Retention doesn't require it to be online.

A tape sitting in Iron mountain would have a smaller attack surface and be compliant.

Potentially this breach will allow litigation that was financially infeesable for some people.

As a former WDIG employee I am not even suggesting anything concrete or that I have any knowledge of unlawful activity.

But as someone who also worked in the electronic evidence discovery field, the cost of blind discovery has a chilling effect on lawsuits.

Now that targeted discovery is possible, it will be within the budgets of more potential cases.

The forever retention was a marketing differentiator for Slack, so this type of events were a risk you have to accept.

But all about convenience and not compliance.

With how many people in this thread don't see the problem with keeping all data always hot... we are fucked.

Hot data is not such a problem with hot security. It’s when your security freezes that it becomes an issue.

But why take the risk? Cold storage is cheaper, more secure, more friendly to a “we have the data but it will take time” defense.

>Retention doesn't require it to be online.

Conversely, offline doesn't mean unhackable/unleakable.

As nothing is unhackable, that is a false dicotomy.

Why use passwords at all under that line of thinking.

That is why we talk about reducing attack surfaces.

With how big and aggressive Disney is I'd expect it to be under ongoing litigation 24/7/365.

Proper logging for retention would surely involve a point where you encrypt the data with a temporary key and then encrypt that key with the public key and only your top brass would have access to the HSM that could decrypt that blob..

Why keep it hot? Physical security is a mostly solved issue for backups unless you are taget d by nation state level actors.

Like Sony..