Abstract: A multi-tenant computer system implements a platform for providing data protection scopes to shared infrastructure services according to a nested tenant model that permits a hierarchy having a plurality of levels. The multi-tenant computer system provisions data protection scopes for cloud products, service products, cloud product tenants, service products operating in the context of cloud products, service products operating in the context of cloud product tenants, and combinations of the foregoing.

Abstract: Systems, methods, and computer-readable media for temporary reservation schemes, are provided. In embodiments, temporary reservations are inserted into non-relational datastore, and update records indicating changes to the non-relational datastore are streamed to processing nodes. The processing nodes store the update records in local expiration windows. The expiration windows are periodically polled for expired temporary reservations, which are then removed from the non-relational datastore. Other embodiments may be described and/or claimed.

Abstract: Systems, methods, and computer-readable media for temporary reservation schemes, are provided. In embodiments, temporary reservations are inserted into non-relational datastore, and update records indicating changes to the non-relational datastore are streamed to processing nodes. The processing nodes store the update records in local expiration windows. The expiration windows are periodically polled for expired temporary reservations, which are then removed from the non-relational datastore. Other embodiments may be described and/or claimed.

Abstract: A multi-tenant computer system implements a platform for providing data protection scopes to shared infrastructure services according to a nested tenant model that permits a hierarchy having a plurality of levels. The multi-tenant computer system provisions data protection scopes for cloud products, service products, cloud product tenants, service products operating in the context of cloud products, service products operating in the context of cloud product tenants, and combinations of the foregoing.

Abstract: Some embodiments of the present invention include an apparatus for securing data and include a processor, and one or more stored sequences of instructions which, when executed by the processor, cause the processor to set a data download threshold, encrypt data to be downloaded by a user based on detecting size of the data violating the download threshold such that the user receives encrypted downloaded data, and manage a decryption key used to decrypt the encrypted downloaded data. The decryption key may be deconstructed into “N” key fragments and may be reconstructed using “K” key fragments where “N” is equal to “2K?1”.

Abstract: Systems, methods, and computer-readable media for temporary reservation schemes, are provided. In embodiments, temporary reservations are inserted into non-relational datastore, and update records indicating changes to the non-relational datastore are streamed to processing nodes. The processing nodes store the update records in local expiration windows. The expiration windows are periodically polled for expired temporary reservations, which are then removed from the non-relational datastore. Other embodiments may be described and/or claimed.

Abstract: Embodiments include an apparatus for securing customer data and include a processor, and one or more stored sequences of instructions which, when executed, cause the processor to store an encrypted first key fragment in a first storage area, store an encrypted second key fragment in a separate second storage area, wherein access to the first storage area and to the second storage area is mutually exclusive. The instructions further cause the processor to decrypt the encrypted first key fragment and the encrypted second key fragment using a key set and keys associated with a hardware security module based on receiving a request to derive a master key. The master key is derived using the decrypted first key fragment and the decrypted second key fragment and stored in an in-memory cache. The master key is used to encrypt or to decrypt encrypted customer data.

Abstract: Some embodiments of the present invention include an apparatus for securing data and include a processor, and one or more stored sequences of instructions which, when executed by the processor, cause the processor to set a data download threshold, encrypt data to be downloaded by a user based on detecting size of the data violating the download threshold such that the user receives encrypted downloaded data, and manage a decryption key used to decrypt the encrypted downloaded data. The decryption key may be deconstructed into “N” key fragments and may be reconstructed using “K” key fragments where “N” is equal to “2K?1”.

Abstract: Some embodiments of the present invention include an apparatus for securing data and include a processor, and one or more stored sequences of instructions which, when executed by the processor, cause the processor to set a data download threshold, encrypt data to be downloaded by a user based on detecting size of the data violating the download threshold such that the user receives encrypted downloaded data, and manage a decryption key used to decrypt the encrypted downloaded data. The decryption key may be deconstructed into “N” key fragments and may be reconstructed using “K” key fragments where “N” is equal to “2K?1”.

Abstract: Some embodiments of the present invention include an apparatus for securing data and include a processor, and one or more stored sequences of instructions which, when executed by the processor, cause the processor to set a data download threshold, encrypt data to be downloaded by a user based on detecting size of the data violating the download threshold such that the user receives encrypted downloaded data, and manage a decryption key used to decrypt the encrypted downloaded data. The decryption key may be deconstructed into “N” key fragments and may be reconstructed using “K” key fragments where “N” is equal to “2K?1”.

Abstract: Embodiments include an apparatus for securing customer data and include a processor, and one or more stored sequences of instructions which, when executed, cause the processor to store an encrypted first key fragment in a first storage area, store an encrypted second key fragment in a separate second storage area, wherein access to the first storage area and to the second storage area is mutually exclusive. The instructions further cause the processor to decrypt the encrypted first key fragment and the encrypted second key fragment using a key set and keys associated with a hardware security module based on receiving a request to derive a master key. The master key is derived using the decrypted first key fragment and the decrypted second key fragment and stored in an in-memory cache. The master key is used to encrypt or to decrypt encrypted customer data.