Providing security services within a cloud computing environment

US 9,129,086 B2
Filed: 03/04/2010
Issued: 09/08/2015
Est. Priority Date: 03/04/2010
Status: Expired due to Fees

First Claim

Patent Images

1. A method for providing security services within a Cloud computing environment, comprising:

publishing by a Cloud provider to a Cloud customer, a set of potential security attributes that are monitorable;

receiving, by the Cloud provider from the Cloud customer, a selection of a set of security attributes, from the published set of potential security attributes, to be monitored for the Cloud customer, the set of security attributes being selected from the set of potential security attributes;

publishing, by the Cloud provider to the Cloud customer, a plurality of security service providers capable of monitoring the set of security attributes selected for the Cloud customer, the plurality of security service providers each comprising at least one computing device;

receiving, by the Cloud provider from the Cloud customer, a designation of at least one security service provider from the published plurality of security service providers;

associating, by the Cloud provider, at least one Cloud resource used by the Cloud customer with the designated at least one security service provider;

specifying, by the Cloud customer, to the Cloud provider a credential for use in validation of the designated at least one security service provider;

sending, by the Cloud customer, the credential to the designated at least one security service provider;

establishing a secure relationship between the Cloud provider and the designated at least one security service provider;

sending, by the Cloud provider to the at least one security service provider, security information comprising output from sensors in a Cloud computing network, output from host-based intrusion detection, antivirus alerts, and data on patch penetration;

monitoring, by the designated at least one security service provider, in the cloud computing environment, using the security information, the set of security attributes for the Cloud customer using the secure relationship;

analyzing, by the at least one security service provider, the security information; and

reporting, by the at least one security service provider, on the Cloud provider'"'"'s attainment of security targets;

wherein the Cloud provider, the Cloud customer, and each of the set of security service providers are separate entities operating within the cloud computing environment.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Embodiments of the present invention allow for the provisioning of security services within a Cloud computing environment by third parties. Specifically, under the present invention, a Cloud provider will publish a set of potential security attributes (e.g., a list), which can be monitored, to the Cloud customer. The Cloud customer will designate/select one or more of those attributes that the Cloud customer wishes to have monitored for one or more Cloud resources that it is using. The Cloud provider will then provide to the Cloud customer a set of third party security service providers capable of monitoring the attributes the Cloud customer designated. The Cloud customer will then select one or more third party providers from the provided set, and the Cloud provider will associate the given Cloud resources with the respective third party providers. Once third party providers have been associated with Cloud resources, a secure relationship between the third party provider(s) and the Cloud providers will be established.

23 Citations

View as Search Results

14 Claims

1. A method for providing security services within a Cloud computing environment, comprising:
- publishing by a Cloud provider to a Cloud customer, a set of potential security attributes that are monitorable;
  
  receiving, by the Cloud provider from the Cloud customer, a selection of a set of security attributes, from the published set of potential security attributes, to be monitored for the Cloud customer, the set of security attributes being selected from the set of potential security attributes;
  
  publishing, by the Cloud provider to the Cloud customer, a plurality of security service providers capable of monitoring the set of security attributes selected for the Cloud customer, the plurality of security service providers each comprising at least one computing device;
  
  receiving, by the Cloud provider from the Cloud customer, a designation of at least one security service provider from the published plurality of security service providers;
  
  associating, by the Cloud provider, at least one Cloud resource used by the Cloud customer with the designated at least one security service provider;
  
  specifying, by the Cloud customer, to the Cloud provider a credential for use in validation of the designated at least one security service provider;
  
  sending, by the Cloud customer, the credential to the designated at least one security service provider;
  
  establishing a secure relationship between the Cloud provider and the designated at least one security service provider;
  
  sending, by the Cloud provider to the at least one security service provider, security information comprising output from sensors in a Cloud computing network, output from host-based intrusion detection, antivirus alerts, and data on patch penetration;
  
  monitoring, by the designated at least one security service provider, in the cloud computing environment, using the security information, the set of security attributes for the Cloud customer using the secure relationship;
  
  analyzing, by the at least one security service provider, the security information; and
  
  reporting, by the at least one security service provider, on the Cloud provider'"'"'s attainment of security targets;
  
  wherein the Cloud provider, the Cloud customer, and each of the set of security service providers are separate entities operating within the cloud computing environment.
- View Dependent Claims (2, 3, 4)
- - 2. The method of claim 1, the establishing comprising:
    - exchanging security credentials between the Cloud provider and the security service provider; and
      
      the Cloud provider sending security information to the at least one security service provider.
  - 3. The method of claim 1, the set of security potential attributes comprising at least one of the following:
    - alerting thresholds, event specific alerts, a number of access attempts, a number of access attempts above a threshold, a number of blocked attempts, a number of blocked attempts above a threshold, alerts on transfer of sensitive data, attempts to access accounts, attempts to delete data, or patch levels applied.
  - 4. The method of claim 1, the set of security potential attributes comprising each of the following:
    - alerting thresholds, event specific alerts, a number of access attempts, a number of access attempts above a threshold, a number of blocked attempts, a number of blocked attempts above a threshold, alerts on transfer of sensitive data, attempts to access accounts, attempts to delete data, and patch levels applied.

