Managing services in a cloud computing environment

US 8,910,278 B2
Filed: 05/18/2011
Issued: 12/09/2014
Est. Priority Date: 05/18/2010
Status: Active Grant

First Claim

Patent Images

1. A method for managing computational services in a cloud computing network, the method comprising:

executing a software component to interact with multiple third-party cloud providers using at least one ofa platform as a service (PaaS),an infrastructure as a service (laaS),a network as a service (NaaS), ora combination thereof,the interacting occurring via each respective third-party cloud provider'"'"'s proprietary programming interfaces while exposing only one common access point to an organization via a common interface;

creating and managing, via custom organization workflows within the multiple third-party cloud providers, a trusted virtual network including encrypted data storage, encrypted data transport, and trusted instances of servers all communicatively coupled together forming a trusted cloud computing environment that is associated with the organization, the creating including storing keys for the encrypted data storage, keys for the encrypted data transport, and session keys associated with a user of the organization in an encrypted database that is separate from an operational computing environment and all within the trusted computing environment where the user is not allowed access to the keys, and whereby the organization manages applications and databases within the trusted virtual network governed by the custom organization workflows which include policies, with an identified group of users in the organization, required to allocate resources in the trusted computing cloud environment;

executing, on a web server, a web portal to provide a point of access to the third-party cloud computing environment; and

using access control to the trusted cloud computing environment to ensure access by users authorized by the organization and to ensure compliance with adopted standards.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

What is provided are a system and method which enables an organization or user to manage computational services in a cloud computing network for security, compliance and governance. The management including creating a trusted virtual network including encrypted data storage, encrypted data transport, and trusted instances of servers all communicatively coupled together forming a trusted cloud computing environment that is associated with the organization. A web portal running on a web server provides a point of access to the cloud computing environment. A workflow is accessed to implement one or more policies in trusted computing environment to manage the trusted cloud computing environment, the workflow customized to the organization. The access control; and to the trusted cloud computing environment is used to ensure access by users authorized by the organization to ensure compliance with adopted standards.

Citations

16 Claims

1. A method for managing computational services in a cloud computing network, the method comprising:
- executing a software component to interact with multiple third-party cloud providers using at least one ofa platform as a service (PaaS),an infrastructure as a service (laaS),a network as a service (NaaS), ora combination thereof,the interacting occurring via each respective third-party cloud provider'"'"'s proprietary programming interfaces while exposing only one common access point to an organization via a common interface;
  
  creating and managing, via custom organization workflows within the multiple third-party cloud providers, a trusted virtual network including encrypted data storage, encrypted data transport, and trusted instances of servers all communicatively coupled together forming a trusted cloud computing environment that is associated with the organization, the creating including storing keys for the encrypted data storage, keys for the encrypted data transport, and session keys associated with a user of the organization in an encrypted database that is separate from an operational computing environment and all within the trusted computing environment where the user is not allowed access to the keys, and whereby the organization manages applications and databases within the trusted virtual network governed by the custom organization workflows which include policies, with an identified group of users in the organization, required to allocate resources in the trusted computing cloud environment;
  
  executing, on a web server, a web portal to provide a point of access to the third-party cloud computing environment; and
  
  using access control to the trusted cloud computing environment to ensure access by users authorized by the organization and to ensure compliance with adopted standards.

2. The method of claim 1, wherein the third-party cloud computing environment is at least one of a:
- a public cloud;
  
  a private cloud;
  
  a virtual private cloud; and
  
  a hybrid cloud.

3. The method of claim 1, wherein the adopted standards are at least one of:
- National Institute for Standards and Technology (NIST) Cloud Computing Synopsis and Recommendations known as SP 800-146;
  
  PCI (Payment Card Industry);
  
  ITIL (Information Technology Infrastructure Library);
  
  HIPAA (Health Insurance Portability and Accountability Act);
  
  Fl PS (Federal Information Processing Standards); and
  
  FISMA (Federal Information Security Management).

4. The method of claim 1, wherein the workflow includes policies to detect DDoS attacks.

5. The method of claim 4, wherein the workflow includes policies to respond to a detected DDoS attack, the policies to respond including actions of:
- reallocating IP addresses, blocking IP address, blocking geographic regions and limiting bandwidth.

6. The method of claim 1, wherein the workflow includes policies to send reporting information for the applications and information regarding security to a logging server.

7. The method of claim 1, wherein the workflow includes policies required to allocate resources in the trusted computing cloud environment with a maximum cost.

8. The method of claim 1, wherein the workflow includes utilizing at least one policy of the organization to create the workflow to manage at least one of:
- budgeting and governance;
  
  monitoring management;
  
  backup management to cover daily, weekly, and monthly backups;
  
  patch management for security with reminders, staging, testing, and production;
  
  ticketing management;
  
  identity management;
  
  access control management; and
  
  DDoS management.

