Standards compliance for computing data

US 9,621,584 B1
Filed: 09/30/2009
Issued: 04/11/2017
Est. Priority Date: 09/30/2009
Status: Active Grant

First Claim

Patent Images

1. A computer-implemented method for providing and configuring and monitoring computing resources, comprising:

receiving, by one or more configured computing server systems of a computer infrastructure services provider, a request from a user of the computer infrastructure services provider for an indicated quantity of virtual machines, and an identifier representing a set of one or more governmental regulatory requirements;

providing, by the computer infrastructure services provider in response to the request, multiple virtual machines of the indicated quantity using computers provided by the computer infrastructure services provider;

determining, by the one or more configured computing server systems and based at least in part on the received identifier, a plurality of configuration settings for the multiple virtual machines that comply with the set of one or more governmental regulatory requirements;

configuring, by the one or more configured computing server systems, the multiple virtual machines according to the determined plurality of configuration settings;

providing, by the computer infrastructure services provider and to the user, access to the configured multiple virtual machines;

detecting, by the one or more configured computing server systems and during operation of the configured multiple virtual machines, an event that occurs at one or more of the configured multiple virtual machines;

evaluating, by the one or more configured computing server systems and in response to the detected event, the detected event and the determined plurality of configuration settings for compliance with the one or more governmental regulatory requirements;

determining, by the one or more configured computing server systems and based at least in part on the evaluating, whether the user is compliant with the one or more governmental regulatory requirements; and

if the user is determined to be compliant, generating and transmitting, by the one or more configured computing server systems and to one or more other computer systems, compliance information for the user that is specific to the one or more governmental regulatory requirements, and otherwise taking, by the one or more configured computing server systems, an action to correct non-compliance of the user with the one or more governmental regulatory requirements.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Systems and methods are provided for configuring and monitoring computing resources of an entity for compliance with one or more standards. In one implementation, a server receives one or more identifiers of one or more standards and determines a plurality of configuration settings for the computing resources of the entity, based on the received one or more identifiers. The plurality of configuration settings comply with the one or more standards. The computing resources of the entity are configured according to the plurality of configuration settings. The server detects an event related to the computing resources. The detected event and the plurality of configuration settings are evaluated for compliance with the one or more standards. A determination is made whether the entity is compliant with the one or more standards, based on the evaluation, and an action is taken, based on the determination.

62 Citations

View as Search Results

29 Claims

1. A computer-implemented method for providing and configuring and monitoring computing resources, comprising:
- receiving, by one or more configured computing server systems of a computer infrastructure services provider, a request from a user of the computer infrastructure services provider for an indicated quantity of virtual machines, and an identifier representing a set of one or more governmental regulatory requirements;
  
  providing, by the computer infrastructure services provider in response to the request, multiple virtual machines of the indicated quantity using computers provided by the computer infrastructure services provider;
  
  determining, by the one or more configured computing server systems and based at least in part on the received identifier, a plurality of configuration settings for the multiple virtual machines that comply with the set of one or more governmental regulatory requirements;
  
  configuring, by the one or more configured computing server systems, the multiple virtual machines according to the determined plurality of configuration settings;
  
  providing, by the computer infrastructure services provider and to the user, access to the configured multiple virtual machines;
  
  detecting, by the one or more configured computing server systems and during operation of the configured multiple virtual machines, an event that occurs at one or more of the configured multiple virtual machines;
  
  evaluating, by the one or more configured computing server systems and in response to the detected event, the detected event and the determined plurality of configuration settings for compliance with the one or more governmental regulatory requirements;
  
  determining, by the one or more configured computing server systems and based at least in part on the evaluating, whether the user is compliant with the one or more governmental regulatory requirements; and
  
