One of the services provided by a previous employer was to on-premise appliance for customers, rented in a SAAS model. Customers paid for a certain amount of disk space. To ensure they couldn’t just swap disks to add more capacity, each of our disks went through a ‘blessing’ process where we performed various interesting perturbations to the first few megs of every disk, including a checksum that was a function of a machine and customer identifier.
We fully understood that these efforts would never get in the way of a dedicated and sophisticated adversary, but the bar was low since most of the customers were end users who were using a managed service provider and never directly interacted with our appliance. You might want to try something like that to make it non-trivial for customers to pull your data. - Eric On Dec 9, 2014, at 4:14 PM, Steve Shockley <steve.shock...@shockley.net> wrote: > On 12/9/2014 2:38 PM, John Merriam wrote: >> Oh, and no matter what you do, they could always dump the RAM from your VM >> instance and get your data from there after it's been decrypted. > > The key is also likely stored in RAM, and it is simpler to get a snapshot of > RAM from a VM than it is to get one from a physical machine.
