Currently my web application stores ID scans loaded by the user in S3. I'm worried about an eventual data leak.
The S3 package is encrypted with server-side encryption (AES-256) but I think the next obvious risk is that an attacker gains access to the AWS account. I have secured the root account with 2FA, but there are several user accounts that still have full access to S3 (such as a Travis CI account).
The solution I am thinking about is periodically moving ID scans to a different source with client-side encryption (where only I know the private key). That way, if a leak occurs, only a small amount of data will be filtered.
Is this a common practice or are there better solutions in this situation?