|
|
|
|
|
|
by chadsix
738 days ago
|
|
|
> Then, if your server’s hard drive grows legs and walks out of the data center, your users’ most sensitive data will remain confidential. > Unfortunately, for the server-side encryption at rest use case, that’s basically all that Disk Encryption protects against. If you aren't able to self host, then encryption at rest is a real use case and the next best thing to actually controlling your data. That being said, obviously self hosting with FDE@Rest is the best. Or you can end up like the people who lost their data [1][2]. [1] https://spectrum.ieee.org/thousands-of-bitcoins-stolen-in-a-... [2] https://www.youtube.com/watch?v=g_JyDvBbZ6Q |
|
|
I don't see how encryption at rest could've changed the outcome.
In the article, the cloud provider, which has full control over the VMs, was compromised. The VMs were hosting various Bitcoin services, which needed continuous wallet access for operation. So, I'd say there was no data at rest to be secured. The attackers could theoretically patch the application to make malicious transactions or just extract the wallet from RAM.
Also, the article suggests that the attackers were getting inside the running VMs rather than accessing VM storage directly.