Method for securing data and/or applications in a cloud computing architecture

摘要

A method for securing data and/or applications within a cloud computing architecture is provided. According to the invention, a security module is provided, the security module being administered by the user of said virtual server(s) which is/are dedicated to said user; said security module is provided with one or more security policies to be applied to the data managed by the virtual servers dedicated to said user; said security module is provided with identifiers as well as keys to access the user's dedicated virtual servers; the security module accesses the user's dedicated virtual server; the security module exports the security policies, which have been provided to it, to the dedicated virtual servers; and the dedicated virtual servers apply the security policies, which have been provided to them by the security module, to the data they manage.

主权项

1. A method for securing data and/or applications within a cloud computing architecture, wherein the cloud computing architecture comprises:
a set of virtual servers identified by first server identifiers, each virtual server being associated with one or more virtual memory disks, each virtual memory disk being materialized in the form of one or more memory spaces in one or more physical memory disks, an interface for allowing a remote user to access, via an Internet-type network, one or more virtual server(s) which are dedicated to said user in the set of virtual servers by means of a first access key which is specific to the user and/or to each of the one or more virtual server(s) dedicated to the user, and to administer said one or more dedicated virtual server(s), and interface components for creating and managing the set of virtual servers, wherein the method comprises the following steps: providing a security module, said security module being administered by the user through a security module console; providing said security module with security policies to be applied to data and/or applications in the one or more dedicated virtual server(s), said security policies being sets of rules which define confidentiality, integrity and/or availability of said data and/or applications; providing said security module with said first access key, for accessing the user's one or more dedicated virtual server(s); defining security policies to be applied to the data and/or applications in the one or more dedicated virtual server(s) through the security console, said defined security policies being selected among the sets of rules which define confidentiality, integrity and/or availability of said data and/or applications, said defining being performed by the user; accessing said one or more dedicated virtual server(s) of the user by means of said first access key, said accessing being performed by the security module; applying the defined security policies to the data and/or applications in the one or more dedicated virtual server(s), said applying being performed by the one or more dedicated virtual server(s); installing the security policies on the dedicated virtual server(s) by means of a secure channel; securing the applications and/or the data in the one or more dedicated virtual server(s) according to the defined security policies; and further dynamically creating one or more new virtual server(s) dedicated to said user within the cloud computing architecture; providing second identifiers and second key(s), which are specific to the one or more new dedicated virtual server(s), to the security module; accessing said one or more new dedicated virtual server(s) of the user by means of said second identifiers and/or second key(s), said accessing being performed by the security module; installing the security policies on the one or more new dedicated virtual server(s) by means of the secure channel; applying the defined security policies, which have been provided to the one or more new dedicated virtual server(s) by the security module, to data and/or applications in the one or more new dedicated virtual server(s), said applying being performed by the one or more new dedicated virtual server(s), and securing the applications and/or the data in the one or more new dedicated virtual server(s) according to the defined security policies.