Data Protection as a Service in the Multi-Cloud Environment

This paper introduces a framework for Data Protection as a Service (DPaaS) to cloud computing users. Compared to the existing Data Encryption as a Service (DEaaS) such as those provided by Amazon and Google, our DPaaS framework provides more flexibility, control and visibility for protecting data in the cloud. In addition to supporting the basic data encryption capability as DEaaS does, this DPaaS framework allows data owners to define fine-grained access control policies to protect their data. Data protected by an access control policy are automatically encrypted and access is granted to user/applications according with the policy. In general, the DPaaS enables the separation of concerns between security and data management, in addition to defining a full cycle of data security automation from encryption to decryption. Our proof-of-concept prototype of the DPaaS works with hybrid multi-cloud environments including private clouds and virtual data-centers using OpenStack, CloudStack and VMWare as well as public clouds being the BT Cloud Compute platform and Amazon (AWS). Experiments on the prototype have proved the efficiency of the framework.