System and method for providing key-encrypted storage in a cloud computing environment

1. A system for providing cloud computing services, the system comprising:

• a cloud computing environment residing comprising resources for supporting cloud workloads, each cloud workload having associated therewith an internal cloud address; and
  
  a routing system residing in a non-transitory computer-readable storage medium and disposed between external workloads of an external computing environment and the cloud workloads, the routing system for directing traffic from an external address to the internal cloud addresses of the cloud workloads using a single Internet Protocol (IP) address assigned to the cloud computing environment and the single IP address processed for referencing all of the internal cloud addresses, the routing system configured to match port ranges defined by the single IP address to specific cloud workloads, multiple instances of each specific cloud workload processing across multiple independent subnets and the routing system configured to select specific instances based on processing loads of the multiple instances, and each workload associated with a private IP address that is part of the single IP address as the port ranges;
  
  wherein a designated one of the cloud workloads obtains one key of a first pair of cryptographic keys, the first pair of cryptographic keys for decrypting encrypted storage hosted within the cloud computing environment, and wherein the one key of the first pair of cryptographic keys is obtained by the designated cloud workload via a secure connection established using a second pair of cryptographic keys.