In the past, we had to deploy 3rd party disk encryption tools to handle EBS volume encryption, which inevitably leads to the root problem of how to securely manage the keys. Fortunately, Amazon has solved both problems with its new EBS volume encryption with built-in key management…
Amazon EBS encryption provides a simple encryption solution for Amazon EBS volumes without the need to build, maintain, and secure your own key management infrastructure. When creating an encrypted EBS volume and attaching it to a supported instance type, data is stored at rest on the volume. Disk I/O and snapshots created from the volume are all encrypted using AWS 256-bit encryption, along with secure 256 key that’s automatically generated and transparently maintained by AWS.
The encryption occurs on the servers that host Amazon EC2 instances, providing encryption of data-in-transit from EC2 instances to EBS storage and ensuring its security, for HIPAA and other security compliance requirements. Existing unencrypted volumes can be migrated to encrypted volumes using rsync (Linux) or robocopy (Windows) by simply copying the data from the unencrypted EBS volumes to the new encrypted volumes.
We will be testing and certifying EBS volume encryption for use with SoftNAS and will announce support for it soon.