In-Transit Cloud Data Encryption (Cope, Erl)
How can data be securely transmitted to, from, and within a cloud environment?
ProblemData copied to and from a cloud environment transits networks and servers beyond the control of the organization and can be intercepted by malicious intermediaries.
SolutionA solution is implemented with capabilities that secure and protect data while it transfers between sender and receiver and also ensure that data will not be accepted by the receiver if the original data sent is modified.
ApplicationAn encryption mechanism is implemented to encrypt data between sender and receiver for confidentiality, and a digital signature mechanism is implemented to provide integrity for the data.
Compound PatternsBurst In, Burst Out to Private Cloud, Burst Out to Public Cloud, Cloud Authentication, Elastic Environment, Infrastructure-as-a-Service (IaaS), Isolated Trust Boundary, Multitenant Environment, Platform-as-a-Service (PaaS), Private Cloud, Public Cloud, Resilient Environment, Resource Workload Management, Secure Burst Out to Private Cloud/Public Cloud, Software-as-a-Service (SaaS)
An attacker attempts to intercept data uploading into a cloud environment, however, the data is encrypted and signed before it is sent.
An attacker intercepts encrypted data before it is received by the cloud provider, and the receiver discards the packet as a result of maintaining data integrity and confidentiality.