Abstract: Techniques are provided for secure data management in a network computing environment. A security management system receives data from a device which operates in a device network that is managed by the security management system. The security management system performs a data classification process to determine a data sensitivity level of the received data. The security management system determines a type of encryption to apply to the received data based on the determined data sensitivity level. The type of encryption is determined from a plurality of different types of encryption that are supported by a cloud system. The security management system sends the received data to the cloud system to at least one of store the data and perform secured data analytic processing of the data, in a format according to the determined type of encryption.

Abstract: An apparatus comprises a processing device configured to generate a model of a plurality of devices characterizing relationships between the devices, to build a device dependency chain for the devices based on the model, to predict workload for each of the devices in one or more time slots of a given time period, and to determine a deployment schedule for the devices based on the device dependency chain and the predicted workload. The processing device is also configured to utilize the deployment schedule to select a device of the devices on which to perform an operation, to determine whether the selected device corresponds to an additional device of the devices configured to operate in place of the selected device during performance of the operation, and to control performance of the operation on the selected device responsive to the determination of whether the selected device corresponds to the additional device.

Abstract: One example method includes correlating trust scoring with authentication levels. Trust scores are protected in a computing system such that devices can be validated. Authentication levels are based on the verified trust scores.

Abstract: A method, comprising: obtaining a data item that is associated with an IoT device, the IoT device including one or more of a sensor, an actuator, or an energy source; obtaining, from a blockchain-based attestation system, a trust score that is associated with the data item, the trust score being generated by using a consensus-building mechanism that is provided by the blockchain-based attestation system; when the trust score satisfies a predetermined condition, using the data item; and when the trust score fails to satisfy the predetermined condition, discarding the data item, wherein the IoT device is configured to operate as a node in the blockchain-based attestation system, and the blockchain-based attestation system includes one or more other IoT devices that are part of the same IoT device network as the IoT device.

Abstract: Techniques are provided for secure data management in a network computing environment. A security management system receives data from a device which operates in a device network that is managed by the security management system. The security management system performs a data classification process to determine a data sensitivity level of the received data. The security management system determines a type of encryption to apply to the received data based on the determined data sensitivity level. The type of encryption is determined from a plurality of different types of encryption that are supported by a cloud system. The security management system sends the received data to the cloud system to at least one of store the data and perform secured data analytic processing of the data, in a format according to the determined type of encryption.

Abstract: Systems and methods are provided for implementing an intelligent data management system for data storage and data management in a cloud computing environment. For example, a system includes an application server, a distributed data storage system, and an intelligent data management system. The application server is configured to host a data processing application. The distributed data storage system is configured to store data generated by a network of devices associated with the data processing application. The intelligent data management system is configured to manage data storage operations for storing the data generated by the network of devices in the distributed data storage system. For example, the intelligent data management system is configured to determine one or more data types of the data generated by the network of devices and select one of a plurality of repositories within the distributed data storage system to store the data based on the determined data types.

Abstract: A method, comprising: obtaining a data item that is associated with an IoT device, the IoT device including one or more of a sensor, an actuator, or an energy source; obtaining, from a blockchain-based attestation system, a trust score that is associated with the data item, the trust score being generated by using a consensus-building mechanism that is provided by the blockchain-based attestation system; when the trust score satisfies a predetermined condition, using the data item; and when the trust score fails to satisfy the predetermined condition, discarding the data item, wherein the IoT device is configured to operate as a node in the blockchain-based attestation system, and the blockchain-based attestation system includes one or more other IoT devices that are part of the same IoT device network as the IoT device.

Abstract: An apparatus comprises a processing device configured to generate a model of a plurality of devices characterizing relationships between the devices, to build a device dependency chain for the devices based on the model, to predict workload for each of the devices in one or more time slots of a given time period, and to determine a deployment schedule for the devices based on the device dependency chain and the predicted workload. The processing device is also configured to utilize the deployment schedule to select a device of the devices on which to perform an operation, to determine whether the selected device corresponds to an additional device of the devices configured to operate in place of the selected device during performance of the operation, and to control performance of the operation on the selected device responsive to the determination of whether the selected device corresponds to the additional device.

Abstract: One example method includes correlating trust scoring with authentication levels. Trust scores are protected in a computing system such that devices can be validated. Authentication levels are based on the verified trust scores.

Abstract: One example method includes collaborative deduplication. A deduplication engine implemented at a cloud level collaborates or coordinates with an extension engine of the deduplication at an edge node. This allows data ingested at a node to be collaboratively deduplicated prior to transfer to the cloud and after transfer to the cloud.

Abstract: Systems, methods, and articles of manufacture comprising processor-readable storage media are provided for implementing security mechanisms for network environments. For example, a method includes collecting power consumption data of a plurality of devices operating within a network and determining trust scores for the plurality of devices based, at least in part, on the collected power consumption data. The trust score for a device provides a measure of trustworthiness of the device exhibiting normal operating behavior within the network. Each device is assigned to one of a plurality of trust tiers based on the determined trust scores, wherein each trust tier specifies an authentication level for devices assigned to the trust tier. One or more authentication procedures are applied to authenticate a given device operating within the network based on the authentication level specified by the trust tier to which the given device is assigned.

Abstract: Systems and methods are provided to configure a replication system to reduce latency of data read access operations in a cloud computing environment. Intelligent routing decision systems and methods are implemented in conjunction with a distributed replication system in a cloud computing environment to direct write requests to a primary site (e.g., production site) by default, and to automatically and intelligently direct read requests to a target site (e.g., primary site or replica site) to reduce data read latency and/or bandwidth. A reduction in read delay is achieved, in part, by intelligently selecting a target site (e.g., data center) in a cloud computing environment which is close or closest in distance to a requesting entity (e.g., user or application) requesting data, thereby reducing a propagation delay and/or latency in accessing and downloading data from the target site.

Abstract: Systems, methods, and articles of manufacture comprising processor-readable storage media are provided for implementing security for a network environment using a centralized smart security system. For example, a method includes implementing a network comprising a plurality of network devices which collectively generate data that is utilized by a computing system to execute an application, and implementing a centralized security system as a computing node within the network to manage security operations within the network and to establish secured and trusted communications between the network devices and the computing system. The network devices may comprise wireless sensor devices operating in a wireless sensor network, wherein the computing system executes an IoT (Internet of Things) application which processes the data that is generated by the wireless sensor devices.

Abstract: Systems, methods, and articles of manufacture comprising processor-readable storage media are provided for implementing security mechanisms for network environments. For example, a method includes collecting power consumption data of a plurality of devices operating within a network and determining trust scores for the plurality of devices based, at least in part, on the collected power consumption data. The trust score for a device provides a measure of trustworthiness of the device exhibiting normal operating behavior within the network. Each device is assigned to one of a plurality of trust tiers based on the determined trust scores, wherein each trust tier specifies an authentication level for devices assigned to the trust tier. One or more authentication procedures are applied to authenticate a given device operating within the network based on the authentication level specified by the trust tier to which the given device is assigned.

Abstract: Systems and methods are provided for implementing an intelligent data management system for data storage and data management in a cloud computing environment. For example, a system includes an application server, a distributed data storage system, and an intelligent data management system. The application server is configured to host a data processing application. The distributed data storage system is configured to store data generated by a network of devices associated with the data processing application. The intelligent data management system is configured to manage data storage operations for storing the data generated by the network of devices in the distributed data storage system. For example, the intelligent data management system is configured to determine one or more data types of the data generated by the network of devices and select one of a plurality of repositories within the distributed data storage system to store the data based on the determined data types.

Abstract: An apparatus in one embodiment comprises a plurality of container host devices of at least one processing platform. The container host devices implement a plurality of containers for executing applications on behalf of one or more tenants of cloud infrastructure. The containers have associated layer structures each characterizing container images of respective different ones of the containers. Movement of container data between different storage devices by at least one of the container host devices for at least one of the containers is controlled based at least in part on one or more characteristics of a corresponding one of the layer structures. For example, controlling movement of container data between the different storage devices may comprise assigning at least one of different prefetching priority weights and different cache-swapping priority weights to different layers of the given layer structure.

Abstract: Systems and methods are provided to configure a replication system to reduce latency of data read access operations in a cloud computing environment. Intelligent routing decision systems and methods are implemented in conjunction with a distributed replication system in a cloud computing environment to direct write requests to a primary site (e.g., production site) by default, and to automatically and intelligently direct read requests to a target site (e.g., primary site or replica site) to reduce data read latency and/or bandwidth. A reduction in read delay is achieved, in part, by intelligently selecting a target site (e.g., data center) in a cloud computing environment which is close or closest in distance to a requesting entity (e.g., user or application) requesting data, thereby reducing a propagation delay and/or latency in accessing and downloading data from the target site.

Abstract: Systems, methods, and articles of manufacture comprising processor-readable storage media are provided for implementing security for a network environment using a centralized smart security system. For example, a method includes implementing a network comprising a plurality of network devices which collectively generate data that is utilized by a computing system to execute an application, and implementing a centralized security system as a computing node within the network to manage security operations within the network and to establish secured and trusted communications between the network devices and the computing system. The network devices may comprise wireless sensor devices operating in a wireless sensor network, wherein the computing system executes an IoT (Internet of Things) application which processes the data that is generated by the wireless sensor devices.

Abstract: An apparatus in one embodiment comprises a processing platform configured to communicate over a network with a plurality of Internet of Things (IoT) devices. The processing platform receives at least a first intermediate message from a first gateway of the network, receives one or more additional intermediate messages from each of one or more additional gateways of the network, associates the first and additional intermediate messages with one another based at least in part on a common message identifier detected in each such intermediate message, and processes the associated first and additional intermediate messages to recover a device message from a given one of the IoT devices. The first intermediate message is based at least in part on at least one application of a designated cryptographic function to the device message utilizing a corresponding key. At least one of the one or more additional intermediate messages provides at least a portion of the key.

Abstract: Systems, methods, and articles of manufacture comprising processor-readable storage media are provided for implementing security for a network environment using a centralized smart security system. For example, a method includes implementing a network comprising a plurality of network devices which collectively generate data that is utilized by a computing system to execute an application, and implementing a centralized security system as a computing node within the network to manage security operations within the network and to establish secured and trusted communications between the network devices and the computing system. The network devices may comprise wireless sensor devices operating in a wireless sensor network, wherein computing system executes an IoT (Internet of Things) application which processes the data that is generated by the wireless sensor devices.