Policy-based compliance management and remediation of devices in an enterprise system
First Claim
1. A method comprising:
- based on determining a non-compliance with a compliance policy for using a device with a first computer system of an organization, assessing, by a second computer system, based on the compliance policy, a level of non-compliance of the device;
establishing, by the second computer system, based on the compliance policy and the level of non-compliance, a time period for remediation of the non-compliance;
responsive to a request from the device for a computing resource at the first computer system, providing access to the computing resource based on the level of non-compliance, wherein the access to the computing resource is inhibited based on the level of non-compliance and based on determining that the time period for the remediation of the non-compliance has expired; and
instructing the device to perform an action to remedy the non-compliance upon expiration of the time period for remediation of the non-compliance.
1 Assignment
0 Petitions
Accused Products
Abstract
The present disclosure relates generally to managing compliance of remote devices that access an enterprise system. More particularly, techniques are disclosed for using a compliance policy to manage remediation of non-compliances of remote devices that access an enterprise system. A device access management system may be implemented to automate remediation of non-compliances of remote devices accessing an enterprise system. Remediation may be controlled based on different levels of non-compliance, each defined by one or more different non-compliances. In some embodiments, a level of non-compliance may be conditionally defined by one or more user roles for which non-compliance is assessed. Access to computing resources of an enterprise system may be controlled for a remote device based on compliance of the remote device. Access may be inhibited for those resources not permitted during a time period of a non-compliance.
126 Citations
20 Claims
-
1. A method comprising:
-
based on determining a non-compliance with a compliance policy for using a device with a first computer system of an organization, assessing, by a second computer system, based on the compliance policy, a level of non-compliance of the device; establishing, by the second computer system, based on the compliance policy and the level of non-compliance, a time period for remediation of the non-compliance; responsive to a request from the device for a computing resource at the first computer system, providing access to the computing resource based on the level of non-compliance, wherein the access to the computing resource is inhibited based on the level of non-compliance and based on determining that the time period for the remediation of the non-compliance has expired; and instructing the device to perform an action to remedy the non-compliance upon expiration of the time period for remediation of the non-compliance. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12)
-
-
13. A system comprising:
-
one or more processors; and a memory accessible to the one or more processors, wherein the memory stores instructions that, when executed by the one or more processors, cause the one or more processors to; based on determining a non-compliance with a compliance policy for using a device with a computer system of an organization, assess, based on the compliance policy, a level of non-compliance of the device; establish, based on the compliance policy and the level of non-compliance, a time period for remediation of the non-compliance; responsive to a request from the device for a computing resource at the computer system, provide access to the computing resource based on the level of non-compliance, wherein the access to the computing resource is inhibited based on the level of non-compliance and based on determining that the time period for the remediation of the non-compliance has expired; and instruct the device to perform an action to remedy the non-compliance upon expiration of the time period for remediation of the non-compliance. - View Dependent Claims (14, 15, 16)
-
-
17. A non-transitory computer-readable storage media storing one or more instructions that are executable by one or more processors to:
-
based on determining a non-compliance with a compliance policy for using a device with a first computer system of an organization, assess, by a second computer system, based on the compliance policy, a level of non-compliance of the device; establish, by the second computer system, based on the compliance policy and the level of non-compliance, a time period for remediation of the non-compliance; responsive to a request from the device for a computing resource at the first computer system, provide access to the computing resource based on the level of non-compliance, wherein the access to the computing resource is inhibited based on the level of non-compliance and based on determining that the time period for the remediation of the non-compliance has expired; and instruct the device to perform an action to remedy the non-compliance upon expiration of the time period for remediation of the non-compliance. - View Dependent Claims (18, 19, 20)
-
Specification