[AusNOG] Australian based cloud storage

Nick Stallman nick at agentpoint.com
Mon Oct 26 07:08:50 EST 2020


I know paid G Suite email/docs/drive is also very different compared to 
the free stuff.
They still do scan content, but only to provide functionality in the 
service (e.g. powering search), not to extract data taken outside your 
account.

I've got around 409 million objects stored in AWS ap-southeast-2. It's 
definitely in Sydney, not overseas.
And I've never seen any indication that any cloud object storage is 
scanned in any way.

On 25/10/20 9:00 pm, Trevor Peacock wrote:
>
> Agreed, I think there's a significant distinction between free/"token 
> payment" user grade "cloud storage" (iCloud, google drive, consumer 
> onedrive etc) and business grade object storage (AWS S3, Azure 
> Storage, Google Cloud Storage, Wasabi, etc etc). I'd want to check the 
> references in your article to see exactly which "Google" services they 
> are talking about.
>
> Not having seen the article, its is not necessarily "FUD", but perhaps 
> highlights that the free consumer services may analyse the data to 
> provide searching or other convenience features, as well as perhaps 
> extracting data to improve advertising to cover the cost of the free 
> service.
>
> AWS maintains data security certifications/accreditation, frequently 
> audits their infrastructure. They use their KMS service to maintain 
> encryption at rest keys that only your account has access to. I'm sure 
> Azure and Google Cloud do much the same.
>
> I can also confirm that AWS S3 stores objects only in the region you 
> specify (by default replicated to multiple sites (availability zones) 
> in the same region, I think you can now also set up automated 
> replication to other regions). I'm also sure Azure lets you specify 
> where data resides (though note Azure/AWS terminology around 
> regions/zones are very different). Both allow organisations to meet 
> their data residency requirements.
>
> https://aws.amazon.com/compliance/
> https://azure.microsoft.com/en-au/overview/trusted-cloud/compliance/
> https://cloud.google.com/security/compliance
>
> On 25/10/20 3:58 pm, James Hodgkinson wrote:
>> Pretty sure the user stuff gets parsed, like google drive and photos 
>> - I'd be very surprised if they messed with the object/disk storage...
>>
>> James
>>
>> On 2020-10-25 14:42 Matthew Scutter wrote:
>>> Going to call a [citation needed] on that, because it reeks of FUD 
>>> to me.
>>>
>>> On Sun, Oct 25, 2020 at 1:11 PM Kai <vk6ksj at westnet.com.au 
>>> <mailto:vk6ksj at westnet.com.au>> wrote:
>>>
>>>     Hi folks,
>>>
>>>     Thank you for all the feedback, greatly appreciated.
>>>
>>>     I read an article yesterday which said that in the same way that
>>>     GMail
>>>     parses email content for AI learning and targeting ads, that Google
>>>     cloud storage may also index content, including facial
>>>     recognition, with
>>>     any photo's, for behaviour learning and targeted ads.
>>>     That's one of the reasons I'm not keen to store data on Google
>>>     cloud.
>>>     They're on a need-to-know basis with my activities.
>>>
>>>     Does anyone know if Microsoft, AWS or other providers may allow
>>>     themselves access to stored files?
>>>
>>>     On 25/10/20 10:25 am, Jacob Taylor wrote:
>>>     > An important question to ask is whether you require file
>>>     storage or
>>>     > object storage.
>>>     >
>>>     > While the S3 portal provides a veneer of a filesystem-style
>>>     hierarchy,
>>>     > S3 is really a key-value object store. If you build an
