Server-side encryption (SSE) is about protecting your data at rest at the storage level. It’s a feature that’s offered by many of the cloud storage providers. It has a few different names: Amazon S3 calls it Server-Side Encryption. Microsoft Azure calls it Storage Service Encryption. Google Cloud Platform calls it Encryption at Rest. Google enables the feature by default but with Amazon and Microsoft, it can be enabled with a single click. All implementations use AES with 256-bit keys. And it’s free.

So, what’s it doing and why should you care? Server-Side Encryption automatically encrypts data when it arrives, stores the data on disk, and automatically decrypts the data when it leaves – using encryption keys managed by your cloud service account. There are options on many cloud providers where you can manage keys, but for now, we’ll discuss the simplest implementation.
The data on disk is encrypted. Think of this as transparent data encryption with no passwords to remember. It’s an added layer of encryption that involves a click (or in the case of Google, nothing). The best example of its value is this: You put an important business document in cloud storage, but you do not perform any source-side encryption. Maybe you need to access the file as-is from external sources or maybe you simply forgot to enable source-side data encryption. In either case, server-side encryption automatically encrypts the file and stores it on disk – transparently to you. If someone should break into the cloud storage facility and steal a hard drive, the data is safe – even without you applying your own encryption. Anyone with raw data access will not have access to the service controlled encryption keys and will not be able to do anything with the raw data on disk. Your file is safe.

But if you’re encrypting your backup data first, is there a need to also use server-side encryption? The short answer is, yes. It’s an added layer of protection, it’s free, and it’s transparent. So why not? It’s better to have two layers of encryption than one – especially if one comes with no administrative overhead or cost.