Amazon isn't just hanging on to a lot of data, they're also serving it at a breakneck pace. According to the post by Jeff Barr, Amazon handles up to 370,000 S3 requests per second.
That's a lot of data, but Amazon wants to store more. To that end, they're introducing server side encryption, which Barr says is an often-requested feature that will be "welcomed by our enterprise customers, perhaps as an overall strategy to encrypt sensitive data for regulatory or compliance reasons."
If developers want to use the server-side encryption, Amazon does it transparently when you copy or store an object in S3. Here's how it describes the process:
When you PUT an object and request encryption (in an HTTP header supplied as part of the PUT), we generate a unique key, encrypt your data with the key, and then encrypt the key with a master key. For added protection, keys are stored in hosts that are separate and distinct from those used to store your data.
Amazon is using AES-256 encryption, and says that the process for encryption, key management and decryption is audited regularly.
Customers have always been free to encrypt data before storing in S3, of course. Amazon's server-side encryption seems like a good solution for some use cases, but the standard disclaimers should apply. If Amazon can decrypt the data on your request, it can decrypt the data at the government's request too. Only use server-side encryption for data that you're comfortable with Amazon being able to decrypt.
Do you think that server-side encryption is something that will encourage enterprise customers to make (more) use of S3?