Managing services in a cloud computing environment
First Claim
1. A method for managing computational services in a cloud computing network, the method comprising:
- executing a software component to interact with multiple third-party cloud providers using at least one ofa platform as a service (PaaS),an infrastructure as a service (laaS),a network as a service (NaaS), ora combination thereof,the interacting occurring via each respective third-party cloud provider'"'"'s proprietary programming interfaces while exposing only one common access point to an organization via a common interface;
creating and managing, via custom organization workflows within the multiple third-party cloud providers, a trusted virtual network including encrypted data storage, encrypted data transport, and trusted instances of servers all communicatively coupled together forming a trusted cloud computing environment that is associated with the organization, the creating including storing keys for the encrypted data storage, keys for the encrypted data transport, and session keys associated with a user of the organization in an encrypted database that is separate from an operational computing environment and all within the trusted computing environment where the user is not allowed access to the keys, and whereby the organization manages applications and databases within the trusted virtual network governed by the custom organization workflows which include policies, with an identified group of users in the organization, required to allocate resources in the trusted computing cloud environment;
executing, on a web server, a web portal to provide a point of access to the third-party cloud computing environment; and
using access control to the trusted cloud computing environment to ensure access by users authorized by the organization and to ensure compliance with adopted standards.
2 Assignments
0 Petitions
Accused Products
Abstract
What is provided are a system and method which enables an organization or user to manage computational services in a cloud computing network for security, compliance and governance. The management including creating a trusted virtual network including encrypted data storage, encrypted data transport, and trusted instances of servers all communicatively coupled together forming a trusted cloud computing environment that is associated with the organization. A web portal running on a web server provides a point of access to the cloud computing environment. A workflow is accessed to implement one or more policies in trusted computing environment to manage the trusted cloud computing environment, the workflow customized to the organization. The access control; and to the trusted cloud computing environment is used to ensure access by users authorized by the organization to ensure compliance with adopted standards.
-
Citations
16 Claims
-
1. A method for managing computational services in a cloud computing network, the method comprising:
-
executing a software component to interact with multiple third-party cloud providers using at least one of a platform as a service (PaaS), an infrastructure as a service (laaS), a network as a service (NaaS), or a combination thereof, the interacting occurring via each respective third-party cloud provider'"'"'s proprietary programming interfaces while exposing only one common access point to an organization via a common interface; creating and managing, via custom organization workflows within the multiple third-party cloud providers, a trusted virtual network including encrypted data storage, encrypted data transport, and trusted instances of servers all communicatively coupled together forming a trusted cloud computing environment that is associated with the organization, the creating including storing keys for the encrypted data storage, keys for the encrypted data transport, and session keys associated with a user of the organization in an encrypted database that is separate from an operational computing environment and all within the trusted computing environment where the user is not allowed access to the keys, and whereby the organization manages applications and databases within the trusted virtual network governed by the custom organization workflows which include policies, with an identified group of users in the organization, required to allocate resources in the trusted computing cloud environment; executing, on a web server, a web portal to provide a point of access to the third-party cloud computing environment; and using access control to the trusted cloud computing environment to ensure access by users authorized by the organization and to ensure compliance with adopted standards.
-
-
2. The method of claim 1, wherein the third-party cloud computing environment is at least one of a:
-
a public cloud; a private cloud; a virtual private cloud; and a hybrid cloud.
-
-
3. The method of claim 1, wherein the adopted standards are at least one of:
-
National Institute for Standards and Technology (NIST) Cloud Computing Synopsis and Recommendations known as SP 800-146; PCI (Payment Card Industry); ITIL (Information Technology Infrastructure Library); HIPAA (Health Insurance Portability and Accountability Act); Fl PS (Federal Information Processing Standards); and FISMA (Federal Information Security Management).
-
-
4. The method of claim 1, wherein the workflow includes policies to detect DDoS attacks.
-
5. The method of claim 4, wherein the workflow includes policies to respond to a detected DDoS attack, the policies to respond including actions of:
- reallocating IP addresses, blocking IP address, blocking geographic regions and limiting bandwidth.
-
6. The method of claim 1, wherein the workflow includes policies to send reporting information for the applications and information regarding security to a logging server.
-
7. The method of claim 1, wherein the workflow includes policies required to allocate resources in the trusted computing cloud environment with a maximum cost.
