Techniques for data security in a multi-tenant environment

摘要

The usage of data in a multi-tenant environment can be controlled by utilizing functionality at the hypervisor level of various resources in the environment. Data can be associated with various tags, security levels, and/or compartments. The ability of resources or entities to access the data can depend at least in part upon whether the resources or entities are also associated with the tags, security levels, and/or compartments. Limitations on the usage of the data can be controlled by one or more policies associated with the tags, security levels, and/or compartments. A control service can monitor traffic to enforce the appropriate rules or policies, and in some cases can prevent encrypted traffic from passing beyond a specified egress point unless the encryption was performed by a trusted resource with the appropriate permissions.

主权项

1. A computer-implemented method of managing transmissions in a multi-tenant environment, comprising:
storing, by a computing device, a piece of information in the multi-tenant environment, the multi-tenant environment operated by a service provider; applying, by a customer of the service provider, a security tag to the piece of information; associating at least one policy with the security tag, the at least one policy being selected from a set of policies associated with a plurality of customers of the service provider; causing the at least one policy to be enforced on a first transmission of information having the security tag applied, the at least one policy indicating at least whether to allow the first transmission based at least in part upon the security tag, the transmission causing a first component resource having a first security level and located within a first region in the multi-tenant environment to be associated with the security tag as a result of the transmission; determining that the first component resource is instructed to send a second transmission to a destination resource not associated with the security tag outside the multi-tenant environment; and blocking the second transmission from being transmitted to a second resource having a second security level and located within a second region based at least in part upon the security tag being applied to the first component resource; wherein enforcing the at least one policy includes associating the security tag with at least one of a source of the transmission, an intended recipient of the transmission, or an intermediate resource for the transmission and wherein enforcing the at least one policy includes determining whether the transmission is allowed to be received from, or transmitted by a resource associated with the security tag and having a second security level.