Data custodian model and platform for public clouds

US 10,726,146 B2
Filed: 05/15/2018
Issued: 07/28/2020
Est. Priority Date: 05/16/2017
Status: Active Grant

First Claim

Patent Images

1. A computer-implemented method for managing governance, risk, and compliance (GRC) in public clouds, the method being executed by one or more processors and comprising:

providing, by the one or more processors, a data custodian region within an infrastructure of a public cloud, the data custodian region being specific to a customer of an enterprise having one or more computer-implemented services hosted on the public cloud, the infrastructure comprising a plurality of regional data centers, through which customer data passes and/or is stored, each data center being at a location within a region;

storing, by the one or more processors, at least one union definition that is used to control one or more of access, transfer, and storage of customer data within respective regional data centers, the at least one union definition being provided by a data custodian associated with the customer;

providing, within the data custodian region, a zone exclusively accessed by the data custodian;

monitoring, by the one or more processors, a plurality of actions of respective workflows executed using the one or more computer-implemented services hosted on the public cloud;

for each action, logging, by the one or more processors, a data event within a repository of the data custodian region; and

determining, by the one or more processors, whether the data event complies with the at least one union definition.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Implementations are directed to providing a data custodian region within a public cloud, the data custodian region being specific to a customer of an enterprise having services hosted on the public cloud, the public cloud including regional data centers, through which customer data passes and/or is stored, each data center being at a location within a region, storing at least one union definition that is used to control access, transfer, and storage of customer data within respective regional data centers, the at least one union definition being provided by a data custodian associated with the customer, monitoring a plurality of actions of respective workflows executed using the one or more computer-implemented services hosted on the public cloud, for each action, logging a data event within a repository of the data custodian region, and determining whether the data event complies with the at least one union definition.

Citations

17 Claims

1. A computer-implemented method for managing governance, risk, and compliance (GRC) in public clouds, the method being executed by one or more processors and comprising:
- providing, by the one or more processors, a data custodian region within an infrastructure of a public cloud, the data custodian region being specific to a customer of an enterprise having one or more computer-implemented services hosted on the public cloud, the infrastructure comprising a plurality of regional data centers, through which customer data passes and/or is stored, each data center being at a location within a region;
  
  storing, by the one or more processors, at least one union definition that is used to control one or more of access, transfer, and storage of customer data within respective regional data centers, the at least one union definition being provided by a data custodian associated with the customer;
  
  providing, within the data custodian region, a zone exclusively accessed by the data custodian;
  
  monitoring, by the one or more processors, a plurality of actions of respective workflows executed using the one or more computer-implemented services hosted on the public cloud;
  
  for each action, logging, by the one or more processors, a data event within a repository of the data custodian region; and
  
  determining, by the one or more processors, whether the data event complies with the at least one union definition.
- View Dependent Claims (2, 3, 4, 5, 6)
- - 2. The method of claim 1, further comprising, in response to determining that the data event does not comply with the at least one union definition, providing a notification to a data custodian through a data custodian portal.
  - 3. The method of claim 2, wherein the data custodian portal communicates with the repository through a computer-executed connector of the data custodian region.
  - 4. The method of claim 1, wherein the repository comprises a customer log repository that receives data events from a log repository of a respective computer-implemented service.
  - 5. The method of claim 1, wherein one or more of private computing, and data key management are executed within the zone.
  - 6. The method of claim 1, wherein the at least one union definition is further used to control one or more of processing of customer data, data key management, and private computing within respective regional data centers.

7. A non-transitory computer-readable storage medium coupled to one or more processors and having instructions stored thereon which, when executed by the one or more processors, cause the one or more processors to perform operations for managing governance, risk, and compliance (GRC) in public clouds, the operations comprising:
- providing a data custodian region within an infrastructure of a public cloud, the data custodian region being specific to a customer of an enterprise having one or more computer-implemented services hosted on the public cloud, the infrastructure comprising a plurality of regional data centers, through which customer data passes and/or is stored, each data center being at a location within a region;
  
  storing at least one union definition that is used to control one or more of access, transfer, and storage of customer data within respective regional data centers, the at least one union definition being provided by a data custodian associated with the customer;
  
  providing, within the data custodian region, a zone exclusively accessed by the data custodian;
  
  monitoring a plurality of actions of respective workflows executed using the one or more computer-implemented services hosted on the public cloud;
  
  for each action, logging a data event within a repository of the data custodian region; and
  
  determining whether the data event complies with the at least one union definition.
- View Dependent Claims (8, 9, 10, 11, 12)
- - 8. The computer-readable storage medium of claim 7, wherein operations further comprise, in response to determining that the data event does not comply with the at least one union definition, providing a notification to a data custodian through a data custodian portal.
  - 9. The computer-readable storage medium of claim 8, wherein the data custodian portal communicates with the repository through a computer-executed connector of the data custodian region.
  - 10. The computer-readable storage medium of claim 7, wherein the repository comprises a customer log repository that receives data events from a log repository of a respective computer-implemented service.
  - 11. The computer-readable storage medium of claim 7, wherein one or more of private computing, and data key management are executed within the zone.
  - 12. The computer-readable storage medium of claim 7, wherein the at least one union definition is further used to control one or more of processing of customer data, data key management, and private computing within respective regional data centers.

13. A system, comprising:
- a computing device; and
  
  a computer-readable storage device coupled to the computing device and having instructions stored thereon which, when executed by the computing device, cause the computing device to perform operations for managing governance, risk, and compliance (GRC) in public clouds, the operations comprising;
  
  providing a data custodian region within an infrastructure of a public cloud, the data custodian region being specific to a customer of an enterprise having one or more computer-implemented services hosted on the public cloud, the infrastructure comprising a plurality of regional data centers, through which customer data passes and/or is stored, each data center being at a location within a region;
  
  storing at least one union definition that is used to control one or more of access, transfer, and storage of customer data within respective regional data centers, the at least one union definition being provided by a data custodian associated with the customer;
  
  providing, within the data custodian region, a zone exclusively accessed by the data custodian;
  
  monitoring a plurality of actions of respective workflows executed using the one or more computer-implemented services hosted on the public cloud;
  
  for each action, logging a data event within a repository of the data custodian region; and
  
  determining whether the data event complies with the at least one union definition.
- View Dependent Claims (14, 15, 16, 17)
- - 14. The system of claim 13, wherein operations further comprise, in response to determining that the data event does not comply with the at least one union definition, providing a notification to a data custodian through a data custodian portal.
  - 15. The system of claim 14, wherein the data custodian portal communicates with the repository through a computer-executed connector of the data custodian region.
  - 16. The system of claim 13, wherein the repository comprises a customer log repository that receives data events from a log repository of a respective computer-implemented service.
  - 17. The system of claim 13, wherein one or more of private computing, and data key management are executed within the zone.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
SAP SE
Original Assignee
SAP SE
Inventors
Gilani, Syed Wasif Ur Rehman, Klemba, Keith, Loefstrand, Jan, Lee, Thomas
Primary Examiner(s)
Smithers, Matthew

Application Number

US15/979,772
Publication Number

US 20180336361A1
Time in Patent Office

805 Days
Field of Search
US Class Current
CPC Class Codes

G06F 21/6218 to a system of files or obj...

G06Q 30/018 Certifying business or prod...

Data custodian model and platform for public clouds

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

17 Claims

Specification

Solutions

Use Cases

Quick Links

Data custodian model and platform for public clouds

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

17 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links