Detection and management of unauthorized use of cloud computing services

US 10,122,724 B2
Filed: 11/30/2015
Issued: 11/06/2018
Est. Priority Date: 06/26/2012
Status: Active Grant

First Claim

Patent Images

1. A method comprising:

aggregating, by a computing system comprising a processor, access logs from a plurality of network edge components communicatively coupled to an internal network;

obtaining, by the computer system, internet protocol information from the access logs, the internet protocol information comprising destination internet protocol addresses and source internet protocol addresses;

generating, by the computing system, a list of unique networks accessed from within the internal network based on the internet protocol information contained within the access logs;

identifying, by the computing system based on the internet protocol information, a cloud computing service resource that has been accessed from within the internal network;

determining, by the computing system, that the cloud computing service resource is not approved to be accessed from within the internal network, where the cloud computing service resource is designated as an unauthorized cloud computing service resource;

generating an unauthorized list comprising at least one source internet protocol address that has been used to access the unauthorized cloud computing service resource;

sending, to a vendor management team via the computing system comprising a processor, information about the unauthorized cloud computing service resource that has been accessed from within the internal network;

determining, by the computing system, based upon feedback received from the vendor management team, whether a vendor agreement exists between a first entity associated with the internal network and a second entity associated with the unauthorized cloud computing service resource that has been accessed from within the internal network;

in response to determining, based upon the feedback received from the vendor management team, that no vendor agreement exists between the first entity associated with the internal network and the second entity associated with the unauthorized cloud computing service resource, instructing, by the computing system, a network edge component to block access to the unauthorized cloud computing service resource from the internal network;

instructing, by the computing system, a device management application to identify any cloud computing service software applications that are installed on a computing device within the internal network;

determining, by the computing system, that a cloud computing service software application associated with the unauthorized cloud computing service resource is resident on the computing device within the internal network; and

appending, by the computing system, an internet protocol address associated with the computing device to the unauthorized list.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Concepts and technologies disclosed herein are for detecting and managing unauthorized use of cloud computing services from within an internal network of a business or other organization. A computer system may be configured to identify a plurality of Web resources that have been accessed by computing devices from within the internal network. The computer system may also be configured to obtain Internet protocol (“IP”) information from a network component of the internal network. The IP information may be used to determine whether each of the plurality of Web resources is a cloud computing service resource. The computer system may also be configured to block access to a cloud computing service resource of the plurality of Web resources upon determining that the IP information identifies the cloud computing service resource as being unauthorized.

8 Citations

20 Claims

1. A method comprising:
- aggregating, by a computing system comprising a processor, access logs from a plurality of network edge components communicatively coupled to an internal network;
  
  obtaining, by the computer system, internet protocol information from the access logs, the internet protocol information comprising destination internet protocol addresses and source internet protocol addresses;
  
  generating, by the computing system, a list of unique networks accessed from within the internal network based on the internet protocol information contained within the access logs;
  
  identifying, by the computing system based on the internet protocol information, a cloud computing service resource that has been accessed from within the internal network;
  
  determining, by the computing system, that the cloud computing service resource is not approved to be accessed from within the internal network, where the cloud computing service resource is designated as an unauthorized cloud computing service resource;
  
  generating an unauthorized list comprising at least one source internet protocol address that has been used to access the unauthorized cloud computing service resource;
  
  sending, to a vendor management team via the computing system comprising a processor, information about the unauthorized cloud computing service resource that has been accessed from within the internal network;
  
  determining, by the computing system, based upon feedback received from the vendor management team, whether a vendor agreement exists between a first entity associated with the internal network and a second entity associated with the unauthorized cloud computing service resource that has been accessed from within the internal network;
  
  in response to determining, based upon the feedback received from the vendor management team, that no vendor agreement exists between the first entity associated with the internal network and the second entity associated with the unauthorized cloud computing service resource, instructing, by the computing system, a network edge component to block access to the unauthorized cloud computing service resource from the internal network;
  
  instructing, by the computing system, a device management application to identify any cloud computing service software applications that are installed on a computing device within the internal network;
  
  determining, by the computing system, that a cloud computing service software application associated with the unauthorized cloud computing service resource is resident on the computing device within the internal network; and
  
