Re: [AusNOG] Australian based cloud storage

Sun, 25 Oct 2020 13:10:02 -0700

I know paid G Suite email/docs/drive is also very different compared to the free stuff. They still do scan content, but only to provide functionality in the service (e.g. powering search), not to extract data taken outside your account.
I've got around 409 million objects stored in AWS ap-southeast-2. It's definitely in Sydney, not overseas. And I've never seen any indication that any cloud object storage is scanned in any way. 

On 25/10/20 9:00 pm, Trevor Peacock wrote:



Agreed, I think there's a significant distinction between free/"token 
payment" user grade "cloud storage" (iCloud, google drive, consumer 
onedrive etc) and business grade object storage (AWS S3, Azure 
Storage, Google Cloud Storage, Wasabi, etc etc). I'd want to check the 
references in your article to see exactly which "Google" services they 
are talking about.



Not having seen the article, its is not necessarily "FUD", but perhaps 
highlights that the free consumer services may analyse the data to 
provide searching or other convenience features, as well as perhaps 
extracting data to improve advertising to cover the cost of the free 
service.



AWS maintains data security certifications/accreditation, frequently 
audits their infrastructure. They use their KMS service to maintain 
encryption at rest keys that only your account has access to. I'm sure 
Azure and Google Cloud do much the same.



I can also confirm that AWS S3 stores objects only in the region you 
specify (by default replicated to multiple sites (availability zones) 
in the same region, I think you can now also set up automated 
replication to other regions). I'm also sure Azure lets you specify 
where data resides (though note Azure/AWS terminology around 
regions/zones are very different). Both allow organisations to meet 
their data residency requirements.


https://aws.amazon.com/compliance/
https://azure.microsoft.com/en-au/overview/trusted-cloud/compliance/
https://cloud.google.com/security/compliance

On 25/10/20 3:58 pm, James Hodgkinson wrote:

Pretty sure the user stuff gets parsed, like google drive and photos 
- I'd be very surprised if they messed with the object/disk storage...


James

On 2020-10-25 14:42 Matthew Scutter wrote:

Going to call a [citation needed] on that, because it reeks of FUD 
to me.



On Sun, Oct 25, 2020 at 1:11 PM Kai <vk6...@westnet.com.au 
<mailto:vk6...@westnet.com.au>> wrote:


    Hi folks,

    Thank you for all the feedback, greatly appreciated.

    I read an article yesterday which said that in the same way that
    GMail
    parses email content for AI learning and targeting ads, that Google
    cloud storage may also index content, including facial
    recognition, with
    any photo's, for behaviour learning and targeted ads.
    That's one of the reasons I'm not keen to store data on Google
    cloud.
    They're on a need-to-know basis with my activities.

    Does anyone know if Microsoft, AWS or other providers may allow
    themselves access to stored files?

