Enterprises increasingly rely on cloud-based applications to process highly sensitive data artifacts. Although cloud adoption improves agility and scalability, it also introduces new security challenges such as expanded attack surfaces, a wider radius of attack from credential compromise, and challenges maintaining strict access controls across users, services, and workflows. These challenges are especially acute for applications that handle privileged data and execute security-critical analysis, where traditional trust boundaries and ad hoc safeguards are insufficient. This paper presents Lockbox; a Zero Trust architecture designed for secure processing of sensitive cloud workloads under strict enterprise security and governance requirements. Lockbox applies explicit trust verification, strong isolation, least-privilege access, and policy-driven enforcement throughout the entire application lifecycle, from user authentication and document ingestion to analysis execution and result storage. The system incorporates modern cloud security primitives including; role-based access control, centralized key management, encryption in transit and at rest, and controlled integration with cloud-based data processing services, ensuring that sensitive artifacts remain protected and accessible only to authorized users. We discuss the usage of Lockbox in processing highly sensitive cybersecurity reports and demonstrate how this architecture enables organizations to safely adopt advanced capabilities, including AI-assisted processing, without weakening their security posture.

翻译：企业日益依赖基于云的应用程序来处理高度敏感的数据工件。尽管采用云技术提升了敏捷性与可扩展性，但也带来了新的安全挑战，例如攻击面扩大、凭证泄露导致的攻击半径扩展，以及在用户、服务和工作流之间维持严格访问控制的难题。对于处理特权数据并执行安全关键型分析的应用程序而言，这些挑战尤为严峻，传统的信任边界和临时性防护措施已显不足。本文提出Lockbox——一种专为在严格的企业安全与治理要求下安全处理敏感云工作负载而设计的零信任架构。Lockbox在整个应用生命周期（从用户认证、文档摄取到分析执行与结果存储）中实施显式信任验证、强隔离、最小权限访问及策略驱动的执行机制。该系统融合了现代云安全原语，包括基于角色的访问控制、集中式密钥管理、传输与静态数据加密，以及与云端数据处理服务的受控集成，确保敏感工件始终保持受保护状态且仅对授权用户可访问。我们探讨了Lockbox在处理高度敏感网络安全报告中的实际应用，并论证了该架构如何帮助组织在采用AI辅助处理等先进能力的同时，不削弱其安全态势。