[miken123]

Because these companies never lose data, like during some lightning strikes, oh wait: https://www.bbc.com/news/technology-33989384

As a government you should not be putting your stuff in an environment under control of some other nation, period. That is a completely different issue and does not really relate to making backups.

[ncruces]

“The BBC understands that customers, through various backup technologies, external, were able to recover all lost data.”

You backup stuff. To other regions.

[littlestymaar]

But the Korean government didn't backup, that's the problem in the first place here…

[ncruces]

Sure. Using a cloud can make that more convenient. But obviously not so if you then keep all your data in the same region, or even “availability-zone” (which seems to be the case for the all “lost to lightening strikes” data here).

[kspacewalk2]

>As a government you should not be putting your stuff in an environment under control of some other nation, period.

Why? If you encrypt it yourself before transfer, the only possible control some_other_nation will have over you or your data is availability.

[shakna]

You're forgetting that you're talking nation states, here. Breaking encryption is in fact the role of the people you are giving access.

Sovereign delivery makes sense for _nations_.

[bombcar]

You can use and abuse encrypted one time pads and multiple countries to guarantee it’s not retrievable.

[NegativeK]

Using a OTP in your backup strategy adds way more complexity, failure modes, and costs with literally no improvement in your situation.

[makeitdouble]

You're assuming a level of competency that's hard to warrant at this point.

[Imustaskforhelp]

If your threat model is this high that you assume encryption breaking to be into your threat model, then maybe you do need a level of comeptency in the process as well.

They have 2 Trillion $ economy. I am sure that competency shouldn't be the thing that they should be worrying at that scale but at the same time I know those 2 trillion $ don't really make them more competent but I just want to share that it was very possible for them to teach/learn the competency

Maybe this incident teaches us atleast something. Definitely something to learn here though. I am interested in how the parent comment suggests sharing one time pad or rather a practical way for them to do so I suppose since I am genuinely curious as most others refer to using the cloud like aws etc. and I am not sure how much they can share something like one time pad and at the scale of petabytes and more, I can maybe understand it but I would love if the GP can tell me a practical way of doing so to atleast have more safety I suppose than encryption methods I suppose..

[makeitdouble]

I think it doesn't need to be the encryption breaking per se.

It could be a gov laptop with the encryption keys left at a bar. Or the wrong keys saved on the system and the backups can't actually be decrypted. Or the keys being reused at large scale and leaked/guessed from lower security area. etc.

Relying on encryption requires operation knowledge and discipline. At some point, a base level of competency is required anyway, I'm not just sure encryption would have saved them as much as we'd wish it would.

To your point, I'd assume high profile incidents like this one will put more pressure to do radical changes, and in particular to treat digital data as a more critical asset that you can't hand down to the crookest corrupt entity willy nilly just for the kickback.

South Korea doesn't lack competent people, but hiring them and letting them at the helm sounds like a tough task.

[littlestymaar]

First of all, you cannot do much if you keep all the data encrypted on the cloud (basically just backing things up, and hope you don't have to fetch it given the egress cost). Also, availability is exactly the kind of issue that a fire cause…

[_2d30]

Yeah backups would’ve been totally useless in this case. All South Korea could’ve done is restore their data from the backups and avoid data loss.

[littlestymaar]

What part of the incident did you miss: the problem here was that they didn't backup in the first place.

You don't need the Cloud for backups, and there's no reason to believe that they would have backuped their data while using the cloud more than what they did with their self-hosting…

[firesteelrain]

For this reason, Microsoft has Azure US Government, Azure China etc

[whatevaa]

Yeah, I heard that consumer clouds are only locally redundant and there aren't even backups. So big DC damage could result in data loss.

[Johnny555]

By default, Amazon S3 stores data across at least separate datacenters that are in the same region, but are physically separate from each other:

Amazon S3 provides a highly durable storage infrastructure designed for mission-critical and primary data storage. S3 Standard, S3 Intelligent-Tiering, S3 Standard-IA, S3 Glacier Instant Retrieval, S3 Glacier Flexible Retrieval, and S3 Glacier Deep Archive redundantly store objects on multiple devices across a minimum of three Availability Zones in an AWS Region. An Availability Zone is one or more discrete data centers with redundant power, networking, and connectivity in an AWS Region. Availability Zones are physically separated by a meaningful distance, many kilometers, from any other Availability Zone, although all are within 100 km (60 miles) of each other.

You can save a little money by giving up that redundancy and having your data i a single AZ:

The S3 One Zone-IA storage class stores data redundantly across multiple devices within a single Availability Zone

For further redundancy you can set up replication to another region, but if I needed that level of redundancy, I'd probably store another copy of data with a different cloud provider so an AWS global failure (or more likely, a billing issue) doesn't leave my data trapped in one vendor).

I believe Google and Azure have similar levels of redundancy levels in their cloud storage.

[lima]

What do you mean by "consumer clouds"?

[whatevaa]

I refer to stuff like onedrive/gdrive/dropbox.

[lima]

It's certainly not the case for Google Drive, which is geo-replicated, and I would be very surprised if it's true for any other major cloud.

[alwa]

I mean… at the risk of misinterpreting sarcasm—

Except for the backup strategy said consumers apply to their data themselves, right?

If I use a service called “it is stored in a datacenter in Virginia” then I will not be surprised when the meteor that hits Virginia destroys my data. For that reason I might also store copies of important things using the “it is stored in a datacenter in Oregon” service or something.

[whatevaa]

You might expect backups in case of fire, though. Even if data is not fully up to date.

[lima]

...on a single-zone persistent disk: https://status.cloud.google.com/incident/compute/15056#57195...

> GCE instances and Persistent Disks within a zone exist in a single Google datacenter and are therefore unavoidably vulnerable to datacenter-scale disasters.

Of course, it's perfectly possible to have proper distributed storage without using a cloud provider. It happens to be hard to implement correctly, so apparently, the SK government team in question just decided... not to?