I had a discussion today with a friend of mine who’s tasked with delivering an on-premises installation of their web app to a “BigCo” (think server-side web app + a SQL database).<p>Now, the database actually contains some proprietary data (which is the biggest concern).
The worry is that once the client gains access to the system (it’s gonna be installed on a client’s server), they can extract the “trade secrets”, so to speak.<p>What would be the most efficient way to complicate direct access to the data? It’s clear, as long there’s direct access to the hardware, there’s pretty much no way to restrict access as such. The question is in increasing the difficulty of doing so.
Your first line of defense will be contracts/lawyers. Make it clear unauthorized access is stealing of trade secrets or such.
You can encrypt the file system which needs somebody to type in a password (via a remote console) after every reboot. Ideally it's rare and you have two servers of course.
I doubt it's worth your time to do this, but it depends on who (and where) the customer is. I'd leave this up to the legal agreement and consider part of the (high) price tag to be compensating you for the (low) likelihood of wrongdoing on their part.