On Thu, Apr 26, 2012 at 01:44:53PM -0700, Matt Joyce wrote: > As far as storage is concerned, certainly a cloud storage environment > could be leveraged to store pre-encrypted data in such a way that > would make it difficult bordering on impossible to seize or access > without the consent of the owner. > > As far as compute hosts are concerned, it is a whole different matter. > > For the foreseeable future ( barring the invention of new widely > distributed in CPU technology ) . Anyone with ring 0 execution access > on a system ( ie root / sudo ) will be able to pull data from a > running instance pretty much no matter what you do.
I know, I didn't claim otherwise. If the VM is running on a host, you should assume the host admin has access to anything. It does however protect you against access from hosts where the VM is *not* running, because those won't have been given a copy of the decryption keys. IMHO disk encryption is a very valuable feature to reduce the risk of data compromise in a cloud environment. Daniel -- |: http://berrange.com -o- http://www.flickr.com/photos/dberrange/ :| |: http://libvirt.org -o- http://virt-manager.org :| |: http://autobuild.org -o- http://search.cpan.org/~danberr/ :| |: http://entangle-photo.org -o- http://live.gnome.org/gtk-vnc :| _______________________________________________ Mailing list: https://launchpad.net/~openstack Post to : [email protected] Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp
