| 摘要 |
Embodiments of the present invention allow for the provisioning of security services within a Cloud computing environment by third parties. Specifically, under the present invention, a Cloud provider will publish a set of potential security attributes (e.g., a list), which can be monitored, to the Cloud customer. The Cloud customer will designate/select one or more of those attributes that the Cloud customer wishes to have monitored for one or more Cloud resources that it is using. The Cloud provider will then provide to the Cloud customer a set of third party security service providers capable of monitoring the attributes the Cloud customer designated. The Cloud customer will then select one or more third party providers from the provided set, and the Cloud provider will associate the given Cloud resources with the respective third party providers. Once third party providers have been associated with Cloud resources, a secure relationship between the third party provider(s) and the Cloud providers will be established. |
| 主权项 |
1. A method for providing security services within a Cloud computing environment, comprising:
publishing by a Cloud provider to a Cloud customer, a set of potential security attributes that are monitorable; receiving, by the Cloud provider from the Cloud customer, a selection of a set of security attributes, from the published set of potential security attributes, to be monitored for the Cloud customer, the set of security attributes being selected from the set of potential security attributes; publishing, by the Cloud provider to the Cloud customer, a plurality of security service providers capable of monitoring the set of security attributes selected for the Cloud customer, the plurality of security service providers each comprising at least one computing device; receiving, by the Cloud provider from the Cloud customer, a designation of at least one security service provider from the published plurality of security service providers; associating, by the Cloud provider, at least one Cloud resource used by the Cloud customer with the designated at least one security service provider; specifying, by the Cloud customer, to the Cloud provider a credential for use in validation of the designated at least one security service provider; sending, by the Cloud customer, the credential to the designated at least one security service provider; establishing a secure relationship between the Cloud provider and the designated at least one security service provider; sending, by the Cloud provider to the at least one security service provider, security information comprising output from sensors in a Cloud computing network, output from host-based intrusion detection, antivirus alerts, and data on patch penetration; monitoring, by the designated at least one security service provider, in the cloud computing environment, using the security information, the set of security attributes for the Cloud customer using the secure relationship; analyzing, by the at least one security service provider, the security information; and reporting, by the at least one security service provider, on the Cloud provider's attainment of security targets; wherein the Cloud provider, the Cloud customer, and each of the set of security service providers are separate entities operating within the cloud computing environment. |
