re: Google Cloud Platform Vs. Amazon Web Services VIEW POST


Both GCP and AWS offer virtual private networks to interconnect your machines. However, all data going through that network is sent as is, logically separated from other customers and nothing more.

This statement is unclear to me and comes across as misleading. All traffic is encrypted between the VPN endpoints. In fact, you can not set up VPN endpoints without encryption.

The other issue is about at rest encryption of storage which AWS supports. You can enable it on any EBS volume and all data on that volume will be encrypted.

You might, for example, come across a managed database type such as Redis that does not encrypt its data at rest.

Since Redis is an in-memory cache it doesn't make sense to say it is not encrypted at rest because it is all in volatile RAM. If you had said GCP VMs all have encrypted RAM that would have been an entirely different claim. If RAM is encrypted then that is pretty cool but I can't tell from your article if that is indeed the case.

It is fine to prefer one cloud provider over another but please be precise and clear. In engineering I think it is important to be as precise as possible and I'm sure you are not trying to deliberately mislead so it would be worthwhile to clarify the points about the network and the storage.


Hi david,

First of all, sorry for the misunderstanding if that wasn't clear.

  1. About networking, we're referring to private networks between your servers here. Not VPNs, but private networking. It's virtual because you don't have a cable connecting your computers, and here is where the risk lies: data is transmitted over the same cable together with other customers, the only separation is virtual. If an attacker had access to the raw data in the cable, they would be able to see your traffic, given it's not encrypted.

  2. About Redis: Redis stores data on disk on most configurations (including the default configuration in AWS). Actually, the key difference between Redis and other databases is that it defers the writing to disk, so this doesn't block the read/writes. Same applies to database backups.

code of conduct - report abuse