Abstract: A trust management system may be configured to compute a trust level for a compute resource based on a trust manifest corresponding to compute resource. Based on the construction of a trust manifest for each class of compute resources, a trust level may be computed for a wide range of compute resources, including bare-metal hosts, hypervisor hosts, virtual machines and containers. A trust manifest may specify one or more inputs for calculating the trust level, as well as how the inputs are to be processed to arrive at the trust level. The one or more inputs may include integrity measurements determined in accordance with one or more integrity measurement methods and security assessments determined in accordance with one or more security assessment methods. The inputs for the trust level calculation may be evaluated by one or more rule statements specified in the trust manifest, the evaluation of which returns the trust level for the compute resource.

Abstract: An agile governance system provides recommendations for infrastructure change requests concerning a cloud-based computer environment in accordance with security policies regarding data to be used in connection with applications impacted by the requests. The nature and character of the data is determined using an interactive dialog with a requesting entity. Possible responses provided by the requesting entity are mapped to security policy requirements, which, in turn, are used to determine infrastructure stack requirements. Where pre-approved solutions that satisfy the security needs for the requested infrastructure change exist, they are recommended; otherwise, the requesting entity is presented with the recommendation for the requested infrastructure change along with a list of required approvals and approvers.

Abstract: An agile governance system provides recommendations for infrastructure change requests concerning a cloud-based computer environment in accordance with security policies regarding data to be used in connection with applications impacted by the requests. The nature and character of the data is determined using an interactive dialog with a requesting entity. Possible responses provided by the requesting entity are mapped to security policy requirements, which, in turn, are used to determine infrastructure stack requirements. Where pre-approved solutions that satisfy the security needs for the requested infrastructure change exist, they are recommended; otherwise, the requesting entity is presented with the recommendation for the requested infrastructure change along with a list of required approvals and approvers.

Abstract: A harmonized governance system for a heterogeneous agile environment affords abstraction and normalization of resources, operations, and roles, and respective attributes and contexts of such resources, operations, and roles, of respective individual agile environments that make up the heterogeneous agile environment. Such abstraction frees administrators from having to understand and be conversant in agile environment-specific syntaxes required for management of the different agile environments, and allows for normalized reporting and auditing across them. Data sources of the harmonized governance system store information mappings that facilitate this abstraction and normalization of the agile environment-specific syntaxes and as new attributes and contexts of resources, operations, and roles of the agile environment-specific syntax are discovered they are mapped to new counterparts in a heterogeneous agile environment syntax.

Abstract: A harmonized governance system for a heterogeneous agile environment affords abstraction and normalization of resources, operations, and roles, and respective attributes and contexts of such resources, operations, and roles, of respective individual agile environments that make up the heterogeneous agile environment. Such abstraction frees administrators from having to understand and be conversant in agile environment-specific syntaxes required for management of the different agile environments, and allows for normalized reporting and auditing across them. Data sources of the harmonized governance system store information mappings that facilitate this abstraction and normalization of the agile environment-specific syntaxes and as new attributes and contexts of resources, operations, and roles of the agile environment-specific syntax are discovered they are mapped to new counterparts in a heterogeneous agile environment syntax.

Abstract: A harmonized governance system for a heterogeneous agile environment affords abstraction and normalization of resources, operations, and roles, and respective attributes and contexts of such resources, operations, and roles, of respective individual agile environments that make up the heterogeneous agile environment. Such abstraction frees administrators from having to understand and be conversant in agile environment-specific syntaxes required for management of the different agile environments, and allows for normalized reporting and auditing across them. Data sources of the harmonized governance system store information mappings that facilitate this abstraction and normalization of the agile environment-specific syntaxes and as new attributes and contexts of resources, operations, and roles of the agile environment-specific syntax are discovered they are mapped to new counterparts in a heterogeneous agile environment syntax.

Abstract: An agile governance system provides recommendations for infrastructure change requests concerning a cloud-based computer environment in accordance with security policies regarding data to be used in connection with applications impacted by the requests. The nature and character of the data is determined using an interactive dialog with a requesting entity. Possible responses provided by the requesting entity are mapped to security policy requirements, which, in turn, are used to determine infrastructure stack requirements. Where pre-approved solutions that satisfy the security needs for the requested infrastructure change exist, they are recommended; otherwise, the requesting entity is presented with the recommendation for the requested infrastructure change along with a list of required approvals and approvers.

Abstract: A service request for a managed computer system is received and once a primary authorization for same has been given, a secondary authorization management system (SAMS) determines whether or not the service request requires secondary authorization. This determination is made according to a context of the managed computer system and an authorization profile for the received service request. If needed, the SAMS resolves the secondary authorization request and returns the resolution decision.