  appending, by the computing system, an internet protocol address associated with the computing device to the unauthorized list.
- View Dependent Claims (2, 3, 4, 5, 6)
- - 2. The method of claim 1, further comprising instructing, by the computing system, the device management application to delete the cloud computing service software application associated with the unauthorized cloud computing service resource.
  - 3. The method of claim 1, further comprising in response to determining, based upon the feedback received from the vendor management team, that a vendor agreement exists between the first entity associated with the internal network and the second entity associated with the unauthorized cloud computing service resource, removing, by the computing system, the unauthorized cloud computing service resource from the unauthorized list.
  - 4. The method of claim 1, wherein generating, by the computing system, the unauthorized list comprising the at least one source internet protocol address that has been used to access the unauthorized cloud computing service resource is based on searching the access logs from the plurality of network edge components.
  - 5. The method of claim 1, wherein determining, by the computing system, based upon the feedback received from the vendor management team, whether a vendor agreement exists between the first entity associated with the internal network and the second entity associated with the unauthorized cloud computing service resource comprises determining, by the computing system, based upon the feedback received from the vendor management team, whether the vendor agreement exists between an owner or operator associated with the internal network and an operator associated with the unauthorized cloud computing service resource.
  - 6. The method of claim 1, wherein determining, by the computing system, based upon the feedback received from the vendor management team, whether a vendor agreement exists between the first entity associated with the internal network and the second entity associated with the unauthorized cloud computing service resource comprises determining, by the computing system, based upon the feedback received from the vendor management team, whether the vendor agreement exists between the an owner or operator associated with the internal network and an owner associated with the unauthorized cloud computing service resource.

7. A computer storage medium comprising computer-executable instructions that, when executed by a processor of a computing system, cause the computing system to perform operations comprising:
- aggregating access logs from a plurality of network edge components communicatively coupled to an internal network;
  
  obtaining internet protocol information from the access logs, the internet protocol information comprising destination internet protocol addresses and source internet protocol addresses;
  
  generating a list of unique networks accessed from within the internal network based on the internet protocol information contained within the access logs;
  
  identifying, based on the internet protocol information, a cloud computing service resource that has been accessed from within the internal network;
  
  determining that the cloud computing service resource is not approved to be accessed from within the internal network, where the cloud computing service resource is designated as an unauthorized cloud computing service resource;
  
  generating an unauthorized list comprising at least one source internet protocol address that has been used to access the unauthorized cloud computing service resource;
  
  sending, to a vendor management team, information about the unauthorized cloud computing service resource that has been accessed from within the internal network;
  
  determining, based upon feedback received from the vendor management team, whether a vendor agreement exists between a first entity associated with the internal network and a second entity associated with the unauthorized cloud computing service resource that has been accessed from within the internal network;
  
  in response to determining, based upon the feedback received from the vendor management team, that no vendor agreement exists between the first entity associated with the internal network and the second entity associated with the unauthorized cloud computing service resource, instructing a network edge component to block access to the unauthorized cloud computing service resource from the internal networkinstructing a device management application to identify any cloud computing service software applications that are installed on a computing device within the internal network;
  
  determining that a cloud computing service software application associated with the unauthorized cloud computing service resource is resident on the computing device within the internal network; and
  
  appending an internet protocol address associated with the computing device to the unauthorized list.
- View Dependent Claims (8, 9, 10, 11, 12)
- - 8. The computer storage medium of claim 7, wherein the operations further comprise instructing the device management application to delete the cloud computing service software application associated with the unauthorized cloud computing service resource.
  - 9. The computer storage medium of claim 7, wherein the operations further comprise in response to determining, based upon the feedback received from the vendor management team, that a vendor agreement exists between the first entity associated with the internal network and the second entity associated with the unauthorized cloud computing service resource, removing the unauthorized cloud computing service resource from the unauthorized list.
  - 10. The computer storage medium of claim 9, wherein generating the unauthorized list comprising the at least one source internet protocol address that has been used to access the unauthorized cloud computing service resource is based on searching the access logs from the plurality of network edge components.
  - 11. The computer storage medium of claim 7, wherein determining, based upon the feedback received from the vendor management team, whether a vendor agreement exists between the first entity associated with the internal network and the second entity associated with the unauthorized cloud computing service resource comprises determining, based upon the feedback received from the vendor management team, whether the vendor agreement exists between an owner or operator associated with the internal network and an operator associated with the unauthorized cloud computing service resource.
  - 12. The computer storage medium of claim 7, wherein determining, based upon the feedback received from the vendor management team, whether a vendor agreement exists between the first entity associated with the internal network and the second entity associated with the unauthorized cloud computing service resource comprises determining, based upon the feedback received from the vendor management team, whether the vendor agreement exists between an owner or operator associated with the internal network and an owner associated with the unauthorized cloud computing service resource.

