Application-based security rights in cloud environments

摘要

This disclosure provides the ability for a cloud application to specify its security requirements, to ability to have those requirements evaluated, e.g., against a specific cloud deployment environment, and the ability to enable the application to control a cloud-based security assurance service to provision additional security technology in the cloud to support deployment (or re-deployment elsewhere) of the application if the environment does not have the necessary topology and security resources deployed. To this end, the application queries the service by passing a set of application-based security rights. If the security capabilities provided by the security assurance service are sufficient or better than the application's security rights, the application functions normally. If, however, the security environment established by the security assurance service is insufficient for the application, the application is afforded one or more remediation options, e.g., issuing a request to upgrade the security environment, or the like.

主权项

1. A method to enforce security service requirements for a cloud application, comprising:
associating with the cloud application a set of security service requirements; deploying the cloud application into a specific cloud security environment; evaluating the security service requirements against the specific cloud security environment; and responsive to a determination that the specific cloud security environment does not meet the security service requirements for the cloud application, taking a given action.