CPC H04L 63/20 (2013.01) | 18 Claims |
1. An integrated control framework, comprising:
an application model layer that defines an application profile, an application model, and a target cloud environment for an application, the application comprising a plurality of application modules;
a control selection and parameterization layer comprising:
a standards catalog comprising a plurality of controls;
a controls catalog comprising control requirements for at least one of the target cloud environment, a jurisdiction, an industry standard, and a best practice; and
a controls selection engine that identifies a list of inline, preventive, detective and reactive controls for the application based on the application profile and an application module of the plurality of application modules;
a control configuration and deployment layer that configures selected controls from the plurality of controls to implement the list of inline, preventive, detective and reactive controls for the application based on the target cloud environment and the application model or the application profile, comprising:
a deployment pipeline that applies preventive controls and deploys the application, wherein the application passes the preventive controls;
a runtime validation module that deploys the detective controls on the application module to identify a deviation from an expected configuration or behavior;
an inline control module that deploys inline controls;
a runtime response module comprising reactive controls; and
a control-specific validation module that triggers a control-specific response module that applies a reactive control; and
an evidencing, visualization, and alerting layer comprising:
an event sink that receives control events from the inline controls and the control-specific response module;
an alerting module that generates an alert in response to a control event;
an evidencing repository that logs supporting information and results of decisions for the deployed controls to a log; and
a presentation layer that provides access to the evidencing repository.
|