> “If they are hosting customer data on a third-party system like Amazon, it better damn well be encrypted,” Weaver said. “If they are telling people to rest credentials, that means it was not encrypted. So mistake number one is leaving Amazon credentials in your Git archive. Mistake number two is using S3 without using encryption on top of it. The former is bad but forgivable, but the latter given their business is unforgivable.”
I've got all our buckets encrypted-at-rest with a CMK, but if someone compromised a key, the role that key is connected to would necessarily have to have permission to decrypt the data as well. at-rest encryption just means nobody's going to buy a used hard drive and suddenly have access to gigabytes of healthcare or financial data or passwords. Or am I missing some nuance or implication of the conversation?
That's basically it. Encryption is a little like 2 factor auth in that way, if you really only have one control to reading the data, the encryption isn't a solution for that particular risk.
The way I see it -- what I want to protect against is an attacker being able to slurp up all of my online, potentially accessible protected data, while at the same time, I generally want to access it for legitimate purposes. And that's difficult -- so what we wind up doing is making it expensive/time consuming/audited to access the protected data.
