cloud, while in use, in motion and at rest.
The next major story of the week involves the University of East Anglia in Norwich which had accidentally leaked an employee’s confidential and sensitive health information in a mass email that was sent to an estimated 300 postgraduate research students from the social science faculty. Unfortunately, the same university also made a similar mistake no less than a few months ago after a staff member leaked confidential and highly sensitive information of students in a mass email that was sent to hundreds of other undergraduates.
With such sensitive Personally Identifiable Information stored within the walls of these educational institutions, data security needs to be addressed. Encrypting the data provides the most suitable security because if the information were to be leaked, it will remain scrambled to the user due to them not having the encryption keys. The fact that these two leaks have occurred over a short space of time is troubling and the University of East Anglia, and all educational institutions for that matter, must ask themselves are doing all they can to protect critical information, especially as GDPR fast approaches.