    On 25/10/20 10:25 am, Jacob Taylor wrote:
    > An important question to ask is whether you require file
    storage or
    > object storage.
    >
    > While the S3 portal provides a veneer of a filesystem-style
    hierarchy,
    > S3 is really a key-value object store. If you build an
    application on S3
    > but use filesystem-style queries ("list all files in a
    directory" as an
    > example), it can end up being very costly.
    >
    > If you just want a place to upload big files, such as
    backups, VMs,
    > images, and videos, then S3 is ideal.
    >
    > If you are looking for something that requires a file
    hierarchy, then it
    > might not be appropriate.
    >
    > To reiterate what Shaun says, the data you put in an S3 bucket
    mastered
    > in the Sydney region (ap-southeast-2) *will not be stored
    elsewhere*
    > unless you explicitly want it to (via cross-region replication
    or other
    > sync methods).
    >
    > To go into more detail on encryption options:
    >
    >   * Server Side Encryption (SSE): Encryption is done in the S3
    service
    >     itself, you upload/download in plaintext. Comes in a few
    flavours,
    >     but they all use the same algorithm (AES-256):
    >       o SSE-S3: This is the simplest and easiest to use, basically
    >         turnkey. S3 will use an AWS-managed key in KMS to
    encrypt your
    >         files.
    >       o SSE-KMS: Same as above, however it uses a custom key
    you manage
    >         (could be generated on-prem and uploaded, as an example).
    >       o SSE-C: Encrypts files with a key given to S3 by your
    application
    >         at the time of upload, and you cannot download the
    file without
    >         providing the same key at the time you request it.
    >   * Client Side Encryption: Describes any scenario where your
    >     application encrypts a file prior to uploading, and
    decrypts after
    >     downloading.
    >
    > Disclaimer: I work for AWS
    >
    > On Sun, Oct 25, 2020 at 12:34 PM Shaun Ewing <sh...@shaun.net
    <mailto:sh...@shaun.net>
    > <mailto:sh...@shaun.net <mailto:sh...@shaun.net>>> wrote:
    >
    >     Data uploaded to S3 will stay entirely within a region
    unless you
    >     explicitly configure cross-region replication.____
    >
    >     __ __
    >
    >     There’s a bunch of encryption options including Amazon
    S3-Managed
    >     Keys and customer provided keys.____
    >
    >     __ __
    >
    >     (Disclosure: I work for AWS)____
    >
    >     __ __
    >
    >     *From:*AusNOG <ausnog-boun...@lists.ausnog.net
    <mailto:ausnog-boun...@lists.ausnog.net>
    >     <mailto:ausnog-boun...@lists.ausnog.net
    <mailto:ausnog-boun...@lists.ausnog.net>>> *On Behalf Of *Giles
    Pollock
    >     *Sent:* Sunday, 25 October 2020 12:08 PM
    >     *To:* Kai <vk6...@westnet.com.au
    <mailto:vk6...@westnet.com.au> <mailto:vk6...@westnet.com.au
    <mailto:vk6...@westnet.com.au>>>
    >     *Cc:* Ausnog <ausnog@lists.ausnog.net
    <mailto:ausnog@lists.ausnog.net> <mailto:ausnog@lists.ausnog.net
    <mailto:ausnog@lists.ausnog.net>>>
    >     *Subject:* Re: [AusNOG] Australian based cloud storage____
    >
    >     __ __
    >
    >     Amazon have a region, ap-southeast-2 which is Sydney
    based. Can't
    >     comment whether stuff that goes into s3 gets replicated
    elsewhere, I
    >     believe you can set the class so it doesn't, but you'd
    need to talk
    >     to someone at AWS to confirm. ____
    >
    >     __ __
    >
    >     On Sun, 25 Oct 2020, 12:02 Kai, <vk6...@westnet.com.au
    <mailto:vk6...@westnet.com.au>
    >     <mailto:vk6...@westnet.com.au
    <mailto:vk6...@westnet.com.au>>> wrote:____
    >
    >         Hi folks,
    >
    >         Happy weekend.
    >         I'm searching for Australian based cloud storage.
    >
    >         Google, Microsoft and the other big names might have cache
    >         server here
    >         but the data is also stored overseas, I'm looking for
    providers who
    >         either allow you to choose your cloud storage
    location, or only
    >         have
    >         hosting within Australia, and have storage which is
    encrypted.
    >
    >         Any feedback is welcome.
    >
    >         Cheers
    >         Kai
    >  _______________________________________________
    >         AusNOG mailing list
    > AusNOG@lists.ausnog.net <mailto:AusNOG@lists.ausnog.net>
    <mailto:AusNOG@lists.ausnog.net <mailto:AusNOG@lists.ausnog.net>>
    > http://lists.ausnog.net/mailman/listinfo/ausnog____
    >
    >  _______________________________________________
    >
    >     ____
    >
    >     AusNOG mailing list
    >
    >     ____
    >
    > AusNOG@lists.ausnog.net <mailto:AusNOG@lists.ausnog.net>
    <mailto:AusNOG@lists.ausnog.net <mailto:AusNOG@lists.ausnog.net>>
    >
    >     ____
    >
    > http://lists.ausnog.net/mailman/listinfo/ausnog
    >
    >     ____
    >
    >  _______________________________________________
    >     AusNOG mailing list
    > AusNOG@lists.ausnog.net <mailto:AusNOG@lists.ausnog.net>
    <mailto:AusNOG@lists.ausnog.net <mailto:AusNOG@lists.ausnog.net>>
    > http://lists.ausnog.net/mailman/listinfo/ausnog
    >
    _______________________________________________
    AusNOG mailing list
    AusNOG@lists.ausnog.net <mailto:AusNOG@lists.ausnog.net>
    http://lists.ausnog.net/mailman/listinfo/ausnog

_______________________________________________
AusNOG mailing list
AusNOG@lists.ausnog.net <mailto:AusNOG@lists.ausnog.net>
http://lists.ausnog.net/mailman/listinfo/ausnog




_______________________________________________
AusNOG mailing list
AusNOG@lists.ausnog.net
http://lists.ausnog.net/mailman/listinfo/ausnog


_______________________________________________
AusNOG mailing list
AusNOG@lists.ausnog.net
http://lists.ausnog.net/mailman/listinfo/ausnog

--
Nick Stallman
Technical Director
Email   n...@agentpoint.com <mailto:n...@agentpoint.com>
Phone   02 8039 6820 <tel:0280396820>
Website         www.agentpoint.com.au <https://www.agentpoint.com.au/>

        
Agentpoint <https://www.agentpoint.com.au/>
Netpoint <https://netpoint.group/>


67 Renwick St, Redfern NSW 2009 	Facebook 
<https://www.facebook.com/agentpoint/> Twitter 
<https://twitter.com/agentpoint> Instagram 
<https://www.instagram.com/Agentpoint/> Linkedin 
<https://www.linkedin.com/company/agentpoint-pty-ltd>



_______________________________________________
AusNOG mailing list
AusNOG@lists.ausnog.net
http://lists.ausnog.net/mailman/listinfo/ausnog






















					Reply via email to