Systems and methods for security management of multi-client based distributed storage
First Claim
1. A method of maintaining a security risk level of data objects stored in a distributed system, comprising:
- estimating a current security risk level of at least one storage unit of each of a plurality of network nodes based on real time monitoring;
distributing a plurality of data objects among the at least one storage units of the plurality of network nodes according to the current security risk level such that a minimal security requirement of each data object is complied with;
detecting a change in the current security risk level of the at least one storage unit;
creating a new copy of at least one of the plurality of data objects stored on the at least one storage unit associated with the change in the current security risk level by reconstructing the new copy from redundancy data stored on at least one other node, for storage on a different network node such that the minimal security requirement of each data object of the plurality of data objects is maintained;
wherein existing data segments on the at least one storage unit associated with the change in the current security risk level are not used to create the new copy; and
wherein other segments related to other data objects of the plurality of data objects satisfying the change in the current security risk level are maintained on the at least one storage unit associated with the change in the current security risk level.
2 Assignments
0 Petitions
Accused Products
Abstract
There is provided a method of maintaining a security risk level of data objects stored in a distributed system, comprising: estimating a current security risk level of at least one storage unit of each of a plurality of network nodes based on real time monitoring; distributing a plurality of data objects among the at least one storage units of the plurality of network nodes according to the current security risk level such that a minimal security requirement of each data object is complied with; detecting a change in the current security risk level of the at least one storage unit; and creating a new copy of at least one of the data objects for storage on a different network node such that the minimal security requirement of each data object is maintained.
-
Citations
33 Claims
-
1. A method of maintaining a security risk level of data objects stored in a distributed system, comprising:
-
estimating a current security risk level of at least one storage unit of each of a plurality of network nodes based on real time monitoring; distributing a plurality of data objects among the at least one storage units of the plurality of network nodes according to the current security risk level such that a minimal security requirement of each data object is complied with; detecting a change in the current security risk level of the at least one storage unit; creating a new copy of at least one of the plurality of data objects stored on the at least one storage unit associated with the change in the current security risk level by reconstructing the new copy from redundancy data stored on at least one other node, for storage on a different network node such that the minimal security requirement of each data object of the plurality of data objects is maintained; wherein existing data segments on the at least one storage unit associated with the change in the current security risk level are not used to create the new copy; and wherein other segments related to other data objects of the plurality of data objects satisfying the change in the current security risk level are maintained on the at least one storage unit associated with the change in the current security risk level. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26)
-
-
14. The method of claim i, wherein the security risk level is a security score calculated from at least one security parameter member selected from the group consisting of:
- history of detected security vulnerabilities, anti-malware software version installed on the network node, presence of a firewall, and physical location of the network node.
-
27. A system of storing data objects in distributed storage while maintaining a security requirement, comprising:
-
a plurality of network nodes, each including at least one processor and at least one storage unit; wherein each storage unit is associated with a current security risk level estimated based on real time monitoring; wherein a plurality of data objects are distributed among the at least one storage units of the plurality of network nodes according to the current security risk level such that a minimal security requirement of each data object is complied with; and at least one management unit in communication with the plurality of network nodes, the at least one management unit including a code implementable by a processor of the at least one management unit to; detect a change in the current security of at least one of the plurality of network nodes and create a new'"'"' copy of at least one of the plurality of data objects stored on the at least one storage unit associated with the change in the current security risk level by reconstructing the new copy from redundancy data stored on at least one other node, for storage on a different network node such that the minimal security requirement of each data object of the plurality of data objects is maintained; wherein existing data segments on the at least one storage unit associated with the change in the current security risk level are not used to create the new copy; and wherein other segments related to other data objects of the plurality of data objects satisfying the change in the current security risk level are maintained on the at least one storage unit associated with the change in the current security risk level. - View Dependent Claims (28, 29, 30, 31, 32)
-
-
33. A computer program product for maintaining a security requirement of data objects stored in a distributed system comprising a readable storage medium storing program code thereon for use by a management unit, the program code comprising:
-
instructions for estimating a current security risk level of at least one storage unit of each of a plurality of network nodes based on real time monitoring; instructions for distributing a plurality of data objects among the at least one storage units of the plurality of network nodes according to the current security risk level such that a minimal security requirement of each data object is complied with; instructions for detecting a change in the current security risk level of the at least one storage unit; instructions for creating a new copy of at least one of the plurality of data objects stored on the at least one storage unit associated with the change in the current security risk level by reconstructing the new copy from redundancy data stored on at least one other node, for storage on a different network node such that the minimal security requirement of each data object of the plurality of data objects is maintained; wherein existing data segments on the at least one storage unit associated with the change in the current security risk level are not used to create the new copy; and wherein other segments related to other data objects of the plurality of data objects satisfying the change in the current security risk level are maintained on the at least one storage unit associated with the change in the current security risk level.
-
Specification