Abstract: Systems, apparatus, articles of manufacture, and methods are disclosed for association of cloud accounts by instantiating or executing machine-readable instructions to in response to a linking request, associate a first cloud account and a second cloud account, where the association causes changes made to the first cloud account to be propagated to the second cloud account, store the association in a database, monitor a configuration of the first cloud account, and after a change in the configuration information of the first cloud account, apply the configuration information corresponding to the first cloud account to the second cloud account.

Abstract: An example apparatus comprises memory, first instructions, and programmable circuitry to be programmed by the first instructions to associate a first portion of metadata with a first category, the metadata corresponding to a cloud resource of a cloud account, associate a second portion of the metadata with a second category, and determine a template based on the first portion being greater than the second portion, the template associated with the first category, the template including second instructions to define a target state to be enforced on the cloud account.

Abstract: Methods and apparatus to manage infrastructure as code (IaC) implementations are disclosed, A disclosed example system to manage a shared computing resource includes programmable circuitry; and machine readable instructions to cause the programmable circuitry to: determine an IaC type associated with a request corresponding to the shared computing resource; select a template from a plurality of IaC templates based on the IaC type; and service the request based on the template.

Abstract: Systems, apparatus, articles of manufacture, and methods are disclosed for converting enforcement policy information into provisioning template information by instantiating or executing machine-readable instructions to determine a type of a first placeholder of a provisioning template with a plurality of placeholders, copy enforcement policy data corresponding to the determined type of the first placeholder, fill the first placeholder of the provisioning template with the copied enforcement policy data, and save the provisioning template.

Abstract: Systems, apparatus, articles of manufacture, and methods are disclosed to isolate state management in infrastructure as code environments. Disclosed is an apparatus comprising monitor a security infrastructure to determine a first state of the security infrastructure, the security infrastructure to control a function based on the first state, the function defined by an operating protocol; determine that the security infrastructure has transitioned to a second state, the second state associated with an alteration to the security infrastructure; determine whether the alteration of the security infrastructure associated with the second state is undesired, wherein the alteration being undesired corresponds to the function of the security infrastructure deviating from the operating protocol; and modify the security infrastructure by replacing the second state with a third state to counteract the deviation from the operating protocol corresponding to the second state.

Abstract: A method for securing a networked computer system executing an application includes identifying a vulnerable computer resource in the networked computer system, determining all computer resources in the networked computer system that are accessible from, or are accessed by, the vulnerable computer resource, and prioritizing implementation of a remediation action to secure the vulnerable computer resource if a vulnerability path extends from the vulnerable computer resource to a critical computer resource that contains sensitive information. The remediation action to secure the vulnerable computer resource is a safe remediation action that does not impact availability of the application executing on the networked computer system.

Abstract: A method for securing a networked computer system executing an application includes identifying a vulnerable computer resource in the networked computer system, determining all computer resources in the networked computer system that are accessible from, or are accessed by, the vulnerable computer resource, and prioritizing implementation of a remediation action to secure the vulnerable computer resource if a vulnerability path extends from the vulnerable computer resource to a critical computer resource that contains sensitive information. The remediation action to secure the vulnerable computer resource is a safe remediation action that does not impact availability of the application executing on the networked computer system.