Systems and methods for management of secure data in cloud-based network
First Claim
1. A method of accessing data, comprising:
- identifying a process instantiated in a cloud;
receiving, from at least one instantiated virtual machine in a cloud-based network, a request to access secure data;
translating the request to locate the secure data in a secure data store hosted in an on-premise network;
retrieving the secure data from the secure data store;
encoding the secure data to generate protected secure data; and
transmitting the protected secure data from the secure data store of the on-premise network to the at least one instantiated virtual machine in the cloud-based network.
1 Assignment
0 Petitions
Accused Products
Abstract
Embodiments relate to systems and methods for the management of secure data in a cloud-based network. A secure data store can store sensitive or confidential data, such as account numbers, social security numbers, medical or other information in an on-premise data facility. Regulatory and/or operational requirements may prohibit the migration or unprotected transmission of the secure data to the cloud. An operator can instantiate a set of virtual machines to access and process the secure data, for example to process online purchase transactions. To prevent unauthorized disclosure of the secure data, the secure data store can receive data access requests via a translation module that translates the secure data. The secure data store can retrieve and transmit the secure data using a protection mechanism such as a masking and/or encryption mechanism, avoiding the unprotected transport or exposure of that data to the cloud.
-
Citations
29 Claims
-
1. A method of accessing data, comprising:
-
identifying a process instantiated in a cloud; receiving, from at least one instantiated virtual machine in a cloud-based network, a request to access secure data; translating the request to locate the secure data in a secure data store hosted in an on-premise network; retrieving the secure data from the secure data store; encoding the secure data to generate protected secure data; and transmitting the protected secure data from the secure data store of the on-premise network to the at least one instantiated virtual machine in the cloud-based network. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
-
-
12. A system for managing access to data, comprising:
-
a first interface to at least one instantiated virtual machine in a cloud-based network; and a management module, comprising a processor communicating with memory and with the at least one instantiated virtual machine via the first interface, the management module being configured to — receive a request for secure data from the at least one instantiated virtual machine, translate the request to locate the secure data in a secure data store hosted in an on-premise network, retrieve the secure data from the secure data store, encode the secure data to generate protected secure data, and transmit the protected secure data from the secure data store of the on-premise network to the at least one instantiated virtual machine in the cloud-based network. - View Dependent Claims (13, 14, 15, 16, 17, 18, 19, 20, 21, 22)
-
-
23. A non-transitory computer-readable medium, the computer-readable medium being readable to execute a method of managing access to data, the method comprising:
-
receiving a request to access secure data from at least one instantiated virtual machine in a cloud-based network; translating the request to locate the secure data in a secure data store hosted in an on-premise network; retrieving the secure data from the secure data store; encoding the secure data to generate protected secure data; and transmitting the protected secure data from the secure data store of the on-premise network to the at least one instantiated virtual machine in the cloud-based network.
-
-
24. A method of storing a set of secure data in an on-premise network, the method comprising:
-
receiving a request to store secure data received from at least one instantiated virtual machine in a cloud-based network; generating a location in a secure data store hosted in the on-premise network in which to store the set of secure data; encoding the set of secure data to generate protected secure data; and transmitting the protected secure data from the at least one instantiated virtual machine in the cloud-based network to the secure data store in the on-premise network. - View Dependent Claims (25, 26, 27, 28, 29)
-
Specification