Which solution meets these requirements and is the MOST operationally efficient?
Server-side encryption with customer-provided keys (SSE-C)
Server-side encryption with Amazon S3 managed keys (SSE-S3)
Server-side encryption with AWS KMS keys (SSE-KMS) with manual rotation
Server-side encryption with AWS KMS keys (SSE-KMS) with automatic rotation
Explanations:
SSE-C requires the customer to manage the encryption keys, which adds operational overhead. Additionally, SSE-C does not log key usage, failing audit needs.
SSE-S3 uses Amazon S3 managed keys, which encrypts data at rest but does not provide key rotation or detailed logging of key usage for auditing purposes.
SSE-KMS with manual rotation meets encryption and logging requirements but lacks operational efficiency due to the manual process of key rotation.
SSE-KMS with automatic rotation provides encryption at rest, logs key usage for auditing, and automatically rotates keys annually, making it highly efficient.