Cloud computing environments have turned around the manner in which business organizations examine the requirements and capacity to implement their data processing needs. A cloud computing environment may include capabilities where a cloud provider hosts hardware and related items and provides systems and computational power as a service to a customer or other user (e.g., individual consumers, business organizations, or other entities). When implementing data processing needs via a cloud vendor, a user does not need to bear the cost of space, energy, and maintenance in order to acquire the required computational resources at a reasonable cost.
In some instances, the cloud provider provides images and/or image bundles to the customer. In some instances, the cloud provider hosts images provided by the customer. As used herein, an “image” may refer to a virtual machine in a cloud environment. Certain virtual machines/images in a cloud environment may provide a specific service or set of specific services for use by a customer. These may be referred to herein as a “guest virtual machines.” The services provided by the guest virtual machines may be, for example, applications, data, or other services. For example, a customer may require use of an application that can be provided by a cloud vendor. However, the customer may not require a complete version of the application with all features, and may only need to use some features of the application. In such a scenario, the cloud vendor may customize the application for the customer and form a guest virtual machine supporting the application for use by the customer. Similarly, a snapshot of a database that has data for testing may be supported by a guest virtual machine and provided to a customer for use. Generally, any resource or application can be provided to or supported for a customer for a limited period of time in the cloud environment via a guest virtual machine. Once provided to the customer for a period of time, a guest virtual machine is deemed as leased for that period of time.
When a user is finished using a guest virtual machine, they may simply abandon use or may provide an indication that use has been temporarily or permanently terminated. Furthermore, other indicators that use is temporarily or permanently terminated may also occur (e.g., the expiration of a service contract). In some instances, a cloud environment provider may delete the environment or cleanup the content of guest virtual machines upon such termination. However, formal de-provisioning and clearance processes are not widely relied upon. While some clearing processes exist, they rely on the cloud provider to operate properly. Accordingly, the cloud consumer has no control over the process. Often, versions of a guest virtual machine may remain on the cloud provider environment after cleanup and may expose the machines to misuse. Furthermore, current systems do not include de-provisioning compliance reports or assurances that backup machines or other duplicate were destroyed. Consequently, there is a potential risk for data leftover on machines that are not deleted or re-instantiated to the basic state. Because data can be exposed in unused, dormant machines, there is a need to lock and prevent the use of guest virtual machines.
Protection is relevant not only from unauthorized users outside of an organization, but for internal cloud implementations internal security is also a relevant consideration such that segregation of information between departments within the same organization (e.g., finance, HR, sales, R&D, etc.) is desirable.
Accordingly, a solution is needed for verification of returned/checked-in/end-of-service images so that such guest virtual machines cannot be used again so that data left on such machines will not be exposed. Further, such attempted unauthorized activity should be exposed to validate regulation and compliance needs.