Search

US-20260129094-A1 - TECHNIQUES FOR MULTI-CLOUD DELEGATION OF COMPLIANCE EVIDENCES FOR SECURE EVIDENCE COLLECTION

US20260129094A1US 20260129094 A1US20260129094 A1US 20260129094A1US-20260129094-A1

Abstract

A system and method for multi-cloud delegation of compliance evidence data is presented. The method includes querying a user system using a fetched application programming interface (API) key; determining that the fetched API key matches an API key of the user system, wherein the API key of the user system is unique to the user system; collecting raw evidence data from the user system, upon determining that the fetched API key matches the API key of the user system; establishing connections with a plurality of datastores via an abstract layer, wherein the plurality of datastores is deployed at multiple cloud platforms; and storing the collected raw evidence data at the plurality of datastores over the established connections.

Inventors

  • Michael Kipnis
  • Omri ROSNER
  • Roni ALTSHULER
  • Alon MORGENSTERN
  • Or Yagel

Assignees

  • Anecdotes.ai, LTD

Dates

Publication Date
20260507
Application Date
20241105

Claims (19)

  1. 1 . A method for multi-cloud delegation of compliance evidence data, comprising: querying a user system using a fetched application programming interface (API) key; determining that the fetched API key matches an API key of the user system, wherein the API key of the user system is unique to the user system; collecting raw evidence data from the user system, upon determining that the fetched API key matches the API key of the user system; establishing connections with a plurality of datastores via an abstract layer, wherein the plurality of datastores is deployed at multiple cloud platforms; and storing the collected raw evidence data at the plurality of datastores over the established connections.
  2. 2 . The method of claim 1 , further comprising: discarding runtime data, wherein the runtime data includes the raw evidence data.
  3. 3 . The method of claim 1 , further comprising: initiating an evidence collection to collect the raw evidence data from the user system; and fetching the API key from a key datastore, wherein the key datastore is identified by the abstract layer.
  4. 4 . The method of claim 1 , wherein establishing the connections with the plurality of datastores further comprises: identifying the plurality of datastores and credentials based on user policies and metadata; fetching the credentials for each the plurality of datastores; and querying the plurality of datastores using the fetched credentials.
  5. 5 . The method of claim 4 , wherein the user policies and the API key are defined by a user entity associated with the user system.
  6. 6 . The method of claim 3 , wherein the initiating is performed according to a predetermined schedule.
  7. 7 . The method of claim 1 , wherein collecting the raw evidence data is performed separately per at least one of: system, account, and user entity.
  8. 8 . The method of claim 1 , wherein the raw evidence data are associated with metadata, wherein the metadata is at least one of: a user entity identifier (ID), an instance ID, a user system ID, an account ID, a collection time, and a compliance test result.
  9. 9 . The method of claim 4 , further comprising: retrieving the raw evidence data from a first datastore of the plurality of datastores upon matching the fetched credential to a credential of the first datastore; processing the raw evidence data as processed evidence data and to determine a compliance state to at least one framework; storing the processed evidence data in the first datastore; and discarding raw evidence data and the processed evidence data.
  10. 10 . A non-transitory computer readable medium having stored thereon instructions for causing a processing circuitry to execute a process, the process comprising: querying a user system using a fetched application programming interface (API) key; determining that the fetched API key matches an API key of the user system, wherein the API key of the user system is unique to the user system; collecting raw evidence data from the user system, upon determining that the fetched API key matches the API key of the user system; establishing connections with a plurality of datastores via an abstract layer, wherein the plurality of datastores is deployed at multiple cloud platforms; and storing the collected raw evidence data at the plurality of datastores over the established connections.
  11. 11 . A system for multi-cloud delegation of compliance evidences, comprising: a processing circuitry; and a memory, the memory containing instructions that, when executed by the processing circuitry, configure the system to: query a user system using a fetched application programming interface (API) key; determine that the fetched API key matches an API key of the user system, wherein the API key of the user system is unique to the user system; collect raw evidence data from the user system, upon determining that the fetched API key matches the API key of the user system; establish connections with a plurality of datastores via an abstract layer, wherein the plurality of datastores is deployed at multiple cloud platforms; and store the collected raw evidence data at the plurality of datastores over the established connections.
  12. 12 . The system of claim 11 , wherein the system is further configured to: discard runtime data, wherein the runtime data includes the raw evidence data.
  13. 13 . The system of claim 11 , wherein the system is further configured to: initiate an evidence collection to collect the raw evidence data from the user system; and fetch the API key from a key datastore, wherein the key datastore is identified by the abstract layer.
  14. 14 . The system of claim 11 , wherein the system is further configured to: identify the plurality of datastores and credentials based on user policies; fetch the credentials for each the plurality of datastores; and query the plurality of datastores using the fetched credentials.
  15. 15 . The system of claim 14 , wherein the user policies and the API key are defined by a user entity associated with the user system.
  16. 16 . The system of claim 13 , wherein the initiation is performed according to a predetermined schedule.
  17. 17 . The system of claim 11 , wherein collecting the raw evidence data is performed separately per at least one of: system, account, and user entity.
  18. 18 . The system of claim 11 , wherein the raw evidence data are associated with metadata, wherein the metadata is at least one of: a user entity identifier (ID), an instance ID, a user system ID, an account ID, a collection time, and a compliance test result.
  19. 19 . The system of claim 14 , wherein the system is further configured to: retrieve the raw evidence data from a first datastore of the plurality of datastores upon matching the fetched credential to a credential of the first datastore; process the raw evidence data to determine a compliance state to at least one framework; store the processed evidence data in the first datastore; and discard raw evidence data and the processed evidence data.

