Securing information within a cloud computing environment
First Claim
1. A method for securing information within a Cloud computing environment, comprising:
- making, using at least one first computing device, a first determination whether a uniform resource locator of a first communication originating from a first endpoint matches a destination comprising a Cloud storage system;
if the first determination is no match, evaluating, using the at least one first computing device, whether additional information is requested;
if the first determination is a match, redirecting, using the at least one first computing device, to a central encryption service, the communication having the destination of the Cloud storage system, the first communication containing first information to be secured from the first endpoint at the central encryption service;
receiving, using the at least one first computing device, the first communication at the central encryption service;
encrypting, using the at least one first computing device, the first information at the central encryption service;
communicating, using the at least one first computing device, the encrypted first information to the Cloud storage system from the central encryption service;
storing, using the at least one first computing device, the encrypted first information in the Cloud storage system;
making, using at least second computing device, a second determination whether a uniform resource locator of a second communication matches the destination comprising the Cloud storage system;
if the second determination is no match, evaluating, using the at least second computing device, whether additional information is requested;
if the second determination is a match, redirecting, using the at least one second computing device, to the central encryption service, the second communication having the destination of the Cloud storage system, the second communication containing first information to be secured from a second endpoint at the central encryption service;
receiving, using the at least one second computing device, the second communication at the central encryption service;
encrypting, using the at least one second computing device, the second information at the central encryption service;
communicating, using the at least one second computing device, the encrypted second information to the Cloud storage system from the central encryption service; and
storing, using the at least one second computing device, the encrypted second information in the Cloud storage system;
wherein the central encryption service operates on a system at a remote location from the first endpoint and the second endpoint; and
wherein the central encryption service, the first endpoint, and the second endpoint belong to the same enterprise.
2 Assignments
0 Petitions
Accused Products
Abstract
Embodiments of the invention provide a solution for securing information within a Cloud computing environment. Specifically, an encryption service/gateway is provided to handle encryption/decryption of information for all users in the Cloud computing environment. Typically, the encryption service is implemented between Cloud portals and a storage Cloud. Through the use of a browser/portal plug-in (or the like), the configuration and processing of the security process is managed for the Cloud computing environment user by pointing all traffic for which security is desired to this encryption service so that it can perform encryption (or decryption in the case of document retrieval) as needed (e.g., on the fly) between the user and the Cloud.
28 Citations
32 Claims
-
1. A method for securing information within a Cloud computing environment, comprising:
-
making, using at least one first computing device, a first determination whether a uniform resource locator of a first communication originating from a first endpoint matches a destination comprising a Cloud storage system; if the first determination is no match, evaluating, using the at least one first computing device, whether additional information is requested; if the first determination is a match, redirecting, using the at least one first computing device, to a central encryption service, the communication having the destination of the Cloud storage system, the first communication containing first information to be secured from the first endpoint at the central encryption service; receiving, using the at least one first computing device, the first communication at the central encryption service; encrypting, using the at least one first computing device, the first information at the central encryption service; communicating, using the at least one first computing device, the encrypted first information to the Cloud storage system from the central encryption service; storing, using the at least one first computing device, the encrypted first information in the Cloud storage system; making, using at least second computing device, a second determination whether a uniform resource locator of a second communication matches the destination comprising the Cloud storage system; if the second determination is no match, evaluating, using the at least second computing device, whether additional information is requested; if the second determination is a match, redirecting, using the at least one second computing device, to the central encryption service, the second communication having the destination of the Cloud storage system, the second communication containing first information to be secured from a second endpoint at the central encryption service; receiving, using the at least one second computing device, the second communication at the central encryption service; encrypting, using the at least one second computing device, the second information at the central encryption service; communicating, using the at least one second computing device, the encrypted second information to the Cloud storage system from the central encryption service; and storing, using the at least one second computing device, the encrypted second information in the Cloud storage system; wherein the central encryption service operates on a system at a remote location from the first endpoint and the second endpoint; and wherein the central encryption service, the first endpoint, and the second endpoint belong to the same enterprise. - View Dependent Claims (2, 3, 4, 5, 6)
-
-
7. A system for securing information within a Cloud computing environment, comprising:
-
a memory medium comprising instructions; a bus coupled to the memory medium; and a processor coupled to the bus that when executing the instructions causes the system to; make a determination whether an internet protocol address of a first communication originating from a first endpoint matches a destination comprising a Cloud storage system; if the first determination is no match, evaluate whether additional information is requested; if the first determination is a match, redirect, to a central encryption service, the first communication having the destination of the Cloud storage system, the first communication containing information to be secured from the first endpoint at the central encryption service; receive the first communication at the central encryption service; encrypt the first information at the central encryption service; communicate the encrypted first information to the Cloud storage system from the central encryption service; store the encrypted first information in the Cloud storage system; make, a second determination whether a uniform resource locator of a second communication matches the destination comprising the Cloud storage system; if the second determination is no match, evaluate whether additional information is requested; if the second determination is a match, redirect to the central encryption service, the second communication having the destination of the Cloud storage system, the second communication containing first information to be secured from a second endpoint at the central encryption service; receive the second communication at the central encryption service; encrypt the second information at the central encryption service; communicate the encrypted second information to the Cloud storage system from the central encryption service; and store the encrypted second information in the Cloud storage system; wherein the central encryption service operates on a system at a remote location from the first endpoint and the second endpoint; and wherein the central encryption service, the first endpoint, and the second endpoint belong to the same enterprise. - View Dependent Claims (8, 9, 10, 11, 12)
