Finally got around to writing up a few thoughts on securing what we're calling "data in motion".
Some takeaways:
* We all know how to deploy techniques for basic confidentiality (e.g. authenticated encryption, encryption at rest, etc.) and there are best practices that need to be followed.
* What has changed in the last few years is everything is in the cloud, and our mental models for risk, and for what security/privacy mean in that context, haven't changed to catch up. Cloud providers are a huge breach risk.
* We should aim for systems that provide on-prem levels of breach risk, but with the benefits of the cloud.
* That means in addition to securing data at rest, and securing compute using enclaves or other techniques, we should secure data in motion through decoupling.
https://invisv.com/articles/motion.html
INVISV /
npub10u…wd0j2
2023-06-01 17:54:38
Author Public Key
npub10uyu9vxpqr26gckzxk9c6g4exnnne4npkl48vzndzxcmvml4urushwd0j2Published at
2023-06-01 17:54:38Event JSON
{
"id": "39fe4044b554a5f6a4cb0e9eb1bb9bb5be79f03aa1c409a1c2911d52da6d13ef",
"pubkey": "7f09c2b0c100d5a462c2358b8d22b934e73cd661b7ea760a6d11b1b66ff5e0f9",
"created_at": 1685642078,
"kind": 1,
"tags": [
[
"mostr",
"https://ioc.exchange/users/invisv/statuses/110470239257576136"
]
],
"content": "Finally got around to writing up a few thoughts on securing what we're calling \"data in motion\".\n\nSome takeaways:\n* We all know how to deploy techniques for basic confidentiality (e.g. authenticated encryption, encryption at rest, etc.) and there are best practices that need to be followed.\n* What has changed in the last few years is everything is in the cloud, and our mental models for risk, and for what security/privacy mean in that context, haven't changed to catch up. Cloud providers are a huge breach risk.\n* We should aim for systems that provide on-prem levels of breach risk, but with the benefits of the cloud.\n* That means in addition to securing data at rest, and securing compute using enclaves or other techniques, we should secure data in motion through decoupling.\n\nhttps://invisv.com/articles/motion.html",
"sig": "510ccaa4c460213fc339a3fe107a72e8bc7b099e22d5254c748bfd018f9572e5a68fc4d3b94e1610f84774625c8768e0c3f668a076fe4625c7edc0a1fb7674ce"
}