CN-121986330-A - Policies, i.e., code, for data asset and repair in cloud environments

Abstract

A system (100; 200; 500-700) and support methods (300, 400) are capable of receiving (302) a computer encoding policy for execution in a control plane associated with a cloud environment to provide data governance in a data plane using one or more data assets of the cloud environment, wherein the one or more data assets are automatically associated (310) to the computer encoding policy using a set of predetermined rules associated with the computer encoding policy and using annotations associated with the one or more data assets, and wherein dynamic modification (404) is performed on the annotations based in part on real-time modification to the computer encoding policy to allow monitoring (406) content of the one or more data assets in accordance with the computer encoding policy and performing (412) a repair action associated with the one or more data assets in response to a violation associated with the computer encoding policy.

Inventors

• Scott Lunda
• Alyssa Parker Wood
• Amandip Kurana
• Jai Prakash Chabria

Assignees

• 亚马逊技术公司

Dates

Publication Date

20260505

Application Date

20240919

Priority Date

20230925

Claims (15)

1. 1. A system (100; 200;500 to 700) is characterized in that: At least one processor (612; 702), and A memory (610, 612, 712) storing instructions that, when executed by the at least one processor, cause the system to: receiving (302) a computer encoding policy executed in a control plane (106) associated with a cloud environment (102), the computer encoding policy associated with data governance in a data plane (104) using one or more data assets (116) of the cloud environment; Automatically associate (310) the one or more data assets to the computer encoding policy using a set of predetermined rules associated with the computer encoding policy and using annotations associated with the one or more data assets; performing one or more dynamic changes to the annotation based in part on the real-time changes to the computer encoding policy (404); Monitoring (406) the content of the one or more data assets according to the computer encoding strategy, and A repair action associated with the one or more data assets is performed (412) in response to the violation associated with the computer encoding policy.
2. 2. The system of claim 1, wherein the computer encoding policy includes policy parameters (128) associated with one or more of a retention rule, a deletion rule, a data filtering rule, a data disclosure rule, a data hosting rule, or a region rule.
3. 3. The system of claim 1, wherein the memory includes the instructions that, when executed by the at least one processor, cause the system to: Providing an interface (124) to enable definition of policy types and matching rules to be part of the computer-encoded policies, wherein the matching rules are associated with a catalog and the annotations to enable the system to perform automatic association of the one or more data assets to the computer-encoded policy association policies, and The one or more data assets associated with the policy type and the matching rule are determined using a semantic subsystem.
4. 4. The system of claim 1, wherein the memory includes the instructions that, when executed by the at least one processor, cause the system to: Providing test parameters of the computer encoding strategy, the test parameters defining one or more compliance thresholds for the one or more data assets, and Providing a plurality of repair actions for the one or more data assets, wherein the repair actions performed for the one or more data assets are provided from the plurality of repair actions based on at least one of the one or more compliance thresholds being violated.
5. 5. The system of claim 1, wherein the memory includes the instructions that, when executed by the at least one processor, cause the system to: generating the instructions based in part on executing the computer-encoded policies in the control plane, and A delete or add is performed in a retention table based in part on the instructions to force the repair action associated with the one or more data assets.
6. 6. The system of claim 1, wherein the repair action is one of altering access control to a data store of the one or more data assets or performing a soft or hard delete to clear non-compliant data of the one or more data assets.
7. 7. A computer-implemented method (300, 400), characterized by: receiving (302) a computer encoding policy for data governance using one or more data assets within a cloud environment; automatically associating (310) the one or more data assets to the computer encoding policy based at least in part on one or more predefined functions of the one or more data assets; Implementing a dynamic change (404) to add or remove the determined one of the one or more data assets, and A repair action associated with the one or more data assets is performed (412) in response to the violation associated with the computer encoding policy.
8. 8. The computer-implemented method of claim 7, further characterized by: Providing an interface to enable definition of policy types and matching rules to be part of the computer encoding policy, wherein the matching rules are associated with a catalog and the annotation to enable the system to perform automatic association of the one or more data assets to the computer encoding policy association policy, and The one or more data assets associated with the policy type and the matching rule are determined using a semantic subsystem.
9. 9. The computer-implemented method of claim 7, further characterized by: Providing test parameters of the computer encoding strategy, the test parameters defining one or more compliance thresholds for the one or more data assets, and Providing a plurality of repair actions for the one or more data assets, wherein the repair actions performed for the one or more data assets are provided from the plurality of repair actions based on at least one of the one or more compliance thresholds being violated.
10. 10. The computer-implemented method of claim 7, further characterized by: Generating instructions based in part on executing the computer encoding strategy in a control plane of the cloud environment, and A delete or add is performed in a retention table based in part on the instructions to force the repair action associated with the one or more data assets.
11. 11. The computer-implemented method of claim 7, further characterized by: enabling a preview action associated with the computer encoding policy using an interface of a control plane, wherein the computer encoding policy applies to the representation of the one or more data assets; providing results associated with repair actions or violations for the representation of the one or more data assets, and The computer encoding policy is allowed to be issued to take action on the one or more data assets.
12. 12. A non-transitory computer storage medium (610, 612; 712) stores instructions configured to instruct at least one computing device (100; 200;500 to 700): receiving (302) a computer encoding policy for data governance using one or more data assets within a cloud environment; Automatically associating (310) the one or more data assets to the computer encoding policy based at least in part on a predefined function of the one or more data assets; Implementing (404) a dynamic change to add or remove the determined one of the one or more data assets, and A repair action associated with the one or more data assets is performed (412) in response to the violation associated with the computer encoding policy.
13. 13. The non-transitory computer storage medium of claim 12, wherein the instructions are configured to instruct at least one computing device to further: Providing an interface to enable definition of policy types and matching rules to be part of the computer encoding policy, wherein the matching rules are associated with a catalog and the annotation to enable the system to perform automatic association of the one or more data assets to the computer encoding policy association policy, and The one or more data assets associated with the policy type and the matching rule are determined using a semantic subsystem.
14. 14. The non-transitory computer storage medium of claim 12, wherein the instructions are configured to instruct at least one computing device to further: Providing test parameters of the computer encoding strategy, the test parameters defining one or more compliance thresholds for the one or more data assets, and Providing a plurality of repair actions for the one or more data assets, wherein the repair actions performed for the one or more data assets are provided from the plurality of repair actions based on at least one of the one or more compliance thresholds being violated.
15. 15. The non-transitory computer storage medium of claim 12, wherein the instructions are configured to instruct at least one computing device to further: generating the instructions based in part on executing the computer-encoded policies in the control plane, and A delete or add is performed in a retention table based in part on the instructions to force the repair action associated with the one or more data assets.

