A software company needs to make sure user-uploaded documents are securely stored in Amazon S3. The documents must be encrypted at rest in Amazon S3. The company does not want to manage the security infrastructure in-house, but the company still needs extra protection to ensure it has control over its encryption keys due to industry regulations.
Which encryption strategy should a developer use to meet these requirements?
A . Server-side encryption with Amazon S3 managed keys (SSE-S3)
B . Server-side encryption with customer-provided encryption keys (SSE-C)
C . Server-side encryption with AWS KMS managed keys (SSE-KMS)
D . Client-side encryption