Sprinto Dashboard

How to resolve Sprinto check for encrypting DynamoDB

About

Sprinto Check: AWS DynamoDB should be encrypted

Encrypting data stored in Amazon DynamoDB is a fundamental practice to enhance security and meet encryption compliance and regulatory requirements. DynamoDB encryption at rest adds a layer of protection to your data by encrypting it using encryption keys stored in AWS Key Management Service (AWS KMS). This article guides on implementing DynamoDB encryption at rest and introduces the DynamoDB Encryption Client for client-side encryption.

Purpose

The purpose of the Sprinto check for DynamoDB Encryption is to ensure that all user data stored in DynamoDB is fully encrypted at rest and, optionally, during transit. This implementation helps you:

  • Data Security: Enhance the security of your data in DynamoDB by encrypting it at rest using AWS KMS.

  • Compliance Requirements: Fulfill encryption compliance and regulatory requirements imposed by organizational policies or industry standards.

  • End-to-End Protection: Optionally utilize client-side encryption for end-to-end data protection from its source to storage in DynamoDB.

  • Sprinto Check Passing: Update the Sprinto check status to "Passing" after implementing the recommended encryption measures.

Things to remember about DynamoDB encryption

  • All DynamoDB tables are encrypted by default under an AWS-owned customer master key (CMK) in the DynamoDB service account.

  • No option exists to turn on or off encryption for new or existing tables.

  • DynamoDB encryption at rest integrates with AWS KMS for managing encryption keys.

  • When creating a new table, choose the customer master key (CMK) for encryption, including AWS-owned, AWS-managed, or customer-managed CMK.

Optional: Client-Side Encryption Implementation

DynamoDB Encryption Client:

  • AWS provides the Amazon DynamoDB Encryption Client for client-side encryption.

  • This library enables you to protect your table data before submitting it to DynamoDB.

  • Use the DynamoDB Encryption Client along with encryption at rest for comprehensive data protection.

For additional assistance or queries, please get in touch with Sprinto Support. We're here to assist you in implementing DynamoDB encryption for enhanced data security.

PreviousHow to resolve Sprinto check for enabling versioning on AWS S3 bucketsNextHow to resolve Sprinto check for encrypting cloud storage services