Comment by kspacewalk2
9 days ago
>As a government you should not be putting your stuff in an environment under control of some other nation, period.
Why? If you encrypt it yourself before transfer, the only possible control some_other_nation will have over you or your data is availability.
You're forgetting that you're talking nation states, here. Breaking encryption is in fact the role of the people you are giving access.
Sovereign delivery makes sense for _nations_.
You can use and abuse encrypted one time pads and multiple countries to guarantee it’s not retrievable.
Using a OTP in your backup strategy adds way more complexity, failure modes, and costs with literally no improvement in your situation.
You're assuming a level of competency that's hard to warrant at this point.
2 replies →
First of all, you cannot do much if you keep all the data encrypted on the cloud (basically just backing things up, and hope you don't have to fetch it given the egress cost). Also, availability is exactly the kind of issue that a fire cause…
Yeah backups would’ve been totally useless in this case. All South Korea could’ve done is restore their data from the backups and avoid data loss.
What part of the incident did you miss: the problem here was that they didn't backup in the first place.
You don't need the Cloud for backups, and there's no reason to believe that they would have backuped their data while using the cloud more than what they did with their self-hosting…