These hosting facilities tend to be great, they are cheap and work well compared to other alternatives. Though while being cheap, there is a compromise to be made and I want to know if there is a way to not make that compromise.
The compromise being allowing clear access to possibly sensitive data being hosted by that provider, you are basically leaving sensitive code, databases and other files on these servers for any employee of the host who has access to take or steal.
So are there are protections available to keep them from seeing everything? I know some of you will say, well you should use a reputable host, which is good advice, but no matter how good they seem there can always be somebody corrupt.
Like the old saying goes - if someone has physical access to your servers, all bets are off!
The same applies to cloud/virtual-machine hosting. That said, there are some mitigating steps that you can take depending on the types of data that you want to protect. e.g.
Caveat: Just remember that there are ways to extract your unencrypted data from memory instead of from the files on disk. There are also ways to attack the files on disk.
Depending on the value of your data, i.e. how much you're willing to spend to protect it:
Anytime you're oursourcing, you're placing trust in the outsourcing company. What level of trust is appropriate is an economic tradeoff you'll have to make yourself. And remember, doing something in-house just gives you more control, not more security. You still have to vet your own employees and trust them with your data.
Yes, you do. Like all compromises. Wanna be cheap, live with it.
That said, I am quite sure that your senssitive data is worthless. Most people tend to have grand delusions about waht their stuff is worth. You think the employees of a managed host have the time to go through tens of thousands of computers sipping for someones list of small customers? Seriously?
What is the high security data you are trying to protect? Customer financial records? Legally protected financial data worth tens of thousands of dollars because you paid that for it? Systems doing automatic financial trading with secure algorithms? Customer credit card records? Actually in the last case you are in direct vilation of your signed an agreed upon legal obligations with the credit card companies, and in all other cases.... the risk still is not there..
Or do we talk of some stuff that simply said has no rea value except in your imagination?
I dont try to be too negative here, but it is some sort of pattern that most people thinktheir ideas are unique fr a startup (they are not), that thair data has a lot of value and employees at hosts have nothing else to do than go through server over server to steal exacty their important data.... while it acutally is of litttle value and the time investment would be way too high.
You have ANY idea how many servers there are in for example Amazon ec2? You would be surprised. A team of 10 people working full time possibly would take their whole working time to search for data before going through all the servers.
At the end of the day, you have to trust a company with reputation. And if you rdata is very valuable, just not be someone too cheap to even buy a server.