Baffle has integrated homegrown key management capability with AWS server-side encryption, allowing SaaS applications to isolate and encrypt data at the customer level.

Since January 5th, Amazon S3 encrypts all new objects by default with AES-256 to protect data at rest. S3 automatically applies server-side encryption using Amazon S3-managed keys for each new ...

AWS server-side encryption (Amazon) Administrators may leave the system to encrypt at the default 256-bit AES or choose one of the alternative methods, namely SSE-C or SSE-KMS.

This will allow organizations that deal with regulated data to run workloads on AWS by segregating data on the platform from encryption keys, said Kiran.

There are two primary strategies for securing data at rest: Securing the system that stores the data, and encrypting the data itself. A secured storage system is the least secure model.