Hello, I read this discussion and I find this very interesting, especially the cloud discussion. The point here is that I don't think that it is a useless approach to encrypt disks in the cloud. The question is what do you want to protect from ? In the cloud there are several risks due to the multi tenancy and shared approach. Of course there is the "The cloud provider is bad and want's my data". However - as you say - you can only protect from this by chosing the right cloud provider (e.g. within your legal system, trustworthy etc). Also certifications of the cloud provider ensuring operational safety help here. In this regards cloud computing is "just outsourcing". If you want to use the benefits of IaaS cloud computing, this is the risk you have to live with finally - as with traditional hosting and outsourcing. For PaaS and SaaS there are solutions where only encrypted data is leaving the company (e.g. CipherCloud). On the other hand there are much more real problems caused by the shared tenancy and high automation in the cloud. - What if the automation system of the cloud provider fails and mapps volumes to wrong hosts ? - What if the secure deletetion / disk wipe procedure fails for volumes on the cloud provider ? - What if your snapshots of your EBS volumes leak somewhere due to improper security ? For all of this encryption is a good idea. It helps - it is not 100% but it helps. Basically it solves the secure delete problem for the "curious professional" - it does not help against motivated hackers. If you combine encryption this with a proper security policy (patching, firewalling, access control, VPN access) you can do quite a lot in the cloud - quite secure. Regards, Robert -----Ursprüngliche Nachricht----- Von: dm-crypt-bounces@xxxxxxxx [mailto:dm-crypt-bounces@xxxxxxxx] Im Auftrag von Arno Wagner Gesendet: Donnerstag, 1. September 2011 13:27 An: dm-crypt@xxxxxxxx Betreff: Re: Blog post on FDE and integrity protection Disk encryption in a non-private cloud is pretty pointless. The cloud provider can access everything. An attacker should reliably be kept from accessing your storage, otherwise you are screwed anyways. I know, people are doing this, but they are kidding themselves. For your EBS scenario, true, block-level encryption can be done, but it is irrelevant. Encryption is not the right way to fix a broken cloud permission system. Critical encrypted data should never be decrypted in the cloud. It is just not secure. On the other hand, attacks that manipulate encrypted images are not relevant for lower security requirements, as they are very hard (expensive) to do. This makes integtity protection of encrypted data in the cloud a complete non-issue. This is a solution without a problem. Arno _______________________________________________ dm-crypt mailing list dm-crypt@xxxxxxxx http://www.saout.de/mailman/listinfo/dm-crypt
