Multi/Federated cloud architecture
ESCUDO-CLOUD offers an innovative solution in the form of the Data Protection as a Service (DPaaS) framework, which allows the data owners to store and control the access to their data in a multi-cloud environment, without putting their trust in the Cloud Service Providers.
The above figure illustrates the overall architecture and deployment eco-system of the BT DPaaS solution, which guarantees the interoperability and enforcement of access restrictions across multiple cloud service providers.
The key innovations brought by ESCUDO-CLOUD in this context are:
- Object and block storage encryption on federated cloud environments;
- Encryption via a (optionally) customer-hosted proxy;
- Use of a commercial KMS to provide rich, CSP-independent access control policies;
- Integration with a Cloud service store for simple customer access.