Systems and methods for workload security in virtual data centers
First Claim
1. A computer-implemented method for workload security in virtual data centers, at least a portion of the method being performed by a computing device comprising at least one processor, the method comprising:
- identifying a virtual data center that hosts a plurality of workloads sharing a common computing infrastructure;
identifying a workload within the plurality of workloads that is subject to a sensitivity assessment, the sensitivity assessment pertaining to an application of at least one security policy to at least one computing resource used by the identified workload;
performing the sensitivity assessment for the identified workload by determining that a first resource that provides computing infrastructure within the common computing infrastructure and that is provisioned to the identified workload shares a portion of the common computing infrastructure with a second resource that provides computing infrastructure within the common computing infrastructure and that handles sensitive data and determining that the identified workload is sensitive because the first resource is provisioned to the identified workload; and
applying the security policy to the at least one computing resource based at least in part on the sensitivity assessment for the identified workload.
2 Assignments
0 Petitions
Accused Products
Abstract
A computer-implemented method for workload security in virtual data centers may include (1) identifying a virtual data center that hosts a plurality of workloads sharing a common computing infrastructure, (2) identifying a workload within the plurality of workloads that is subject to a sensitivity assessment that pertains to an application of at least one security policy to at least one computing resource used by the workload, (3) performing the sensitivity assessment for the workload based at least in part on an attribute of an allocated resource within the common computing infrastructure provisioned to the workload, and (4) applying the security policy to the computing resource based at least in part on the sensitivity assessment for the workload. Various other methods, systems, and encoded computer-readable media are also disclosed.
-
Citations
20 Claims
-
1. A computer-implemented method for workload security in virtual data centers, at least a portion of the method being performed by a computing device comprising at least one processor, the method comprising:
-
identifying a virtual data center that hosts a plurality of workloads sharing a common computing infrastructure; identifying a workload within the plurality of workloads that is subject to a sensitivity assessment, the sensitivity assessment pertaining to an application of at least one security policy to at least one computing resource used by the identified workload; performing the sensitivity assessment for the identified workload by determining that a first resource that provides computing infrastructure within the common computing infrastructure and that is provisioned to the identified workload shares a portion of the common computing infrastructure with a second resource that provides computing infrastructure within the common computing infrastructure and that handles sensitive data and determining that the identified workload is sensitive because the first resource is provisioned to the identified workload; and applying the security policy to the at least one computing resource based at least in part on the sensitivity assessment for the identified workload. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
-
-
10. A system for workload security in virtual data centers, the system comprising:
-
an identification module programmed to; identify a virtual data center that hosts a plurality of workloads sharing a common computing infrastructure; identify a workload within the plurality of workloads that is subject to a sensitivity assessment, the sensitivity assessment pertaining to an application of at least one security policy to at least one computing resource used by the identified workload; an assessment module programmed to perform the sensitivity assessment for the identified workload by determining that a first resource that provides computing infrastructure within the common computing infrastructure and that is provisioned to the identified workload shares a portion of the common computing infrastructure with a second resource that provides computing infrastructure within the common computing infrastructure and that handles sensitive data and determining that the identified workload is sensitive because the first resource is provisioned to the identified workload; an application module programmed to apply the security policy to the at least one computing resource based at least in part on the sensitivity assessment for the identified workload; and at least one processor configured to execute the identification module, the assessment module, and the application module. - View Dependent Claims (11, 12, 13, 14, 15, 16, 17, 18)
-
-
19. A non-transitory computer-readable-storage medium comprising one or more computer-executable instructions that, when executed by at least one processor of a computing device, cause the computing device to:
-
identify a virtual data center that hosts a plurality of workloads sharing a common computing infrastructure; identify a workload within the plurality of workloads that is subject to a sensitivity assessment, the sensitivity assessment pertaining to an application of at least one security policy to at least one computing resource used by the identified workload; perform the sensitivity assessment for the identified workload by determining that a first resource that provides computing infrastructure within the common computing infrastructure and that is provisioned to the identified workload shares a portion of the common computing infrastructure with a second resource that provides computing infrastructure within the common computing infrastructure and that handles sensitive data and determining that the identified workload is sensitive because the first resource is provisioned to the identified workload; and apply the security policy to the at least one computing resource based at least in part on the sensitivity assessment for the identified workload. - View Dependent Claims (20)
-
Specification