Is there a Paas solution that avoids NSA prism spying?

Question

I want to deploy my application and looking at Appharbor or Amazon beanstalk for my .net project.

I'm concerned about security and was put off by Microsoft (and therefore Azure) being a key player in the Prism scandal.

Being in Europe I've started leaning towards Icelandic hosts for their green credentials and adherence to freedom of speech. Others have recommended Hetzner for their speed. I know some providers have European datacenters but does that mean they are subject to European law first before US ones i.e. they can't snoop 'as easily'?

Where should the .Net development community turn towards for running secured applications online?

(I hope this post doesnt get closed with a cheap excuse because its controversial but I really am having a problem with this).

Answer 1

Being free, independent and unwatched these days is really hard. I agree that building a data centre in your home may sound like the best solution, but it creates new problems:

• You have to buy servers yourself and maintain them (patch, update, monitor, etc) - in Microsoft world this is expensive.

• You have to acquire good and reliable internet connection - your home ISP won't guarantee you such service.

• You have to take care about scalability issues - buying more servers, building scalable platform, etc.

In order to handle this you need quite a lot of skills and/or money - do you really want to spend so much resources?

The other obvious solution is to rent a private server at a data centre is also a good solution, but keep in mind that your provider will obey to the local laws and if the local police knocks on the door - he'll probably have to grant them access and you can do nothing.

I am writing everything up to here just to state one thing - there is no 100% guarantee that you are secure. If you really care about your customers' privacy - just make sure that you either don't store their sensitive data or make it really hard for the bad guys to access it. Let them use some kind of strong encryption or implement such policy by yourself. Explain this to your customers and I am sure that they'll appreciate your measures.

At the bottom line - really consider if your application will benefit from all those security measures. In my opinion, your customers will enjoy more fast and responsive application than slow and most of the time unavailable one.