Abstract: Described herein are techniques related to shielding data. A method and system for generating a transformation knowledge key (TKK) may include a TKK generator operable to generate a TKK used to shield the data. The TKK is configured to include at least two components. A library of shielding algorithms is configured to include at least two types of shielding algorithms. The TKK generator is configured to select the at least two types of shielding algorithms to generate the at least two components. The TKK generator is operable to concatenate the at least two components in a configurable order to generate the TKK.

Abstract: Described herein are techniques related to shielding data, thereby enabling the shielded data to be distributively placed in untrusted computing environments for cost effective storage. A method and system may include a trusted agent operable in a trusted computing environment. The trusted agent includes a transformation knowledge key generator and a data transformer. The transformation knowledge key generator is operable to generate a transformation knowledge key, the transformation knowledge key being generated with at least two shielding algorithms to shield the data. The data transformer is operable to transform the data into N segments of shielded data using the transformation knowledge key. A communications agent securely coupled to the trusted agent is operable to securely transfer one or more of the N segments of shielded data to one or more storage devices in untrusted computing environments.