There are a few ways to ensure you are protected from malicious encryption of your data.
- Wasabi supports the HTTPS protocol for encryption during transmission of data to and from Wasabi.
Note: If you use third-party tools to interact with Wasabi, contact the developers to confirm if their tools also support the HTTPS protocol.
- If your use case requires encryption for data at rest, Wasabi supports server-side encryption (SSE). The SSE options include SSE-S3 (using AES256 encryption - X-Amz-Server-Side-Encryption: AES256) and SSE-C (customer based key - X-Amz-Server-Side-Encryption-Customer-Key). You can specify the SSE parameters using your S3 client application when you write objects to the bucket.
- You can restrict access to your data using IAM policies that specify the users that can access specific buckets and objects. IAM policies provide a programmatic way to manage S3 permissions for multiple users.
- You can sign up for Direct Connect options to prevent being exposed to the public internet when transferring and receiving data. Wasabi Direct Connect and AWS Direct Connect are two connectivity options that are used for high-speed dedicated connections into the Wasabi service. More info can be found here.