-
-
13. A non-transitory computer readable storage medium containing a program product for securing information within a Cloud computing environment, the non-transitory computer readable storage medium comprising program code for causing a computer to:
-
make a first determination whether a uniform resource locator of a first communication originating from a first endpoint matches a destination comprising a Cloud storage system; if the first determination is no match, evaluate whether additional information is requested; if the first determination is a match, redirect, to a central encryption service, the first communication having the destination of the Cloud storage system, the first communication containing first information to be secured from the first endpoint at the central encryption service; receive the first communication at the central encryption service; encrypt the first information at the central encryption service; communicate the encrypted first information to the Cloud storage system from the central encryption service; store the encrypted first information in the Cloud storage system; make, a second determination whether a uniform resource locator of a second communication matches the destination comprising the Cloud storage system; if the second determination is no match, evaluate whether additional information is requested; if the second determination is a match, redirect to the central encryption service, the second communication having the destination of the Cloud storage system, the second communication containing second information to be secured from a second endpoint at the central encryption service; receive the second communication at the central encryption service; encrypt the second information at the central encryption service; communicate the encrypted second information to the Cloud storage system from the central encryption service; store the encrypted second information in the Cloud storage system; and wherein the central encryption service operates on a system at a remote location from the first endpoint and the second endpoint; and wherein the central encryption service, the first endpoint, and the second endpoint belong to the same enterprise. - View Dependent Claims (14, 15, 16, 17, 18)
-
-
19. A method for deploying an application for securing information within a Cloud computing environment, comprising:
-
providing a computer infrastructure being operable to; make a first determination whether an internet protocol address of a first communication originating from a first endpoint matches a destination comprising a Cloud storage system; if the first determination is no match, evaluate whether additional information is requested; if the first determination is a match, redirect, to a central encryption service, the first communication having the destination of the Cloud storage system, the first communication containing first information to be secured from the first endpoint at the central encryption service; receive the first communication at the central encryption service; encrypt the first information at the central encryption service; communicate the encrypted first information to the Cloud storage system from the central encryption service; store the encrypted first information in the Cloud storage system; make, a second determination whether a uniform resource locator of a second communication matches the destination comprising the Cloud storage system; if the second determination is no match, evaluate whether additional information is requested; if the second determination is a match, redirect to the central encryption service, the second communication having the destination of the Cloud storage system, the second communication containing second information to be secured, from the second endpoint, at the central encryption service; receive the second communication at the central encryption service; encrypt the second information at the central encryption service; communicate the encrypted second information to the Cloud storage system from the central encryption service; store the encrypted second information in the Cloud storage system; wherein the computer infrastructure comprises at least one computer; and wherein the central encryption service operates on a system at a remote location from the first endpoint and the second endpoint; and wherein the central encryption service, the first endpoint, and the second endpoint belong to the same enterprise.
-
-
20. A method for securing information within a Cloud computing environment, comprising:
-
making, using at least one first computing device, a first determination whether a uniform resource locator of a first communication originating from a first endpoint matches a destination comprising the Cloud storage system; if the first determination is no match, evaluating, using the at least one first computing device, whether additional information is requested; if the first determination is a match, redirecting, using the at least one first computing device, to a central encryption service, the first communication having the destination of the Cloud storage system, the first communication containing information to be secured from the first endpoint at the central encryption service; receiving, using the at least one first computing device, the first communication at the central encryption service; encrypting, using the at least one first computing device, the first information at the central encryption service using a first set of previously received encryption keys; communicating, using the at least one first computing device, the encrypted first information to the first endpoint from the central encryption service; communicating, using the at least one first computing device, the encrypted first information from the first endpoint to the Cloud storage system for storage; storing, using the at least one first computing device, the encrypted first information in the Cloud storage system; making, using at least one second computing device, a second determination whether a uniform resource locator of a second communication, originating from a second endpoint, matches the destination comprising the Cloud storage system; if the second determination is no match, evaluating, using the at least one second computing device, whether additional information is requested; if the second determination is a match, redirecting, using the at least one second computing device, to the central encryption service, the second communication having the destination of the Cloud storage system, the second communication containing second information to be secured, from the second endpoint, at the central encryption service; receiving, using the at least one second computing device, the second communication at the central encryption service; encrypting, using the at least one second computing device, the second information at the central encryption service using a second set of previously received encryption keys; communicating, using the at least one second computing device, the encrypted second information to the second endpoint from the central encryption service; communicating, using the at least one second computing device, the encrypted second information from the second endpoint to the Cloud storage system for storage; and storing, using the at least one second computing device, the encrypted second information in the Cloud storage system; wherein the central encryption service operates on a system at a remote location from the first endpoint and the second endpoint; and wherein the central encryption service, the first endpoint, and the second endpoint belong to the same enterprise. - View Dependent Claims (21, 22, 23)