Abstract: Virtualization platforms and management clients therefor are communicatively coupled to one another via a control layer logically disposed therebetween. The control layer is configured to proxy virtualization management commands from the management clients to the virtualization platforms, but only after successful authentication of users (which may include automated agents and processes) issuing those commands and privileges of those users as defined by access control information accessible to the control layer. The control layer may be instantiated as an application running on a physical appliance logically interposed between the virtualization platforms and management clients, or a software package running on dedicated hardware logically interposed between the virtualization platforms and management clients, or as an application encapsulated in a virtual machine running on a compatible virtualization platform logically interposed between the virtualization platforms and management client.

Abstract: A method and apparatus to provide an authoring tool enabling a user to create content and to selectively encrypt content is described. The encryption is designed to associate an entitlement with the content, the entitlement restricting access to the content. The system in one embodiment further includes a reading tool to access various content, the reading tool to enable an integrated reading of clear-text content and encrypted content. The system, in one embodiment, is designed to interact with a secure content service to provide a decryption key when an authorized user wishes to access the encrypted content.

Abstract: A service request for a managed computer system is received and once a primary authorization for same has been given, a secondary authorization management system (SAMS) determines whether or not the service request requires secondary authorization. This determination is made according to a context of the managed computer system and an authorization profile for the received service request. If needed, the SAMS resolves the secondary authorization request and returns the resolution decision.

Abstract: A service request for a managed computer system is received and once a primary authorization for same has been given, a secondary authorization management system (SAMS) determines whether or not the service request requires secondary authorization. This determination is made according to a context of the managed computer system and an authorization profile for the received service request. If needed, the SAMS resolves the secondary authorization request and returns the resolution decision.

Abstract: Resources of a virtualized ecosystem are intelligently secured by defining and analyzing object handling security control information for one or more logical resources in the virtualized ecosystem and deriving therefrom object properties for each of the logical resources involved in the execution of a virtual machine in any given context within the virtualized ecosystem.

Abstract: An identity management deployment, interoperability, and compliance verification is discussed. In one embodiment, the system also provides on-demand services including automated certification, monitoring, alerting, routing, and translation of tokens for federated identity related interactions between multi-domain identity management systems is provided.

Abstract: An automated configuration management system (ACMS) oversees resources of a virtualized ecosystem by establishing a baseline configuration (including, e.g., security controls) for the resources; and, repeatedly, monitoring and collecting data from the resources, analyzing the data collected, making recommendations concerning configuration changes for the resources of the virtualized ecosystem based on the analysis, and either adopting and implementing the recommendations or not, wherein new states of the virtualized ecosystem and reactions to recommended changes are observed and applied in the form of new recommendations, and/or as adjustments to the baseline. The recommendations may be implemented automatically or only upon review by an administrator before being implemented or not.

Abstract: A method and apparatus to provide identity management deployment interoperability and compliance verification. In one embodiment, the system also provides on-demand services including automated certification, monitoring, alerting, routing, and translation of tokens for federated identity related interactions between multi-domain identity management systems is provided.

Abstract: Resources of a virtualized ecosystem are intelligently secured by defining and analyzing object handling security control information for one or more logical resources in the virtualized ecosystem and deriving therefrom object properties for each of the logical resources involved in the execution of a virtual machine in any given context within the virtualized ecosystem.

Abstract: An automated configuration management system (ACMS) oversees resources of a virtualized ecosystem by establishing a baseline configuration (including, e.g., security controls) for the resources; and, repeatedly, monitoring and collecting data from the resources, analyzing the data collected, making recommendations concerning configuration changes for the resources of the virtualized ecosystem based on the analysis, and either adopting and implementing the recommendations or not, wherein new states of the virtualized ecosystem and reactions to recommended changes are observed and applied in the form of new recommendations, and/or as adjustments to the baseline. The recommendations may be implemented automatically or only upon review by an administrator before being implemented or not.

Abstract: An automated configuration management system (ACMS) oversees resources of a virtualized ecosystem by establishing a baseline configuration (including, e.g., security controls) for the resources; and, repeatedly, monitoring and collecting data from the resources, analyzing the data collected, making recommendations concerning configuration changes for the resources of the virtualized ecosystem based on the analysis, and either adopting and implementing the recommendations or not, wherein new states of the virtualized ecosystem and reactions to recommended changes are observed and applied in the form of new recommendations, and/or as adjustments to the baseline. The recommendations may be implemented automatically or only upon review by an administrator before being implemented or not.

Abstract: Virtualization platforms and management clients therefor are communicatively coupled to one another via a control layer logically disposed therebetween. The control layer is configured to proxy virtualization management commands from the management clients to the virtualization platforms, but only after successful authentication of users (which may include automated agents and processes) issuing those commands and privileges of those users as defined by access control information accessible to the control layer. The control layer may be instantiated as an application running on a physical appliance logically interposed between the virtualization platforms and management clients, or a software package running on dedicated hardware logically interposed between the virtualization platforms and management clients, or as an application encapsulated in a virtual machine running on a compatible virtualization platform logically interposed between the virtualization platforms and management clients.