-
8. The method of claim 1, wherein the workflow includes utilizing at least one policy of the organization to create the workflow to manage at least one of:
-
budgeting and governance; monitoring management; backup management to cover daily, weekly, and monthly backups; patch management for security with reminders, staging, testing, and production; ticketing management; identity management; access control management; and DDoS management.
-
-
9. The method of claim 1, wherein the creating, within at least one third-party cloud computing environment, the trusted virtual network includes using a trusted boot process that when a virtual machine (VM) is brought up in the trusted cloud computing environment to participate in a workload, no data is shared with a new VM until the machine has been verified with an encrypted token exchange.
-
10. An electronic device, the electronic device comprising:
-
a memory; a processor communicatively coupled to the memory; and a web portal communicatively coupled to the memory and the processor, the web portal to provide a point of access to a cloud computing environment configured to perform; executing a software component to interact with multiple third-party cloud providers using at least one of a platform as a service (PaaS), an infrastructure as a service (laaS), a network as a service (NaaS), or a combination thereof, the interacting occurring via each respective third-party cloud provider'"'"'s proprietary programming interfaces while exposing only one common access point to an organization via a common interface; creating and managing, via custom organization workflows within the multiple third-party cloud providers, a trusted virtual network including encrypted data storage, encrypted data transport, and trusted instances of servers all communicatively coupled together forming a trusted cloud computing environment that is associated with the organization, the creating including storing keys for the encrypted data storage, keys for the encrypted data transport, and session keys associated with a user of the organization in an encrypted database that is separate from an operational computing environment and all within the trusted computing environment where the user is not allowed access to the keys, and whereby the organization manages applications and databases within the trusted virtual network governed by the custom organization workflows which include policies, with an identified group of users in the organization, required to allocate resources in the trusted computing cloud environment; executing, on a web server, the web portal to provide a point of access to the third-party cloud computing environment; and using access control to the trusted cloud computing environment to ensure access by users authorized by the organization and to ensure compliance with adopted standards.
-
-
11. The electronic device of claim 10, wherein the third-party cloud computing environment is at least one of a:
-
a public cloud; a private cloud; a virtual private cloud; and a hybrid cloud.
-
-
12. The electronic device of claim 10, wherein the adopted standards are at least one of:
-
National Institute for Standards and Technology (NIST) Cloud Computing Synopsis and Recommendations known as SP 800-146; PCI (Payment Card Industry); ITIL (Information Technology Infrastructure Library); HIPAA (Health Insurance Portability and Accountability Act); Fl PS (Federal Information Processing Standards); and FISMA (Federal Information Security Management).
-
-
13. The electronic device of claim 10, wherein the workflow includes policies to detect DDoS attacks.
-
14. A computer program product comprising:
a non-transitory storage medium readable by a processing circuit and storing instructions for execution by the processing circuit configured to perform; executing a software component to interact with multiple third-party cloud providers using at least one of a platform as a service (PaaS), an infrastructure as a service (laaS), a network as a service (NaaS), or a combination thereof, the interacting occurring via each respective third-party cloud provider'"'"'s proprietary programming interfaces while exposing only one common access point to an organization via a common interface; creating and managing, via custom organization workflows within the multiple third-party cloud providers, a trusted virtual network including encrypted data storage, encrypted data transport, and trusted instances of servers all communicatively coupled together forming a trusted cloud computing environment that is associated with the organization, the creating including storing keys for the encrypted data storage, keys for the encrypted data transport, and session keys associated with a user of the organization in an encrypted database that is separate from an operational computing environment and all within the trusted computing environment where the user is not allowed access to the keys, and whereby the organization manages applications and databases within the trusted virtual network governed by the custom organization workflows which include policies, with an identified group of users in the organization, required to allocate resources in the trusted computing cloud environment; executing, on a web server, a web portal to provide a point of access to the third-party cloud computing environment; and using access control to the trusted cloud computing environment to ensure access by users authorized by the organization and to ensure compliance with adopted standards.
-
15. The computer program product of claim 14, wherein the workflow includes policies to send reporting information for the applications and information regarding security to a logging server.
-
16. The computer program product of claim 14, wherein the workflow includes policies required to allocate resources in the trusted computing cloud environment with a maximum cost.
Specification