5. A system for providing security services within a Cloud computing environment, comprising:
- a memory medium comprising instructions;
  
  a bus coupled to the memory medium; and
  
  a processor coupled to the bus that when executing the instructions causes the system to;
  
  publish, by a Cloud provider to a Cloud customer, by a Cloud provider, a set of potential security attributes that are monitorable;
  
  receive, by the Cloud provider from the Cloud customer, a selection of a set of security attributes, from the published set of potential security attributes, to be monitored for the Cloud customer, the set of security attributes being selected from the set of potential security attributes;
  
  publish, by the Cloud provider to the Cloud customer, a plurality of security service providers capable of monitoring the set of security attributes selected for the Cloud customer, the plurality of security service providers each comprising at least one computing device;
  
  receive, by the Cloud provider from the Cloud customer, a designation of at least one security service provider from the published plurality of security service providers;
  
  associate, by the Cloud provider, at least one Cloud resource used by the Cloud customer with the designated at least one security service provider;
  
  specify, by the Cloud customer, to the Cloud provider a credential for use in validation of the designated at least one security service provider;
  
  send, by the Cloud customer, the credential to the designated at least one security service provider;
  
  establish a secure relationship between the Cloud provider and the designated at least one security service provider;
  
  send, by the Cloud provider to the at least one security service provider, security information comprising output from sensors in a Cloud computing network, output from host-based intrusion detection, antivirus alerts, and data on patch penetration;
  
  monitor, by the designated at least one security service provider, in the cloud computing environment, using the security information, the set of security attributes for the Cloud customer using the secure relationship;
  
  analyze, by the at least one security service provider, the security information; and
  
  report, by the at least one security service provider, on the Cloud provider'"'"'s attainment of security targets;
  
  wherein the Cloud provider, the Cloud customer, and each of the security service provider companies are separate entities operating within the cloud computing environment.
- View Dependent Claims (6, 7, 8)
- - 6. The system of claim 5, the secure relationship being established by:
    - an exchange of security credentials between the Cloud provider and the security service provider; and
      
      the Cloud provider sending security information to the at least one security service provider.
  - 7. The system of claim 5, the set of security potential attributes comprising at least one of the following:
    - alerting thresholds, event specific alerts, a number of access attempts, a number of access attempts above a threshold, a number of blocked attempts, a number of blocked attempts above a thresholds, alerts on transfer of sensitive data, attempts to access accounts, attempts to delete data, or patch levels applied.
  - 8. The system of claim 5, the set of security potential attributes comprising each of the following:
    - alerting thresholds, event specific alerts, a number of access attempts, a number of access attempts above a threshold, a number of blocked attempts, a number of blocked attempts above a thresholds, alerts on transfer of sensitive data, attempts to access accounts, attempts to delete data, and patch levels applied.

9. A non-transitory computer readable storage medium containing a program product for providing security services within a Cloud computing environment, the non-transitory computer readable storage medium comprising program code for causing a computer to:
- publish, by a Cloud provider to a Cloud customer, a set of potential security attributes that are monitorable;
  
  receive, by the Cloud provider from the Cloud customer, a selection of a set of security attributes, from the published set of potential security attributes, to be monitored for the Cloud customer, the set of security attributes being selected from the set of potential security attributes;
  
  publish, by the Cloud provider to the Cloud customer, a plurality of security service providers capable of monitoring the set of security attributes selected for the Cloud customer, the plurality of security service providers each comprising at least one computing device;
  
  receive, by the Cloud provider from the Cloud customer, a designation of at least one security service provider from the published plurality of security service providers;
  
  associate, by the Cloud provider, at least one Cloud resource used by the Cloud customer with the designated at least one security service provider;
  
  specify, by the Cloud customer, to the Cloud provider a credential for use in validation of the designated at least one security service provider;
  
  send, by the Cloud customer, the credential to the designated at least one security service provider;
  
  establish a secure relationship between the Cloud provider and the designated at least one security service provider;
  
  send, by the Cloud provider to the at least one security service provider, security information comprising output from sensors in a Cloud computing network, output from host-based intrusion detection, antivirus alerts, and data on patch penetration;
  
