Cloud Computing Patterns, Mechanisms > Data Management and Storage Device Patterns > Cloud Storage Data at Rest Encryption
Cloud Storage Data at Rest Encryption (Cope, Erl)
How can cloud providers securely store cloud consumer data on cloud storage devices?
Problem
Data stored in a cloud environment requires security against access to the physical hard disks forming the cloud storage device.
Solution
Secure data on the physical hard disks in order to prevent unauthorized access.
Application
An encryption mechanism supported by the physical storage arrays can be used to automatically encrypt data stored on the disks and decrypt data leaving the disks.
Compound Patterns
Burst In, Burst Out to Private Cloud, Burst Out to Public Cloud, Cloud Authentication, Cloud Balancing, Elastic Environment, Infrastructure-as-a-Service (IaaS), Isolated Trust Boundary, Multitenant Environment, Platform-as-a-Service (PaaS), Private Cloud, Public Cloud, Resilient Environment, Resource Workload Management, Secure Burst Out to Private Cloud/Public Cloud, Software-as-a-Service (SaaS)
Data can be secured on physical disks by encrypting the data as it enters the physical storage array and decrypting data as it leaves the physical hard disks.
This pattern is covered in CCP Module 14: Advanced Cloud Storage.
For more information regarding the Cloud Certified Professional (CCP) curriculum, visit www.arcitura.com/ccp.
The architectural model upon which this design pattern is based is further covered in:
Cloud Computing Design Patterns by Thomas Erl, Robert Cope, Amin Naserpour
(ISBN: 9780133858563, Hardcover, ~ 528 pages)
For more information about this book, visit www.arcitura.com/books.