The present invention relates in general to data processing systems and in particular to third party secured storage for applications such as Web services and/or Web applications.
It is known for a third party to host and operate Web services and/or Web applications for a customer. For example, referring to FIG. 1, labeled Prior Art, a typical third party Web application environment comprises three main entities. More specifically, a third party Web application environment comprises requesters located somewhere in the Internet, a host computer where a Web application is executing, and storage such as disk storage. It is transparent to the requestor where the Web service is executing. For example, if a customer such as a large retail company has a Web service that they want to make available to requesters on the Internet. The retail company's Web service might be executed by a third party global services organization. Thus the third party global services organization functions as the hosting company that owns and operates the physical computer on which the Web services are executed.
With this system, network security (e.g., HTTPS) secures data flowing between the Internet requestor and the host computer running the Web service. Additionally, known disk technology (e.g., encrypted disk) secures data flowing between the host computer and external physical storage (whether disk, tape, or other).
An issue that may inhibit the ability of a third party to provide these hosting services relates to the security of the Web services and Web applications. There are several points between a Web service requestor somewhere in the Internet and a Web service implementation where security is desired. It is known to provide network security between a requestor and a Web service host operating system. Additionally, it is known to provide security such as encrypted disk storage between the host operating system and disk storage.
However, it is possible that a security hole exists within the main memory of the computer systems on which the Web services or Web applications reside and operate. This hole can be especially troublesome to a customer when the Web services or Web applications manipulate sensitive data. Computer main memory can be viewed a variety of ways, such as via an operating system storage dump after a crash. Thus, potentially sensitive data from main memory can be viewable by hosting company personnel.
Some third party service providers have addressed this issue by enhancing physical security of the computing facility (i.e., limiting access to the actual computer on which the applications execute except hosting service employees) and or by providing access only to screened personnel at hosting companies. Another way in which this security issue has been addressed is by providing storage rings (or levels) of sensitivity where different levels of security are provided with different types of storage snapshots (this method may be used for example with certain types of government security classifications).