Encryption at rest on cloud services (AWS say), protects against what again? In case someone steals your disk out of the correct Amazon server? Do you do all your table top scenarios whilst watching the Mission Impossible films?
-
-
from a unsound but pragmatic viewpoint, you are implicitly trusting your cloud vendor (they run the hardware! they could tap CPU/RAM/whatever). So EAR may protect against bad apples at AWS (unlikely) and/or some control/process failure (also unlikely). But, its straightforward
-
they've done a great job of making it easy and should be commended, but it could be the same as glacier at launch, and just a placebo button to say it's happened.
- 4 more replies
New conversation -
-
-
Doesn’t AWS do its own encryption at rest of underlying disk data regardless of whether an account has enabled it with its own keys?
-
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.
: cryptographic shredding and
: separation of duties. Both are good opsec.
gives you a second factor to control, can be used to ring fence systems. Compliance with regulations is a big reason too.