Browse Prior Art Database

Method and System for Privacy Preserving and Audit Compliant Reporting and Analysis of Individual Actions in Managed Cloud Environments

IP.com Disclosure Number: IPCOM000248992D
Publication Date: 2017-Jan-25
Document File: 3 page(s) / 53K

Publishing Venue

The IP.com Prior Art Database

Abstract

Disclosed are a method and system for proof of data locality with data privacy in a distributed environment. The method comprises a processor of a computer system that receives from a Privacy Enhanced Local Agent (PELA) a record (or set of records), where the PELA agent sends privacy enabled information about a user of the system hosting the PELA.

This text was extracted from a PDF file.
This is the abbreviated version, containing approximately 52% of the total text.

1

Method and System for Privacy Preserving and Audit Compliant Reporting and Analysis of Individual Actions in Managed Cloud Environments

Distributed environments such as managed cloud services rely on hundreds if not thousands of operational support personnel in a global resource model as well as local country teams to support in country options. This combination makes reporting on individual actions of systems administrators to customers difficult, if not impossible, as some organizations cannot keep track of the individual country privacy laws, nor can it realistically report on individual actions in a scenario that may include the potential for thousands of individuals.

The novel contribution is a method to provide obfuscation and normalization of actions such that organizations can report on users or classes of users to a customer, without violating the user’s individual privacy rights, while still providing the customer with meaningful information that can be used for both compliance and forensics purposes.

The novel method comprises the enablement of operator workstations that include:  A small agent, the Privacy Enhancing Log Agent (PELA)  The servers in question sending logs through a Local Log Intercept Agent (LLIA)

to instrument logs with the appropriate information to preserve privacy while adding the appropriate attributes to support reporting and risk analysis

 A Regulatory and Privacy Rules Dataset (RPRD) that defines the appropriate rules for what types of actions may be undertaken by operators from which countries and in which roles these operators may act

 A Risk Heuristics Repository (RHR) that includes guidelines and metrics to further refine the reporting results with annotations of perceived and actual risk of actions against the system

Implementing this method provides detailed information to support customer's audit/logging policies including access control and user lifecycle management. It does not require changes to existing operational tools or processes. The approach provides compliance...