Description

Policies, i.e., code, for data asset and repair in cloud environments Cross Reference to Related Applications This is PCT application No. 18/372,390 of U.S. non-provisional patent application entitled POLICY-AS-CODE FOR use in cloud environments DATA ASSETS AND REMEDIATION IN CLOUD ENVIRONMENTS, filed on 9 and 25 of 2023, the entire contents of which are incorporated herein by reference FOR all purposes and purposes. Background Data producers and data consumers may be supported by intermediate data governance features consisting of hardware and software in a cloud environment. The data producer may be an aggregator of data from different sources and accounts, and may be a provider of such data for use by the data consumer in services such as marketing and analysis by an end user or client. The data field of the intermediate data governance feature allows the data producer to catalog data by business context (such as sales, marketing, quality, and other contexts). The data fields may support some of the policies therein to provide data governance, and may support subdomains for categories or end users or clients to implement policies. Policy-constrained data may be referenced by its data assets, which may be representations of metadata of the data, including table names, column types, aliases, business descriptions, classifications, and so forth. The data itself may be presented as a data object, such as a table, dashboard, file, or virtual data object. However, such policy implementations still lack support for the centralized ability to coordinate, manage and monitor data policies and data lifecycle actions. For example, such policy implementations may not fully support policy compliance for different asset types, invocation of correct data lifecycle actions, and reporting for dashboards that can link data management tasks to compliance. Drawings Embodiments herein will be described with reference to the accompanying drawings, in which: FIG. 1 illustrates a block diagram of a system for performing repair actions in response to violations associated with computer coding policies in accordance with at least one embodiment. FIG. 2 illustrates a block diagram of interface details in a system for repair actions in response to violations associated with computer coding strategies in accordance with at least one embodiment. FIG. 3 illustrates a flowchart or method used by a system for repair actions in response to violations associated with computer coding strategies in accordance with at least one embodiment. FIG. 4 illustrates another flow diagram or method used by a system for repair actions in response to violations associated with computer coding strategies in accordance with at least one embodiment. FIG. 5 illustrates an example inclusive network computing environment in which aspects of the various embodiments may be implemented. FIG. 6 illustrates example components of a server that may be used to perform at least a portion of a repair action in response to violations associated with a computer coding policy, in accordance with various embodiments. FIG. 7 illustrates example components of a computing device that may be used to implement the input, processing, monitoring, and other aspects of the various embodiments. Detailed Description Systems and methods according to at least one embodiment described herein may overcome one or more of the above-described drawbacks, as well as other such drawbacks in methods of data governance using codes (referred to herein as "policies or codes"), to provide the ability for a control plane to dynamically and real-time data governance to a data plane. In at least one embodiment, such a system includes at least one processor to execute instructions from a memory to cause the system to receive a computer encoding policy to execute in a control plane associated with a cloud environment. The computer encoding policy may be associated with data governance in the data plane using one or more data assets of the cloud environment. The system will automatically associate one or more data assets to the computer encoding strategy. For example, the system may use predefined rules associated with a computer encoding policy, as well as annotations associated with one or more data assets. Such a system may support dynamic changes to one or more data assets based in part on real-time changes to computer encoding policies. Such a system may also include functionality to monitor one or more data assets in accordance with a computer encoding strategy. The system may perform a repair action associated with one or more data assets in response to a violation associated with a computer encoding policy. In at least one embodiment, such dynamic and real-time data governance methods provide functionality in a cloud environment that simplifies compliance with policies, including compliance with data privacy regulations throughout the data lifecycle. The computer encoded policies of the system ext