US Patent 10284557 Secure data proxy for cloud computing environments

An apparatus in one embodiment comprises a plurality of host devices configured to support execution of applications on behalf of one or more tenants of cloud infrastructure. The apparatus further comprises a secure data proxy implemented utilizing at least one of the host devices. The secure data proxy comprises non-persistent storage configured to store data required for execution of at least one of the applications. The data is obtained by the secure data proxy from persistent storage in a storage system external to the cloud infrastructure. The secure data proxy is configured to perform cryptographic operations in conjunction with transfer of the data between the persistent storage of the external storage system and the non-persistent storage of the secure data proxy. The secure data proxy may be further configured to perform deduplication operations in conjunction with transfer of the data between the persistent storage and the non-persistent storage.