Abstract: Datasets can be synchronized across cloud-based computer environments using computer systems. A data map can be generated for source datasets for a plurality of computing environments, respectively, and an activation function can be determined based on the data map, for simultaneously activating a new dataset of a source system from one of the plurality of computing environments. A generation ID (identification) can be shared from the source system with one or more computing environments of the plurality of the computing environments, in response to receiving the activation function. The new dataset of the source system can be replicated across the one or more computing environments. A data synchronization trigger can be activated, using a synchronization coordinator module of the computer, and the data synchronization can be completed across the plurality of computing environments.

Abstract: Datasets can be synchronized across cloud-based computer environments using computer systems. A data map can be generated for source datasets for a plurality of computing environments, respectively, and an activation function can be determined based on the data map, for simultaneously activating a new dataset of a source system from one of the plurality of computing environments. A generation ID (identification) can be shared from the source system with one or more computing environments of the plurality of the computing environments, in response to receiving the activation function. The new dataset of the source system can be replicated across the one or more computing environments. A data synchronization trigger can be activated, using a synchronization coordinator module of the computer, and the data synchronization can be completed across the plurality of computing environments.

Abstract: A method includes: receiving, by a computing device, a microservice code from a user device; identifying, by the computing device, a service used by the microservice code; identifying, by the computing device, the service in a target cloud platform; generating, by the computing device, a modified microservice code by adding a predefined code template to the microservice code, the predefined code template being associated with the service in the target cloud platform; receiving, by the computing device, user input defining a value of a parameter in the predefined code template in the modified microservice code; and generating, by the computing device, a new deployment file for the target cloud platform based on the modified microservice code.

Abstract: For providing computing resources to a user a liaison service initializes communication for first and second computing resources for the user. The liaison services communicate between the user and the computing resources. The communicating authenticates respective requests by the user for the respective first and second computing resources. Initializing the first and second computing resource services for the user by the liaison service includes providing, to the user via the liaison service, respective first and second account identifiers for the respective first and second computing resource services and includes storing in association with the first and second account identifiers, by the liaison service in a user password vault, respective first and second computing resource key identifiers.

Abstract: Data item transfer between mobile devices is provided. Network association and proximity of a plurality of mobile devices of a requested data item by a requesting mobile device are determined using a shared ledger of mobile device inventory data, mobile device network connection data, and mobile device geolocation data. A target mobile device that contains the requested data item, is connected to a same local network as the requesting mobile device, and is geographically located proximate with a threshold to the requesting mobile device is identified based on the determined network association and proximity of the plurality of mobile devices and data in the shared ledger. A transfer of the requested data item from the target mobile device to the requesting mobile device is initiated via the same local network based on mobile device management policies.

Abstract: For providing computing resources to a user a liaison service initializes communication for first and second computing resources for the user. The liaison services communicate between the user and the computing resources. The communicating authenticates respective requests by the user for the respective first and second computing resources. Initializing the first and second computing resource services for the user by the liaison service includes providing, to the user via the liaison service, respective first and second account identifiers for the respective first and second computing resource services and includes storing in association with the first and second account identifiers, by the liaison service in a user password vault, respective first and second computing resource key identifiers.

Abstract: Aspects of the present invention provide a negotiative chat bot that executes a back-end security process to resolve a status of a suspicious input as safe or unsafe; creates conversational chat bot messages that request content subject matter in response that are different from content of the suspicious request or chat bot message responses from the identified user; and generate and present conversational chat bot messages that present created conversational chat bot message content in a style that matches a preferred conversational style of the identified user. Aspects iteratively repeating presenting conversational chat bot messages requesting subject matter content different from subsequent conversational chat bot message responses in the style that matches the preferred conversational style, until determining that the suspicious input status is resolved.

Abstract: A computer-implemented method for distributing digital certificates. A request for a digital certificate is received from a requesting system. A deployment challenge is sent to the trust agent running on the requesting system. A response to the deployment challenge is received from the trust agent running on the requesting system. The response to the deployment challenge is evaluated to determine whether the response is correct. The digital certificate is distributed to the requesting system in response to a determination that the response to the deployment challenge is correct.

Abstract: A system and non-transitory computer program product for distributing digital certificates. A request for a digital certificate is received from a requesting system. A deployment challenge is sent to the trust agent running on the requesting system. A response to the deployment challenge is received from the trust agent running on the requesting system. The response to the deployment challenge is evaluated to determine whether the response is correct. The digital certificate is distributed to the requesting system in response to a determination that the response to the deployment challenge is correct.

Abstract: Technologies for providing software code and data with in-memory protection through runtime memory encryption are described. A service comprising an integration component (an interface set) receives software program code and data that is to be protected in one or more protected areas of execution in memory. The integration component can integrate with a software development pipeline. The service (e.g. a wrapper engine component thereof) obtains the software program code and wraps the software program code and the data into a wrapped component. The service generates a secure counterpart program for executing in one or more protected areas of execution in memory (e.g., an enclave).

