Amazon Web Services (AWS)

For 15 years, Amazon Web Services has been the world’s most comprehensive and broadly adopted cloud platform. AWS has been continually expanding its services to support virtually any cloud workload, and it now has more than 200 fully featured services for compute, storage, databases, networking, analytics, machine learning and artificial intelligence (AI), Internet of Things (IoT), mobile, security, hybrid, virtual and augmented reality (VR and AR), media, and application development, deployment, and management from 80 Availability Zones (AZs) within 25 geographic regions, with announced plans for 15 more Availability Zones and five more AWS Regions in Australia, India, Indonesia, Spain, and Switzerland. Millions of customers—including the fastest-growing startups, largest enterprises, and leading government agencies—trust AWS to power their infrastructure, become more agile, and lower costs.

Secure workloads across hybrid clouds including Amazon Web Services (AWS)

Amazon Web Services (AWS) offers convenience and cost savings. However, you still need to follow security, privacy and compliance rules, as well as best practices, for protecting data. Further, you need rapid data mobility across all clouds you currently use and those in your future, a need which can be compromised with cloud-vendor-specific encryption solutions.


Effective, secure cloud use involves an increasing number of decisive moments, such as when you consider using sensitive data in any cloud. You can rely on Thales Trusted Cyber Technologies (TCT) to secure your digital transformation. Thales TCT’s advanced encryption and centralized key management solutions give you protection and control of data stored on your premises, Amazon Web Services, and other cloud providers. Thales TCT technology enables:

  • Avoid cloud vendor encryption lock-in and ensure the data mobility you need while you efficiently and securely spread workloads and data across multiple cloud vendors, including AWS, with centralized, independent encryption management
  • Take secure advantage of Amazon Key Management Services (AWS KMS) with a centralized key management solution that spans multiple clouds
  • Identify attacks faster with data access logging to industry-leading SIEM applications
  • Reduce or eliminate risks arising from compromised credentials with advanced encryption including privileged user access controls
  • Architect applications for the cloud with built-in security using Vaultless Tokenization with Dynamic Data Masking


If you’re 100% Amazon Web Services-based with stringent data security controls, or if you’re running hybrid clouds with data distributed across your on-premises private cloud, multiple cloud providers, and on AWS, you need an advanced data encryption solution. CipherTrust Transparent Encryption protects your files and databases on your premises and across multiple clouds including AWS, without any changes to applications, databases, infrastructure or business practices.

CipherTrust Transparent Encryption:

  • Protects data stored in AWS S3 buckets for any S3 data source, operating in AWS, another cloud, or on-premises, that is using S3 protocols and equipped with a Transparent Encryption agent
  • Strengthens data security with operating system-level controls against unauthorized access based on granular access policies, including user identity (including for administrators with root privileges), and process, among many others
  • Accelerates breach detection and satisfies compliance mandates with detailed file access logs, directed to your security information and event management (SIEM) system

CipherTrust Manager

CipherTrust Manager centralizes key, policy and log management for CipherTrust Transparent Encryption, and is available in various hardware models for on-premises deployment, or can be instantiated as a shared AWS AMI.

Thales and AWS innovated to create a versatile, feature-rich implementation, providing customers with choices in managing their keys. The collaboration extends the existing key management ownership model of Bring Your Own Key (BYOK) with a Hold Your Own Key (HYOK) offer. With XKS and CipherTrust Cloud Key Manager (CCKM), customers can now choose to have data protected with keys physically located outside of AWS Cloud. The externally stored keys are only accessible via explicit customer authorization. XKS supports most AWS services already integrated with AWS KMS.

CipherTrust Data Discovery and Classification locates regulated data in AWS, other clouds and on-premises across many different types of data stores, include AWS block storage offerings and AWS S3. It offers a quick start with a full set of built-in classification templates with centralized operations on CipherTrust Manager. The product enables informed decision making about what and how to protect data in AWS.

Advanced data protection for AWS S3 with CipherTrust Transparent Encryption Solution Brief
Avoiding Amazon S3 Data Leaks with Scalable Encryption and Access Controls Solution Brief
CipherTrust Cloud Key Management Solutions for Amazon Web Services Solution Brief
CTO Sessions On Demand: Protecting Your Data in Their Cloud (On Demand Webcast)
Product Demo: Protecting AWS S3 Buckets: AWS KMS vs Transparent Encryption COS S3 from Thales
White Paper: Best Practices for Cloud Data Protection and Key Management
White Paper: Best Practices for Secure Cloud Migration
White Paper: The Case for Centralized Multicloud Encryption Key Management