Multi-level key hierarchy for securing cloud-based data sets

That which is claimed: 1. A computer implemented method for securing data objects in a cloud, the method comprising: defining a hierarchy comprising encryption key objects associated with first and second levels of the hierarchy, wherein the second level comprises fewer of the encryption key objects than the first level; dividing a plurality of data objects into data groups respectively including ones of the plurality of data objects; assigning respective ones of the encryption key objects of the first level to the data groups; encrypting the ones of data objects included in the data groups using the respective ones of the encryption key objects of the first level assigned thereto; storing the plurality of data objects in a networked computer data storage responsive to the encrypting thereof; dividing the encryption key objects of the first level into key groups respectively including one or more of the encryption key objects of the first level; assigning respective ones of the encryption key objects of the second level to the key groups, wherein the one or more of the encryption key objects of the first level included in the key groups is configured to be decrypted using the respective one of the encryption key objects of the second level assigned thereto; and rotating the encryption key objects of the second level in accordance with a requirement of a service level agreement without retrieving the plurality of data objects from the networked computer data storage. 2. The method of claim 1 , wherein rotating the encryption key objects of the second level comprises: retrieving the encryption key objects of the first level; decrypting the one or more of the encryption key objects of the first level using the respective one of the encryption key objects of the second level assigned to the key groups thereof; encrypting the encryption key objects of the first level using replacement encryption key objects associated with the second level; and storing the encryption key objects of the first level in the networked computer data storage responsive to the encrypting thereof using the replacement encryption key objects associated with the second level. 3. The method of claim 1 , further comprising: rotating the encryption key objects of the first level less frequently than rotating the encryption key objects of the second level in accordance with the requirement of the service level agreement. 4. The method of claim 1 , wherein the hierarchy further comprises encryption key objects associated with a third level of the hierarchy, wherein the third level comprises fewer of the encryption key objects than the second level, and further comprising: dividing the encryption key objects of the second level into second key groups respectively including one or more of the encryption key objects of the second level; assigning respective ones of the encryption key objects of the third level to the second key groups, wherein the one or more of the encryption key objects of the second level included in the second key groups is configured to be decrypted using the respective one of the encryption key objects of the third level assigned thereto; and rotating the encryption key objects of the third level more frequently than rotating the encryption key objects of the second level in accordance with the requirement of the service level agreement and without retrieving the encryption key objects of the first level and/or the plurality of data objects. 5. The method of claim 1 , further comprising: receiving additional data objects; dividing the additional data objects into additional data groups respectively including ones of the additional data objects; dynamically generating additional encryption key objects associated with the first level responsive to receiving the additional data objects; assigning respective ones of the additional encryption key objects of the first level to the additional data groups; encrypting the ones of the additional data objects included in the additional data groups using the respective ones of the additional encryption key objects of the first level assigned thereto; and storing the additional data objects in the networked computer data storage responsive to the encryption thereof without retrieving the plurality of data objects from the networked computer data storage. 6. A computer implemented method for securing data objects, the method comprising: defining, via at least one of one or more computing devices, a hierarchy comprising encryption keys associated with different first and second levels of the hierarchy, wherein: the first and second levels comprise ones of a number of levels of the hierarchy, defining the hierarchy comprises dynamically altering a quantity of the encryption keys associated with the levels of the hierarchy to provide a desired key-to-data ratio, the encryption keys of the first level secure a plurality of data objects, the plurality of data objects being stored in a networked computer data storage, and the second level comprises fewer of the encryption keys than the first level; grouping, via at least one of the one or more computing devices, the encryption keys of the first level into key groups respectively comprising one or more of the encryption keys of the first level; securing, via at least one of the one or more computing devices, the one or more of the encryption keys of the first level included in the key groups with a respective one of the encryption keys of the second level; and rotating, via at least one of the one or more computing device, the encryption keys of the second level without retrieving the plurality of data objects from the networked computer data storage. 7. The method of claim 6 , further comprising: grouping the plurality of data objects into data groups respectively comprising ones of the plurality of data objects; securing the ones of the plurality of data objects included in the data groups with a respective one of the encryption keys of the first level; and storing the plurality of data objects in the networked computer data storage responsive to the securing thereof. 8. The method of claim 7 , wherein rotating the encryption keys of the second level comprises: retrieving the encryption keys of the first level without retrieving the plurality of data objects secured thereby from the networked computer data storage; decrypting the one or more of the encryption keys of the first level included in the key groups using the respective one of the encryption keys of the second level; dynamically generating replacement encryption keys associated with the second level; and encrypting the one or more encryption keys of the first level using a respective one of the replacement encryption keys associated with the second level. 9. The method of claim 8 , wherein encrypting the one or more encryption keys of the first level using the respective one of the replacement encryption keys comprises: encrypting the one or more of the encryption keys of the first level included in-the key groups using the respective one of the replacement encryption keys of the second level. 10. The method of claim 8 , wherein encrypting the one or more encryption keys of the first level using the respective one of the replacement encryption keys comprises: grouping the encryption keys of the first level into second key groups respectively comprising one or more of the encryption keys of the first level responsive to the decrypting; and encrypting the one or more of the encryption keys of the first level included in the second key groups using the respective one of the replacement encryption keys of the second level.