Thanks for the reply! Pretty much what I thought...just wasn't sure if the original comment knew of some process I wasn't familiar with that obviated my belief.

> This is true of every cloud.

It's true of anyone selling bare metal servers too, it is just harder to snoop but the technology exists to do so.

How do you stop the cloud provider from accessing ram or cpu cache. At some point the data has to be decrypted for it to be used. And if decrypted on Amazon equipment, then Amazon could in theory gain access to it.

They were saying all decryption would happen client side and the only operations done by the server would be ones where the server can operate on encrypted data and yield encrypted results. I suspect that the main sticking point in that plan would be that the current state of homomorphic encryption is fairly limited/slow, so if you need AWS for computation as opposed to storage, it's not a practical plan.

Yeah. AWS isn't the best for just plain old storage so I guess this just isn't quite feasible yet. I'm hopeful we'll figure out the fully-encrypted cloud within the decade.

I did some googling and came to the conclusion that homomorphic encryption is not quite as supported in consumer hardware as I had believed. I didn't even think about the CPU cache. I guess this remains an unsolved problem. If Walmart's motivations are truly that Amazon might peek into vendor data, then it's a reasonable request after all.