Modern computer networks incorporate layers of virtualization so that physically remote computers and computer components can be allocated to a particular task and then reallocated when the task is done. Users sometimes speak in terms of computing “clouds” because of the way groups of computers and computing components can form and split responsive to user demand, and because users often never see the computing hardware that ultimately provides the computing services. More recently, different types of computing clouds and cloud services have begun emerging.
For the purposes of this description, cloud services may be divided broadly into “low level” services and “high level” services. Low level cloud services (sometimes called “raw” or “commodity” services) typically provide little more than virtual versions of a newly purchased physical computer system: virtual disk storage space, virtual processing power, an operating system, and perhaps a database such as an RDBMS. In contrast, high or higher level cloud services typically focus on one or more well-defined end user applications, such as business oriented applications. Some high level cloud services provide an ability to customize and/or extend the functionality of one or more of the end user applications they provide; however, high level cloud services typically do not provide direct access to low level computing functions.
The ability of business users to access crucial business information has been greatly enhanced by the proliferation of IP-based networking together with advances in object oriented Web-based programming and browser technology. Using these advances, systems have been developed that permit web-based access to business information systems, thereby allowing a user with a browser and an Internet or intranet connection to view, enter, or modify the required business information. For example, substantial efforts have been directed to Enterprise Resource Planning (ERP) systems that integrate the capabilities of several historically separate business computing systems into a common system, with a view toward streamlining business processes and increasing efficiencies on a business-wide level. By way of example, the capabilities or modules of an ERP system can include: accounting, order processing, time and billing, inventory management, employee management/payroll, human resources management, and employee calendaring and collaboration, as well as reporting and analysis capabilities relating to these functions.
In a related movement, substantial efforts have also been directed to integrated Customer Relationship Management (CRM) systems, with a view toward obtaining a better understanding of customers, enhancing service to existing customers, and acquiring new, profitable customers. By way of example, the capabilities or modules of a CRM system can include: sales force automation (SFA), marketing automation, contact list, call center support, and web-based customer support, as well as reporting and analysis capabilities relating to these functions. With differing levels of overlap with ERP/CRM initiatives and with each other, substantial efforts have also been directed toward development of increasingly integrated partner and vendor management systems, web store/eCommerce systems, product lifecycle management (PLM) systems, and supply chain management (SCM) systems.
Such business systems and applications often perform functions that involve the storage, access, and processing of confidential or proprietary data, information, or documents. Such data may include non-public revenue projections, sales data, product roadmaps, long range planning documents, etc. The confidential data may also include information about financial transactions or employees that is expected to remain private, such as medical or other personal information. The release or other use of such information may be controlled by specific policies, regulations, agreements, or laws. For example, the use of certain types of private medical data (e.g., Protected Health Information, PHI) may be governed by one or more Federal laws, such as HIPAA (the Health Insurance Portability and Accountability Act). HIPAA (and its associated regulations) imposes certain security requirements on personal medical data that is provided to third parties, such as requiring that it be encrypted and/or otherwise protected when being transmitted to another party. Similarly, data regarding certain types of financial transactions may be required to be (or at least is desired to be) encrypted when provided to another party over a communications network.
The requirement that certain data be encrypted prior to transmission to another party introduces a potential problem for users of cloud-based data processing platforms and systems. Such platforms/systems typically store each tenant's data in one or more data storage elements, such as a database. The data contained within the database may be encrypted in accordance with an encryption process that is specific to the database and its data management system. Databases typically use AES and symmetric key encryption algorithms. Database decryption generally happens at the point the data is read from the storage device but it is technically possible to transmit the encrypted data (as it exists on the storage device) and have the receiver of the transmission decrypt it. In most cases, when a remote user desires to access data contained in the database, the data is typically decrypted in accordance with the data(base) management system and prepared for transmission to the user over a communications network (e.g., the Internet).
The decrypted data may then be (re)encrypted using a different process prior to such transmission, based on one or more security protocols (e.g., using HTTPS and SSL (secure socket layer), or another type of data security protocol). For example, SSL may use X.509 certificates and hence a form of asymmetric cryptography to authenticate the counterparty with whom they are communicating, and to exchange a symmetric key. This session key is then used to encrypt data flowing between the parties. When using such a security protocol, the encryption and decryption processes are applied to entire records or documents. This means that after transmission over the communications network, the recipient will have access to the entire record or document.
This type of data protection process can create a problem if the data or some of the data contained in a record or document is supposed to (or required to) remain confidential or protected (such as data protected under the terms of HIPAA). This is because the end user may be given access to confidential data that is contained in a document or data record that they are not entitled to have access to, and therefore should not be able to see. Further, in some cases an end user may have authorization to view and alter certain protected data, and in such situations they need to have a way to alter the data, save it, and then transfer it back securely to a server or database for storage.
Conventional approaches to providing data security enable protection of entire documents or sets of data, but do not provide an effective means of preventing unauthorized access to specific sections of documents or fields of data. Embodiments of the invention are directed toward solving these and other problems individually and collectively.