13. A computing system comprising:
- a processor; and
  
  memory that stores instructions that, when executed by the processor, cause the computing system to perform operations comprisingaggregating access logs from a plurality of network edge components communicatively coupled to an internal network;
  
  obtaining internet protocol information from the access logs, the internet protocol information comprising destination internet protocol addresses and source internet protocol addresses;
  
  generating a list of unique networks accessed from within the internal network based on the internet protocol information contained within the access logs;
  
  identifying, based on the internet protocol information, a cloud computing service resource that has been accessed from within the internal network;
  
  determining that the cloud computing service resource is not approved to be accessed from within the internal network, where the cloud computing service resource is designated as an unauthorized cloud computing service resource;
  
  generating an unauthorized list comprising at least one source internet protocol address that has been used to access the unauthorized cloud computing service resource;
  
  sending, to a vendor management team, information about the unauthorized cloud computing service resource that has been accessed from within the internal network,determining, based upon feedback received from the vendor management team, whether a vendor agreement exists between a first entity associated with the internal network and a second entity associated with the unauthorized cloud computing service resource that has been accessed from within the internal network,in response to determining, based upon the feedback received from the vendor management team, that no vendor agreement exists between the first entity associated with the internal network and the second entity associated with the unauthorized cloud computing service resource, instructing a network edge component to block access to the unauthorized cloud computing service resource from the internal networkinstructing a device management application to identify any cloud computing service software applications that are installed on a computing device within the internal network;
  
  determining that a cloud computing service software application associated with the unauthorized cloud computing service resource is resident on the computing device within the internal network; and
  
  appending an internet protocol address associated with the computing device to the unauthorized list.
- View Dependent Claims (14, 15, 16, 17, 18, 19, 20)
- - 14. The computing system of claim 13, wherein the operations further comprise instructing the device management application to delete the cloud computing service software application associated with the unauthorized cloud computing service resource.
  - 15. The computing system of claim 13, wherein the operations further comprise in response to determining, based upon the feedback received from the vendor management team, that a vendor agreement exists between the first entity associated with the internal network and the second entity associated with the unauthorized cloud computing service resource, removing the unauthorized cloud computing service resource from the unauthorized list.
  - 16. The computing system of claim 15, wherein generating the unauthorized list comprising the at least one source internet protocol address that has been used to access the unauthorized cloud computing service resource.
  - 17. The computing system of claim 13, wherein determining, based upon the feedback received from the vendor management team, whether a vendor agreement exists between the first entity associated with the internal network and the second entity associated with the unauthorized cloud computing service resource comprises determining, based upon the feedback received from the vendor management team, whether the vendor agreement exists between an owner or operator associated with the internal network and an operator associated with the unauthorized cloud computing service resource.
  - 18. The computing system of claim 13, wherein determining, based upon the feedback received from the vendor management team, whether a vendor agreement exists between the first entity associated with the internal network and the second entity associated with the unauthorized cloud computing service resource comprises determining, based upon the feedback received from the vendor management team, whether the vendor agreement exists between an owner or operator associated with the internal network and an owner associated with the unauthorized cloud computing service resource.
  - 19. The computing system of claim 13, wherein the unauthorized cloud computing service resource provides, at least in part, a platform as a service.
  - 20. The computing system of claim 13, wherein the unauthorized cloud computing service resource provides, at least in part, a software as a service.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
AT&T Intellectual Property I LP (AT&T, Inc.)
Original Assignee
AT&T Intellectual Property I LP (AT&T, Inc.)
Inventors
Elleboe, Flemming, Albisu, Luis Francisco, Bentfield, Joseph, Kerns, Janet, Sheriffs, Jonathan
Primary Examiner(s)
Gelagay, Shewaye
Assistant Examiner(s)
Fields, Courtney

Application Number

US14/953,810
Publication Number

US 20160087988A1
Time in Patent Office

1,072 Days
Field of Search
US Class Current
CPC Class Codes

H04L 2463/146   Tracing the source of attacks

H04L 63/0236   Filtering by address, proto...

H04L 63/101   Access control lists [ACL]

H04L 63/107   wherein the security polici...

H04L 63/20   for managing network securi...

H04L 67/10   in which an application is ...

Detection and management of unauthorized use of cloud computing services

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

8 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Detection and management of unauthorized use of cloud computing services

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

8 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links