Well, it prevents a single rogue employee from peeking at/stealing data. It now ... | Hacker News

Hacker News new | past | comments | ask | show | jobs | submit

login

jimktrains2 on Jan 28, 2015 | parent | context | favorite | on: Amazon Starts Email Service for Companies

Well, it prevents a single rogue employee from peeking at/stealing data. It now requires a conspiracy between employees.

rdl on Jan 28, 2015 [–]

And it is way better than just leaving keys in VMs.

geekbeast on Jan 29, 2015 | [–]

From a practical perspective, yes. From a threat model perspective not really.

rdl on Jan 29, 2015 | | [–]

It protects from a bunch of lesser threats, like backups leaking keys, anyone hacking a front end box getting keys, needing to rotate keys when employees change, etc.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact