When you use S3 Storage Encryption:
- The communication from FileCloud to AWS will use SSL encryption resulting in complete protection for data in transit.
- Once the S3 is setup correctly, a new field called S3 Encryption will be available under Amazon S3 Storage Settings.
FileCloud supports the following Server Side Encryption:
|Server-Side Encryption with Amazon S3-Managed Keys (SSE-S3)
|All data is encrypted at rest using AES256 bit encryption. The data can only be accessed using the supplied key/secret credentials. The data will be accessible via S3 Console
Note: Even though the encrypted data is accessible directly from the S3 console, do not access the data if it was created by FileCloud Managed storage, as doing so will cause data corruption to occur. In this case, the data should only be modified by FileCloud.
|Server-Side Encryption with AWS KMS-Managed Keys (SSE-KMS)
|Similar to SSE-S3 but the key itself is managed using Amazon's KMS service. This allows management of specific keys and their permissions for encrypting the data. The data is still encrypted at rest and is accessible via S3 Console with appropriate credentials.
|Server-Side Encryption with Customer-Provided Keys (SSE-C)
|This is a new support available from FileCloud v15 on-wards. The data will be encrypted using customer supplied 32 bit encryption key. This option will have SLOWER performance due to restriction on how this data can be decrypted (Amazon server will NOT be able to decrypt the data and the data has be first downloaded to FileCloud server and decrypted). The data will NOT be accessible via S3 console as well.
- Enabling encryption will start a process that attempts to encrypt all available data in the bucket as well as all new data.
- This process can take some time depending on the amount of existing data in the bucket.
- It is recommended that you modify the encryption setting when there is minimal activity on the FileCloud Server.
Although changing the Encryption setting can be done at any time, we recommend using off-peak hours to avoid any unexpected access issues.