-
-
24. A system for securing information within a Cloud computing environment, comprising:
-
a memory medium comprising instructions; a bus coupled to the memory medium; and a processor coupled to the bus that when executing the instructions caused the system to; make a determination whether an internet protocol address of a communication originating from a first endpoint matches a destination comprising a Cloud storage system; if the determination is no match, evaluate whether additional information is requested; if the determination is a match, redirect, to a central encryption service, the first communication having the destination of the Cloud storage system, the first communication containing first information to be secured from the first endpoint at the central encryption service; receive the first communication at the central encryption service; encrypt the first information at the central encryption service; communicate the encrypted first information to the first endpoint from the central encryption service; communicate the encrypted first information from the first endpoint to the Cloud storage system for storage; store the encrypted first information in the Cloud storage system; make a second determination whether a uniform resource locator of a second communication, originating from a second endpoint, matches the destination comprising the Cloud storage system; if the second determination is no match, evaluate whether additional information is requested; if the second determination is a match, redirect to the central encryption service, the second communication having the destination of the Cloud storage system, the second communication containing second information to be secured, from the second endpoint, at the central encryption service; receive the second communication at the central encryption service; encrypt the second information at the central encryption service using a second set of previously received encryption keys; communicate the encrypted second information to the second endpoint from the central encryption service; communicate the encrypted second information from the second endpoint to the Cloud storage system for storage; and store the encrypted second information in the Cloud storage system; wherein the central encryption service operates on a system at a remote location from the first endpoint and the second endpoint; wherein the central encryption service, the first endpoint, and the second endpoint belong to the same enterprise. - View Dependent Claims (25, 26, 27)
-
-
28. A non-transitory computer readable storage medium containing a program product for securing information within a Cloud computing environment, the computer readable storage medium comprising program code for causing a computer to:
-
make a determination whether a uniform resource locator of a communication originating from a first endpoint matches a destination comprising a Cloud storage system; if the determination is no match, evaluate whether additional information is requested; if the determination is a match, redirect, to a central encryption service, the first communication having the destination of the Cloud storage system, the first communication containing first information to be secured from the first endpoint at the central encryption service; receive the first communication at the central encryption service; encrypt the first information at the central encryption service; communicate the encrypted first information to the first endpoint from the central encryption service; communicate the encrypted first information from the first endpoint to the Cloud storage system for storage; storing the encrypted first information in the Cloud storage system; make a second determination whether a uniform resource locator of a second communication, originating from a second endpoint, matches the destination comprising the Cloud storage system; if the second determination is no match, evaluate whether additional information is requested; if the second determination is a match, redirect to the central encryption service, the second communication having the destination of the Cloud storage system, the second communication containing information to be secured, from the second endpoint, at the central encryption service; receive the second communication at the central encryption service; encrypt the second information at the central encryption service using a second set of previously received encryption keys; communicate the encrypted second information to the second endpoint from the central encryption service; communicate the encrypted second information from the second endpoint to the Cloud storage system for storage; store the encrypted second information in the Cloud storage system; wherein the central encryption service operates on a system at a remote location from the first endpoint and the second endpoint; and wherein the central encryption service, the first endpoint, and the second endpoint belong to the same enterprise. - View Dependent Claims (29, 30, 31)
-
-
32. A method for deploying an application for securing information within a Cloud computing environment, comprising:
providing a computer infrastructure being operable to; make a first determination whether an internet protocol address of a first communication originating from a first endpoint matches a destination comprising a Cloud storage system; if the first determination is no match, evaluate whether additional information is requested; if the first determination is a match, redirect, to a central encryption service, the first communication having the destination of the Cloud storage system, the first communication containing first information to be secured from the first endpoint at the central encryption service; receive the first communication at the central encryption service; encrypt the first information at the central encryption service; communicate the encrypted first information to the first endpoint from the central encryption service; communicate the encrypted first information from the first endpoint to the Cloud storage system for storage; store the encrypted first information in the Cloud storage system; make a second determination whether a uniform resource locator of a second communication, originating from a second endpoint, matches the destination comprising the Cloud storage system; if the second determination is no match, evaluate whether additional information is requested; if the second determination is a match, redirect to the central encryption service, the second communication having the destination of the Cloud storage system, the second communication containing information to be secured from the second endpoint at the central encryption service; receive the second communication at the central encryption service; encrypt the second information at the central encryption service; communicate the encrypted second information to the second endpoint from the central encryption service; communicate the encrypted second information, from the second endpoint, to the Cloud storage system for storage; and store the encrypted second information in the Cloud storage system; wherein the computer infrastructure comprises at least one computer; wherein the central encryption service operates on a system at a remote location from the first endpoint and the second endpoint; wherein the central encryption service, the first endpoint, and the second endpoint belong to the same enterprise.
Specification