Abstract: A method, computer system, and computer program product for allocating virtual machines in a stateless preallocation pool on a computing device is provided. In response to determining that a virtual machine is to be removed from an active pool in a computing device, it is determined whether the virtual machine is to be moved to a preallocation pool of the computing device. In response to determining that the virtual machine is to be moved to the preallocation pool, the virtual machine is cleansed of stateful data by removing unique information about the virtual machine's prior allocation while in the active pool. The virtual machine is moved to the preallocation pool. In response to determining that the virtual machine is needed in the active pool, the virtual machine is moved from the preallocation pool to the active pool.

Abstract: A method, computer system, and computer program product for allocating virtual machines in a stateless preallocation pool on a computing device is provided. In response to determining that a virtual machine is to be removed from an active pool in a computing device, it is determined whether the virtual machine is to be moved to a preallocation pool of the computing device. In response to determining that the virtual machine is to be moved to the preallocation pool, the virtual machine is cleansed of stateful data by removing unique information about the virtual machine's prior allocation while in the active pool. The virtual machine is moved to the preallocation pool. In response to determining that the virtual machine is needed in the active pool, the virtual machine is moved from the preallocation pool to the active pool.

Abstract: A method and associated system for securing sensitive data in a cloud computing environment. A system has proprietary data as a record stored in a database. The system associates a hashing directive with the record prior to sending the data out to a cloud for computing services. The hashing directive classifies each data field of the record into sensitive and transactional. The hashing directive controls a mode of hashing, either one-way hashing or two-way hashing for each sensitive data field associated with the hashing directive. A cloud receives the record secured according to the hashing directive and process the record to generate a result value for a cloud process result field of the record. The system reconstitutes the record the record according to the mode of hashing indicated in the hashing directive.

Abstract: A method including querying a service provider for functional and nonfunctional qualifications of the service provider to provide a service having functional and nonfunctional requirements; responsive to input from the service provider, receiving by a requestor the functional qualifications and nonfunctional qualifications of the service provider including attesting by a third party, not the service provider or requestor, to at least the nonfunctional qualifications of the service provider; evaluating the functional qualifications and attested to nonfunctional qualifications of the service provider; and selecting a service provider having functional and attested to nonfunctional qualifications complying with the functional and nonfunctional requirements of the requestor. The method may be performed on one or more computing devices. Also disclosed is a computer program product.

Abstract: An illustrative embodiment provides a computer-implemented method for access control by trust assertion using hierarchical weights. The computer-implemented method comprises obtaining an access request for an asset, identifying a trust value associated with a set of paths associated with the access request to form an identified trust value. The identified trust value is compared with a required trust value and a determination as to whether the identified trust value is greater than or equal to the required trust value is made. Responsive to a determination that the identified trust value is greater than or equal to the required trust value, access to the asset is permitted.

Abstract: A method and associated system for securing sensitive data in a cloud computing environment. A system has proprietary data as a record stored in a database. The system associates a hashing directive with the record prior to sending the data out to a cloud for computing services. The hashing directive classifies each data field of the record into sensitive and transactional. The hashing directive controls a mode of hashing, either one-way hashing or two-way hashing for each sensitive data field associated with the hashing directive. A cloud receives the record secured according to the hashing directive and process the record to generate a result value for a cloud process result field of the record. The system reconstitutes the record the record according to the mode of hashing indicated in the hashing directive.

Abstract: A system and associated method for securing sensitive data in a cloud computing environment. A customer system has proprietary data as a record stored in a database. The customer system associates a hashing directive with the record prior to sending the data out to a cloud for computing services. The hashing directive classifies each data field of the record into sensitive and transactional. The hashing directive controls a mode of hashing, either one-way hashing or two-way hashing for each sensitive data field associated with the hashing directive. A cloud receives the record secured according to the hashing directive and process the record to generate a result value for a cloud process result field of the record. The customer system reconstitutes the record the record according to the mode of hashing indicated in the hashing directive.

Abstract: A method and system of externalized data validation. Data input to applications is received. Metadata specifying types of the received data is received. Methods to cleanse the received data are determined based on the metadata. Based on the determined methods and received metadata, a validation engine external to the applications cleanses and validates the received data. The validated data is sent to the applications for use by the applications. Via a subscription service and without requiring updates to the applications, a service provider provides dynamic updates of the validation engine to mitigate newly identified events associated with input to the applications.

Abstract: A method, computer system, and computer program product for allocating virtual machines in a stateless preallocation pool on a computing device is provided. In response to determining that a virtual machine is to be removed from an active pool in a computing device, it is determined whether the virtual machine is to be moved to a preallocation pool of the computing device. In response to determining that the virtual machine is to be moved to the preallocation pool, the virtual machine is cleansed of stateful data by removing unique information about the virtual machine's prior allocation while in the active pool. The virtual machine is moved to the preallocation pool. In response to determining that the virtual machine is needed in the active pool, the virtual machine is moved from the preallocation pool to the active pool.

Abstract: A method including querying a service provider for functional and nonfunctional qualifications of the service provider to provide a service having functional and nonfunctional requirements; responsive to input from the service provider, receiving by a requestor the functional qualifications and nonfunctional qualifications of the service provider including attesting by a third party, not the service provider or requestor, to at least the nonfunctional qualifications of the service provider; evaluating the functional qualifications and attested to nonfunctional qualifications of the service provider; and selecting a service provider having functional and attested to nonfunctional qualifications complying with the functional and nonfunctional requirements of the requestor. The method may be performed on one or more computing devices. Also disclosed is a computer program product.

Abstract: A method and system of externalized data validation. Data input to applications is received. Metadata specifying types of the received data is received. Methods to cleanse the received data are determined based on the metadata. Based on the determined methods and received metadata, a validation engine external to the applications cleanses and validates the received data. The validated data is sent to the applications for use by the applications. Via a subscription service and without requiring updates to the applications, a service provider provides dynamic updates of the validation engine to mitigate newly identified events associated with input to the applications.

Abstract: A system and associated method for securing sensitive data in a cloud computing environment. A customer system has proprietary data as a record stored in a database. The customer system associates a hashing directive with the record prior to sending the data out to a cloud for computing services. The hashing directive classifies each data field of the record into sensitive and transactional. The hashing directive controls a mode of hashing, either one-way hashing or two-way hashing for each sensitive data field associated with the hashing directive. A cloud receives the record secured according to the hashing directive and process the record to generate a result value for a cloud process result field of the record. The customer system reconstitutes the record the record according to the mode of hashing indicated in the hashing directive.

Abstract: An illustrative embodiment provides a computer-implemented method for access control by trust assertion using hierarchical weights. The computer-implemented method comprises obtaining an access request for an asset, identifying a trust value associated with a set of paths associated with the access request to form an identified trust value. The identified trust value is compared with a required trust value and a determination as to whether the identified trust value is greater than or equal to the required trust value is made. Responsive to a determination that the identified trust value is greater than or equal to the required trust value, access to the asset is permitted.

Abstract: A method, computer system, and computer program product for allocating virtual machines in a stateless preallocation pool on a computing device is provided. In response to determining that a virtual machine is to be removed from an active pool in a computing device, it is determined whether the virtual machine is to be moved to a preallocation pool of the computing device. In response to determining that the virtual machine is to be moved to the preallocation pool, the virtual machine is cleansed of stateful data by removing unique information about the virtual machine's prior allocation while in the active pool. The virtual machine is moved to the preallocation pool. In response to determining that the virtual machine is needed in the active pool, the virtual machine is moved from the preallocation pool to the active pool.