Limiting exposure to compliance and risk in a cloud environment

US 9,679,157 B2
Filed: 01/07/2015
Issued: 06/13/2017
Est. Priority Date: 01/07/2015
Status: Active Grant

First Claim

Patent Images

1. A non-transitory computer readable storage medium storing a program of instructions executable by a machine to perform a method of minimizing data security risks, the method comprising:

determining a number and type of confidential data stored in a computing environment to generate a metric for the type of confidential data in the computing environment, the type of confidential data determined from a plurality of types comprising at least social security number (SSN), patient data, personal information, and credit card number;

comparing the metric of the type of confidential data to a predetermined metric for the type; and

responsive to determining the metric for the type of confidential data exceeding a predetermined metric for the type, performing an action to prevent more entries of the type of confidential data to be stored in the computing environment,the metric measured by at least one of a count of the type of confidential data in the computing environment and a volume size taken up by the type of confidential data in the computing environment,the predetermined metric being different for different types of confidential data in the computing environment,the performing an action to prevent more entries of the type of confidential data in the computing environment comprising closing an access port in the computing environment to requests associated with the type of confidential data, and automatically performing removal of data of the type stored in the computing environment to make room for accepting said more entries of the type of confidential data.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Minimizing data security risks may be provided. A number and type of confidential data in a computing environment may be determined to generate a metric for the type of confidential data in the computing environment. The metric of the type of confidential data may be compared to a predetermined metric for the type. Responsive to determining the metric for the type of confidential data exceeding a predetermined metric for the type, an action may be performed to prevent more entries of the type of confidential data in the computing environment.

43 Citations

12 Claims

1. A non-transitory computer readable storage medium storing a program of instructions executable by a machine to perform a method of minimizing data security risks, the method comprising:
- determining a number and type of confidential data stored in a computing environment to generate a metric for the type of confidential data in the computing environment, the type of confidential data determined from a plurality of types comprising at least social security number (SSN), patient data, personal information, and credit card number;
  
  comparing the metric of the type of confidential data to a predetermined metric for the type; and
  
  responsive to determining the metric for the type of confidential data exceeding a predetermined metric for the type, performing an action to prevent more entries of the type of confidential data to be stored in the computing environment,the metric measured by at least one of a count of the type of confidential data in the computing environment and a volume size taken up by the type of confidential data in the computing environment,the predetermined metric being different for different types of confidential data in the computing environment,the performing an action to prevent more entries of the type of confidential data in the computing environment comprising closing an access port in the computing environment to requests associated with the type of confidential data, and automatically performing removal of data of the type stored in the computing environment to make room for accepting said more entries of the type of confidential data.
- View Dependent Claims (2, 3, 4, 5)
- - 2. The non-transitory computer readable storage medium of claim 1, wherein the action comprises at least one of pacing and preventing work from entering the computing environment.
  - 3. The non-transitory computer readable storage medium of claim 1, wherein the action comprises scheduling work associated with the type of confidential data into a different computing environment.
  - 4. The non-transitory computer readable storage medium of claim 1, wherein the computing environment comprises one or more of a virtual environment, a virtual machine (VM), a logical partition (LPAR), a workload partition (WPAR), a machine, a node, or public cloud, or combinations thereof.
  - 5. The non-transitory computer readable storage medium of claim 1, wherein the predetermined metric is configured based on a policy that is set for processing the type of confidential data.

6. A system for minimizing data security risks, comprising:
- one or more computing units running in a computing environment; and
  
  a processor coupled to the one or more computing units,the processor operable to determine a number and type of confidential data stored in the computing environment to generate a metric for the type of confidential data in the computing environment, the type of confidential data determined from a plurality of types comprising at least social security number (SSN), patient data, personal information, and credit card number,the processor further operable to compare the metric of the type of confidential data to a predetermined metric for the type, andresponsive to determining the metric for the type of confidential data exceeding a predetermined metric for the type, the processor further operable to perform an action to prevent more entries of the type of confidential data to be stored in the computing environment,the metric measured by at least one of a count of the type of confidential data in the computing environment and a volume size taken up by the type of confidential data in the computing environment,the predetermined metric being different for different types of confidential data in the computing environment,the processor performing an action to prevent more entries of the type of confidential data in the computing environment comprising closing an access port in the computing environment to requests associated with the type of confidential data, and automatically performing removal of data of the type stored in the computing environment that is no longer needed by the computing environment to make room for accepting said more entries of the type of confidential data.
- View Dependent Claims (7, 8, 9, 10, 11, 12)
- - 7. The system of claim 6, wherein the action comprises at least one of pacing and preventing work from entering the computing environment.
  - 8. The system of claim 6, wherein the action comprises scheduling work associated with the type of confidential data into a different computing environment.
  - 9. The system of claim 6, wherein the computing environment comprises one or more of a virtual environment, a virtual machine (VM), a logical partition (LPAR), a workload partition (WPAR), a machine, a node, or public cloud, or combinations thereof.
  - 10. The system of claim 6, wherein the predetermined metric is configured based on a policy that is set for processing the type of confidential data.
  - 11. The system of claim 6, further comprising a dispatcher processor operable to keep track of the metric and direct the type of confidential data to the computing environment based on the metric.
  - 12. The system of claim 6, wherein the processor is further operable to remove the type of confidential data from the computing environment, responsive to determining one or more of:
    - the confidential data is no longer needed in the computing environment, the predetermined threshold associated with the type of confidential data is reached.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
International Business Machines Corporation
Original Assignee
International Business Machines Corporation
Inventors
Allen, Corville O., Patrocinio, Eduardo A., Francis, Arthur R.
Primary Examiner(s)
TURCHEN, JAMES R

Application Number

US14/591,578
Publication Number

US 20160196445A1
Time in Patent Office

888 Days
Field of Search
US Class Current
CPC Class Codes

G06F 21/6227   where protection concerns t...

G06F 21/6245   Protecting personal data, e...

H04L 63/10   for controlling access to d...

H04L 63/20   for managing network securi...

H04L 67/1097   for distributed storage of ...

H04L 9/085   Secret sharing or secret sp...

H04W 12/02   Protecting privacy or anony...

Limiting exposure to compliance and risk in a cloud environment

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

43 Citations

12 Claims

Specification

Use Cases

Quick Links

Others

Limiting exposure to compliance and risk in a cloud environment

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

43 Citations

12 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others