Which is why companies that are concerned use something like vault do keys via API, and rotate them often instead of default services.
Anyone who cares is perfectly able to encrypt the entire system via third party tools which includes many foss projects.
The default 15 years ago was fuck it. AWS is pretty much the only reason security on the web is as *good as it is. At least Russia and China don’t have free reign over your data 🤷♂️.
You missed their point, or you’re using a different term for “vault”. If you’re talking something like KeyVault, it still exists on Microsoft hardware, which means ultimately they could access it.
The only way they would have a lot of trouble is if you only stored the encrypted blob on their platform and then streamed it to something off platform (AWS, on-premises, etc. ) and decrypted it there so they never had access to the key.
Which is why companies that are concerned use something like vault do keys via API, and rotate them often instead of default services.
Anyone who cares is perfectly able to encrypt the entire system via third party tools which includes many foss projects.
The default 15 years ago was fuck it. AWS is pretty much the only reason security on the web is as *good as it is. At least Russia and China don’t have free reign over your data 🤷♂️.
You missed their point, or you’re using a different term for “vault”. If you’re talking something like KeyVault, it still exists on Microsoft hardware, which means ultimately they could access it.
The only way they would have a lot of trouble is if you only stored the encrypted blob on their platform and then streamed it to something off platform (AWS, on-premises, etc. ) and decrypted it there so they never had access to the key.