Cloud computing is rapidly changing the Internet into a collection of clouds, which provide a variety of computing resources, storage resources, and, in the future, a variety of resources that are currently unimagined.
Specifically, cloud computing is a technology infrastructure that facilitates: supplementing, consuming, and delivering Information Technology (IT) services. The cloud environment provides elastic provisioning of dynamically scalable virtual services.
A tenant is considered as a subscriber of some amount of storage in the cloud or an application who owns part of the shared storage environment. Multi-tenancy is an architecture where a single instance of software runs on a server, which is serving multiple tenants. In a multi-tenant environment, all tenants and their users consume the service from a same technology platform, sharing all components in the technology stack including the data model, servers, and database layers. Further, in a multi-tenant architecture, the data and configuration is virtually partitioned and each tenant works with a customized virtual application instance.
In a Cloud Service Provider's environment, multiple customers, tenants, applications share a common storage infrastructure. The shared storage infrastructure includes storage controllers and raw storage disks. It is often a common scenario that some enterprise customers or users have a stringent requirement that their data is stored in an encrypted manner so that no one else can read their data.
Specifically today, whenever, data needs to be encrypted for confidentiality, several encryption algorithms are used with a key being stored at the tenant (or client) or at the server (storage controller).
So, tenant or client can manage the storage keys or the storage controller can manage the storage keys.
The problem with the key being stored at tenant (or client) is that in the case of key being lost by the tenant (or client), the encrypted data on the server becomes useless. This results in a complete loss of data.
The problem with the key being stored on the server (or the storage controller) is that, the administrator of the storage controller who knows the root password can use the key to decrypt the data. So, true confidentiality is never achieved this way.
Moreover in both the cases, there is a problem with the confidentiality of the data of the tenant.