  if the user is determined to be compliant, generating and transmitting, by the one or more configured computing server systems and to one or more other computer systems, compliance information for the user that is specific to the one or more governmental regulatory requirements, and otherwise taking, by the one or more configured computing server systems, an action to correct non-compliance of the user with the one or more governmental regulatory requirements.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
- - 2. The computer-implemented method of claim 1, whereinthe detected event is a change of one of the determined plurality of configuration settings.
  - 3. The computer-implemented method of claim 1, wherein at least one of the determined plurality of configuration settings specifies who has access to data.
  - 4. The computer-implemented method of claim 1, wherein at least one of the determined plurality of configuration settings specify one or more of a group that includes a configuration of a firewall, a configuration of an intrusion detection or prevention service, and data retention requirements.
  - 5. The computer-implemented method of claim 1, wherein the action modifies the multiple virtual machines to bring the modified multiple virtual machines into compliance with the one or more governmental regulatory requirements.
  - 6. The computer-implemented method of claim 1 wherein the detected event is an attempted change by the user of one of the determined plurality of configuration settings, and wherein the action prevents the user from changing the configuration settings.
  - 7. The computer-implemented method of claim 1 wherein the transmitting of the compliance information includes transmitting a notification of compliance status to one or more authorities related to the one or more governmental regulatory requirements.
  - 8. The computer-implemented method of claim 1, wherein the action includes recording the detected event.
  - 9. The computer-implemented method of claim 8, wherein the recording of the detected event is certified by a digital signature.
  - 10. The computer-implemented method of claim 1 further comprising, after the taking of the action, providing a certification indicating that the multiple virtual machines of the user are compliant with the one or more governmental regulatory requirements.
  - 11. The computer-implemented method of claim 1 wherein the providing of the multiple virtual machines for use by the user further includes providing additional computing resources for use by the user that are hosted by the computer infrastructure services provider.

12. A computer-implemented method comprising:
- providing, by a server computer of a computer infrastructure services provider, and using a plurality of computers provided by the computer infrastructure services provider for use by multiple entities, multiple virtual machines of an indicated quantity for use by a user of the computer infrastructure services provider, and configuring the multiple virtual machines to comply with one or more governmental regulations for one or more standards that are identified based on a received identifier;
  
  detecting, by the server computer and during operation of the configured multiple virtual machines, an event involving one or more of the configured multiple virtual machines;
  
  evaluating, by the server computer, the detected event and a plurality of configuration settings of the configured multiple virtual machines for compliance with the one or more governmental regulations;
  
  determining, by the server computer and based at least in part on the evaluating, that whether the user is compliant with the one or more governmental regulations; and
  
  if the user is determined to be compliant, taking, by the server computer, a first action that includes transmitting to one or more other computer systems a certification that is specific to the one or more governmental regulations and that indicates the user is compliant, and otherwise taking, by the server computer, a second action to correct non-compliance of the user with the one or more governmental regulations.
- View Dependent Claims (13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27)
- - 13. The computer-implemented method of claim 12, wherein the detected event is a change of one of the plurality of configuration settings.
  - 14. The computer-implemented method of claim 12, wherein the detected event is a transmission of data.
  - 15. The computer-implemented method of claim 12 further comprising determining, by the server computer and based on the one or more standards, to record the detected event, and record the detected event.
  - 16. The computer-implemented method of claim 12 wherein at least one of the plurality of configuration settings specifies who has access to data, and wherein the method further comprises providing the user with access to the configured multiple virtual machines and enforcing the access to the data during the operation of the configured multiple virtual machines.
  - 17. The computer-implemented method of claim 12 wherein at least one of the plurality of configuration settings automates auditing of data, and wherein the method further comprises providing the user with access to the configured multiple virtual machines and performing the auditing of the data during the operation of the configured multiple virtual machines.
  - 18. The computer-implemented method of claim 12 wherein at least one of the plurality of configuration settings specify a configuration of a firewall, and wherein the method further comprises providing the user with access to the configured multiple virtual machines and implementing the configured firewall during the operation of the configured multiple virtual machines.
  - 19. The computer-implemented method of claim 12 wherein at least one of the plurality of configuration settings specify a configuration of an intrusion detection or prevention service, and wherein the method further comprises providing the user with access to the configured multiple virtual machines and performing operations of the configured intrusion detection or prevention service during the operation of the configured multiple virtual machines.
  - 20. The computer-implemented method of claim 12 wherein at least one of the plurality of configuration settings specify data retention requirements, and wherein the method further comprises providing the user with access to the configured multiple virtual machines and enforcing the data retention requirements during the operation of the configured multiple virtual machines.
  - 21. The computer-implemented method of claim 12 further comprising transmitting a reminder to the user indicating that at least one of the one or more standards require the user to review a report.
  - 22. The computer-implemented method of claim 21 further comprising:
    - receiving a response from the user indicating that the user has reviewed the report; and
      
