I think these quotes should be kept in mind:
If you are talking about actual enterprise customers, they are not going to be scared, they are going to want answers in order to discover and manage the risk of their data being exposed. As a former enterprise security architect who constantly did vendor security reviews, I would have less concerns about the data on SNO HDD’s, data that is sharded and encrypted the way it is advertised, and I would be more concerned about Storj the company that writes code and operates systems to assure the overall security. Since Storj is the key player in protecting my data, I want to see Storj’s annual SOC2 Type 2 report, and perhaps other standards such as NIST, ISO 27001, (and other certs based on the type of data I want to store). We often had smaller businesses tell us that they were using secure data centers with SOC2 reports, but n nothing beyond that, we knew they were clueless and were not suitable for storing our confidential data.
So this comes down to code reviews, code audits, coding practices, code management, company procedures, management processes, security practices etc.
1 Like