System and Method for Controlling On-Demand Security

US 20080301807A1
Filed: 07/22/2008
Published: 12/04/2008
Est. Priority Date: 07/28/2005
Status: Abandoned Application

First Claim

Patent Images

1. A system comprising:

a provider of an on-demand operating system where a plurality of customers share resources at a system, a subsystem and a storage level;

a plurality of resource configurations, each defined for one of the plurality of customers by the provider;

a security guide file containing a plurality of rules and a plurality of implementing procedures for system; and

a security application that monitors security in the system and that resolves an identified security incident in accordance with an instruction from the security guide file to ensure isolation of a service provider'"'"'s customers.

View all claims

0 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

An on-demand security service ensures isolation of the service provider'"'"'s customers where the customers share resources at the system, subsystem, and storage level. The security service is provided in a pre-production phase and in a post production phase. The pre-production phase takes place prior to boarding the customer. In the pre-production phase the resources to be protected are defined in a security guide, and using the security guide, physical segregation at the facility, network, and technical and delivery support levels is planned and then implemented. In the post production phase, on going activities are proactive and reactive. Proactive activities include maintaining physical segregation by reviewing and updating the security guide, and testing physical segregation by performing security audits and penetration tests. Observations and finding of the audits and penetration tests are resolved. Reactive activities include identifying isolation failures, coordinating appropriate actions, and resolving the isolation failure. The service may be embodied in a system and in a computer implemented process comprising a security guide file (SGF), a security guide application (SGA), a security implementation application (SIA), a security validation application (SVA), and an event coordination application (ECA).

Citations

20 Claims

1. A system comprising:
- a provider of an on-demand operating system where a plurality of customers share resources at a system, a subsystem and a storage level;
  
  a plurality of resource configurations, each defined for one of the plurality of customers by the provider;
  
  a security guide file containing a plurality of rules and a plurality of implementing procedures for system; and
  
  a security application that monitors security in the system and that resolves an identified security incident in accordance with an instruction from the security guide file to ensure isolation of a service provider'"'"'s customers.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
- - 2. The system of claim 1 wherein the security guide file further comprises:
    - a specification of networking requirements, a specification of physical requirements, and a specification of logical requirements.
  - 3. The system of claim 1 wherein the security application further comprises:
    - instructions for implementation of physical security controls, instructions for implementation of network security controls, and instructions for implementation of logical security controls.
  - 4. The system of claim 3 wherein the security application further comprises:
    - instructions for monitoring physical security, instructions for monitoring network security, and instructions for monitoring logical security.
  - 5. The system of claim 4 wherein the security application further comprises:
    - instructions for deploying security updates.
  - 6. The system of claim 5 wherein the security application further comprises:
    - instructions for inspecting system logs and for inspecting component logs.
  - 7. The system of claim 6 wherein the security application further comprises:
    - instructions for performing security scans, instructions for identifying security incidents, and instructions for resolving security incidents.
  - 8. The system of claim 7 wherein the security application further comprises:
    - instructions for testing physical devices, instructions for testing logical devices, and instructions for testing for potential intrusions.
  - 9. The system of claim 8 wherein the security application further comprises:
    - instructions for evaluating potential security problems, and instructions for resolving potential security problems.

10. An on-demand environment security service to ensure isolation of a service provider'"'"'s customers where the customers share resources at the system, subsystem, and storage level comprising:
- prior to boarding a customer, defining a plurality of resources to be protected in a security guide, and using the security guide, planning and implementing physical segregation at the facility, network, and technical and delivery support levels; and
  
  after boarding the customer, maintaining physical segregation by reviewing and updating the security guide, testing physical segregation by performing security audits and penetration tests, and resolving observations and findings of the audits and penetration tests.
- View Dependent Claims (11, 12, 13, 14, 15)
- - 11. The on-demand security service of claim 10 further comprising:
    - using the security guide file, implementing physical voice controls, implementing logical voice controls, implementing logical data controls, implementing network gateway controls, and implementing mobile terminal logical access controls.
  - 12. The on-demand security service of claim 10 further comprising:
    - controlling access to data at the system and subsystem level by defining and classifying resources to be protected, defining and validating users that need access to a platform provided security mechanism, granting access rights, ensuring implementation of a security and integrity advisory process, ensuring that a user administration procedure meets on demand configuration security requirements, approving access based on business need, and revalidating the need for access on a periodic basis.
  - 13. The on-demand security service of claim 10 further comprising:
    - establishing a media inventory, establishing a media tracking file, classifying and declassifying the media as required, and providing physical protection of the media.
  - 14. The on-demand security service of claim 10 further comprising:
    - reviewing the security guide to ensure support is provided for a new component, reviewing the security guide to ensure that changes to support the new component are implemented, maintaining physical segregation at the facility level, performing security audits, performing penetration tests, and performing a periodic review of the security guide based on account-specific criteria.
  - 15. The on-demand security service of claim 10 further comprising:
    - modifying the security guide based on specific incidents, managing security incidents, performing peer and self assessments, performing systems assurance reviews, reviewing audit results, monitoring systems misuse, ensuring that incidents can be detected, creating incident and issue records, maintaining a physical access list for secure rooms and areas, interfacing with sites facilities for support of physical address control systems, making decisions regarding access requests, and performing periodic reviews and validation of physical access control systems.

16. A computer program product comprising:
- a security guide, a security guide application, a security implementation application, a security validation application, and an event coordination application;
  
  wherein the security guide, the security guide application, the security implementation application, the security validation application, and the event coordination application, when loaded and activated in an on-demand environment, cooperate to ensure isolation of a service provider'"'"'s customers.
- View Dependent Claims (17, 18, 19, 20)
- - 17. The computer program product of claim 16 further comprising:
    - instructions for accessing the security guide for a pre-determined set of requirements, and instructions for coordinating physical segregation, network segregation, and logical segregation.
  - 18. The computer program product of claim 16 further comprising:
    - instructions for implementing the requirements for physical isolation of the customer, instructions for implementing the physical and logical requirements for the network, and instructions for implementing logical requirements for technical and delivery support.
  - 19. The computer program product of claim 16 wherein the security validation application further comprises:
    - instructions for validating the requirements for physical isolation of the customer, instructions for validating the physical and logical requirements for the network, and instructions for validating the logical requirements for technical and delivery support.
  - 20. The computer program product of claim 16 wherein the event coordination application further comprises:
    - instructions for accessing the security guide file, and instructions for determining whether an interval specified in the security guide file for execution of an action has elapsed.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Ellis E. Bishop, Gary Little, Linda D. Kalmes, Randy S. Johnson, Rinckel H. William, Samuel R. Thennis, Tedrick N. Northway
Original Assignee
Ellis E. Bishop, Gary Little, Linda D. Kalmes, Randy S. Johnson, Rinckel H. William, Samuel R. Thennis, Tedrick N. Northway
Inventors
Northway, Tedrick N., Rinckel, H. William, Bishop, Ellis E., Johnson, Randy S., Little, Gary, Kalmes, Linda D., Thennis, Samuel R.

Application Number

US12/177,374
Publication Number

US 20080301807A1
Time in Patent Office

Days
Field of Search
US Class Current

726/22
CPC Class Codes

G06F 21/554 involving event detection a...

G06F 2221/2105 Dual mode as a secondary as...

System and Method for Controlling On-Demand Security

First Claim

0 Assignments

0 Petitions

Accused Products

Abstract

Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

System and Method for Controlling On-Demand Security

First Claim

0 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links