Re: Bullshit Alert
OK. Thanks for your scenario. You're using only cloud storage, I can understand that. Encrypted as it goes to/from the cloud, and never actually used in the cloud. Cheap storage, but to do any volume analysis, will be very expensive on data transfer costs.
But actually running the application in the cloud? Or using cloud-based desktop (not mentioned here, I'm extrapolating)? In these cases, the keys need to be in the cloud.
OK. Encrypted region within a cloud domain? You're trusting the cloud provider cannot be coerced to hand the data and the keys over to some TLA or hacker, and backed up by a warranty which will not exceed the cost of the service (even if you can prove that the data's been nabbed?) This cannot be considered a good move.
Biting the hand that feeds IT
