Secure against what?

If you're afraid someone is going to pull the HD and take it home then full disk encryption works (so long as you didn't leave the key lying around).

If you're afraid someone is going to log into the server and view it there you'll need access controls.

If you're afraid someone is going to sniff packets in flight then TLS might help.

And that is in no way a complete list of concerns. I'm just trying to illustrate how security is no simple thing.

to help you meet regulatory requirements

That is worded that way so they can point at how you used it when something goes wrong. S3 is "simple storage on a server", just not yours. It will only protect you as well as you use it. Thinking you can outsource the entire security problem is fantastically dangerous.

But I'll point you to some good starting points:

• NIST - Guide to Protecting the Confidentiality of Personally Identifiable Information (PII)

• Information Security Stack Exchange

Secure against what?

If you're afraid someone is going to pull the HD and take it home then full disk encryption works (so long as you didn't leave the key lying around).

If you're afraid someone is going to log into the server and view it there you'll need access controls.

If you're afraid someone is going to sniff packets in flight then TLS might help.

And that is in no way a complete list of concerns. I'm just trying to illustrate how security is no simple thing.

to help you meet regulatory requirements

That is worded that way so they can point at how you used it when something goes wrong. S3 is "simple storage on a server", just not yours. It will only protect you as well as you use it. Thinking you can outsource the entire security and compliance problem is fantastically dangerous.

But I'll point you to some good starting points:

• NIST - Guide to Protecting the Confidentiality of Personally Identifiable Information (PII)

• Information Security Stack Exchange

Secure against what?

If you're afraid someone is going to pull the HD and take it home then full disk encryption works (so long as you didn't leave the key lying around).

If you're afraid someone is going to log into the server and view it there you'll need access controls.

If you're afraid someone is going to sniff packets in flight then TLS might help.

And that is in no way a complete list of concerns. I'm just trying to illustrate how security is no simple thing.

But I'll point you to some good starting points:

• NIST - Guide to Protecting the Confidentiality of Personally Identifiable Information (PII)

• Information Security Stack Exchange

Secure against what?

If you're afraid someone is going to pull the HD and take it home then full disk encryption works (so long as you didn't leave the key lying around).

If you're afraid someone is going to log into the server and view it there you'll need access controls.

If you're afraid someone is going to sniff packets in flight then TLS might help.

And that is in no way a complete list of concerns. I'm just trying to illustrate how security is no simple thing.

to help you meet regulatory requirements

That is worded that way so they can point at how you used it when something goes wrong. S3 is "simple storage on a server", just not yours. It will only protect you as well as you use it. Thinking you can outsource the entire security problem is fantastically dangerous.

But I'll point you to some good starting points:

• NIST - Guide to Protecting the Confidentiality of Personally Identifiable Information (PII)

• Information Security Stack Exchange