How AWS “palters” with their “Encryption of Data At Rest”
“Paltering” is a fun word which typically means “telling the truth in a way intended to deceive”.
Most companies, SAAS services pay lip service to regulation by encrypting data at rest using similar technologies:
- Whole disk encryption
- Whole database built-in encryption
Check out this nice page on how to “protect your data at rest: https://aws.amazon.com/blogs/security/how-to-protect-data-at-rest-with-amazon-ec2-instance-store-encryption/
… Or for RDS, or Aurora, you’ve got similar “security” options:
Speaking on the other side of their mouth … Amazon offers a 99.99% up-time guarantee on this exact same Aurora service:
That’s right, AWS will encrypt your data rest while also guaranteeing that your data is at rest only .01% of the time.
So while Amazon — and nearly every other SaaS service in the world — offers you encryption, and none of them are technically lying… none of them are offering any meaningful security at all. This is the classic definition of “paltering”… telling the truth in order to mislead.
For what purpose can this possibly serve? Clearly this doesn’t protect anyone from hacking or attacks. The only attack it protects you from is someone walking into a data center and walking off with a hard drive.
The answer is “regulatory lip service”.
Of course, governments and regulators may be slow to catch up. But at some point this house of cards *will come crashing down*. And every SaaS business that misleads their customers with pretend encryption, zero isolation of customer data and “whole disk” solutions…will be brought down with it.
Sure, right now auditors are mollified by cryptospeak. But the first major lawsuit challenging the notion of “at rest” will end this practice.
Here’s some security guarantees you should look for from a SaaS provider:
- VM-level isolation of your data from other customers
- Docker-level isolation could be ok too, depends on how paranoid you are.
- Separate encryption keys of your data from other customers.
- Separate encryption keys for archival data
- Zero access to data when a customer is not “logged in” (decrypt on login only).
- Keys to data are derived from your authorization.
- If you lose your passwords, and lose all methods of authorization, then there should be no way to recover your data — otherwise all the encryption is just theater.
