Administration of a context-based cloud security assurance system

摘要

A cloud infrastructure is enhanced to provide a context-based security assurance service to enable secure application deployment. The service inspects network and cloud topologies to identify potential security capabilities and needs. Preferably, these options are then surfaced to the user with easy-to-understand, pre-configured templates representing security assurance levels. When a template (e.g., representing a pre-configured assurance level) is selected by the user, the system then applies specific capabilities and controls to translate the user-selected generalized specification (e.g., “high security”) into granular requirements for a specific set of security resources. Preferably, the identification of these security resources is based on system configuration, administration, and information associated with the pre-configured template.

主权项

1. A method for context-based security assurance in a cloud application environment, comprising:
providing a security assurance service by which first users interact with a cloud management platform associated with the cloud application environment, the security assurance service providing the first users with sets of templates, wherein a template has associated therewith a security assurance level that is specified in a manner that does not expose to a first user at least some specific security requirements necessary to implement the security assurance level; providing at least one second user, distinct from the first users, with a security administrative view of security configuration changes associated with selection of templates by the first users; and responsive to receipt of input via the security administrative view, enforcing a security administrative action with respect to configuration of one or more security capabilities in the cloud application environment; wherein the providing and enforcing steps are carried out in software executing in a hardware element.