I did forget to mention in my post about clouds that there’s the security issue. This issue is by no means specific to cloud computing, but it is something that’s been on my mind.
Problem is, when you host in a situation where the servers are not physically controlled by you, you have to put a pretty good amount of trust in the hosting provider, and so do your customers, recursively. Anyone in Google’s/Amazon’s/whoever’s pool of administrators can read or mess with your data. Encryption basically does you no good, if you need to do server-side processing of the data, since you’d have everything on the server to allow you to decrypt, and therefore so would the inside attacker.
Anyway, like I say, its not a new issue to the cloud computing realm, and trusting the hosting provider is not unreasonable, and there are social remedies both inside and outside the companies involved should the provider violate the trust. It’s really only been on my mind because people on the project are talking about the need to encrypt the contents of the database, and I’m thinking it’s pretty useless to do so. However, it is one of those things where the psychological situation is different than the technical situation. I’ve made my opinion known to the appropriate people and I’ll trust them to make appropriate decisions about these things, and just go with the flow from there.