Abstract: A unified cloud configuration evaluation (UCCE) system is described capable of evaluating both asset configurations in a live cloud environment and proposed configuration changes produced by a cloud configuration development (CCD) system. In embodiments, the UCCE system may be implemented as a Cloud Security Posture Management (CPSM) system that monitors assets in the cloud environment and check the assets' configurations for compliance with a set of compliance rules. In embodiments, the UCCE system ingests a cloud configuration definition generated by the CCD system. In embodiments, the CCD system is implemented as an Infrastructure as Code (IaC) system that allows a user to create a cloud configuration definition that describes proposed configuration changes to the cloud environment. The UCCE system is configured to interpret the cloud configuration definition and analyze the proposed configuration changes for compliance using the same set of compliance rules used for the live cloud environment.

Abstract: A unified cloud configuration evaluation (UCCE) system is described capable of evaluating both asset configurations in a live cloud environment and proposed configuration changes produced by a cloud configuration development (CCD) system. In embodiments, the UCCE system may be implemented as a Cloud Security Posture Management (CPSM) system that monitors assets in the cloud environment and check the assets' configurations for compliance with a set of compliance rules. In embodiments, the UCCE system ingests a cloud configuration definition generated by the CCD system. In embodiments, the CCD system is implemented as an Infrastructure as Code (IaC) system that allows a user to create a cloud configuration definition that describes proposed configuration changes to the cloud environment. The UCCE system is configured to interpret the cloud configuration definition and analyze the proposed configuration changes for compliance using the same set of compliance rules used for the live cloud environment.

Abstract: Techniques for event driven harvesting and analysis of cloud computing resources in a cloud computing environment, comprising: obtaining information about at least one cloud computing event in the cloud computing environment; determining if the at least one event is related to the allocation of storage to a cloud computing resource; in response to determining the at least one event is related to the allocation of storage to a cloud computing resource, requesting data from the cloud computing resource; and analyzing the data for the presence of security risks and vulnerabilities.

Abstract: Techniques for event driven harvesting and analysis of cloud computing resources in a cloud computing environment, comprising: obtaining, from a cloud computing environment, data related to an event that occurred in the cloud computing environment; in response to obtaining the data, requesting, from the cloud computing environment, supplemental data about the event that occurred in the cloud computing environment, the supplemental data including information about the event and/or information about impact of the event on a resource; determining whether a security action is to be taken at least in part by analyzing the data and/or the supplemental data; and when it is determined a security action is to be taken, performing the security action.

Abstract: A unified cloud configuration evaluation (UCCE) system is described capable of evaluating both asset configurations in a live cloud environment and proposed configuration changes produced by a cloud configuration development (CCD) system. In embodiments, the UCCE system may be implemented as a Cloud Security Posture Management (CPSM) system that monitors assets in the cloud environment and check the assets' configurations for compliance with a set of compliance rules. In embodiments, the UCCE system ingests a cloud configuration definition generated by the CCD system. In embodiments, the CCD system is implemented as an Infrastructure as Code (IaC) system that allows a user to create a cloud configuration definition that describes proposed configuration changes to the cloud environment. The UCCE system is configured to interpret the cloud configuration definition and analyze the proposed configuration changes for compliance using the same set of compliance rules used for the live cloud environment.

Abstract: A method of managing a configuration of a computer network system includes creating of an instance of a server by a user through an interface of a public cloud service. A management process detects the existence of the instance by regularly polling the cloud service for infrastructure data and analyzing the infrastructure data to determine that the newly created instance exists. The method also includes testing parameters of the server indicated in the infrastructure data, which parameters are fully determined by the request, against predefined one or more infrastructure policies, whereby the parameters are available and testable against the policies during the generating, but are tested after the request is enacted to create the instance without creating policy enforcement encumbrance on the user when the user creates the new instance of the server.

Abstract: A method of managing a configuration of a computer network system includes creating of an instance of a server by a user through an interface of a public cloud service. A management process detects the existence of the instance by regularly polling the cloud service for infrastructure data and analyzing the infrastructure data to determine that the newly created instance exists. The method also includes testing parameters of the server indicated in the infrastructure data, which parameters are fully determined by the request, against predefined one or more infrastructure policies, whereby the parameters are available and testable against the policies during the generating, but are tested after the request is enacted to create the instance without creating policy enforcement encumbrance on the user when the user creates the new instance of the server.

Abstract: A method of managing a configuration of a computer network system includes creating of an instance of a server by a user through an interface of a public cloud service. A management process detects the existence of the instance by regularly polling the cloud service for infrastructure data and analyzing the infrastructure data to determine that the newly created instance exists. The method also includes testing parameters of the server indicated in the infrastructure data, which parameters are fully determined by the request, against predefined one or more infrastructure policies, whereby the parameters are available and testable against the policies during the generating, but are tested after the request is enacted to create the instance without creating policy enforcement encumbrance on the user when the user creates the new instance of the server.

Abstract: A method of managing a configuration of a computer network system includes creating of an instance of a server by a user through an interface of a public cloud service. A management process detects the existence of the instance by regularly polling the cloud service for infrastructure data and analyzing the infrastructure data to determine that the newly created instance exists. The method also includes testing parameters of the server indicated in the infrastructure data, which parameters are fully determined by the request, against predefined one or more infrastructure policies, whereby the parameters are available and testable against the policies during the generating, but are tested after the request is enacted to create the instance without creating policy enforcement encumbrance on the user when the user creates the new instance of the server.

Abstract: A management process monitors a cloud, such as a hybrid cloud, for utilization policy compliance rather than burdening requesting users. A hybrid cloud system requests an action directly of a cloud interface process that processes the request using a management process or externally, such as directly through a cloud service. Users complying with utilization policies are able directly to implement actions or resource allocations without the burden of policy enforcement processes intervening at a time an action is requested.

Abstract: A management process monitors a cloud, such as a hybrid cloud, for utilization policy compliance rather than burdening requesting users. A hybrid cloud system requests an action directly of a cloud interface process that processes the request using a management process or externally, such as directly through a cloud service. Users complying with utilization policies are able directly to implement actions or resource allocations without the burden of policy enforcement processes intervening at a time an action is requested.