[cj]

> But what problems does it solve? Are you worried about someone breaking into the AWS data center, stealing the specific disks your data is stored on, and restoring and analyzing the disk data to target your organization? Just imagine how much effort such an attack would take.

This sounds like it's coming from someone who's forgetting that all of our data in "the cloud" resides in physical buildings throughout the world, which are all high value targets for physical attacks.

I don't think it's an antiquated idea to protect against physical data center attacks. It's best practice.

[orev]

Disk encryption is far more effective in addressing risks for devices like laptops, desktops, etc. that are not always locked inside an ISO27000 compliant data center that has tons of physical security controls.

Could a data center break-in happen? Sure. Is it likely? No. When used in a data center, FDE is mostly useful when media is being transported or disposed, as an extra layer of protection.

I’m not saying it shouldn’t be used, but when comparing using FDE in other situations vs. a data center, in a data center the physical risk is far lower.

[flaviut]

Does AWS not already do full-disk encryption transparently on their side?

If they do, I trust them to be good stewards of their keys. If not, then why not? I don't know about the enterprise part of the market, but I know consumer SSDs come with encryption permanently enabled in the firmware.

[osigurdson]

>> but I know consumer SSDs come with encryption permanently enabled in the firmware

Where is the encryption key? It seems that it must be in the firmware itself. Presumably it would be possible to find this with enough effort.

[ckozlowski]

The key is stored in KMS, not on the drive firmware. You can read more about how this is done here, in the section at the bottom about "Isolation of Physical Hosts" https://docs.aws.amazon.com/kms/latest/developerguide/concep...

But in short, the key is kept in memory on the HSM, and employees don't have access to it. They key can be referenced, but not actually read.

It also means that if a user accidentally deletes their key, there's no recovery. That's it. (Pro tip: Deleting a key is a faster mechanism to make data unreadable than deleting the data itself. ;)

Disclaimer: I'm an S-TAM with AWS.

[flaviut]

2 ways I know this works:

- the drive can request the key on each boot - the drive stores the key in the firmware, but part of the de-provisioning process would be to reset this key

[attentive]

add "failed to reset the key" to the top commenter's list of things to fail.