9. The method of claim 1, wherein the creating, within at least one third-party cloud computing environment, the trusted virtual network includes using a trusted boot process that when a virtual machine (VM) is brought up in the trusted cloud computing environment to participate in a workload, no data is shared with a new VM until the machine has been verified with an encrypted token exchange.

10. An electronic device, the electronic device comprising:
- a memory;
  
  a processor communicatively coupled to the memory; and
  
  a web portal communicatively coupled to the memory and the processor, the web portal to provide a point of access to a cloud computing environment configured to perform;
  
  executing a software component to interact with multiple third-party cloud providers using at least one ofa platform as a service (PaaS),an infrastructure as a service (laaS),a network as a service (NaaS), ora combination thereof,the interacting occurring via each respective third-party cloud provider'"'"'s proprietary programming interfaces while exposing only one common access point to an organization via a common interface;
  
  creating and managing, via custom organization workflows within the multiple third-party cloud providers, a trusted virtual network including encrypted data storage, encrypted data transport, and trusted instances of servers all communicatively coupled together forming a trusted cloud computing environment that is associated with the organization, the creating including storing keys for the encrypted data storage, keys for the encrypted data transport, and session keys associated with a user of the organization in an encrypted database that is separate from an operational computing environment and all within the trusted computing environment where the user is not allowed access to the keys, and whereby the organization manages applications and databases within the trusted virtual network governed by the custom organization workflows which include policies, with an identified group of users in the organization, required to allocate resources in the trusted computing cloud environment;
  
  executing, on a web server, the web portal to provide a point of access to the third-party cloud computing environment; and
  
  using access control to the trusted cloud computing environment to ensure access by users authorized by the organization and to ensure compliance with adopted standards.

11. The electronic device of claim 10, wherein the third-party cloud computing environment is at least one of a:
- a public cloud;
  
  a private cloud;
  
  a virtual private cloud; and
  
  a hybrid cloud.

12. The electronic device of claim 10, wherein the adopted standards are at least one of:
- National Institute for Standards and Technology (NIST) Cloud Computing Synopsis and Recommendations known as SP 800-146;
  
  PCI (Payment Card Industry);
  
  ITIL (Information Technology Infrastructure Library);
  
  HIPAA (Health Insurance Portability and Accountability Act);
  
  Fl PS (Federal Information Processing Standards); and
  
  FISMA (Federal Information Security Management).

13. The electronic device of claim 10, wherein the workflow includes policies to detect DDoS attacks.

14. A computer program product comprising:
- a non-transitory storage medium readable by a processing circuit and storing instructions for execution by the processing circuit configured to perform;
  
  executing a software component to interact with multiple third-party cloud providers using at least one ofa platform as a service (PaaS),an infrastructure as a service (laaS),a network as a service (NaaS), ora combination thereof,the interacting occurring via each respective third-party cloud provider'"'"'s proprietary programming interfaces while exposing only one common access point to an organization via a common interface;
  
  creating and managing, via custom organization workflows within the multiple third-party cloud providers, a trusted virtual network including encrypted data storage, encrypted data transport, and trusted instances of servers all communicatively coupled together forming a trusted cloud computing environment that is associated with the organization, the creating including storing keys for the encrypted data storage, keys for the encrypted data transport, and session keys associated with a user of the organization in an encrypted database that is separate from an operational computing environment and all within the trusted computing environment where the user is not allowed access to the keys, and whereby the organization manages applications and databases within the trusted virtual network governed by the custom organization workflows which include policies, with an identified group of users in the organization, required to allocate resources in the trusted computing cloud environment;
  
  executing, on a web server, a web portal to provide a point of access to the third-party cloud computing environment; and
  
  using access control to the trusted cloud computing environment to ensure access by users authorized by the organization and to ensure compliance with adopted standards.

15. The computer program product of claim 14, wherein the workflow includes policies to send reporting information for the applications and information regarding security to a logging server.

16. The computer program product of claim 14, wherein the workflow includes policies required to allocate resources in the trusted computing cloud environment with a maximum cost.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Cloudnexa
Original Assignee
Cloudnexa
Inventors
Davne, Joel, Volkov, Andrii, Yankelevich, Max, Malamud, Mikhail
Primary Examiner(s)
Arani, Taghi
Assistant Examiner(s)
PLECHA, THADDEUS J

Application Number

US13/110,595
Publication Number

US 20120072985A1
Time in Patent Office

1,301 Days
Field of Search

726/1, 726/22
US Class Current

726/22
CPC Class Codes

H04L 63/0272   Virtual private networks

H04L 63/20   for managing network securi...

H04L 67/02   based on web technology, e....

H04L 67/10   in which an application is ...

Managing services in a cloud computing environment

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

Citations

16 Claims

Specification

Solutions

Use Cases

Quick Links

Managing services in a cloud computing environment

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

16 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links