Multi/Federated cloud architecture


ESCUDO-CLOUD offers an innovative solution in the form of the Data Protection as a Service (DPaaS) framework, which allows the data owners to store and control the access to their data in a multi-cloud environment, without putting their trust in the Cloud Service Providers.

multi fedeCloud 

The above figure illustrates the overall architecture and deployment eco-system of the BT DPaaS solution, which guarantees the interoperability and enforcement of access restrictions across multiple cloud service providers.

The key innovations brought by ESCUDO-CLOUD in this context are:

  • Object and block storage encryption on federated cloud environments;
  • Encryption via a (optionally) customer-hosted proxy;
  • Use of a commercial KMS to provide rich, CSP-independent access control policies;
  • Integration with a Cloud service store for simple customer access.