Abstract: Data item transfer between mobile devices is provided. Network association and proximity of a plurality of mobile devices of a requested data item by a requesting mobile device are determined using a shared ledger of mobile device inventory data, mobile device network connection data, and mobile device geolocation data. A target mobile device that contains the requested data item, is connected to a same local network as the requesting mobile device, and is geographically located proximate with a threshold to the requesting mobile device is identified based on the determined network association and proximity of the plurality of mobile devices and data in the shared ledger. A transfer of the requested data item from the target mobile device to the requesting mobile device is initiated via the same local network based on mobile device management policies.

Abstract: A user state tracking and anomaly detector for multi-tenant SaaS applications operates in association with a log management solution, such as a SIEM. A given SaaS application has many user STATES, and the applications often have dependencies on one another that arise, for example, when a particular application makes a request (typically on behalf of a user) to take some action with respect to another application. The detector includes a mapper that maps the large number of user STATES to a reduced number of mapped states (e.g., “red” and “green”), and a dependency module that generates user-resource dependency graphs. Using a dependency graph, a SaaS modeler in the detector checks whether a particular dependency-based request associated with a SaaS application is valid. State and dependency information generated by the mapper and dependency module are reported back to the log management solution to facilitate improved logging and anomaly detection.

Abstract: This disclosure provides the ability for a cloud application to specify its security requirements, the ability to have those requirements evaluated, e.g., against a specific cloud deployment environment, and the ability to enable the application to control a cloud-based security assurance service to provision additional security technology in the cloud to support deployment (or re-deployment elsewhere) of the application if the environment does not have the necessary topology and security resources deployed. To this end, the application queries the service by passing a set of application-based security rights. If the security capabilities provided by the security assurance service are sufficient or better than the application's security rights, the application functions normally. If, however, the security environment established by the security assurance service is insufficient for the application, the application is afforded one or more remediation options, e.g.

Abstract: Aspects of the present invention provide a negotiative chat bot that executes a back-end security process to resolve a status of a suspicious input as safe or unsafe; creates conversational chat bot messages that request content subject matter in response that are different from content of the suspicious request or chat bot message responses from the identified user; and generate and present conversational chat bot messages that present created conversational chat bot message content in a style that matches a preferred conversational style of the identified user. Aspects iteratively repeating presenting conversational chat bot messages requesting subject matter content different from subsequent conversational chat bot message responses in the style that matches the preferred conversational style, until determining that the suspicious input status is resolved.

Abstract: Using mobile devices in a gesture based security system is described. An image based feed is received from a camera incorporated in a first mobile device. The first mobile device is in communication with the gesture based security system. The camera has a view of one of a plurality of secured areas monitored by the gesture based security system. A gesture is recognized within the feed. Non-gesture metadata from the mobile device is associated with the recognized gesture. The non-gesture metadata is used to determine that the image based feed is a view of a first secured area of the plurality of secured areas. The determination whether the recognized gesture is an approved gesture within the first secured area is made according to non-gesture metadata associated with the recognized gesture.

Abstract: A computer-implemented method for distributing digital certificates. A request for a digital certificate is received from a requesting system. A deployment challenge is sent to the trust agent running on the requesting system. A response to the deployment challenge is received from the trust agent running on the requesting system. The response to the deployment challenge is evaluated to determine whether the response is correct. The digital certificate is distributed to the requesting system in response to a determination that the response to the deployment challenge is correct.

Abstract: A computer-implemented method, system, and non-transitory computer program product for distributing digital certificates. A request for a digital certificate is received from a requesting system. A deployment challenge is sent to the trust agent running on the requesting system. A response to the deployment challenge is received from the trust agent running on the requesting system. The response to the deployment challenge is evaluated to determine whether the response is correct. The digital certificate is distributed to the requesting system in response to a determination that the response to the deployment challenge is correct.

Abstract: Technologies for providing software code and data with in-memory protection through runtime memory encryption are described. A service comprising an integration component (an interface set) receives software program code and data that is to be protected in one or more protected areas of execution in memory. The integration component can integrate with a software development pipeline. The service (e.g. a wrapper engine component thereof) obtains the software program code and wraps the software program code and the data into a wrapped component. The service generates a secure counterpart program for executing in one or more protected areas of execution in memory (e.g., an enclave).

Abstract: A user state tracking and anomaly detector for multi-tenant SaaS applications operates in association with a log management solution, such as a SIEM. A given SaaS application has many user STATES, and the applications often have dependencies on one another that arise, for example, when a particular application makes a request (typically on behalf of a user) to take some action with respect to another application. The detector includes a mapper that maps the large number of user STATES to a reduced number of mapped states (e.g., “red” and “green”), and a dependency module that generates user-resource dependency graphs. Using a dependency graph, a SaaS modeler in the detector checks whether a particular dependency-based request associated with a SaaS application is valid. State and dependency information generated by the mapper and dependency module are reported back to the log management solution to facilitate improved logging and anomaly detection.

Abstract: A cloud infrastructure security assurance service is enhanced to facilitate bursting of cloud applications into other cloud infrastructures. The security assurance service provides a mechanism to enable creation and management of secure application zones within a cloud infrastructure. When the security assurance service receives an indication that a workload associated with a cloud application triggers a cloud burst, the service is extended into a new cloud infrastructure. Once the security assurance service is instantiated in the new cloud infrastructure, it identifies the broad security requirements of the application, as well as the security capabilities of the new environment. Using this information, the security assurance service computes a minimal security environment needed by the cloud application for the burst operation.