Does encryption at rest actually do much? The percentage of attacks that were perpetrated by people getting physical access to a drive must approach zero.
Hm yeah, I always think of encryption at rest as "the drive handles encryption itself", rather than "we encrypted these archives before we wrote them", but fair enough.
It generally has to do with risk models, especially in single tenant environments.
What I mean is, say I am a b2b service provider and I have a single database for some subset of my clients. That is, multiple clients data are held in the same database. There are many ways to do this but one way I have see is BYOK (Bring Your Own Key). You can have your clients give you secure access to a public/private key pair (e.g. through AWS secrets manager). Then you encrypt anything that gets written into the database using their key.
This means that if there is some security hole in your software that accidentally allows data to be exfiltrated from your servers (e.g. one malicious client sends API requests that allow for a query of data from another target client), the data the API returns will be encrypted using the target clients public/private key.
My own experience with security is that nothing is perfect and good security is like an onion. Encryption at rest isn't perfect and won't handle every possible malicious attack, but it is a layer in the broader strategy. The attacker has to both find a way to exfiltrate the data and trick the server into revealing the shared key. The idea being it is harder to do both than it may be to do either individually.
I think it's also meant to protect from potential mistakes in handling of hard disk decommissioning which presumably is a common thing with data centers.
Used to be, but e.g. where I work any decommissioned drive has to be DBANed (if it's spinning platters) or secure-erased (SSDs). If it can't be for some reason (e.g. it has failed) it needs to be physically destroyed. I would hope most data centers have similar policies in 2026, but that may be optimistic I guess.
Exactly, and I would never turn over my email or computer over to a contractor or anyone really. They get their own environment, email etc. Their actions stay as their actions.
Fair point and that’s exactly why Airbus has been eating Boeing’s lunch. When engineering culture takes a back seat to cost, schedule, and optics, outcomes diverge fast. In safety-critical systems, rigor isn’t optional, it’s the competitive advantage.
I find it difficult to believe software is Airbus’ competitive edge. First, their software for aircrew bidding is an absolute and utter disaster. Date filtering has been broken nearly a year despite multiple releases being pushed. Date management is like THE KEY functionality of aircrew bidding. I also use their flight plan software and it’s like they never bothered to ask a pilot how they use a flight plan in flight.
I think Airbus is riding the coat tails of solid engineering done in the 80s and continuing to iterate that platform vs Boeing trying to iterate on a hardware platform from the 60s. Airbus benefited significantly from 20s years of engineering and technological progress. Since the original design of the A320, changes have been incremental. Slightly different engines, addition of GPS/GNS, CPDLC, CRT to LCD screens. Meanwhile Boeing has attempted to take a steam gauge design from the 60s and retrofit decades of technology improvements and, critically, they attempted to add engines significantly altering the aerodynamics of the aircraft.
Which Boeing incident? The 737 Max was a correct implementation of bad requirements -- there's no indication of a code quality problem here. Starliner definitely had more indications of code issues, but was not an aircraft.
Who do institutions serve? To me AI democratises information. Allows access to information that would normally be gatekept. AI reduces barriers, and they don't like that because those barriers gave them authority.
reply