1. Field of the Invention
The invention relates to secure access to data storage, and more particularly to data storage provided over a public network.
2. Description of the Related Art
As IT departments are increasingly placed under tighter budget constraints, cloud infrastructure—either private or public—is being employed to help keep costs down. One of the key inhibitors to adoption of cloud technology (in particular public cloud technology) is the concern of the exposure of customer data as it travels through, and is hosted in, the cloud provider's infrastructure. Although many different mechanisms exist for securing customer data in the cloud, there is one recurrent theme that customers express—they want to control those mechanisms. Put differently, IT practitioners are increasingly comfortable relying on the infrastructure providers to manage the software, servers, storage, and data center networks. However, when it comes to security, the client wants to maintain as much control as possible.
Most solutions rely on the client to encrypt their data using software-based encryption. These solutions incorporate software modules executing on the same servers that are executing the client's business logic (typically executing within the context of a virtual machine (VM). Software-based encryption is extremely CPU-intensive, so it can have a big impact on the utilization of a CPU. Additionally, the data encryption keys usually exist “in the clear” within the context of the customer's VM, presenting a greater risk that the data encryption keys can be compromised.