Hi,
Recently I have been looking in the cloud computing and that raised a question.
For example, if Company XYZ hosted their website with database in a cloud then how it's keeping it'd data secured from the administrator of cloud? if he/she runs a query in that database and it's just like an open book. Or, there is an encryption phase in cloud which I am not sure though. Or, we need to encrypt the whole database so that if the admin runs query he/she qont get anything other than encrypted data. I also saw there are some functions like AES_ENCRYPT() and AES_DECRYPT() to make this happen but is this the way everybody is achieving data privacy.

Does anyone has an idea on this because encrypting and decrypting of each and every record will also has time and performance overhead, I think.

Thanks in advance.

I guess I have a couple of ideas. First (and by far the most important), if you don't trust the cloud provider not to snoop, then putting your information on the cloud is probably a very bad idea. Second, I don't think encrypting the entire database is really necessary. If you're securing the connection method to the could MySQL server, that should keep out the casual listeners. If it is at all possible, I would also use sockets to carry out the MySQL communications rather than TCP/IP, but the overall architecture of what you're trying to do will determine if this is practical or not.

Seriously, if you don't trust the administrators, you shouldn't be using them. There is almost no way to defend from an administrator level attack.

My "cloud concerns" are more related to this type of incident.

There's no one I trust with my data ... no one. If a mistake is made, let it be mine.