Increasingly, it has become more common for organizations to use computing systems managed by the organization, as well as to utilize public cloud resources, to implement that organization's computing infrastructure. For example, many organizations opt to use public cloud computing infrastructures, such as Amazon's public cloud offering or Azure from Microsoft Corporation, alongside a private cloud arrangement, such as is available from VMware or based on Unisys's fabric computing (Forward!) solutions. This allows the organization to blend the security of a private domain network with the flexibility of a cloud-based, computing on demand arrangement in which computing systems can be commissioned and used on an as-needed basis.
Existing networked systems utilize a variety of security architectures that allow for distribution and association of computing systems in different ways to allow for different levels of data access and controlled computing system intercommunication. However, such networked system security architectures are not readily employed in a hybrid cloud environment in which portions of a networked computing arrangement may be located in a cloud environment and other portions or computing systems may be located within a private domain portion of the environment. This is because, if encryption keys or other security constructs are used, it may be deemed unsafe or not secure to provide those keys or security constructs to the cloud-based systems that form portions of the network. Accordingly, organizations that utilize such hybrid cloud systems often store most critical data within a private domain portion of that organization's network, and store less secure information in a cloud-based portion of the network. Even in such situations, organizations may opt to limit the interactivity between such cloud-based and private domain systems, to limit the probability of compromise of the organization's critical data.
Although such arrangements are possible, they are sub-optimal with respect to flexibility and administration. First, because this effectively creates classes of trusted and untrusted computing systems, two different authentication or communication standards may be used, complicating administration. Further, because this effectively requires all sensitive data to be maintained within the private domain, it limits the extent to which such cloud-based computing systems can be used, because of the limit to which sensitive data can be stored in cloud-based systems.
For these and other reasons, improvements are desirable.