Data security is rapidly becoming the most important, and potentially limiting, factor in the field of data processing. While the emergence of portable data, “cloud computing,” and other forms of distributed data processing and data sharing have the potential to provide truly revolutionary and paradigm shifting advances in human activity, current methods of providing security for sensitive data introduce inefficiencies into data access control systems.
For example, many data protection services store application secrets and encryption keys. Data protection services can include a server that runs in a cloud environment and exposes a representational state transfer (REST) application programming interface (API) to client programs running on remote machines. Typically, the client machines are themselves virtual machines in the cloud. In order for the client machine to have access to the API, it must possess an authentication credential known as an API key. Because the API key may be needed for accessing the data protection service, the API key is not provided directly from the data protection service to the client program. Typically, API keys are provided manually, for example in an email, from some kind of file handover, or from a data protection service administrator. These methods for providing an API key can be very inconvenient and can reduce the efficiency of both human and computing resources. Additionally, they can introduce security issues with regards to the way the API keys are transferred and stored.
Despite these long standing technical problems with inconvenient and risky API key transfers, such API key transfer methods are still widely used. This is primarily due to the fact that, currently, methods and systems for providing better access controls for storage containers storing sensitive data have proven elusive, inefficient, and often ineffective.
What is needed is a technical solution to the long standing technical problem of providing secure access to sensitive data that is effective and efficient.