There are customer-managed keys services for all the above. At the same time true zero trust you don’t put them in a repository or service that owns the whole stack
It’s weird how those keys need to be stored SOMEWHERE, especially for public-facing services that need to restart without intervention, and that the only place those keys then live is on some CLOUDACT-impaired service.
Zero trust is a fun goal we will never really achieve. Get off American pub-cloud providers.
Not just the privacy aspect should be looked at, many companies are basivally vendor locked and Microsoft has just recently announced price hikes that you can’t get around and avoid.
My experience is that usually overall it’s more complex to self host but also cheaper. Yes you hire additional staff for managing said services and ypu have to get the knowledge to your corp. But in the long term it just pays. Plus since administrating these cloud solution seems to get more complicated rather than easy you’d have to hire regardless.
But now costs are controllable and the biggest plus is that you don’t have to use a common solution for your individual demand that never meets exactly what you need.
Ultimately, Privatim says that international SaaS providers should not be used for highly sensitive or confidential data unless the government can encrypt the data itself, and the provider cannot access the keys.
Aren’t they the ones that want to break encryption ?
