Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

> On the other hand, maybe it shouldn't matter, and you should always act like the network is compromised.

What about cases like AWS's VPCs?



To add color to both your comment and parent's.

Everything at Google Cloud is encrypted at rest and in transit [0]. Any GCE project is essentially a VPC by default, and a global one at that [1] (aka no need to VPN between regions). Traffic between GCE zones/regions never hits public wire by default ,and Google will carry your packet to the nearest Google POP around the world on its private backbone [2].

(work at Google Cloud, but not on networking/GCE)

[0] https://cloud.google.com/security/encryption-at-rest/

[1] https://cloud.google.com/docs/compare/aws/

[2] http://peering.google.com/#/infrastructure


Nice, great information. Google Cloud has the networking model right.


Whats the data at rest model? LUKs?

Edit. Never mind I see the link.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: