Supporting Compliance in a Cloud Environment
Abstract
Gathering auditable data concerning actions in a cloud computing environment is automated by determining that one or more auditable data items are available associated with a requester and with at least one application program; responsive to determining that data items are available, transmitting a list of the available auditable data items to a requesting cloud client computer; subsequent to transmitting the list, receiving a data request from the cloud client computer for one or more particular auditable data items from the list; preparing the requested particular auditable data items for transmission according to a predetermined format; and transmitting the prepared requested particular auditable data items to the cloud client computer. Optionally, in some embodiments, the requesting cloud client computer may negotiate a data exchange format with the cloud service provider for receipt of the requested auditable information.
Claims
exact text as granted — not AI-modified1 . An automated method for providing auditable data concerning actions in a cloud computing environment, comprising:
responsive to receiving an auditable data request by a cloud computing server, determining that one or more auditable data items are available associated with a requester and with at least one application program; responsive to determining that data items are available, transmitting a list of the available auditable data items to a requesting cloud client computer; subsequent to transmitting the list, receiving a data request from the cloud client computer for one or more particular auditable data items from the list; preparing the requested particular auditable data items for transmission according to a predetermined format; and transmitting the prepared requested particular auditable data items to the cloud client computer.
2 . The automated method as set forth in claim 1 further comprising, prior to the receiving of an auditable data request, performing cloud service registration of a client device by creating and assigning a unique identifier to a cloud client computer, and sharing a security artifact between a cloud computing server and the cloud client computer.
3 . The automated method as set forth in claim 1 further comprising, prior to or concurrently with receiving a data request from the cloud client computer, negotiating between the cloud client computer and the cloud computing server a mutually-agreeable data exchange format in which requested auditable data will be delivered to the cloud client computer.
4 . The automated method as set forth in claim 1 wherein determining that one or more auditable data items are available comprises determining if the requester is entitled to each of the available auditable data items, and removing from the list each auditable data item to which the requester is not entitled.
5 . The automated method as set forth in claim 1 further comprising issuing a authentication token to the cloud client computer prior to the receiving an auditable data request, wherein the determining that one or more auditable data items are available comprises extracting the previously-issued token from the auditable data request, and wherein the transmitting of a list of available auditable data items is prevented responsive to the extracted token not being associated with the requesting cloud client computer or responsive to a token being not found in the received auditable data request.
6 . The automated method as set forth in claim 1 wherein the preparing of the requested auditable data items further comprises performing compliance analysis against one or more compliance policies, and wherein the transmitting of the prepared data items further comprises transmitting one or more results of the compliance analysis.
7 . The automated method as set forth in claim 6 wherein the performing of compliance analysis is performed by a cloud service provider computer which is separate from a cloud service provider which received the request for auditable data items and which is separate from the requesting cloud client computer.
8 . The automated method as set forth in claim 1 further comprising receiving the transmitted auditable data items by a cloud client computer, and performing compliance analysis against one or more compliance policies by the cloud client computer.Cited by (0)
No later patents cite this yet.
References (0)
No backward citations on record.