  monitor, by the designated at least one security service provider, in the cloud computing environment, using the security information, the set of security attributes for the Cloud customer using the secure relationship;
  
  analyze, by the at least one security service provider, the security information; and
  
  report, by the at least one security service provider, on the Cloud provider'"'"'s attainment of security targets;
  
  wherein the Cloud provider, the Cloud customer, and each of the security service provider companies are separate entities operating within the cloud computing environment.
- View Dependent Claims (10, 11, 12)
- - 10. The non-transitory computer readable storage medium containing the program product of claim 9, the secure relationship being established by:
    - an exchange security credentials between the Cloud provider and the security service provider; and
      
      the Cloud provider sending security information to the at least one security service provider.
  - 11. The non-transitory computer readable storage medium containing the program product of claim 9, the set of security potential attributes comprising at least one of the following:
    - alerting thresholds, event specific alerts, a number of access attempts, a number of access attempts above a threshold, a number of blocked attempts, a number of blocked attempts above a threshold, alerts on transfer of sensitive data, attempts to access accounts, attempts to delete data, or patch levels applied.
  - 12. The non-transitory computer readable storage medium containing the program product of claim 9, the set of security potential attributes comprising each of the following:
    - alerting thresholds, event specific alerts, a number of access attempts, a number of access attempts above a threshold, a number of blocked attempts, a number of blocked attempts above a threshold, alerts on transfer of sensitive data, attempts to access accounts, attempts to delete data, or patch levels applied.

13. A method for deploying a system for providing security services within a Cloud computing environment, comprising:
- providing a computer infrastructure being operable to;
  
  publish, by a Cloud provider to a Cloud customer, a set of potential security attributes that are monitorable;
  
  receive, by the Cloud provider from the Cloud customer, a selection of a set of security attributes, from the published set of potential security attributes, to be monitored for the Cloud customer, the set of security attributes being selected from the set of potential security attributes;
  
  publish, by the Cloud provider to the Cloud customer, a plurality of security service providers capable of monitoring the set of security attributes selected for the Cloud customer, the plurality of security service providers each comprising at least one computing device;
  
  receive, by the Cloud provider from the Cloud customer, a designation of at least one security service provider from the published plurality of security service provider companies;
  
  associate, by the Cloud provider, at least one Cloud resource used by the Cloud customer with the designated at least one security service provider;
  
  specify, by the Cloud customer, to the Cloud provider a credential for use in validation of the designated at least one security service provider;
  
  send, by the Cloud customer, the credential to the designated at least one security service provider;
  
  establish a secure relationship between the Cloud provider and the designated at least one security service provider;
  
  send, by the Cloud provider to the at least one security service provider, security information comprising output from sensors in a Cloud computing network, output from host-based intrusion detection, antivirus alerts, and data on patch penetration;
  
  monitor, by the designated at least one security service provider, in the cloud computing environment, using the security information, the set of security attributes for the Cloud customer using the secure relationship;
  
  analyze, by the at least one security service provider, the security information; and
  
  report, by the at least one security service provider, on the Cloud provider'"'"'s attainment of security targets;
  
  wherein the Cloud provider, the Cloud customer, and each of the plurality of security service providers are separate entities operating within the cloud computing environment.
- View Dependent Claims (14)
- - 14. The method of claim 13, the set of security potential attributes comprising each of the following:
    - alerting thresholds, event specific alerts, a number of access attempts, a number of access attempts above a threshold, a number of blocked attempts, a number of blocked attempts above a threshold, alerts on transfer of sensitive data, attempts to access accounts, attempts to delete data, or patch levels applied.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Kyndryl Incorporated
Original Assignee
International Business Machines Corporation
Inventors
Betz, Linda N., Ho, Wesley J., Lingafelt, Charles S., Merrill, David P.
Primary Examiner(s)
Patel, Nirav B

Application Number

US12/717,202
Publication Number

US 20110219434A1
Time in Patent Office

2,014 Days
Field of Search

726 1- 7, 726 22- 25, 726 11- 15
US Class Current

1/1
CPC Class Codes

G06F 21/00   Security arrangements for p...

G06F 21/577   Assessing vulnerabilities a...

H04L 63/0227   Filtering policies mail mes...

H04L 63/08   for authentication of entit...

H04L 63/10   for controlling access to d...

H04L 63/1408   by monitoring network traff...

H04L 63/1416   Event detection, e.g. attac...

H04L 63/1433   Vulnerability analysis

H04L 63/1441   Countermeasures against mal...

H04L 63/20   for managing network securi...

H04L 9/32   including means for verifyi...

Providing security services within a cloud computing environment

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

23 Citations

14 Claims

Specification

Use Cases

Quick Links

Others

Providing security services within a cloud computing environment

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

23 Citations

14 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others