Providing security services within a cloud computing environment
First Claim
1. A method for providing security services by a cloud provider within a Cloud computing environment to a Cloud customer, comprising:
- The cloud provider;
identifying a set of potential security attributes that are monitorable to the Cloud customer;
receiving, from the Cloud customer, a selection of a set of security attributes to be monitored for one or more Cloud resources used by the Cloud customer, the set of security attributes being selected from the set of potential security attributes;
identifying a set of security service providers capable of monitoring the set of security attributes selected by the Cloud customer;
receiving, from the Cloud customer, a designation of at least one security service provider from the set of security service providers;
associating the one or more Cloud resources with the designated at least one security service provider;
receiving, from the Cloud customer, a credential for use in validation of the designated at least one security service provider;
sending the credential to the designated at least one security service provider;
establishing a secure relationship between the Cloud provider and the designated at least one security service provider; and
sending security information, via the secure relationship, collected in a Cloud computing network to the designated at least one security service provider for monitoring the set of security attributes selected by the Cloud customer, wherein the security information comprises output from sensors, host-bases intrusion detection, antivirus alerts, and data on patch penetration;
wherein the designated at least one security service provider;
analyzes the security information; and
reports to the Cloud provider result of the analyzing.
2 Assignments
0 Petitions
Accused Products
Abstract
Embodiments of the present invention allow for the provisioning of security services within a Cloud computing environment by third parties. Specifically, under the present invention, a Cloud provider will publish a set of potential security attributes (e.g., a list), which can be monitored, to the Cloud customer. The Cloud customer will designate/select one or more of those attributes that the Cloud customer wishes to have monitored for one or more Cloud resources that it is using. The Cloud provider will then provide to the Cloud customer a set of third party security service providers capable of monitoring the attributes the Cloud customer designated. The Cloud customer will then select one or more third party providers from the provided set, and the Cloud provider will associate the given Cloud resources with the respective third party providers. Once third party providers have been associated with Cloud resources, a secure relationship between the third party provider(s) and the Cloud providers will be established.
-
Citations
8 Claims
-
1. A method for providing security services by a cloud provider within a Cloud computing environment to a Cloud customer, comprising:
-
The cloud provider; identifying a set of potential security attributes that are monitorable to the Cloud customer; receiving, from the Cloud customer, a selection of a set of security attributes to be monitored for one or more Cloud resources used by the Cloud customer, the set of security attributes being selected from the set of potential security attributes; identifying a set of security service providers capable of monitoring the set of security attributes selected by the Cloud customer; receiving, from the Cloud customer, a designation of at least one security service provider from the set of security service providers; associating the one or more Cloud resources with the designated at least one security service provider; receiving, from the Cloud customer, a credential for use in validation of the designated at least one security service provider; sending the credential to the designated at least one security service provider; establishing a secure relationship between the Cloud provider and the designated at least one security service provider; and sending security information, via the secure relationship, collected in a Cloud computing network to the designated at least one security service provider for monitoring the set of security attributes selected by the Cloud customer, wherein the security information comprises output from sensors, host-bases intrusion detection, antivirus alerts, and data on patch penetration; wherein the designated at least one security service provider; analyzes the security information; and reports to the Cloud provider result of the analyzing. - View Dependent Claims (2, 3)
-
-
4. A system for providing security services by a cloud provider within a Cloud computing environment to a Cloud customer, comprising:
-
a memory medium comprising instructions; a bus coupled to the memory medium; and a processor coupled to the bus that when executing the instructions causes the system to; identify a set of potential security attributes that are monitorable to the Cloud customer; receive, from the Cloud customer, a selection of a set of security attributes to be monitored for one or more Cloud resources used by the Cloud customer, the set of security attributes being selected from the set of potential security attributes; identify a set of security service providers capable of monitoring the set of security attributes selected by the Cloud customer; receive, from the Cloud customer, a designation of at least one security service provider from the set of security service providers; associate the one or more Cloud resources used by the Cloud customer with the designated at least one security service provider; receiving from the Cloud customer a credential for use in validation of the designated at least one security service provider; send the credential to the designated at least one security service provider; establish a secure relationship between the Cloud provider and the designated at least one security service provider; and send security information, via the secure relationship, collected in a Cloud computing network to the designated at least one security service provider for monitoring the set of security attributes selected by the Cloud customer, wherein the security information comprises output from sensors, host-bases intrusion detection, antivirus alerts, and data on patch penetration; wherein the designated at least one security service provider; analyzes the security information; and reports to the Cloud provider result of the analyzing. - View Dependent Claims (5)
-
-
6. A computer readable hardware storage device containing a program product for providing security services within a Cloud computing environment, the computer readable hardware storage device comprising program code for causing a computer to:
-
identify a set of potential security attributes of a Cloud customer that are monitorable to the Cloud customer; receive, from the Cloud customer a selection of a set of security attributes to be monitored for one or more Cloud resources used by the Cloud customer, the set of security attributes being selected from the set of potential security attributes; identify a set of security service providers capable of monitoring the set of security attributes selected by the Cloud customer; receive, from the Cloud customer a designation of at least one security service provider from the set of security service providers; associate the one or more Cloud resources with the designated at least one security service provider; receive from the Cloud customer a credential for use in validation of the designated at least one security service provider; send the credential to the designated at least one security service provider; establish a secure relationship between the Cloud provider and the designated at least one security service provider; and send security information, via the secure relationship, collected in a Cloud computing network to the designated at least one security service provider for monitoring the set of security attributes selected by the Cloud customer, wherein the security information comprises output from sensors, host-bases intrusion detection, antivirus alerts, and data on patch penetration; wherein the designated at least one security service provider; analyzes the security information; and reports to the Cloud provider result of the analyzing. - View Dependent Claims (7, 8)
-
Specification