Apparatuses, methods, systems, and computer program products consistent with exemplary embodiments relate to cloud computing, and more particularly, to enabling secure inter-cloud data transfer.
Recently, cloud computing technology has been developed as a useful way for individuals and businesses to store and transfer data across networks, such as the Internet. In the cloud environments, protection and security of data is of prime importance for data owners. However, it can be difficult to protect data which is stored in a cloud system, because the data storage facilities of the cloud system are typically located in remote locations far away from the data owners.
The difficulty of protecting data in a cloud environment becomes even greater when a data owner wishes to transfer data from one cloud system to another cloud system. For example, an organization which is a data owner may use a private cloud system, a virtual private cloud system, and a public cloud system concurrently. The business processes of the organization might involve data transfer between these different types of clouds. Furthermore, a data owner may desire to use a service to analyze the data owner's data, where the service is located in a cloud system (a service cloud) that is separate from the cloud system which stores the data owner's data (a data cloud). In this case, the data owner may wish to temporarily provide the data stored in the data cloud to the service cloud in order to use the service provided by the service cloud. Such an inter-cloud data transfer further reduces the data owner's control and visibility of the data.
Related art cloud security solutions concentrate on various sub-components of the cloud environment. However, these related art cloud security solutions only attempt to secure one end of communication (e.g., data cloud), which is not enough to ensure security considering that the other communicating entity (e.g., service cloud) may be vulnerable to attacks. A process to evaluate the security and trustworthiness of the target cloud system to which data is to be sent does not exist in the related art cloud security solutions.
Accordingly, there is a need in the art to provide a technique which is capable of evaluating the security and trustworthiness of a target cloud system involved in an inter-cloud data transfer, thereby enabling a more secure inter-cloud data transfer.