Security recommendation engine
First Claim
Patent Images
1. A computer-implemented method for managing computing resources in a provider network, the method performed by a computing device comprising a processor and memory, the method comprising:
- allowing, by the computing device, an authorized user to add or modify tagged metadata associated with a selected computing resource associated with a customer of the provider network;
applying, by the computing device, a revision history, version control, and cryptographic binding scheme to the added or modified tagged metadata;
receiving, by the computing device, a request for a security and compliance assessment of the selected computing resource based on a configuration for the selected computing resource;
in response to receiving the request, analyzing, by the computing device, the selected computing resource and the added or modified tagged metadata based on security reference information;
determining, by the computing device, a recommendation pertaining to security for the selected computing resource based at least in part on the analysis and one or more scoring criteria; and
applying, by the computing device, the revision history, version control, and cryptographic binding scheme to the recommendation and providing the recommendation as the requested security assessment.
2 Assignments
0 Petitions
Accused Products
Abstract
Users are authorized to access tagged metadata in a provider network. A revision control and binding mechanism may be applied to tagged metadata that is added or modified by the user. A recommendation pertaining to security and compliance for the computing resource may be determined based on an analysis of the computing resource, scoring criteria, and data pertaining to customer and system data.
23 Citations
18 Claims
-
1. A computer-implemented method for managing computing resources in a provider network, the method performed by a computing device comprising a processor and memory, the method comprising:
-
allowing, by the computing device, an authorized user to add or modify tagged metadata associated with a selected computing resource associated with a customer of the provider network; applying, by the computing device, a revision history, version control, and cryptographic binding scheme to the added or modified tagged metadata; receiving, by the computing device, a request for a security and compliance assessment of the selected computing resource based on a configuration for the selected computing resource; in response to receiving the request, analyzing, by the computing device, the selected computing resource and the added or modified tagged metadata based on security reference information; determining, by the computing device, a recommendation pertaining to security for the selected computing resource based at least in part on the analysis and one or more scoring criteria; and applying, by the computing device, the revision history, version control, and cryptographic binding scheme to the recommendation and providing the recommendation as the requested security assessment. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
-
-
9. A system configured to allocate computing resources to customers of a provider network, the system comprising:
-
at least one memory having stored therein computer instructions that, upon execution by one or more processors of the system, at least cause the system to; receive a request for a security and compliance assessment of one or more computing resources associated with a customer of the provider network; and in response to receiving the request, determine a recommendation pertaining to security and compliance for the computing resources based at least in part on an analysis of the computing resources and tagged metadata associated with the computing resources, wherein a revision history and version control scheme is applied to the tagged metadata, one or more scoring criteria, compliance data, and data pertaining to one or more of account data, billing data, configuration data, policies, and interactive commands. - View Dependent Claims (10, 11, 12, 13, 14, 15, 16, 17)
-
-
18. A non-transitory computer-readable storage medium having stored thereon computer-readable instructions, the computer-readable instructions comprising instructions that upon execution on one or more computing devices, at least cause the one or more computing devices to:
-
determine a security and compliance recommendation for one or more computing resources allocated to a customer, the security and compliance recommendation based at least in part on an analysis of the allocated computing resources, the analysis comprising comparison of the allocated computing resources and a reference configuration in accordance with at least one scoring criterion, wherein the security and compliance recommendation is indicative of the comparison; and generate a user interface indicative the determined security and compliance recommendation, wherein the user interface is indicative of the comparison, and wherein the interface comprises an application programming interface (API) configured to; receive first electronic messages that encode identifiers indicative of a request for the security recommendation; and in response to receiving one of the first electronic messages, send second electronic messages indicative of information pertaining to the security recommendation.
-
Specification