System and Method for Controlling On-Demand Security
First Claim
1. A system comprising:
- a provider of an on-demand operating system where a plurality of customers share resources at a system, a subsystem and a storage level;
a plurality of resource configurations, each defined for one of the plurality of customers by the provider;
a security guide file containing a plurality of rules and a plurality of implementing procedures for system; and
a security application that monitors security in the system and that resolves an identified security incident in accordance with an instruction from the security guide file to ensure isolation of a service provider'"'"'s customers.
0 Assignments
0 Petitions
Accused Products
Abstract
An on-demand security service ensures isolation of the service provider'"'"'s customers where the customers share resources at the system, subsystem, and storage level. The security service is provided in a pre-production phase and in a post production phase. The pre-production phase takes place prior to boarding the customer. In the pre-production phase the resources to be protected are defined in a security guide, and using the security guide, physical segregation at the facility, network, and technical and delivery support levels is planned and then implemented. In the post production phase, on going activities are proactive and reactive. Proactive activities include maintaining physical segregation by reviewing and updating the security guide, and testing physical segregation by performing security audits and penetration tests. Observations and finding of the audits and penetration tests are resolved. Reactive activities include identifying isolation failures, coordinating appropriate actions, and resolving the isolation failure. The service may be embodied in a system and in a computer implemented process comprising a security guide file (SGF), a security guide application (SGA), a security implementation application (SIA), a security validation application (SVA), and an event coordination application (ECA).
-
Citations
20 Claims
-
1. A system comprising:
-
a provider of an on-demand operating system where a plurality of customers share resources at a system, a subsystem and a storage level; a plurality of resource configurations, each defined for one of the plurality of customers by the provider; a security guide file containing a plurality of rules and a plurality of implementing procedures for system; and a security application that monitors security in the system and that resolves an identified security incident in accordance with an instruction from the security guide file to ensure isolation of a service provider'"'"'s customers. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
-
-
10. An on-demand environment security service to ensure isolation of a service provider'"'"'s customers where the customers share resources at the system, subsystem, and storage level comprising:
-
prior to boarding a customer, defining a plurality of resources to be protected in a security guide, and using the security guide, planning and implementing physical segregation at the facility, network, and technical and delivery support levels; and after boarding the customer, maintaining physical segregation by reviewing and updating the security guide, testing physical segregation by performing security audits and penetration tests, and resolving observations and findings of the audits and penetration tests. - View Dependent Claims (11, 12, 13, 14, 15)
-
-
16. A computer program product comprising:
- a security guide, a security guide application, a security implementation application, a security validation application, and an event coordination application;
wherein the security guide, the security guide application, the security implementation application, the security validation application, and the event coordination application, when loaded and activated in an on-demand environment, cooperate to ensure isolation of a service provider'"'"'s customers. - View Dependent Claims (17, 18, 19, 20)
- a security guide, a security guide application, a security implementation application, a security validation application, and an event coordination application;
Specification