MANAGING SERVICES IN A CLOUD COMPUTING ENVIRONMENT
First Claim
1. A method for managing computational services in a cloud computing network comprising:
- creating, within at least one third-party cloud computing environment, a trusted virtual network including encrypted data storage, encrypted data transport, and trusted instances of servers all communicatively coupled together forming a trusted cloud computing environment that is associated with at least one organization;
executing on a web server a web portal to provide a point of access to the third-party cloud computing environment;
accessing at least one workflow to implement one or more policies in trusted computing environment to manage the trusted cloud computing environment, the workflow customized to the organization; and
using access control to the trusted cloud computing environment, to ensure access by users authorized by the organization to ensure compliance with adopted standards.
2 Assignments
0 Petitions
Accused Products
Abstract
What is provided are a system and method which enables an organization or user to manage computational services in a cloud computing network for security, compliance and governance. The management including creating a trusted virtual network including encrypted data storage, encrypted data transport, and trusted instances of servers all communicatively coupled together forming a trusted cloud computing environment that is associated with the organization. A web portal running on a web server provides a point of access to the cloud computing environment. A workflow is accessed to implement one or more policies in trusted computing environment to manage the trusted cloud computing environment, the workflow customized to the organization. The access control; and to the trusted cloud computing environment is used to ensure access by users authorized by the organization to ensure compliance with adopted standards.
269 Citations
20 Claims
-
1. A method for managing computational services in a cloud computing network comprising:
-
creating, within at least one third-party cloud computing environment, a trusted virtual network including encrypted data storage, encrypted data transport, and trusted instances of servers all communicatively coupled together forming a trusted cloud computing environment that is associated with at least one organization; executing on a web server a web portal to provide a point of access to the third-party cloud computing environment; accessing at least one workflow to implement one or more policies in trusted computing environment to manage the trusted cloud computing environment, the workflow customized to the organization; and using access control to the trusted cloud computing environment, to ensure access by users authorized by the organization to ensure compliance with adopted standards.
-
-
2. The method of claim 1, wherein the third-party cloud computing environment is at least one of a:
-
a public cloud; a private cloud; a virtual private cloud; and a hybrid cloud.
-
-
3. The method of claim 1, wherein the adopted standards are at least one of:
-
National Institute for Standards and Technology (NIST) Cloud Computing Synopsis and Recommendations known as SP 800-146; PCI (Payment Card Industry); ITIL (Information Technology Infrastructure Library); HIPAA (Health Insurance Portability and Accountability Act); FIPS (Federal Information Processing Standards); and FISMA (Federal Information Security Management).
-
-
4. The method of claim 1, wherein the creating, within the third party cloud computing environment, the trusted virtual network including encrypted data storage, encrypted data transport and trusted instances of servers all communicatively coupled together forming the trusted cloud computing environment that is associated with at least one organization includes storing keys for encrypted data storage, encrypted data transport, and session keys associated with a user of the organization in an encrypted database that is separate from an operational computing environment and all within the trusted computing environment, the user not getting access to the keys.
-
5. The method of claim 1, wherein the workflow includes policies to detect DDoS attack.
-
6. The method of claim 5, wherein the workflow includes policies to respond to a detect DDoS attack which include reallocating IP addresses, blocking IP address, blocking geographic regions and limiting bandwidth.
-
7. The method of claim 1, wherein the workflow includes policies to send reporting information for applications and security to a logging server.
-
8. The method of claim 1, wherein the workflow includes policies to with indentified group of users in the organization required to allocate additional resources in the computing cloud environment.
-
9. The method of claim 8, wherein the workflow includes policies to with indentified group of users in the organization required to allocate additional resources in the computing cloud environment includes a maximum cost.
-
10. The method of claim 1, wherein the workflow includes utilizing at least one of the organization'"'"'s own policy to create the workflow to manage at least one of:
-
budgeting and governance; monitoring management; backup management to cover daily, weekly, and monthly backups; patch management for security with reminders, staging, testing, and production; ticketing management; identity management; access control management; and DDoS management.
-
-
11. An electronic device, the electronic device comprising:
-
a memory; a processor communicatively coupled to the memory; and a web portal communicatively coupled to the memory and the processor, the web portal configured to perform; creating, within at least one third-party cloud computing environment, a trusted virtual network including encrypted data storage, encrypted data transport, and trusted instances of servers all communicatively coupled together forming a trusted cloud computing environment that is associated with at least one organization; executing on the web server a web portal to provide a point of access to the cloud computing environment; accessing at least one workflow to implement one or more policies in trusted computing environment to manage the trusted cloud computing environment, the workflow customized to the organization; and using access control to the trusted cloud computing environment, to ensure access by users authorized by the organization to ensure compliance with adopted standards.
-
-
12. The electronic device of claim 11, wherein the third-party cloud computing environment is at least one of a:
-
a public cloud; a private cloud; a virtual private cloud; and a hybrid cloud.
-
-
13. The electronic device of claim 11, wherein the adopted standards are at least one of:
-
National Institute for Standards and Technology (NIST) Cloud Computing Synopsis and Recommendations known as SP 800-146; PCI (Payment Card Industry); ITIL (Information Technology Infrastructure Library); HIPAA (Health Insurance Portability and Accountability Act); FIPS (Federal Information Processing Standards); and FISMA (Federal Information Security Management).
-
-
14. The electronic device of claim 11, wherein the creating, within the third party cloud computing environment, the trusted virtual network including encrypted data storage, encrypted data transport and trusted instances of servers all communicatively coupled together forming the trusted cloud computing environment that is associated with at least one organization includes storing keys for encrypted data storage, encrypted data transport, and session keys associated with a user of the organization in an encrypted database that is separate from an operational computing environment and all within the trusted computing environment, the user not getting access to the keys.
-
15. The electronic device of claim 11, wherein the workflow includes policies to detect DDoS attack.
-
16. A computer program product comprising:
a storage medium readable by a processing circuit and storing instructions for execution by the processing circuit configured to perform; creating, within at least one third-party cloud computing environment, a trusted virtual network including encrypted data storage, encrypted data transport, and trusted instances of servers all communicatively coupled together forming a trusted cloud computing environment that is associated with at least one organization; executing on a web server a web portal to provide a point of access to the cloud computing environment; accessing at least one workflow to implement one or more policies in trusted computing environment to manage the trusted cloud computing environment, the workflow customized to the organization; and using access control to the trusted cloud computing environment, to ensure access by users authorized by the organization to ensure compliance with adopted standards.
-
17. The computer program product of claim 16, wherein the workflow includes policies to send reporting information for applications and security to a logging server.
-
18. The computer program product of claim 16, wherein the workflow includes policies to with indentified group of users in the organization required to allocate additional resources in the computing cloud environment.
-
19. The computer program product of claim 16, wherein the creating, within the third party cloud computing environment, the trusted virtual network including encrypted data storage, encrypted data transport and trusted instances of servers all communicatively coupled together forming the trusted cloud computing environment that is associated with at least one organization includes storing keys for encrypted data storage, encrypted data transport, and session keys associated with a user of the organization in an encrypted database that is separate from an operational computing environment and all within the trusted computing environment, the user not getting access to the keys.
-
20. The computer program product of claim 19, wherein the workflow includes policies to with indentified group of users in the organization required to allocate additional resources in the computing cloud environment includes a maximum cost.
Specification