[cesarb]

> Maybe I’m misunderstanding something - if I store my data elsewhere , am I not supposed to encrypt it anyway

"Cloud" is not only for storage; it's also for compute. Doing compute directly on encrypted data (homomorphic encryption) is very slow and very complicated, so when using a cloud, the data is usually either unencrypted, or encrypted but the key is elsewhere in the same cloud.

[Agingcoder]

Thanks.

I get that FHE is not realistic today, but can’t I use ( if it’s really critical) a combination of confidential vms and an external hsm ? I understand I’ll be limited to traditional workloads , and not managed services though.

I asked the wrong question, what I really meant was ‘if I run in a less trusted environment, am I not supposed to use all possible crypto mechanisms available to make that environment more trustworthy , so that I can’t be deceived by my cloud operator sending my data to the us government’

[fragmede]

That's just not possible. It's why detractors never got on board with the Cloud. Until FHE is feasible, the decryption keys and plaintext have to exists in RAM eventually at some point in order even if only took be re-encrypted, if any complex work is to be done on it. Because eg, Amazon, has access to your hardware, there's simply no way to prevent them from reading your secrets out of your VM that's using their RAM.

Absolutely do what you can, but understand that it's futile to defend against your own cloud provider.

[Agingcoder]

Ok I thought that was the whole point of things like Intel TDX , AMD SEV and various enclave mechanisms which provide full ram encryption and attestation ?

The only issue left would be managed services though, which then I wouldn’t use, but I’d be able to run my own postgre safely on infra I’m renting.

[fragmede]

Supposedly, yes, but in a world that was caught flat footed with RowHammer, Spectre, and Meltdown; if I wouldn't trust those with a lot of other people's lives within a shared Cloud environment.

Intel's SGX has been broken a number of times and that should be harder to break than TDX. Like I said in my original comment though, do all the things. But if you find yourself relying on TDX to protect live(s), please pay a computer security professional to audit your security and do a threat assessment.

[fragmede]

eg, https://news.ycombinator.com/item?id=45746753

[Agingcoder]

Point taken, thanks a lot for playing along.

I’ll do all the things if ever needed, but I get that if a cloud act request happens , your cloud provider will be able to get your stuff.

I’m specialized enough in another field to know that I’m not a security person in spite of my interest in it ( I used to enjoy reverse engineering back in the days ) - I wouldn’t make that kind of decision without consulting a professional first.