Help Center/
Well-Architected Framework/
Well-Architected Framework and Practices/
Security Pillar/
Data Security and Privacy Protection/
SEC07 General Data Security/
SEC07-04 Static Data Encryption
Updated on 2025-05-22 GMT+08:00
SEC07-04 Static Data Encryption
Encryption prevents unauthorized users from accessing and stealing data. Sensitive static data should be encrypted by default to ensure confidentiality even if the data is accessed or disclosed without authorization.
- Risk level
High
- Key strategies
- Enable default encryption. Enable default encryption for cloud services, such as EVS, RDS, OBS, and SFS, to automatically encrypt stored data. Enable encryption for databases, such as RDS and DWS, to reduce security risks caused by database dragging and data leakage.
- Encrypt, mask, and anonymize sensitive data. In this way, even if sensitive data is stolen, the risk of data leakage can be reduced.
- Monitor the use of encryption and decryption keys and select different encryption keys based on data usage, type, and classification.
- Related cloud services and tools
DEW: Based on the integration between DEW and services such as OBS, EVS, and IMS, KMS can manage the keys of these services, encrypt service data, and encrypt local data using KMS APIs.
Parent topic: SEC07 General Data Security
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.See the reply and handling status in My Cloud VOC.
The system is busy. Please try again later.
For any further questions, feel free to contact us through the chatbot.
Chatbot
