Continuous Compliance: Experiences, Challenges, and Opportunities

被引:6
|
作者
Filepp, Robert [1 ]
Adam, Constantin [1 ]
Hernandez, Milton [1 ]
Vukovic, Maja [1 ]
Anerousis, Nikos [2 ]
Zhang, Guan Qun [3 ]
机构
[1] IBM Corp, IBM TJ Watson Res Ctr, Yorktown Hts, NY 10562 USA
[2] IBM Corp, GTS Incubat Lab, San Jose, CA USA
[3] IBM Corp, IBM Res China, Beijing, Peoples R China
来源
2018 IEEE WORLD CONGRESS ON SERVICES (IEEE SERVICES 2018) | 2018年
关键词
compliance; container; hybrid cloud; cloud computing; security; regulation;
D O I
10.1109/SERVICES.2018.00029
中图分类号
TP [自动化技术、计算机技术];
学科分类号
0812 ;
摘要
IT compliance is an area of increasing attention and capital spend in enterprise IT environments. We present "Continuous Compliance", a framework that allows a managed IT services provider to automate the overall process of keeping IT assets conformant with enterprise policies, regulatory frameworks, and other best practices. Our framework applies to all cloud layers and service models: Infrastructure-, Platform-, and Software-as-a-Service. We describe our framework design, its operation, and the post-process analytics and reporting. We also examine remediation reports gathered from over 2,000 servers for a seven month period, graph the incidence of repeated remediations, and explore some reasons for gradually subsiding remediations.
引用
收藏
页码:31 / 32
页数:2
相关论文
共 50 条
  • [1] The GDPR Compliance and Access Control Systems: Challenges and Research Opportunities
    Daoudagh, Said
    Marchetti, Eda
    PROCEEDINGS OF THE 8TH INTERNATIONAL CONFERENCE ON INFORMATION SYSTEMS SECURITY AND PRIVACY (ICISSP), 2021, : 571 - 578
  • [2] Challenges for Continuous, Provable Security Service Level Agreement Management in Computing Continuum
    Bocianiak, Krzysztof
    Pawlikowski, Tomasz
    Podlasek, Aleksandra
    Wary, Jean-Philippe
    Wierzbowski, Jacek
    IEEE ACCESS, 2024, 12 : 152097 - 152107
  • [3] Challenges and Opportunities in Correctional Health Care Quality: A Descriptive Analysis of Compliance With NCCHC Standards
    Gibson, Brent R.
    Phillips, Gary
    JOURNAL OF CORRECTIONAL HEALTH CARE, 2016, 22 (04) : 280 - 289
  • [4] Continuous Compliance
    Kellogg, Martin
    Schaf, Martin
    Tasiran, Serdar
    Ernst, Michael D.
    2020 35TH IEEE/ACM INTERNATIONAL CONFERENCE ON AUTOMATED SOFTWARE ENGINEERING (ASE 2020), 2020, : 511 - 523
  • [5] Continuous Verification of Network Security Compliance
    Lorenz, Claas
    Clemens, Vera
    Schroetter, Max
    Schnor, Bettina
    IEEE TRANSACTIONS ON NETWORK AND SERVICE MANAGEMENT, 2022, 19 (02): : 1729 - 1745
  • [6] Security in cloud computing: Opportunities and challenges
    Ali, Mazhar
    Khan, Samee U.
    Vasilakos, Athanasios V.
    INFORMATION SCIENCES, 2015, 305 : 357 - 383
  • [7] Multimedia Applications and Security in MapReduce: Opportunities and Challenges
    Yu, Zhiwei
    Wang, Chaokun
    Thomborson, Clark
    Wang, Jianmin
    Lian, Shiguo
    Vasilakos, Athanasios V.
    CONCURRENCY AND COMPUTATION-PRACTICE & EXPERIENCE, 2012, 24 (17) : 2083 - 2101
  • [8] Cloud Adoption in Malaysia: Trends, Opportunities, and Challenges
    Abolfazli, Saeid
    Sanaei, Zohreh
    Tabassi, Ali
    Rosen, Steven
    Gani, Abdullah
    Khan, Samee U.
    IEEE CLOUD COMPUTING, 2015, 2 (01): : 60 - 68
  • [9] Security and Privacy in Smart Farming: Challenges and Opportunities
    Gupta, Maanak
    Abdelsalam, Mahmoud
    Khorsandroo, Sajad
    Mittal, Sudip
    IEEE ACCESS, 2020, 8 : 34564 - 34584
  • [10] Cloud Virtualization with Data Security: Challenges and Opportunities
    Abraham, Joshua Johnson
    Sunny, Christy
    Assisi, Anlin
    Jayapandian, N.
    PROCEEDING OF THE INTERNATIONAL CONFERENCE ON COMPUTER NETWORKS, BIG DATA AND IOT (ICCBI-2018), 2020, 31 : 865 - 872
12345