PROVIDING SECURITY SERVICES WITHIN A CLOUD COMPUTING ENVIRONMENT

US 20110219434A1
Filed: 03/04/2010
Published: 09/08/2011
Est. Priority Date: 03/04/2010
Status: Active Grant

First Claim

Patent Images

1. A method for providing security services within a Cloud computing environment, comprising:

identifying a set of potential security attributes a Cloud customer that are monitorable;

receiving a selection of a set of security attributes to be monitored for the Cloud customer, the set of security attributes being selected from the set of potential security attributes;

identifying a set of security service providers capable of monitoring the set of security attributes selected for the Cloud customer;

receiving a designation of at least one security service provider from the set of security service providers;

associating at least one Cloud resource used by the Cloud customer with the at least one security service provider; and

establishing a secure relationship between the Cloud provider and the at least one security service provider.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Embodiments of the present invention allow for the provisioning of security services within a Cloud computing environment by third parties. Specifically, under the present invention, a Cloud provider will publish a set of potential security attributes (e.g., a list), which can be monitored, to the Cloud customer. The Cloud customer will designate/select one or more of those attributes that the Cloud customer wishes to have monitored for one or more Cloud resources that it is using. The Cloud provider will then provide to the Cloud customer a set of third party security service providers capable of monitoring the attributes the Cloud customer designated. The Cloud customer will then select one or more third party providers from the provided set, and the Cloud provider will associate the given Cloud resources with the respective third party providers. Once third party providers have been associated with Cloud resources, a secure relationship between the third party provider(s) and the Cloud providers will be established.

142 Citations

22 Claims

1. A method for providing security services within a Cloud computing environment, comprising:
- identifying a set of potential security attributes a Cloud customer that are monitorable;
  
  receiving a selection of a set of security attributes to be monitored for the Cloud customer, the set of security attributes being selected from the set of potential security attributes;
  
  identifying a set of security service providers capable of monitoring the set of security attributes selected for the Cloud customer;
  
  receiving a designation of at least one security service provider from the set of security service providers;
  
  associating at least one Cloud resource used by the Cloud customer with the at least one security service provider; and
  
  establishing a secure relationship between the Cloud provider and the at least one security service provider.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The method of claim of 1, the establishing comprising:
    - the Cloud customer specifying to the Cloud provider a credential for use in validation of the at least one security service provider; and
      
      the Cloud customer sending the credential to the at least one security service provider.
  - 3. The method of claim 1, the establishing comprising:
    - the Cloud provider generating a credential for validation of the at least one security service provider; and
      
      the Cloud provider sending the credential to the at least one security service provider.
  - 4. The method of claim 1, the establishing comprising:
    - the at least one security service provider generating a credential for validation of the at least one security service provider; and
      
      the at least one security service provider sending the credential to the Cloud provider.
  - 5. The method of claim 1, the establishing comprising:
    - exchanging security credentials between the Cloud provider and the security service provider; and
      
      the Cloud provider sending security information to the at least one security service provider.
  - 6. The method of claim 1, further comprising monitoring the set of security attributes for the Cloud customer using the secure relationship.
  - 7. The method of claim 1, the set of security potential attributes comprising at least one of the following:
    - alerting thresholds, event specific alerts, a number of access attempts, a number of access attempts above a threshold, a number of blocked attempts, a number of blocked attempts above a threshold, alerts on transfer of sensitive data, attempts to access accounts, attempts to delete data, or patch levels applied.

8. A system for providing security services within a Cloud computing environment, comprising:
- a memory medium comprising instructions;
  
  a bus coupled to the memory medium; and
  
  a processor coupled to the bus that when executing the instructions causes the system to;
  
  identify a set of potential security attributes a Cloud customer that are monitorable;
  
  receive a selection of a set of security attributes to be monitored for the Cloud customer, the set of security attributes being selected from the set of potential security attributes;
  
  identify a set of security service providers capable of monitoring the set of security attributes selected for the Cloud customer;
  
  receive a designation of at least one security service provider from the set of security service providers;
  
  associate at least one Cloud resource used by the Cloud customer with the at least one security service provider; and
  
  establish a secure relationship between the Cloud provider and the at least one security service provider.
- View Dependent Claims (9, 10, 11, 12, 13, 14)
- - 9. The system of claim of 8, the secure relationship being established by:
    - the Cloud customer specifying to the Cloud provider a credential for use in validation of the at least one security service provider; and
      
      the Cloud customer sending the credential to the at least one security service provider.
  - 10. The method of claim 8, the secure relationship being established by:
    - the Cloud provider generating a credential for validation of the at least one security service provider; and
      
      the Cloud provider sending the credential to the at least one security service provider.
  - 11. The system of claim 8, the secure relationship being established by:
    - the at least one security service provider generating a credential for validation of the at least one security service provider; and
      
