1. Field of the Invention
The present invention is in the field of distributed computing including cloud-mediated computing networks and pertains particularly to methods and apparatus for securing tenant data against malicious operations.
2. Discussion of the State of the Art
A cloud-mediated computing network is a network-accessible distributed computing platform used by companies to provide network-based data management solutions for businesses to manage their own data and data belonging to their clients. The distributed computing model is attractive to organizations from startups to large multinational corporations that seek computing alternatives that enable them to reduce computing costs, maintenance overhead, and to gain computing power on demand.
It is desired that such computing resources provide flawless, secure, and negative latency computational power with little or no downtime. While external security measures instituted on cloud-based computing networks are adequate for most personal and industrial uses, tenants desire more control over the operations that are performed on their proprietary and mission critical data. Current controls in place for most cloud-based networks such as process auditing, event logging, and sharing of logs with cloud tenants are not sufficiently secure for larger institutions that manage critical and highly sensitive data. To wit, larger corporations favor private cloud-networks tailored to accommodate global needs of large corporate houses confining the cloud technology within their corporate backbones.
Providers of public cloud-computing based on models such as the Infrastructure as a Service (IaaS) model have identified a lack of trust of external entities and a fact that tenants currently have little or no control over mission critical data at premises outside the provider organization's domain perimeter as among key reasons for a sluggish adoption rate for tenants subscribing to cloud-mediated computing.
In current practice, clients must entrust the service provider with all its business intelligence (in the form of data) and computing infrastructure (in terms of hardware and other supporting operational software and applications) and expects its data to be preserved, protected, serviced properly, and respected for its value. To be fair, most service providing organizations do have a higher level of security in place than normal enterprise security regimens. These measures help address key areas of security by satisfying the norms put forth by current security standards. For example, data are encrypted when in transit and while in storage to ensure that it is not intercepted and decoded.
A challenge to encryption is that it may not be practically applied to extremely large data sets or for certain types of data intense operations. One reason for this is that many current databases require a non-encrypted state to render the data searchable for extraction and distribution operations resulting from database queries. Moreover, adequate monitors are in place to capture and plug identified vulnerabilities and to raise appropriate alarms in order to initiate immediate corrective actions. However, such procedural methods in place within most cloud-mediated service networks will not prevent malicious attacks from happening. They simply provide indication that malicious actions have occurred and may help with tracing such malicious activity back to its origin and preventing future acts from that source as a temporary solution.
Therefore, what is currently needed in the art is a security layer and methods that will empower cloud tenants in efforts to control how their data is accessed and serviced at the provider's facilities. A solution such as this will offer cloud-computing tenants a higher degree of confidence and assurance about the confidentiality, integrity, and security of the services that are consumed.