1

It's relatively straight-forward to create an encrypted storage volume (e.g. Like so: https://www.digitalocean.com/community/tutorials/how-to-create-an-encrypted-file-system-on-a-digitalocean-block-storage-volume .) However, since the filesystem is decrypted on boot, and the server's always on, won't the data be sitting on our VPS in plain-text anyway?

Is there any value, at all, to using full-disk encryption on an always-on VPS?

--edit---

my goal is to make it financially non-viable for the host to access my data and source code. Is disk encryption beneficial in respect of this?

Glenn
  • 35
  • 2
  • 7

2 Answers2

4

The solution is certainly not pointless.

But the risk scenario you’re protecting against with full disk encryption is not somebody compromising your running instance, you’re adding protection against threats at a different level such as for example the theft of the physical disks that are used for storing the data in your VM. (And other threat scenarios.)

In response to the OP's edit:

If you have no reason to trust your cloud provider you shouldn't be using them. Because whoever is in control of the hardware can generally defeat any protections you can mount from within a VPS.
Adding protection such full disk encryption does already ensure that it won't be trivial to get to all your data though. Your data confidentiality will be protected from the many of the most trivial "attacks", operator errors and misconfigurations.

But technology can't provide absolute protection there.

That means that you need to trust the provider.

In business you don't trusts blindly though. You do your own due diligence selecting a trustworthy provider and then you get your legal team to set up agreements and contracts, with penalties and other ways to enforce compliance.

Bob
  • 5,805
  • 7
  • 25
  • I should have been more clear - my goal is to make it financially non-viable for the host to access my data and source code. Is disk encryption beneficial in respect of this? – Glenn Apr 22 '21 at 12:40
  • 1
    @Glenn No, not really. It's *trivial* for the host to grab whatever you have in memory, including key material. Change to a host that you trust. – vidarlo Apr 22 '21 at 16:04
  • Indeed @vidarlo you need to be able to trust the provider. – Bob Apr 22 '21 at 16:12
  • Unfortunately the trustworthy-er hosts, like DO have awful privacy policies. The security-focused VPS providers (I'm trying one at the moment) cost crazy e.g. orange Iceland) or have horrendous sysadmins, such as 1948 Iceland - I'm trying them out at the moment and they frequently respond to (sensible - may I add) around 24-hours after they are sent. So I would like to shout from the hilltops BOYCOTT 1948 HOSTING, ICELAND! They wasted my entire day, yesterday as I could not partition the disk due to their server config, and they ignored my email... – Glenn Apr 22 '21 at 16:17
  • Today they informed me that it is possible to use their web console to manually install a debian iso. Awesome. Trouble is - the web console doesn't work. Again they're ignoring my emails - which is the reason I'm so angry with them - time is money. Anyway, this isn't VPSReviews.com, so, sorry! – Glenn Apr 22 '21 at 16:21
  • Oh great, SF won't let me correct my typos, sorry, guys! – Glenn Apr 22 '21 at 16:24
  • * www.1984.is boycott 1984 hosting iceland – Glenn Apr 22 '21 at 16:35
  • "The security-focused VPS providers (I'm trying one at the moment) cost crazy e.g. orange Iceland)" - that is more a competence problem on your end. Look i.e. at Azure. There are ways to handle hosting HIPAA compliant. SOmething approved and certified for medical data should definitely be good enough for you. https://docs.microsoft.com/en-us/compliance/regulatory/offering-hipaa-hitech – TomTom Apr 22 '21 at 18:03
  • *sigh* probably, I'm a developer. Wish I had a sysadmin to sort this stuff out for me. Thanks for your help, all – Glenn Apr 22 '21 at 20:04
  • I'm looking for a host that commits to keeping the company's privacy protected and the VPS online and untouched, (preferably with ddos defence of some kind) where the *only* reasons they'd deplatform their customer is indecent images of children or a court order. Orange seems like the best bet... ? – Glenn Apr 22 '21 at 20:38
  • No idea. I have never seen Orange used in any capacity by anyone doing VPS in a business environment and professionally. Does not mean noone does - only that it is rare enough in business. – TomTom Apr 22 '21 at 21:24
0

As mentioned in the previous answer - full disk encryption protects mainly from an actor physically stealing the hardware and trying to gain access at a later point. So as soon as the VM/hardware is shut down - your data is inaccessible unless decrypted.

In the case of an automatic decryption on boot, it is even more pointless unless you somehow separate the decryption process from the hardware i.e. your vps gets a decryption key from another machine that would give it only in a safe state(let's say only if the request comes from the VPS with that IP, etc.).

So, to your case, your VPS sits in a data center, normally turned on and decrypted. There are several vectors malicious staff in your hosting provider can use:

  • Almost all vps hosts provide a direct way to get a shell and dump the fs locally or via vnc. That would be easiest and most of the time you can't circumvent that from within the VPS.
  • Your key ends up in the RAM of the host, so a memory dump would certainly reveal it.
  • If a vps snapshot is taken including memory - now your key is in the snapshot in plain text.

On a more positive note, a larger vps provider hosts dozens if not hundreds of vm's on a single piece of hardware, in a data center with hundreds, if not thousands, if not tens of thousands(aws, azure, etc) of servers. What are the chances of someone being interested in your vps exactly? Mind that in companies with good security policies playing around with the servers and vps's produces a pretty heavy audit log trail, so it has to be worth the risk. And if it's worth the risk and your data is so extremely valuable and security is so paramount, then it might be worth hosting it yourself.

alex.b.bg
  • 143
  • 1
  • 9