Systems and methods for cloud data security
First Claim
1. A system for protecting data-at-rest in a cloud-based service platform, the system comprising:
- a network connection;
a working memory device;
a persistent data storage medium; and
one or more processors coupled to the working memory device, the network connection and the persistent data storage medium, the persistent data storage medium containing instructions that, when executed on the system, cause the system to perform operations including;
performing, using the one or more processors, a first action involving a document stored in the working memory device of the system;
upon completion of the first action, transmitting, over the network connection, the document to a remote system operated by a security service provider for persistent storage, wherein prior to transmitting, the document being retained within the working memory device and not written to the persistent data storage medium;
deleting the document from the working memory device in response to receiving a confirmation of receipt of the document from the remote system operated by the security service provider;
determining, after deleting the document, that a second action requires access to the document;
receiving in response to a request, over the network connection using the one or more processors, the document from the remote system operated by the security service provider;
in response to receiving the document, maintaining the document within the working memory device, without writing the document to the persistent data storage medium;
performing, using the one or more processors, the second action involving the document; and
upon completion of the second action involving the document, deleting the document from the working memory device.
2 Assignments
0 Petitions
Accused Products
Abstract
Techniques for providing data security services with respect to cloud-based services are described. Examples include a security service provider (“SSP”) configured to perform or provide one or more security-related services or functions with respect to or on behalf of some other system or service. The other system or service may be, for example, a cloud-based system that provides network-accessible services. The SSP allows a user of the cloud-based service to provide and manage one or more security-related services, such as data storage, encryption, decryption, key management, and the like. By using and controlling the SSP, the user can be confident that his or her data is being securely represented and stored, even though it is being operated upon by a cloud-based service that is not under the user'"'"'s control.
32 Citations
20 Claims
-
1. A system for protecting data-at-rest in a cloud-based service platform, the system comprising:
-
a network connection; a working memory device; a persistent data storage medium; and one or more processors coupled to the working memory device, the network connection and the persistent data storage medium, the persistent data storage medium containing instructions that, when executed on the system, cause the system to perform operations including; performing, using the one or more processors, a first action involving a document stored in the working memory device of the system; upon completion of the first action, transmitting, over the network connection, the document to a remote system operated by a security service provider for persistent storage, wherein prior to transmitting, the document being retained within the working memory device and not written to the persistent data storage medium; deleting the document from the working memory device in response to receiving a confirmation of receipt of the document from the remote system operated by the security service provider; determining, after deleting the document, that a second action requires access to the document; receiving in response to a request, over the network connection using the one or more processors, the document from the remote system operated by the security service provider; in response to receiving the document, maintaining the document within the working memory device, without writing the document to the persistent data storage medium; performing, using the one or more processors, the second action involving the document; and upon completion of the second action involving the document, deleting the document from the working memory device. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
-
-
10. A method for protecting data-at-rest in a cloud-based service platform, the method comprising:
-
on a computing system within the cloud-based document management service platform performing operations including; performing, using the one or more processors, a first action involving a document stored in the working memory device; upon completion of the first action, transmitting, over the network connection, the document to a remote system operated by a security service provider for persistent storage, wherein prior to transmitting, the document being retained within the working memory device and not written to the persistent data storage medium; deleting the document from the working memory device in response to receiving a confirmation of receipt of the document from the remote system operated by the security service provider; determining, after deleting the document, that a second action requires access to the document; receiving in response to a request, over the network connection using the one or more processors, the document from the remote system operated by the security service provider; in response to receiving the document, maintaining the document within the working memory device, without writing the document to the persistent data storage medium; performing, using the one or more processors, the second action involving the document; and upon completion of the second action involving the document, deleting the document from the working memory device. - View Dependent Claims (11, 12, 13, 14, 15, 16, 17, 18)
-
-
19. A non-transitory computer-readable storage medium containing instructions that, when executed on a computer system within a cloud-based service platform, cause the computer system to perform operations including:
-
performing, using the one or more processors, a first action involving a document stored in the working memory device; upon completion of the first action, transmitting, over the network connection, the document to a remote system operated by a security service provider for persistent storage, wherein prior to transmitting, the document being retained within the working memory device and not written to the persistent data storage medium; deleting the document from the working memory device in response to receiving a confirmation of receipt of the document from the remote system operated by the security service provider; determining, after deleting the document, that a second action requires access to the document; receiving in response to a request, over the network connection using the one or more processors, the document from the remote system operated by the security service provider; in response to receiving the document, maintaining the document within the working memory device, without writing the document to the persistent data storage medium; performing, using the one or more processors, the second action involving the document; and upon completion of the second action involving the document, deleting the document from the working memory device. - View Dependent Claims (20)
-
Specification