[chmod775]

> Store customer data immutable and encrypted, with a unique AES encryption key per customer. Encrypt that AES key again with a single RSA key-pair and store the encrypted AES-key in a database.

Now you have the worst of both worlds. You also now have 2 points of failure where data can get lost, because if either has a problem you lose data.

[Ensorceled]

I can't think of a mechanism where you can lose the customer's database records but can still recover files associated with that customer ...

[menybuvico]

Total systen compromise. The backup for the files worked. the ones for the DB didn't.

[Ensorceled]

Right, but how to you figure which customers own which files? I don't label the assets FrankPJonesPortlandOregonUSA9095551212.jpg. If I've lost the database record I have no idea who owns cat_picture.jpg