Which encryption approach keeps the keys and algorithms known only to the customer?

Disable ads (and more) with a premium pass for a one time $4.99 payment

Prepare for the Amazon Web Services (CISN 74A) Security Test with our interactive quizzes. Use multiple choice questions with detailed hints and explanations to ace your exam.

Client-side encryption is the approach that ensures both the keys and the algorithms used for encryption are known only to the customer. In this method, the data is encrypted on the client side before it is sent to the storage service, such as Amazon S3. This means the customer has complete control over the encryption process, allows them to securely manage their own encryption keys, and protects the data from unauthorized access, even from service providers.

Since the client handles the encryption, it can choose any algorithm and key management approach it deems fit, enhancing the overall security posture. This level of control is particularly important in scenarios involving sensitive information where compliance requirements mandate stringent data protection measures.

On the other hand, server-side encryption with Amazon S3 managed keys and AWS Key Management Service (KMS) involve the service provider managing the keys or encryption processes, which does not grant the same level of confidentiality as client-side encryption does.