Automated management of confidential data in cloud environments

What is claimed is: 1. A method for storing data in a shared networked environment, the shared networked environment comprising a security layer between a shared networked storage and a shared networked storage access interface, the method comprising: providing a key vault system that is physically separated from the shared networked storage; receiving a storage request together with data to be stored in the shared networked storage and receiving the storage request together with a confidentiality rating, the confidentiality rating indicating a level of confidentiality the data is associated with, wherein the storage request together with the data and the confidentiality rating is received via the shared networked storage access interface by the security layer; encrypting, on request of the security layer and into a data container, the data to be stored by the key vault system, and encrypting, into the data container, the confidentiality rating; categorizing the shared networked storage into Cloud zones, wherein each Cloud zone is assigned a trust level; and storing the data container in one of the Cloud zones of the shared networked storage, wherein the trust level of the one of the Cloud zones corresponds to the confidentiality rating. 2. The method of claim 1 , wherein the receiving the storage request comprises authorizing the security layer from a client that is accessing the data to ensure that a trusted communication is built between the client and the security layer via the network storage access interface. 3. The method of claim 1 , wherein the receiving the storage request comprises authorizing a sender of the request. 4. The method of claim 1 , wherein messages sent between the security layer and the key vault system are encrypted, and wherein the messages include the data. 5. The method of claim 1 , wherein messages conveyable from and/or receivable by the security layer are encrypted, and wherein the messages include the data. 6. The method of claim 1 , further comprising validating by the key vault system that the storage request is compliant with configurable policies by: validating that the security layer is trusted for communication and validating that a transmission channel between the security layer and the key vault system is secured by a certificate-based encryption; and creating a transfer ticket, the transfer ticket comprising a first signature made by the security layer and a second signature made by the key vault system. 7. The method of claim 6 , further comprising upon receiving the transfer ticket by the security layer from the key vault system, validating the first signature and the second signature before the request for the encryption of the data to be stored, wherein the request for the encryption of the data includes the transfer ticket and the data to be stored. 8. The method of claim 6 , further comprising: receiving a validation of the transfer ticket by the key vault system; validating, in response to the validation of the transfer ticket, the second signature and expiry time for the storage request; validating whether the first signature, embedded in the transfer ticket, matches the encryption of a file content of the data to be stored, and validating whether a file identification of the data to be stored matches an actual file to be transferred. 9. A computer program product for storing data in a shared networked environment, the shared networked environment comprising a security layer between a shared networked storage and a shared networked storage access interface, the computer program product comprising a non-transitory computer readable storage medium having program instructions embodied therewith, the program instructions executable by a computing device to cause the computing device to perform a method, the method comprising: receiving a storage request together with data to be stored in the shared networked storage and receiving the storage request together with a confidentiality rating, the confidentiality rating indicating a level of confidentiality the data is associated with, wherein the storage request together with the data and the confidentiality rating is received via the shared networked storage access interface by the security layer; encrypting, on request of the security layer and into a data container, the data to be stored by the key vault system, and encrypting, into the data container, the confidentiality rating, the key vault system physically separated from the shared network storage; categorizing the shared networked storage into Cloud zones, wherein each Cloud zone is assigned a trust level; and storing the data container in one of the Cloud zones of the shared networked storage, wherein the trust level of the one of the Cloud zones corresponds to the confidentiality rating. 10. The computer program product of claim 9 , wherein the method further comprises extracting the data from the one of the cloud zones by determining that the requester is a trusted target using the confidentiality rating of the data. 11. The computer program product of claim 9 , wherein the method further comprises transferring, subsequent to the storing of the data container, the data from a first Cloud zone to a second Cloud zone of the networked storage by: validating that the confidentiality rating of the second Cloud zone matches the trust level correspondingly, and transferring the data from the first Cloud zone to the second Cloud zone. 12. The computer program product of claim 9 , wherein a determining of the confidentiality rating is based on a content of the data. 13. The computer program product of claim 9 , wherein the method further comprises validating that the storage request is compliant with configurable policies by: validating that the security layer is trusted for communication and validating that a transmission channel between the security layer and the key vault system is secured by a certificate-based encryption; and creating a transfer ticket, the transfer ticket comprising a first signature made by the security layer and a second signature made by the key vault system. 14. The computer program product of claim 13 , wherein the method further comprises: upon receiving the transfer ticket by the security layer from the key vault system, validating the first signature and the second signature before the request for the encryption of the data to be stored, wherein the request for the encryption of the data comprises the transfer ticket and the data to be stored. 15. A system for storing data in a shared networked environment, the shared networked environment comprising a security layer between a shared networked storage and a shared networked storage access interface, the system comprising: a shared networked storage comprising non-transitory storage, the shared networked storage including the security layer, the security layer physically separated from a key vault system, wherein the shared networked storage comprises Cloud zones, wherein each of the Cloud zones has an assigned trust level; a receiving unit adapted to receive a storage request together with data to be stored in the shared networked storage and together with a confidentiality rating, wherein the storage request together with that data and the confidentiality rating is received via the shared networked storage access interface by the security layer; wherein the key vault system is adapted to encrypt the data to be stored and the confidentiality rating on request of the security layer into a data container; and a storage component adapted to store the data container in one of the C