A cloud management system (180) only instructs a storage platform (100) in a private domain to implement an operation that reveals, modifies, or destroys data if an administrator (163) both provides valid credentials and is able to direct a services processing unit or SPU (120) in the private domain to send a message with valid contents and signature. An SPU (120) only performs operations that reveal, modify, or destroy data if signed instructions from the cloud management system (180) have originated or been relayed through a component (120) in the private domain. An attacker with access to the cloud management system (180) that does not also have access to a component (120) in the private domain is prevented from tampering with the storage platform (100).
展开▼