      generating a certification that certifies the user has reviewed the report.
  - 23. The computer-implemented method of claim 12 wherein the user represents an entity, and wherein the method further comprises determining, after the transmitting of the certification and during operation of the configured multiple virtual machines, that the entity is not compliant with the one or more standards, and taking a further action that brings the entity into compliance with the one or more standards.
  - 24. The computer-implemented method of claim 23 wherein the further action prevents the user from making a change to one of the configuration settings that is not compliant with the one or more standards.
  - 25. The computer-implemented method of claim 12, wherein the taking of the second action includes transmitting a notification of non-compliance status.
  - 26. The computer-implemented method of claim 12, further comprising recording the detected event.
  - 27. The computer-implemented method of claim 26, wherein the recording of the detected event is certified by a digital signature.

28. A system comprising:
- a processor; and
  
  a memory storing program instructions that, when executed by the processor, configure a computing system of a computer infrastructure services provider to;
  
  provide, by using a plurality of computers provided by the computer infrastructure services provider for use by multiple entities, multiple virtual machines of an indicated quantity for use by a user of the computer infrastructure services provider, and configure the multiple virtual machines to comply with one or more regulatory requirements for one or more standards that are identified based on a received identifier;
  
  detect, during operation of the configured multiple virtual machines, an event involving one or more of the configured multiple virtual machines;
  
  evaluate the detected event and a plurality of configuration settings of the configured multiple virtual machines for compliance with the one or more regulatory requirements;
  
  determine, based at least in part on the evaluating, whether the user is compliant with the one or more regulatory requirements; and
  
  if the user is determined to be compliant, transmit, to one or more other computer systems, information based on the one or more governmental regulatory requirements that certifies the user is compliant with the one or more governmental regulatory requirements, and otherwise take an action to correct non-compliance of the user.
- View Dependent Claims (29)
- - 29. The system of claim 28 wherein the one or more regulatory requirements are specified by a governmental agency.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Amazon Technologies, Inc. (Amazon.com, Inc.)
Original Assignee
Amazon Technologies, Inc. (Amazon.com, Inc.)
Inventors
Schmidt, Stephen E., Brandwine, Eric J., Cabrera, Luis Felipe
Primary Examiner(s)
Armouche, Hadi
Assistant Examiner(s)
Cribbs, Malcolm

Application Number

US12/585,999
Time in Patent Office

2,750 Days
Field of Search

None
US Class Current
CPC Class Codes

G06F 21/50   Monitoring users, programs ...

G06F 21/53   by executing in a restricte...

G06F 21/57   Certifying or maintaining t...

G06F 21/577   Assessing vulnerabilities a...

H04L 41/0803   Configuration setting

H04L 63/0263   Rule management

H04L 63/1408   by monitoring network traff...

H04L 63/20   for managing network securi...

H04L 9/3247   involving digital signatures

Standards compliance for computing data

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

62 Citations

29 Claims

Specification

Solutions

Use Cases

Quick Links

Standards compliance for computing data

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

62 Citations

29 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links