On 2015/01/24 01:51, Rich Braun wrote:
At work I've watched my cloud-based service go from zero to $16M/year in the past 12-15 months, and we're still just using the lame AWS "at-rest" encryption which protects against exactly one type of threat: someone showing up at the data center with a weapon demanding the hard drives. It's the least-likely thing to ever happen, why bother with that at all.
Reaching: Because then you can re-use the SSDs without having to shred them. :-) Shred the key instead. But that's hardly enough to justify the cost, in many cases.
Vormetric's the most sophisticated commercial product, supporting block-level encryption within user-space, but it's hellaciously expensive. My freeware LUKS setup will keep out the burglars but that's about all. Gotta be a better way.
I started with this stuff in 1983, and I'm still waiting. Someone is going to make an absolute mint when they can solve this for most users, or even make a significant improvement. Encryption makes the problem smaller and more portable, and moves it -- into key management -- but the problem doesn't really go away.
As for my executor: there's still nothing quite like a piece of paper with the login and PwSafe passwords hand-written, in a paper security envelope in a safe-deposit box. And the will, giving them legal access to the safe-deposit box, in a well-known place outside of the safe-deposit box itself.
_______________________________________________ bblisa mailing list [email protected] http://www.bblisa.org/mailman/listinfo/bblisa
