AWS Snowball Edge | Security Flashcards

1
Q

Can a Snowball Edge be shipped to an alternate AWS region?

Security

AWS Snowball Edge | Storage

A

No. Snowball Edge devices are designed to be requested and used within a single AWS region. It may not be requested from one region and returned to another. Snowball Edge devices used for imports or exports from an AWS region in the EU may be used with any of the 28 EU countries.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Does Snowball Edge encrypt my data?

Security

AWS Snowball Edge | Storage

A

Snowball Edge encrypts all data with 256-bit encryption. You manage your encryption keys by using the AWS Key Management Service (AWS KMS). Your keys are never stored on the device and all memory on a Snowball is erased when it is disconnected and to be returned to AWS.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

How does Snowball Edge physically secure my data?

Security

AWS Snowball Edge | Storage

A

In addition to using a tamper-resistant enclosure, Snowball Edge uses industry-standard Trusted Platform Modules (TPM) designed to detect any unauthorized modifications to the hardware, firmware, or software. AWS visually and cryptographically inspects every device for any signs of tampering and to verify that no changes were detected by the TPM.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

How does Snowball Edge help digitally secure my data?

Security

AWS Snowball Edge | Storage

A

Snowball Edge is designed with security in mind for the most sensitive data. All data is encrypted by keys provided by you through AWS Key Management Service (KMS). The keys are not permanently stored on the device and are erased after loss of power. Applications and Lambda functions run in a physically isolated environment and do not have access to storage. Lastly, after your data has been transferred to AWS, your data is erased from the device using standards defined by National Institute of Standards and Technology. Snowball Edge devices are hardened against attack and all configuration files are encrypted and signed with keys that are never present on the device.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly