Applying security policies based on context of a workload
First Claim
Patent Images
1. A method comprising:
- identifying a workload to be provided by one or more network resources;
analyzing the workload to determine one or more attributes of the workload, wherein the one or more attributes correspond to a type of data and a software application used by the workload;
identifying a general policy based on the determined one or more attributes corresponding to the type of data and the software application used by the workload, wherein the identified general policy is based on at least one of an industry standard or a government regulation, wherein the identified general policy comprises a first general policy associated with a first level of strictness and a second general policy associated with a second level of strictness higher than the first level of strictness;
determining, by a processing device, based on the identified general policy, one or more security policies to apply to the one or more network resources that provide the workload, wherein the one or more security policies satisfy one or more requirements associated with the identified general policy, wherein the one or more security policies satisfy the second level of strictness; and
applying the determined one or more security policies to the one or more network resources that provide the workload, wherein the applying of the determined one or more security policies modifies a configuration of the one or more network resources that provide the workload to satisfy the one or more requirements associated with the identified general policy.
2 Assignments
0 Petitions
Accused Products
Abstract
A workload to be provided by one or more network resources may be identified. The workload may be analyzed to determine one or more attributes of the workload. Furthermore, a general policy may be identified based on the one or more attributes of the workload. One or more security policies may be applied to a network resource that provides the workload. The one or more security policies may satisfy one or more requirements of the general policy.
-
Citations
15 Claims
-
1. A method comprising:
-
identifying a workload to be provided by one or more network resources; analyzing the workload to determine one or more attributes of the workload, wherein the one or more attributes correspond to a type of data and a software application used by the workload; identifying a general policy based on the determined one or more attributes corresponding to the type of data and the software application used by the workload, wherein the identified general policy is based on at least one of an industry standard or a government regulation, wherein the identified general policy comprises a first general policy associated with a first level of strictness and a second general policy associated with a second level of strictness higher than the first level of strictness; determining, by a processing device, based on the identified general policy, one or more security policies to apply to the one or more network resources that provide the workload, wherein the one or more security policies satisfy one or more requirements associated with the identified general policy, wherein the one or more security policies satisfy the second level of strictness; and applying the determined one or more security policies to the one or more network resources that provide the workload, wherein the applying of the determined one or more security policies modifies a configuration of the one or more network resources that provide the workload to satisfy the one or more requirements associated with the identified general policy. - View Dependent Claims (2, 3, 4, 5)
-
-
6. A system comprising:
-
a memory; and a processing device coupled with the memory to; identify a workload to be provided by one or more network resources; analyze the workload to determine one or more attributes of the workload, wherein the one or more attributes correspond to a type of data and a software application used by the workload; identify a general policy based on the determined one or more attributes corresponding to the type of data and the software application used by the workload, wherein the identified general policy is based on at least one of an industry standard or a government regulation, wherein the identified general policy comprises a first general policy associated with a first level of strictness and a second general policy associated with a second level of strictness higher than the first level of strictness; determine, based on the identified general policy, one or more security policies to apply to the one or more network resources that provide the workload, wherein the one or more security policies satisfy one or more requirements associated with the identified general policy, wherein the one or more security policies satisfy the second level of strictness; and apply the determined one or more security policies to the one or more network resources that provide the workload, wherein the applying of the determined one or more security policies modifies a configuration of the one or more network resources that provide the workload to satisfy the one or more requirements associated with the identified general policy. - View Dependent Claims (7, 8, 9, 10)
-
-
11. A non-transitory computer readable storage medium including instructions that, when executed by a processing device, cause the processing device to perform operations comprising:
-
identifying a workload to be provided by one or more network resources; analyzing the workload to determine one or more attributes of the workload, wherein the one or more attributes correspond to a type of data and a software application used by the workload; identifying a general policy based on the determined one or more attributes corresponding to the type of data and the software application used by the workload, wherein the identified general policy is based on at least one of an industry standard or a government regulation, wherein the identified general policy comprises a first general policy associated with a first level of strictness and a second general policy associated with a second level of strictness higher than the first level of strictness; determining, by the processing device, based on the identified general policy, one or more security policies to apply to the one or more network resources that provide the workload, wherein the one or more security policies satisfy one or more requirements associated with the identified general policy, wherein the one or more security policies satisfy the second level of strictness; and applying the determined one or more security policies to the one or more network resources that provide the workload, wherein the applying of the determined one or more security policies modifies a configuration of the one or more network resources that provide the workload to satisfy the one or more requirements associated with the identified general policy. - View Dependent Claims (12, 13, 14, 15)
-
Specification