> But what they *say* is irrelevant. Security is not about intention, > it's about capability. If you want your data absolutely positively > secret, encrypt it.
And of course if you trust/verify the SDKs, there is always "Using Client-Side Encryption" https://docs.aws.amazon.com/AmazonS3/latest/dev/UsingClientSideEncryption.html which excludes the possibility of the cloud provider disclosing on *any* basis whether LEA orders or self-serving content scanning. Personally, I think that by the time you're issuing an "aws s3 cp", the contents should already be encrypted as out-sourcing data security seems antithetical to me. Mark. _______________________________________________ AusNOG mailing list AusNOG@lists.ausnog.net http://lists.ausnog.net/mailman/listinfo/ausnog