VESencrypt runs in a private network via a docker container. The public does not have access to the decrypt function through the hosting service APIs. With VESencrypt installed, if a nefarious person were to hack into your hosted data through the public APIs, they would get encrypted content. You are in control of the list of players who have access to your encrypted content. You actually create and maintain the list of parties who have the decrypt function. Thus, VES solves the primary vulnerability of your data at your hosting service. Of course, VESecrypt also solves the vulnerability of a nefarious person making off with a hard drive containing your content, because the at-rest data is encrypted.

VESecnrypt gives you the level of protection you seek and need for data-at-rest.