Add security to documents uploaded?

Question

We're locally testing anasp.net application that will let a user upload documents. The app is similar to a jobs site like monster.com, but with sensitive data.

The app works great locally, and now we have to move it to a shared host or VPS.

Once we move the app to the hosting company, my biggest concern is that there are users (ie. hosting employees) with access to the folders and the documents. These documents have sensitive payment data, so these documents cannot be opened by unauthorized users.

This security is essentially the selling point of the company, so the documents need to be extremely secure.

What security measures can I implement to make certain that the files are protected and secure? Third-party security protocols are also welcome.

Finally, is there anything I need to look for when I search for an asp.net hosting company?

To get better answer try not to describe *what are you going to do*, but first describe what threats you see and how bad is each one for you. — mentallurg, Apr 29 '20 at 21:51
Possibly stupid question, but is there some reason you couldn't just encrypt/decrypt the documents client-side? That seems like it would completely solve your primary security concern. — Austin Hemmelgarn, Apr 30 '20 at 14:30

mti2935 · Accepted Answer · 2020-04-30T14:48:52.580

The problem that you describe (confidentiality of your users' sensitive information) is not unlike the problem that many cloud-based service providers face. This is especially true for companies in heavily regulated industries, such as healthcare, finance, etc., that must comply with compliance regulations such as HIPAA, PCI, and more broadly, GDPR.

In a case where another entity (e.g. a VPS provider, or a hosting provider) has control of the physical resources that your application runs on, it can be a challenging technical problem to prevent this entity from gaining access to your users' sensitive information. Even if you do server-side encryption, this entity has access to the physical RAM on the server where the encryption/decryption takes place, therefore the entity can access the plaintext immediately before it is encrypted (or immediately after it is decrypted).

One solution to this problem is to encrypt all sensitive information on the client-side. This is what ProtonMail does. But, even this has its caveats.

So, as an alternative to a technical solution to this problem, many companies rely on a legal solution instead. Most reputable VPS providers publish a comprehensive data privacy policy, that specifically addresses these concerns. For example, see Amazon AWS' privacy policy at https://aws.amazon.com/compliance/. This is often considered to be sufficient to satisfy most regulatory compliance requirements. However, if this is not enough to satisfy your requirements (or your users' requirements), then you may want to consider hosting your own server in a highly secure datacenter.

Thanks for your reply. But why are you suggesting an email service like ProtonMail? — fdkgfosfskjdlsjdlkfsf, Apr 30 '20 at 14:50
I referenced the question about ProtonMail to illustrate the caveats of client-side encryption. Your server would have to serve the client-side javascript to do the client-side encryption, in the user's browser. But, if the user can't trust your server with his secrets, then how can he trust your server to serve secure code? — mti2935, Apr 30 '20 at 14:56

Add security to documents uploaded?

1 Answers1