AWS re:Invent 2022
Protecting Secrets Keys and Data Cryptography for the Long Term Sec403

Title

AWS re:Invent 2022 - Protecting secrets, keys, and data: Cryptography for the long term (SEC403)

Summary

  • Peter O'Donnell, a principal solutions architect at AWS, discusses the importance of cryptography for long-term data protection.
  • The talk covers encryption in motion, secrets management, Cloud HSM, KMS, and the new External Key Store (XKS).
  • TLS 1.3 and its requirement for perfect forward secrecy are highlighted, with AWS uplifting its minimum TLS version.
  • Secrets Manager's new capability for automatic secret replication across regions is introduced.
  • KMS is recommended for key management due to its integration with AWS services and the security of the key hierarchy.
  • Cloud HSM is discussed as an option for customers needing specific controls or compliance with FIPS 140-2 Level 3.
  • AWS's commitment to data protection is emphasized through the introduction of the External Key Store (XKS) for customers needing to store key material on-premises.
  • Matt Campagna, a senior principal engineer and cryptographer at AWS, delves into the AWS Encryption SDK, post-quantum cryptography, and cryptographic computing.
  • The AWS Encryption SDK provides a secure and efficient way to perform envelope encryption using KMS.
  • AWS is preparing for the advent of quantum computing by implementing post-quantum hybrid key exchanges in services like KMS, Secrets Manager, and ACM.
  • Cryptographic computing advancements, such as private set intersection, are being developed to enable secure collaborative data analytics.

Insights

  • AWS is actively preparing for future cryptographic challenges, including the potential threat posed by quantum computing, by integrating post-quantum algorithms into their services.
  • The AWS Encryption SDK is designed to simplify the process of envelope encryption for developers, ensuring that data is encrypted securely and efficiently.
  • The introduction of the External Key Store (XKS) indicates AWS's responsiveness to customer needs for data sovereignty and regulatory compliance, allowing customers to store and manage encryption keys within their own facilities.
  • AWS's focus on cryptographic computing, such as private set intersection, shows a commitment to enabling secure data sharing and collaboration without compromising privacy or compliance.
  • The talk emphasizes the importance of continuous innovation and rigorous security practices to protect customer data, with AWS investing in both current and future cryptographic technologies to maintain a high standard of security.
Protecting Production with Amazon Ecs Security Features Con307Protecting Your Application from Bot Attacks Prt019