Simple cloud file storage security

I’m in the process of implementing a fax solution for a customer that involves storing the faxes in a cloud based solution.  Its fairly simple but here is basically what I’m doing (using ColdFusion).

A fax is received at the customer’s eFax #.  eFax converts the facsimile to a PDF and parses out any information encoded as a barcode in the fax (a handy way of automating which faxes go to which queues in their application).  eFax then post fax via an ssl xml post to the customer’s web server.

The web server parses the XML and extracts the relevant meta information (phone number, bar code data, etc).  It then makes an entry of this information into a database for later retrieval.  The unique key that the database generates is concatenated with a hard-coded password to encrypt the actual file contents (the raw PDF).

Those file contents are, in turn, uploaded to a cloud file hosting with Rack Space Cloud.  The file name is the unique identifier associated with the eFax the customer received.  In other words, someone must have access to our database table with the eFax unique id and our primary key in order to find a file related to a particular customer and decrypt that file (they also have to have our hard-coded password).

Now granted, this isn’t rocket science and anybody (namely us) who has access to the code and the database could decrypt all the files but the files aren’t a high security risk.  They most sensitive data is credit card information on some of the faxes which are order forms but those are meant to be viewed by us (to process the orders).