Description

TECHNICAL FIELD The present disclosure relates generally to security compliance, particularly for managing compliance evidences in multiple cloud environments. BACKGROUND Government, Risk, and Compliance (GRC) strategy is adopted and integrated in many organizations, big and small, in order to achieve organization objectives. Here, compliance indicates the organization's compliance with requirements of internal and/or external guidelines, also referred to as frameworks. Frameworks are widely accepted guidelines or standards that are established by external organizations for individuals, organizations, or the like to adhere to, in order to protect data that are handled and utilized. Common frameworks include, for example, but not limited to, Security and Compliance Standard (SOC), Health Insurance Portability and Accountability Act (HIPAA), Payment Card Industry Data Security Standard (PCI DSS), and the like. Stakeholders may leverage such frameworks to gauge the validity and/or security of the organization. Incompliance with frameworks can lead to adverse effects such as financial penalties, loss of operating licenses, investigations, and more. Thus, compliance with present and future processes, as well as activities to address such compliance requirements may be key features for the maintenance and healthy growth of the organization. Organizations can implement compliance programs that include tools, strategies, and the like, to ensure compliance at different stages and with frameworks. Based on their business sector, the organization may be more concerned with one framework over another. In many cases, organizations may be concerned about the organization's compliance with one or more frameworks. It has been identified that evidences may be collected from all parts of the organization to determine compliance. Evidences are data or documents such as, but not limited to, policies, manuals, standard operation procedures, regulatory mandates, training records, and the like, and more that suggest a compliance state (or posture) of the organization. Currently implemented techniques often rely on manual pulling of evidences, which are limited to isolated auditing and checking off of boxes in a list of audit requirements. The technique is manually performed at a specific time of need (e.g., before an audit, at reporting season, and the like). The static nature of the current techniques does not capture the ever-changing, exponential growth of the organization within and in relation to third-party entities. That is, compliance analyses and postures determined using currently implemented techniques may be limited in scope and out of date to provide inaccurate analyses of the organization's compliance. In order to provide accurate and encompassing analyses of compliance, evidences may be pulled from different portions of the organization's infrastructure, which may operate in one or more cloud environments, a local server or hardware, and the like, and any combination thereof. However, handling communications and data within such a variety of infrastructures that may have different configurations as well as compatibilities can be complex and challenging to implement. And further, exposing the organization's infrastructures and sensitive evidence data faces potential risks of privacy and security breaching. It would therefore be advantageous to provide a solution that would overcome the challenges noted above. SUMMARY A summary of several example embodiments of the disclosure follows. This summary is provided for the convenience of the reader to provide a basic understanding of such embodiments and does not wholly define the breadth of the disclosure. This summary is not an extensive overview of all contemplated embodiments, and is intended to neither identify key or critical elements of all embodiments nor to delineate the scope of any or all aspects. Its sole purpose is to present some concepts of one or more embodiments in a simplified form as a prelude to the more detailed description that is presented later. For convenience, the term “some embodiments” or “certain embodiments” may be used herein to refer to a single embodiment or multiple embodiments of the disclosure. Certain embodiments disclosed herein include a method for multi-cloud delegation of compliance evidence data. The method comprises: querying a user system using a fetched application programming interface (API) key; determining that the fetched API key matches an API key of the user system, wherein the API key of the user system is unique to the user system; collecting raw evidence data from the user system, upon determining that the fetched API key matches the API key of the user system; establishing connections with a plurality of datastores via an abstract layer, wherein the plurality of datastores is deployed at multiple cloud platforms; and storing the collected raw evidence data at the plurality of datastores over the established connections