Hi Ikai, I'd like to draw a distinction between (a) the platform being able to see the data, (b) employees being able to see the data (c) the policies by which employees look at data (sanctioned by google) (d) ilegal data access (not sanctioned by google - either by an employee or an external attack) (e) the protections against d at a high level
At the moment google seems to pull all these elements into the one basket - and say 'we can see your data'. That statement doesn't actually carry any useful information, except perhaps by implication - 'we're not saying much because you wouldn't like it if you knew.' Take for example this FAQ statement for Google Apps - http://www.google.com/support/a/bin/answer.py?hlrm=en&answer=106887 - it is an exceptionally helpful statement. With App Engine, unless I have missed it, there are no such statements - just 'we can see your data'. Additional security is one thing, clarity and transparency is another. You don't need cryptographic keys and ACL's to achieve an improvement in people's ability to *understand* the data security of their app on app engine. Cheers, Colin On May 24, 11:44 pm, "Ikai L (Google)" <[email protected]> wrote: > Guys, I want to encourage you to stay on topic. > > The issue here is encryption for data store in App Engine. As several > posters have pointed out, there are no easy solutions for this. A shift > towards the cloud has all the implications of not being able to physically > secure the data. Using a service such as App Engine, something we common > describe as a platform-as-a-service, you have much less control over your > data, though we will bear the responsibility of providing as much security > as we can. There is probably a workable compromise somewhere involving where > we store cryptographic keys and ACLs, but for the foreseeable future, you > will have to accept that if you are running your software on Google's > platform, then Google's platform will be able to access your data. If you > build a rich client, you can encrypt the data on the client. > > -- > Ikai Lan > Developer Relations, Google App Engine > Twitter:http://twitter.com/ikai > Delicious:http://delicious.com/ikailan > > ---------------- > Google App Engine links: > Blog:http://googleappengine.blogspot.com > Twitter:http://twitter.com/app_engine > Reddit:http://www.reddit.com/r/appengine > > -- > You received this message because you are subscribed to the Google Groups > "Google App Engine" group. > To post to this group, send email to [email protected]. > To unsubscribe from this group, send email to > [email protected]. > For more options, visit this group > athttp://groups.google.com/group/google-appengine?hl=en. -- You received this message because you are subscribed to the Google Groups "Google App Engine" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/google-appengine?hl=en.
