How to choose an encryption tool or service - AWS cryptography services

How to choose an encryption tool or service

AWS offers several different cryptographic tools and services. This section is designed to help you learn about them and decide which tools and services you should use for your projects.

Most AWS services that store and manage your data support server-side encryption, where the service that stores and manages your data also transparently encrypts and decrypts it for you. AWS also supports client-side encryption libraries that you can include in your applications. These libraries make it easier to include best-practice encryption in your application, even if you are not a cryptography expert.

Before selecting your cryptographic tools and services, decide if you prefer client-side encryption, server-side encryption, or both. Your decision depends on the design of your application, the sensitivity of your data, and the security requirements of your organization. We try to make our client-side encryption libraries easy to use, but for most applications it's much easier to have an AWS service manage encryption transparently.

What do you need to protect your data?

What type of data do you need to protect?

When choosing an SDK or an encryption client library, remember that they are not compatible. You cannot use one library to encrypt data and a different library to decrypt the data.