Data custodian model and platform for public clouds
First Claim
1. A computer-implemented method for managing governance, risk, and compliance (GRC) in public clouds, the method being executed by one or more processors and comprising:
- providing, by the one or more processors, a data custodian region within an infrastructure of a public cloud, the data custodian region being specific to a customer of an enterprise having one or more computer-implemented services hosted on the public cloud, the infrastructure comprising a plurality of regional data centers, through which customer data passes and/or is stored, each data center being at a location within a region;
storing, by the one or more processors, at least one union definition that is used to control one or more of access, transfer, and storage of customer data within respective regional data centers, the at least one union definition being provided by a data custodian associated with the customer;
providing, within the data custodian region, a zone exclusively accessed by the data custodian;
monitoring, by the one or more processors, a plurality of actions of respective workflows executed using the one or more computer-implemented services hosted on the public cloud;
for each action, logging, by the one or more processors, a data event within a repository of the data custodian region; and
determining, by the one or more processors, whether the data event complies with the at least one union definition.
1 Assignment
0 Petitions
Accused Products
Abstract
Implementations are directed to providing a data custodian region within a public cloud, the data custodian region being specific to a customer of an enterprise having services hosted on the public cloud, the public cloud including regional data centers, through which customer data passes and/or is stored, each data center being at a location within a region, storing at least one union definition that is used to control access, transfer, and storage of customer data within respective regional data centers, the at least one union definition being provided by a data custodian associated with the customer, monitoring a plurality of actions of respective workflows executed using the one or more computer-implemented services hosted on the public cloud, for each action, logging a data event within a repository of the data custodian region, and determining whether the data event complies with the at least one union definition.
-
Citations
17 Claims
-
1. A computer-implemented method for managing governance, risk, and compliance (GRC) in public clouds, the method being executed by one or more processors and comprising:
-
providing, by the one or more processors, a data custodian region within an infrastructure of a public cloud, the data custodian region being specific to a customer of an enterprise having one or more computer-implemented services hosted on the public cloud, the infrastructure comprising a plurality of regional data centers, through which customer data passes and/or is stored, each data center being at a location within a region; storing, by the one or more processors, at least one union definition that is used to control one or more of access, transfer, and storage of customer data within respective regional data centers, the at least one union definition being provided by a data custodian associated with the customer; providing, within the data custodian region, a zone exclusively accessed by the data custodian; monitoring, by the one or more processors, a plurality of actions of respective workflows executed using the one or more computer-implemented services hosted on the public cloud; for each action, logging, by the one or more processors, a data event within a repository of the data custodian region; and determining, by the one or more processors, whether the data event complies with the at least one union definition. - View Dependent Claims (2, 3, 4, 5, 6)
-
-
7. A non-transitory computer-readable storage medium coupled to one or more processors and having instructions stored thereon which, when executed by the one or more processors, cause the one or more processors to perform operations for managing governance, risk, and compliance (GRC) in public clouds, the operations comprising:
-
providing a data custodian region within an infrastructure of a public cloud, the data custodian region being specific to a customer of an enterprise having one or more computer-implemented services hosted on the public cloud, the infrastructure comprising a plurality of regional data centers, through which customer data passes and/or is stored, each data center being at a location within a region; storing at least one union definition that is used to control one or more of access, transfer, and storage of customer data within respective regional data centers, the at least one union definition being provided by a data custodian associated with the customer; providing, within the data custodian region, a zone exclusively accessed by the data custodian; monitoring a plurality of actions of respective workflows executed using the one or more computer-implemented services hosted on the public cloud; for each action, logging a data event within a repository of the data custodian region; and determining whether the data event complies with the at least one union definition. - View Dependent Claims (8, 9, 10, 11, 12)
-
-
13. A system, comprising:
-
a computing device; and a computer-readable storage device coupled to the computing device and having instructions stored thereon which, when executed by the computing device, cause the computing device to perform operations for managing governance, risk, and compliance (GRC) in public clouds, the operations comprising; providing a data custodian region within an infrastructure of a public cloud, the data custodian region being specific to a customer of an enterprise having one or more computer-implemented services hosted on the public cloud, the infrastructure comprising a plurality of regional data centers, through which customer data passes and/or is stored, each data center being at a location within a region; storing at least one union definition that is used to control one or more of access, transfer, and storage of customer data within respective regional data centers, the at least one union definition being provided by a data custodian associated with the customer; providing, within the data custodian region, a zone exclusively accessed by the data custodian; monitoring a plurality of actions of respective workflows executed using the one or more computer-implemented services hosted on the public cloud; for each action, logging a data event within a repository of the data custodian region; and determining whether the data event complies with the at least one union definition. - View Dependent Claims (14, 15, 16, 17)
-
Specification