Detection and management of unauthorized use of cloud computing services
First Claim
1. A method comprising:
- aggregating, by a computing system comprising a processor, access logs from a plurality of network edge components communicatively coupled to an internal network;
obtaining, by the computer system, internet protocol information from the access logs, the internet protocol information comprising destination internet protocol addresses and source internet protocol addresses;
generating, by the computing system, a list of unique networks accessed from within the internal network based on the internet protocol information contained within the access logs;
identifying, by the computing system based on the internet protocol information, a cloud computing service resource that has been accessed from within the internal network;
determining, by the computing system, that the cloud computing service resource is not approved to be accessed from within the internal network, where the cloud computing service resource is designated as an unauthorized cloud computing service resource;
generating an unauthorized list comprising at least one source internet protocol address that has been used to access the unauthorized cloud computing service resource;
sending, to a vendor management team via the computing system comprising a processor, information about the unauthorized cloud computing service resource that has been accessed from within the internal network;
determining, by the computing system, based upon feedback received from the vendor management team, whether a vendor agreement exists between a first entity associated with the internal network and a second entity associated with the unauthorized cloud computing service resource that has been accessed from within the internal network;
in response to determining, based upon the feedback received from the vendor management team, that no vendor agreement exists between the first entity associated with the internal network and the second entity associated with the unauthorized cloud computing service resource, instructing, by the computing system, a network edge component to block access to the unauthorized cloud computing service resource from the internal network;
instructing, by the computing system, a device management application to identify any cloud computing service software applications that are installed on a computing device within the internal network;
determining, by the computing system, that a cloud computing service software application associated with the unauthorized cloud computing service resource is resident on the computing device within the internal network; and
appending, by the computing system, an internet protocol address associated with the computing device to the unauthorized list.
1 Assignment
0 Petitions
Accused Products
Abstract
Concepts and technologies disclosed herein are for detecting and managing unauthorized use of cloud computing services from within an internal network of a business or other organization. A computer system may be configured to identify a plurality of Web resources that have been accessed by computing devices from within the internal network. The computer system may also be configured to obtain Internet protocol (“IP”) information from a network component of the internal network. The IP information may be used to determine whether each of the plurality of Web resources is a cloud computing service resource. The computer system may also be configured to block access to a cloud computing service resource of the plurality of Web resources upon determining that the IP information identifies the cloud computing service resource as being unauthorized.
8 Citations
20 Claims
-
1. A method comprising:
-
aggregating, by a computing system comprising a processor, access logs from a plurality of network edge components communicatively coupled to an internal network; obtaining, by the computer system, internet protocol information from the access logs, the internet protocol information comprising destination internet protocol addresses and source internet protocol addresses; generating, by the computing system, a list of unique networks accessed from within the internal network based on the internet protocol information contained within the access logs; identifying, by the computing system based on the internet protocol information, a cloud computing service resource that has been accessed from within the internal network; determining, by the computing system, that the cloud computing service resource is not approved to be accessed from within the internal network, where the cloud computing service resource is designated as an unauthorized cloud computing service resource; generating an unauthorized list comprising at least one source internet protocol address that has been used to access the unauthorized cloud computing service resource; sending, to a vendor management team via the computing system comprising a processor, information about the unauthorized cloud computing service resource that has been accessed from within the internal network; determining, by the computing system, based upon feedback received from the vendor management team, whether a vendor agreement exists between a first entity associated with the internal network and a second entity associated with the unauthorized cloud computing service resource that has been accessed from within the internal network; in response to determining, based upon the feedback received from the vendor management team, that no vendor agreement exists between the first entity associated with the internal network and the second entity associated with the unauthorized cloud computing service resource, instructing, by the computing system, a network edge component to block access to the unauthorized cloud computing service resource from the internal network; instructing, by the computing system, a device management application to identify any cloud computing service software applications that are installed on a computing device within the internal network; determining, by the computing system, that a cloud computing service software application associated with the unauthorized cloud computing service resource is resident on the computing device within the internal network; and appending, by the computing system, an internet protocol address associated with the computing device to the unauthorized list. - View Dependent Claims (2, 3, 4, 5, 6)
-
-
7. A computer storage medium comprising computer-executable instructions that, when executed by a processor of a computing system, cause the computing system to perform operations comprising:
-
aggregating access logs from a plurality of network edge components communicatively coupled to an internal network; obtaining internet protocol information from the access logs, the internet protocol information comprising destination internet protocol addresses and source internet protocol addresses; generating a list of unique networks accessed from within the internal network based on the internet protocol information contained within the access logs; identifying, based on the internet protocol information, a cloud computing service resource that has been accessed from within the internal network; determining that the cloud computing service resource is not approved to be accessed from within the internal network, where the cloud computing service resource is designated as an unauthorized cloud computing service resource; generating an unauthorized list comprising at least one source internet protocol address that has been used to access the unauthorized cloud computing service resource; sending, to a vendor management team, information about the unauthorized cloud computing service resource that has been accessed from within the internal network; determining, based upon feedback received from the vendor management team, whether a vendor agreement exists between a first entity associated with the internal network and a second entity associated with the unauthorized cloud computing service resource that has been accessed from within the internal network; in response to determining, based upon the feedback received from the vendor management team, that no vendor agreement exists between the first entity associated with the internal network and the second entity associated with the unauthorized cloud computing service resource, instructing a network edge component to block access to the unauthorized cloud computing service resource from the internal network instructing a device management application to identify any cloud computing service software applications that are installed on a computing device within the internal network; determining that a cloud computing service software application associated with the unauthorized cloud computing service resource is resident on the computing device within the internal network; and appending an internet protocol address associated with the computing device to the unauthorized list. - View Dependent Claims (8, 9, 10, 11, 12)
-
-
13. A computing system comprising:
-
a processor; and memory that stores instructions that, when executed by the processor, cause the computing system to perform operations comprising aggregating access logs from a plurality of network edge components communicatively coupled to an internal network; obtaining internet protocol information from the access logs, the internet protocol information comprising destination internet protocol addresses and source internet protocol addresses; generating a list of unique networks accessed from within the internal network based on the internet protocol information contained within the access logs; identifying, based on the internet protocol information, a cloud computing service resource that has been accessed from within the internal network; determining that the cloud computing service resource is not approved to be accessed from within the internal network, where the cloud computing service resource is designated as an unauthorized cloud computing service resource; generating an unauthorized list comprising at least one source internet protocol address that has been used to access the unauthorized cloud computing service resource; sending, to a vendor management team, information about the unauthorized cloud computing service resource that has been accessed from within the internal network, determining, based upon feedback received from the vendor management team, whether a vendor agreement exists between a first entity associated with the internal network and a second entity associated with the unauthorized cloud computing service resource that has been accessed from within the internal network, in response to determining, based upon the feedback received from the vendor management team, that no vendor agreement exists between the first entity associated with the internal network and the second entity associated with the unauthorized cloud computing service resource, instructing a network edge component to block access to the unauthorized cloud computing service resource from the internal network instructing a device management application to identify any cloud computing service software applications that are installed on a computing device within the internal network; determining that a cloud computing service software application associated with the unauthorized cloud computing service resource is resident on the computing device within the internal network; and appending an internet protocol address associated with the computing device to the unauthorized list. - View Dependent Claims (14, 15, 16, 17, 18, 19, 20)
-
Specification