Abstract: This disclosure provides the ability for a cloud application to specify its security requirements, to ability to have those requirements evaluated, e.g., against a specific cloud deployment environment, and the ability to enable the application to control a cloud-based security assurance service to provision additional security technology in the cloud to support deployment (or re-deployment elsewhere) of the application if the environment does not have the necessary topology and security resources deployed. To this end, the application queries the service by passing a set of application-based security rights. If the security capabilities provided by the security assurance service are sufficient or better than the application's security rights, the application functions normally. If, however, the security environment established by the security assurance service is insufficient for the application, the application is afforded one or more remediation options, e.g.

Abstract: A cloud infrastructure security assurance service is enhanced to facilitate bursting of cloud applications into other cloud infrastructures. The security assurance service provides a mechanism to enable creation and management of secure application zones within a cloud infrastructure. When the security assurance service receives an indication that a workload associated with a cloud application triggers a cloud burst, the service is extended into a new cloud infrastructure. Once the security assurance service is instantiated in the new cloud infrastructure, it identifies the broad security requirements of the application, as well as the security capabilities of the new environment. Using this information, the security assurance service computes a minimal security environment needed by the cloud application for the burst operation.

Abstract: A technique to enforce a physical security constraint leverages a user's mobile device while at the same time enabling the user to continue use of the device for appropriate purposes within a restricted area. A user's access to a restricted area with his or her mobile device in effect is “conditioned” upon installation (on the device) of an endpoint agent that controls features of the mobile device based on one or more factors, such as the user's role, a current location of the user within the restricted area, and other criteria as defined in a security policy. Preferably, the agent is instantiated automatically when the user enters the restricted area, with the device then restored to its prior state when the user leaves the restricted area. The particular features of the mobile device that are controlled may be varied, even within particular zones of the restricted area itself.

Abstract: A technique to enforce a physical security constraint leverages a user's mobile device while at the same time enabling the user to continue use of the device for appropriate purposes within a restricted area. A user's access to a restricted area with his or her mobile device in effect is “conditioned” upon installation (on the device) of an endpoint agent that controls features of the mobile device based on one or more factors, such as the user's role, a current location of the user within the restricted area, and other criteria as defined in a security policy. Preferably, the agent is instantiated automatically when the user enters the restricted area, with the device then restored to its prior state when the user leaves the restricted area. The particular features of the mobile device that are controlled may be varied, even within particular zones of the restricted area itself.