AWS CloudFront Field Data Encryption, Protection for the Rest of Us →
Superlative AWS blog post by Alex Tomic and Cameron Worrell, detailing some of the best news yet in encryption capability on Amazon Web Services - table contained field level encrytion. With prudent end-to-end cryptographically protected data objects, I cannot emphasize how important it is to make this form of data-at-rest encryption available to your Security Architects, DBAs, Developers and Security Engineers as part of that end-to-end solution. Outstanding.
"Field-level encryption addresses this problem by ensuring sensitive data is encrypted at CloudFront edge locations. Sensitive data fields in HTTPS form POSTs are automatically encrypted with a user-provided public RSA key. After the data is encrypted, other systems in your architecture see only ciphertext. If this ciphertext unintentionally becomes externally available, the data is cryptographically protected and only designated systems with access to the private RSA key can decrypt the sensitive data." - AWS Blog Posting by Alex Tomic and Cameron Worrell