      the at least one security service provider sending the credential to the Cloud provider.
  - 12. The system of claim 8, the secure relationship being established by:
    - an exchange of security credentials between the Cloud provider and the security service provider; and
      
      the Cloud provider sending security information to the at least one security service provider.
  - 13. The system of claim 8, the system further being causes to monitor the set of security attributes for the Cloud customer using the secure relationship.
  - 14. The system of claim 8, the set of security potential attributes comprising at least one of the following:
    - alerting thresholds, event specific alerts, a number of access attempts, a number of access attempts above a threshold, a number of blocked attempts, a number of blocked attempts above a thresholds, alerts on transfer of sensitive data, attempts to access accounts, attempts to delete data, or patch levels applied.

15. A computer readable medium containing a program product for providing security services within a Cloud computing environment, the computer readable medium comprising program code for causing a computer to:
- identify a set of potential security attributes a Cloud customer that are monitorable;
  
  receive a selection of a set of security attributes to be monitored for the Cloud customer, the set of security attributes being selected from the set of potential security attributes;
  
  identify a set of security service providers capable of monitoring the set of security attributes selected for the Cloud customer;
  
  receive a designation of at least one security service provider from the set of security service providers;
  
  associate at least one Cloud resource used by the Cloud customer with the at least one security service provider; and
  
  establish a secure relationship between the Cloud provider and the at least one security service provider.
- View Dependent Claims (16, 17, 18, 19, 20, 21)
- - 16. The computer readable medium containing the program product of claim 15, the secure relationship being established by:
    - the Cloud customer specifying to the Cloud provider a credential for use in validation of the at least one security service provider; and
      
      the Cloud customer sending the credential to the at least one security service provider.
  - 17. The computer readable medium containing the program product of claim 15, the secure relationship being established by:
    - the Cloud provider generating a credential for validation of the at least one security service provider; and
      
      the Cloud provider sending the credential to the at least one security service provider.
  - 18. The computer readable medium containing the program product of claim 15, the secure relationship being established by:
    - the at least one security service provider generating a credential for validation of the at least one security service provider; and
      
      the at least one security service provider sending the credential to the Cloud provider.
  - 19. The computer readable medium containing the program product of claim 15, the secure relationship being established by:
    - an exchange security credentials between the Cloud provider and the security service provider; and
      
      the Cloud provider sending security information to the at least one security service provider.
  - 20. The computer readable medium containing the program product of claim 15, the computer readable medium further comprising program code for further causing the computer to monitor the set of security attributes for the Cloud customer using the secure relationship.
  - 21. The computer readable medium containing the program product of claim 15, the set of security potential attributes comprising at least one of the following:
    - alerting thresholds, event specific alerts, a number of access attempts, a number of access attempts above a threshold, a number of blocked attempts, a number of blocked attempts above a threshold, alerts on transfer of sensitive data, attempts to access accounts, attempts to delete data, or patch levels applied.

22. A method for deploying a system for providing security services within a Cloud computing environment, comprising:
- providing a computer infrastructure being operable to;
  
  identify a set of potential security attributes a Cloud customer that are monitorable;
  
  receive a selection of a set of security attributes to be monitored for the Cloud customer, the set of security attributes being selected from the set of potential security attributes;
  
  identify a set of security service providers capable of monitoring the set of security attributes selected for the Cloud customer;
  
  receive a designation of at least one security service provider from the set of security service providers;
  
  associate at least one Cloud resource used by the Cloud customer with the at least one security service provider; and
  
  establish a secure relationship between the Cloud provider and the at least one security service provider.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Kyndryl Incorporated
Original Assignee
International Business Machines Corporation
Inventors
Betz, Linda N., Ho, Wesley J., Merrill, David P., Lingafelt, Charles S.

Granted Patent

US 9,129,086 B2
Time in Patent Office

Days
Field of Search
US Class Current

726/5
CPC Class Codes

G06F 21/00   Security arrangements for p...

G06F 21/577   Assessing vulnerabilities a...

H04L 63/0227   Filtering policies mail mes...

H04L 63/08   for authentication of entit...

H04L 63/10   for controlling access to d...

H04L 63/1408   by monitoring network traff...

H04L 63/1416   Event detection, e.g. attac...

H04L 63/1433   Vulnerability analysis

H04L 63/1441   Countermeasures against mal...

H04L 63/20   for managing network securi...

H04L 9/32   including means for verifyi...

PROVIDING SECURITY SERVICES WITHIN A CLOUD COMPUTING ENVIRONMENT

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

142 Citations

22 Claims

Specification

Solutions

Use Cases

Quick Links

PROVIDING SECURITY SERVICES WITHIN A CLOUD COMPUTING ENVIRONMENT

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

142 Citations

22 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links