Systems and methods for optimizing security controls for virtual data centers
First Claim
1. A computer-implemented method for optimizing security controls for virtual data centers, at least a portion of the method being performed by a computing device comprising at least one processor, the method comprising:
- identifying a security policy that applies to at least one workload, operating within a virtual data center, that is configured to store data on a first storage appliance and to execute on a host system;
determining that the first storage appliance does not natively implement a data security requirement specified by the security policy on data stored on the first storage appliance;
identifying a second storage appliance that natively implements the data security requirement specified by the security policy on data stored on the second storage appliance;
migrating the data from the first storage appliance to the second storage appliance for access by the workload from the host system in response to determining that the first storage appliance does not natively implement the data security requirement specified by the security policy and further in response to determining that the second storage appliance natively implements the data security requirement specified by the security policy.
2 Assignments
0 Petitions
Accused Products
Abstract
A computer-implemented method for optimizing security controls for virtual data centers may include 1) identifying a security policy that applies to at least one workload configured to store data on a first storage appliance, 2) identifying at least one storage-appliance functionality capable of implementing at least a part of the security policy, 3) identifying a second storage appliance that possesses the storage-appliance functionality, and 4) migrating the data from the first storage appliance to the second storage appliance in response to identifying the security policy and the storage-appliance functionality. Variants include methods, systems, and computer-readable media.
-
Citations
20 Claims
-
1. A computer-implemented method for optimizing security controls for virtual data centers, at least a portion of the method being performed by a computing device comprising at least one processor, the method comprising:
-
identifying a security policy that applies to at least one workload, operating within a virtual data center, that is configured to store data on a first storage appliance and to execute on a host system; determining that the first storage appliance does not natively implement a data security requirement specified by the security policy on data stored on the first storage appliance; identifying a second storage appliance that natively implements the data security requirement specified by the security policy on data stored on the second storage appliance; migrating the data from the first storage appliance to the second storage appliance for access by the workload from the host system in response to determining that the first storage appliance does not natively implement the data security requirement specified by the security policy and further in response to determining that the second storage appliance natively implements the data security requirement specified by the security policy. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
-
8. A system for optimizing security controls for virtual data centers, the system comprising:
-
an identification module programmed to identify a security policy that applies to at least one workload, operating within a virtual data center, that is configured to store data on a first storage appliance and to execute on a host system; a matching module programmed to; determine that the first storage appliance does not natively implement a data security requirement specified by the security policy on data stored on the first storage appliance; identify a second storage appliance that natively implements the data security requirement specified by the security policy on data stored on the second storage appliance; a migration module programmed to migrate the data from the first storage appliance to the second storage appliance for access by the workload from the host system in response to determining that the first storage appliance does not natively implement the data security requirement specified by the security policy and further in response to determining that the second storage appliance natively implements the data security requirement specified by the security policy; at least one hardware processor device configured to execute the identification module, the matching module, and the migration module. - View Dependent Claims (9, 10, 11, 12, 13, 14)
-
-
15. A computer-readable-storage medium comprising one or more computer-executable instructions that, when executed by at least one processor of a computing device, cause the computing device to:
-
identify a security policy that applies to at least one workload, operating within a virtual data center, that is configured to store data on a first storage appliance and to execute on a host system; determine that the first storage appliance does not natively implement a data security requirement specified by the security policy on data stored on the first storage appliance; identify a second storage appliance that natively implements the data security requirement specified by the security policy on data stored on the second storage appliance; migrate the data from the first storage appliance to the second storage appliance for access by the workload from the host system in response to determining that the first storage appliance does not natively implement the data security requirement specified by the security policy and further in response to determining that the second storage appliance natively implements the data security requirement specified by the security policy. - View Dependent Claims (16, 17, 18, 19, 20)
-
Specification