>>>     application on S3
>>>     > but use filesystem-style queries ("list all files in a
>>>     directory" as an
>>>     > example), it can end up being very costly.
>>>     >
>>>     > If you just want a place to upload big files, such as
>>>     backups, VMs,
>>>     > images, and videos, then S3 is ideal.
>>>     >
>>>     > If you are looking for something that requires a file
>>>     hierarchy, then it
>>>     > might not be appropriate.
>>>     >
>>>     > To reiterate what Shaun says, the data you put in an S3 bucket
>>>     mastered
>>>     > in the Sydney region (ap-southeast-2) *will not be stored
>>>     elsewhere*
>>>     > unless you explicitly want it to (via cross-region replication
>>>     or other
>>>     > sync methods).
>>>     >
>>>     > To go into more detail on encryption options:
>>>     >
>>>     >   * Server Side Encryption (SSE): Encryption is done in the S3
>>>     service
>>>     >     itself, you upload/download in plaintext. Comes in a few
>>>     flavours,
>>>     >     but they all use the same algorithm (AES-256):
>>>     >       o SSE-S3: This is the simplest and easiest to use, basically
>>>     >         turnkey. S3 will use an AWS-managed key in KMS to
>>>     encrypt your
>>>     >         files.
>>>     >       o SSE-KMS: Same as above, however it uses a custom key
>>>     you manage
>>>     >         (could be generated on-prem and uploaded, as an example).
>>>     >       o SSE-C: Encrypts files with a key given to S3 by your
>>>     application
>>>     >         at the time of upload, and you cannot download the
>>>     file without
>>>     >         providing the same key at the time you request it.
>>>     >   * Client Side Encryption: Describes any scenario where your
>>>     >     application encrypts a file prior to uploading, and
>>>     decrypts after
>>>     >     downloading.
>>>     >
>>>     > Disclaimer: I work for AWS
>>>     >
>>>     > On Sun, Oct 25, 2020 at 12:34 PM Shaun Ewing <shaun at shaun.net
>>>     <mailto:shaun at shaun.net>
>>>     > <mailto:shaun at shaun.net <mailto:shaun at shaun.net>>> wrote:
>>>     >
>>>     >     Data uploaded to S3 will stay entirely within a region
>>>     unless you
>>>     >     explicitly configure cross-region replication.____
>>>     >
>>>     >     __ __
>>>     >
>>>     >     There’s a bunch of encryption options including Amazon
>>>     S3-Managed
>>>     >     Keys and customer provided keys.____
>>>     >
>>>     >     __ __
>>>     >
>>>     >     (Disclosure: I work for AWS)____
>>>     >
>>>     >     __ __
>>>     >
>>>     >     *From:*AusNOG <ausnog-bounces at lists.ausnog.net
>>>     <mailto:ausnog-bounces at lists.ausnog.net>
>>>     >     <mailto:ausnog-bounces at lists.ausnog.net
>>>     <mailto:ausnog-bounces at lists.ausnog.net>>> *On Behalf Of *Giles
>>>     Pollock
>>>     >     *Sent:* Sunday, 25 October 2020 12:08 PM
>>>     >     *To:* Kai <vk6ksj at westnet.com.au
>>>     <mailto:vk6ksj at westnet.com.au> <mailto:vk6ksj at westnet.com.au
>>>     <mailto:vk6ksj at westnet.com.au>>>
>>>     >     *Cc:* Ausnog <ausnog at lists.ausnog.net
>>>     <mailto:ausnog at lists.ausnog.net> <mailto:ausnog at lists.ausnog.net
>>>     <mailto:ausnog at lists.ausnog.net>>>
>>>     >     *Subject:* Re: [AusNOG] Australian based cloud storage____
>>>     >
>>>     >     __ __
>>>     >
>>>     >     Amazon have a region, ap-southeast-2 which is Sydney
>>>     based. Can't
>>>     >     comment whether stuff that goes into s3 gets replicated
>>>     elsewhere, I
