公开(公告)号：GB2533098A

公开(公告)日：2016-06-15

申请号：GB201421826

申请日：2014-12-09

Applicant: IBM

Inventor： ERIK RUEGER ,  THORSTEN MUEHGE ,  MARCUS BREUER ,  MATTHIAS SEUL ,  ITZHACK GOLDBERG

IPC: G06F21/62

Abstract: Storing data in a Cloud environment where the Cloud environment comprises a security layer. The method comprises physically separating the Cloud storage from a key vault system 102, and receiving a storage request together with a confidentiality rating 104, wherein the storage request together with data and the confidentiality rating is received via the Cloud storage access interface by the security layer. The method further comprises encrypting the data to be stored and the confidentiality rating on request of the security layer by the key vault system into a data container 106. The Cloud storage is categorised into Cloud zones, wherein each Cloud zone is assigned a trust level 108 and data container is stored in one of the Cloud zones of the Cloud storage such that the trust level of the one of the Cloud zones corresponds to the data confidentiality rating 110. Cloud zone may denote an area in which storage systems may be physically or logically located.

公开(公告)号：GB2533098B

公开(公告)日：2016-12-14

申请号：GB201421826

申请日：2014-12-09

Applicant: IBM

Inventor： ERIK RUEGER ,  THORSTEN MUEHGE ,  MARCUS BREUER ,  MATTHIAS SEUL ,  ITZHACK GOLDBERG

IPC: G06F21/62

Abstract: A shared networked storage may be separated from a key vault system. A storage request with data to be stored and the storage request with a confidentiality rating may be received. The confidentiality rating may indicate a level of confidentiality the data is associated with. The storage request with the data and the confidentiality rating may be received via a shared networked storage access interface by a security layer. The data to be stored by the key vault system and the confidentiality rating may be encrypted on request of the security layer and into a data container. The shared networked storage may be categorized into Cloud zones. Each Cloud zone may be assigned a trust level. The data container may be stored in one of the Cloud zones of the shared networked storage. The trust level of the one of the Cloud zones may correspond to the confidentiality rating.