When you launch a SaaS product on the cloud, do you care that the cloud exposes data and sees ALL?

Question

The cloud exposes data by default. That means, customer data, application code, and business logic, to name a few examples, are transparent to the cloud provider.

Philip Snyder · Accepted Answer

Usually no, I don't think cloud providers are stealing their users Saas ideas (yet lol). Any reputable cloud provider has very strict security and access rules internally.

Thomas Varekamp · Answer

What do you mean? If you launch on the most common cloud providers your data is secured and not public.

Sebastian Gajek · Answer

@thomasvarekamp Technically your CSP has access to the data. The reason is the CSP manages the hardware, VMs etc. What should stop him from doing that are the terms of conditions. However they are inferior to the US Cloud Act, giving actually 3rd parties like the FBI and CIA the right to access data from any server. (Note, other countries like Russia and China have even more dramatic regulations.) The situation becomes problematic in many countries. For example, the European Union's GDPR and the European's right of data sovereignty. Long story short, cloud act allows FBI and CIA to access data on servers of the hyperscalers, even if the servers are located in the EU. This violates EU rights.

When you launch a SaaS product on the cloud, do you care that the cloud exposes data and sees ALL?

Replies