>>>     >     believe you can set the class so it doesn't, but you'd
>>>     need to talk
>>>     >     to someone at AWS to confirm. ____
>>>     >
>>>     >     __ __
>>>     >
>>>     >     On Sun, 25 Oct 2020, 12:02 Kai, <vk6ksj at westnet.com.au
>>>     <mailto:vk6ksj at westnet.com.au>
>>>     >     <mailto:vk6ksj at westnet.com.au
>>>     <mailto:vk6ksj at westnet.com.au>>> wrote:____
>>>     >
>>>     >         Hi folks,
>>>     >
>>>     >         Happy weekend.
>>>     >         I'm searching for Australian based cloud storage.
>>>     >
>>>     >         Google, Microsoft and the other big names might have cache
>>>     >         server here
>>>     >         but the data is also stored overseas, I'm looking for
>>>     providers who
>>>     >         either allow you to choose your cloud storage
>>>     location, or only
>>>     >         have
>>>     >         hosting within Australia, and have storage which is
>>>     encrypted.
>>>     >
>>>     >         Any feedback is welcome.
>>>     >
>>>     >         Cheers
>>>     >         Kai
>>>     >  _______________________________________________
>>>     >         AusNOG mailing list
>>>     > AusNOG at lists.ausnog.net <mailto:AusNOG at lists.ausnog.net>
>>>     <mailto:AusNOG at lists.ausnog.net <mailto:AusNOG at lists.ausnog.net>>
>>>     > http://lists.ausnog.net/mailman/listinfo/ausnog____
>>>     >
>>>     >  _______________________________________________
>>>     >
>>>     >     ____
>>>     >
>>>     >     AusNOG mailing list
>>>     >
>>>     >     ____
>>>     >
>>>     > AusNOG at lists.ausnog.net <mailto:AusNOG at lists.ausnog.net>
>>>     <mailto:AusNOG at lists.ausnog.net <mailto:AusNOG at lists.ausnog.net>>
>>>     >
>>>     >     ____
>>>     >
>>>     > http://lists.ausnog.net/mailman/listinfo/ausnog
>>>     >
>>>     >     ____
>>>     >
>>>     >  _______________________________________________
>>>     >     AusNOG mailing list
>>>     > AusNOG at lists.ausnog.net <mailto:AusNOG at lists.ausnog.net>
>>>     <mailto:AusNOG at lists.ausnog.net <mailto:AusNOG at lists.ausnog.net>>
>>>     > http://lists.ausnog.net/mailman/listinfo/ausnog
>>>     >
>>>     _______________________________________________
>>>     AusNOG mailing list
>>>     AusNOG at lists.ausnog.net <mailto:AusNOG at lists.ausnog.net>
>>>     http://lists.ausnog.net/mailman/listinfo/ausnog
>>>
>>> _______________________________________________
>>> AusNOG mailing list
>>> AusNOG at lists.ausnog.net <mailto:AusNOG at lists.ausnog.net>
>>> http://lists.ausnog.net/mailman/listinfo/ausnog
>>>
>>
>>
>> _______________________________________________
>> AusNOG mailing list
>> AusNOG at lists.ausnog.net
>> http://lists.ausnog.net/mailman/listinfo/ausnog
>
> _______________________________________________
> AusNOG mailing list
> AusNOG at lists.ausnog.net
> http://lists.ausnog.net/mailman/listinfo/ausnog
-- 
Nick Stallman
Technical Director
Email 	nick at agentpoint.com <mailto:nick at agentpoint.com>
Phone 	02 8039 6820 <tel:0280396820>
Website 	www.agentpoint.com.au <https://www.agentpoint.com.au/>

	
Agentpoint <https://www.agentpoint.com.au/>
Netpoint <https://netpoint.group/>

67 Renwick St, Redfern NSW 2009 	Facebook 
<https://www.facebook.com/agentpoint/> Twitter 
<https://twitter.com/agentpoint> Instagram 
<https://www.instagram.com/Agentpoint/> Linkedin 
<https://www.linkedin.com/company/agentpoint-pty-ltd>

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.ausnog.net/pipermail/ausnog/attachments/20201026/be7f23e4/attachment-0001.html>


More information about the AusNOG mailing list