The idea is simple. First, you encrypt all your data and put the key somewhere safe. Then you send the data off to a data center somewhere. When you need the data, you bring it back and decrypt it with your key.
The people who run the data center have no way of getting to your data, and neither do hackers, foreign spies, or anyone with a court order.
“There are a number of advantages,” said Diogo Monica, IEEE member and security lead at Docker. “You are not sharing the keys with anyone, so you have exclusive control of the data that leaves the organization.”