With the growth of business, an enterprise would like to make its PSC(private storage cloud) approach an infrastructure service in a Partner/Public Cloud. In such PSCs, there are some new security issues, First, how to isolate the data stored in the PSC from internal and external attackers, Second, how to make secure intra-cloud data migration within an enterprise, Third, how to secure inter-cloud data migration between the PSC and the Partner/Public Cloud. In this paper, we propose an architecture of enforcing security services on the layer of HDFS, including Data Isolation Service, Secure Intra-Cloud Data Migration Service, and Secure Inter-Cloud Data Migration Service. Finally, a prototype has been implemented based on HDFS by our three custom security policies, and the time cost is given and evaluated. © 2012 IEEE.