Amazon Web Services (AWS)

For 15 years, Amazon Web Services has been the world’s most comprehensive and broadly adopted cloud platform. AWS has been continually expanding its services to support virtually any cloud workload, and it now has more than 200 fully featured services for compute, storage, databases, networking, analytics, machine learning and artificial intelligence (AI), Internet of Things (IoT), mobile, security, hybrid, virtual and augmented reality (VR and AR), media, and application development, deployment, and management from 80 Availability Zones (AZs) within 25 geographic regions, with announced plans for 15 more Availability Zones and five more AWS Regions in Australia, India, Indonesia, Spain, and Switzerland. Millions of customers—including the fastest-growing startups, largest enterprises, and leading government agencies—trust AWS to power their infrastructure, become more agile, and lower costs.


Effective, secure cloud use involves an increasing number of decisive moments, such as when you consider using sensitive data in any cloud. You can rely on Thales Trusted Cyber Technologies (TCT) to secure your digital transformation. Thales TCT’s advanced encryption and centralized key management solutions give you protection and control of data stored on your premises, Amazon Web Services, and other cloud providers. Thales TCT technology enables:

  • Avoid cloud vendor encryption lock-in and ensure the data mobility you need while you efficiently and securely spread workloads and data across multiple cloud vendors, including AWS, with centralized, independent encryption management
  • Take secure advantage of Amazon Key Management Services (AWS KMS) with a centralized key management solution that spans multiple clouds
  • Identify attacks faster with data access logging to industry-leading SIEM applications
  • Reduce or eliminate risks arising from compromised credentials with advanced encryption including privileged user access controls
  • Architect applications for the cloud with built-in security using Vaultless Tokenization with Dynamic Data Masking


If you’re 100% Amazon Web Services-based with stringent data security controls, or if you’re running hybrid clouds with data distributed across your on-premises private cloud, multiple cloud providers, and on AWS, you need an advanced data encryption solution. CipherTrust Transparent Encryption protects your files and databases on your premises and across multiple clouds including AWS, without any changes to applications, databases, infrastructure or business practices. You can bring your own encryption to AWS and other infrastructure- and platform-as a service providers.

CipherTrust Transparent Encryption:

  • Protects data stored in AWS S3 buckets for any S3 data source, operating in AWS, another cloud, or on-premises, that is using S3 protocols and equipped with a Transparent Encryption agent
  • Strengthens data security with operating system-level controls against unauthorized access based on granular access policies, including user identity (including for administrators with root privileges), and process, among many others
  • Accelerates breach detection and satisfies compliance mandates with detailed file access logs, directed to your security information and event management (SIEM) system

CipherTrust Manager

CipherTrust Manager centralizes key, policy and log management for CipherTrust Transparent Encryption, and is available in various hardware models for on-premises deployment, or can be instantiated as a shared AWS AMI.

Organizations that cannot bring their own encryption can still follow industry best practices by managing keys externally using the CipherTrust Cloud Key Manager.

The CipherTrust Cloud Key Manager leverages cloud provider Bring Your Own Key (BYOK) API’s to reduce key management complexity and operational costs by giving customers lifecycle control of encryption keys with centralized management and visibility. The solution is available as a shared AWS AMI, or can be deployed on premises or in any supported private cloud deployment to meet more stringent compliance requirements.

CipherTrust Cloud Key Manager offers the following advantages:

  • Enhanced IT efficiency with multi-cloud key management
  • from a single console that offers automated key rotation and comprehensive key life cycle management
  • Safer key management practices combined with cloud benefits of scale, cost and convenience
  •  Greater control over keys—you can control key generation and storage of keys used in AWS KMS, Microsoft Azure the Google Cloud Platform Customer Managed Encryption Key (CMEK) Service and more

CipherTrust Data Discovery and Classification locates regulated data in AWS, other clouds and on-premises across many different types of data stores, include AWS block storage offerings and AWS S3. It offers a quick start with a full set of built-in classification templates with centralized operations on CipherTrust Manager. The product enables informed decision making about what and how to protect data in AWS.

Advanced data protection for AWS S3 with CipherTrust Transparent Encryption Solution Brief
Avoiding Amazon S3 Data Leaks with Scalable Encryption and Access Controls Solution Brief
Product Demo: Protecting AWS S3 Buckets: AWS KMS vs Transparent Encryption COS S3 from Thales
White Paper: Best Practices for Cloud Data Protection and Key Management
White Paper: Best Practices for Secure Cloud Migration
White Paper: The Case for Centralized Multicloud Encryption Key Management