Monitoring and alert services and data encryption management
First Claim
1. A data encryption system comprising:
- a data store configured to store information related to a plurality of applications hosted in a cloud computing environment; and
one or more computing devices configured to provide one or more data encryption services, wherein at least one computing device from the one or more computing devices comprises;
one or more processors, anda memory having stored thereon a set of instructions that, when executed by the one or more processors, cause the one or more processors to;
identify an encryption object used to secure data within an application of the plurality of applications;
extract metadata information from the encryption object, wherein the metadata information comprises a corresponding value for each of one or more attributes of the encryption object and each of the corresponding values represents non-secure information about the encryption object;
identify the one or more attributes of the encryption object based at least in part on the metadata information;
expose the one or more attributes and each corresponding value for generation of a set of one or more rules;
generate the set of one or more rules defining a set of one or more conditions to be applied to the corresponding values of the one or more attributes;
generate an alert for the one or more attributes based at least in part on an execution of the set of one or more rules; and
transmit the alert to one or more users using one or more communication channels.
1 Assignment
0 Petitions
Accused Products
Abstract
A centralized framework for managing the data encryption of resources is disclosed. A data encryption service is disclosed that provides various services related to the management of the data encryption of resources. The services may include managing application policies, cryptographic policies, and encryption objects related to applications. The encryption objects may include encryption keys and certificates used to secure the resources. In an embodiment, the data encryption service may be included or implemented in a cloud computing environment and may provide a centralized framework for effectively managing the data encryption requirements of various applications hosted or provided by different customer systems. The disclosed data encryption service may provide monitoring and alert services related to encryption objects managed by the data encryption service and transmit the alerts related to the encryption objects via various communication channels.
-
Citations
20 Claims
-
1. A data encryption system comprising:
-
a data store configured to store information related to a plurality of applications hosted in a cloud computing environment; and one or more computing devices configured to provide one or more data encryption services, wherein at least one computing device from the one or more computing devices comprises; one or more processors, and a memory having stored thereon a set of instructions that, when executed by the one or more processors, cause the one or more processors to; identify an encryption object used to secure data within an application of the plurality of applications; extract metadata information from the encryption object, wherein the metadata information comprises a corresponding value for each of one or more attributes of the encryption object and each of the corresponding values represents non-secure information about the encryption object; identify the one or more attributes of the encryption object based at least in part on the metadata information; expose the one or more attributes and each corresponding value for generation of a set of one or more rules; generate the set of one or more rules defining a set of one or more conditions to be applied to the corresponding values of the one or more attributes; generate an alert for the one or more attributes based at least in part on an execution of the set of one or more rules; and transmit the alert to one or more users using one or more communication channels. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
-
-
10. A method comprising:
-
identifying an encryption object used to secure data within an application of a plurality of applications, wherein the plurality of applications are hosted in a cloud computing environment; extracting metadata information from the encryption object, wherein the metadata information comprises a corresponding value for each of one or more attributes of the encryption object and each of the corresponding values represents non-secure information about the encryption object; identifying the one or more attributes of the encryption object based at least in part on the metadata information; exposing the one or more attributes and each corresponding value for generation of a set of one or more rules; generating the set of one or more rules defining a set of one or more conditions to be applied to the corresponding values of the one or more attributes; generating an alert for the one or more attributes based at least in part on an execution of the set of one or more rules; and transmitting the alert to one or more users, using one or more communication channels. - View Dependent Claims (11, 12, 13, 14, 15, 16, 17)
-
-
18. One or more non-transitory computer-readable media storing computer-executable instructions executable by one or more processors, the computer-executable instructions comprising:
-
instructions that cause the one or more processors to identify an encryption object used to secure data within an application of a plurality of applications, wherein the plurality of applications are hosted in a cloud computing environment; instructions that cause the one or more processors to extract metadata information from the encryption object, wherein the metadata information comprises a corresponding value for each of one or more attributes of the encryption object and each of the corresponding values represents non-secure information about the encryption object; instructions that cause the one or more processors to identify the one or more attributes of the encryption object based at least in part on the metadata information; instructions that cause the one or more processors to expose the one or more attributes and each corresponding value for generation of a set of one or more rules; instructions that cause the one or more processors to generate the set of one or more rules defining a set of one or more conditions to be applied to the corresponding values of the one or more attributes; instructions that cause the one or more processors to generate an alert for the one or more attributes based at least in part on an execution of the set of one or more rules; and instructions that cause the one or more processors to transmit the alert to one or more users, using one or more communication channels. - View Dependent Claims (19, 20)
-
Specification