I'm very aware of the encryption options AWS and other clouds provide.
Yet I've never seen those options being used. Additionally one has to trust the implementation provided by the cloud. Surely people can encrypt on the source ( and some do) but that's rare as well.
People encrypt at rest because it is a specific requirement that the data is encrypted at rest. Maybe to meet regulatory requirements or orders from above. Regulators are not going to object to data being handed over on court orders.
If the regulator or the management requiring it are OK with the cloud provider doing it (and AWS and the like do their best to ensure that) then using their keys and key management is the easiest way to do it.
Apart from cloud backups, in most cases the data will be decrypted in their cloud anyway, so you have to trust them.
betaby|2 years ago
graemep|2 years ago
If the regulator or the management requiring it are OK with the cloud provider doing it (and AWS and the like do their best to ensure that) then using their keys and key management is the easiest way to do it.
Apart from cloud backups, in most cases the data will be decrypted in their cloud anyway, so you have to trust them.