<< Data was stolen from an Amazon Web Services-based storage bucket, which included more than 140,000 Social Security numbers >>
How about all of these 'data breach!!! data was taken OUT OF THE CLOUD!!!!' articles instead start with
"Data was PUT INTO Amazon Web Services, which is a sketchy private company with an extremely bad reputation owned by the world's richest man who is currently being blackmailed and who many Amazon users hope, against all the evidence, isn't a literal Bond Villain.."
If you put your company's secret data in the cloud, YOU ALREADY LOST CONTROL OF YOUR DATA
Cos it's in the Cloud.
That's what the Cloud is.
It's giving someone else control of your secret data.
That someone being someone who wants to rule the world.
You can kid yourself for a very long time that nobody who runs the Cloud is going to look at your secret data.
But it's a cutthroat business world, data is money, and you will never know if they did look.
They probably aren't looking! You hope.
@natecull If only there were mathematical systems in existence to ensure that your data were only accessible by authorized parties!
@digicana There..... aren't, though, that's the thing.
That's what I'm trying to get people to understand.
If you use purely cloud *storage*? Yes. You can encrypt data on your physical machine and then send it it through the Internet and store it in the Cloud.
If you use a cloud *compute* server? Hahaha lol no.
Your cloud server's RAM will have your decryption keys in it, because how else will it be able to compute?
Good luck. Maybe Secure Enclaves will save you. Maybe!
But see, the thing, is:
Cloud compute means we now have this MASSIVE concentration of all the world's data and compute in maybe three or four companies. All of whom want to have and keep VERY close relationships with US military and intelligence.
This is a very, very target rich environment for those agencies, should they want to... go fishing for, whatever.
It's like the perfect data crime. Who will know if you're scanning hypervisor RAM for keys? And the payoff? Near infinite.
@digicana If I were a US spy and I *wasn't* quietly talking to US cloud companies (through their national security channels, extremely classified, Top Men only) about how to massively sift all compute node RAM for keys, I'd be doing something very wrong.
Use case #1: 'What if ISIS is running secure chat over an AWS node? Omg we need to be able to listen to them! We need to get all their keys!'
Use case #2: 'What if we scale that up to more Bad People than ISIS?'
Use case #3: 'I don't like X'.
Now there are no doubt all sorts of internal rules, procedures, military honour, etc, preventing the NSA, CIA et al from just turning on the surveillance on everyone
And Jeff Bezos isn't currently on Team Trump. Apart from the blackmail and the eye-wateringly expensive divorce in process.
but on the other hand,
Trump happened.
I think it's fair to say a whole lot of safeties have failed in the US political and intelligence system, and we don't know who is running who right now.
@digicana Because AWS hypervisor code *is* classified, I believe. 'For security'. For someone's security, yes. Is it yours? Maybe!
@digicana And once again, I ask:
How are you going to securely encrypt and decrypt AES, on a cloud compute server running a hypervisor whose code is classified, with the keys held in RAM connected to you don't know what?