Shifting left GRC and security compliance leveraging transient cloud resources

A method for Governance, Risk, Compliance (GRC) and security compliance in a cloud computing environment is provided. The method includes maintaining a cloud resource to be in a transient state that keeps the cloud resource from being visible to other cloud resources for a configured rule driven dur...

Full description

Saved in:
Bibliographic Details
Main Authors Sreenivasan, Balakrishan, Sood, Siddhartha, Wilson, Roopa, Gunjal, Richard Daniel
Format Patent
LanguageEnglish
Published 19.09.2023
Subjects
CALCULATING
COMPUTING
COUNTING
ELECTRIC COMMUNICATION TECHNIQUE
ELECTRIC DIGITAL DATA PROCESSING
ELECTRICITY
PHYSICS
TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHICCOMMUNICATION
Online AccessGet full text

Cover

More Information
Summary:A method for Governance, Risk, Compliance (GRC) and security compliance in a cloud computing environment is provided. The method includes maintaining a cloud resource to be in a transient state that keeps the cloud resource from being visible to other cloud resources for a configured rule driven duration during which validations comprising the GRC and security compliance are applied to the cloud resource. The method further includes provisioning the cloud resource responsive to the cloud resource meeting a time-in-transient-state requirement and passing the GRC and security compliance. The maintaining step includes reusing reactive validations for further GRC and security compliance in a resource lifecycle leveraging Application Programming Interface (API) based lifecycle events during the transient state, and deriving a next set of configurable actions for provisioned resources by providing hooks to a provisioning service to get a compliance posture for the cloud resource in the transient state.
Bibliography:Application Number: US202217977063