What is the optimal way to protect my data from my VPS provider? [closed]
Solution 1:
Not HAVING a VPS provider.
And I am not snippy. THere is no way to protect a VPS from the people running the hardware. There are some theoretical ways but - at the end someone needs to allow access. I.e. your encryption - how the heck would the program decrypt the data? See, with physical access I can make a backup and spend a lot of time cracking. They key must be somewhere on the VPS image, or?
There are some ways in i.e. Hyper-V clusters to protect images from being exported, but again, the provider has access to the hardware.
Generally you ARE protected by the hosting provider. Contracts and the fact that you are irrelevant between hundreds of thousands (possibly) of machines.
I'd just like to defend it as much as possible, and hopefully make it non-viable for anybody to view/steal it.
And you are willing to pay a SIGNIFICANT price for that, both possibly in hardware (yes, hardware, SCM rental is expensive) and / or making your programming possibly 5 to 10 times as expensive? Because that is what we talk about - encrypting everything is fine, but it also means decryption when it needs to be accessed, the keys STILL somewhere on the platform for anyone with a debugger.
The SysAdmin / VPS host is the one attack vector extremely hard to defend against.