Enterprise cloud access control and network access control policy using risk based blocking
First Claim
1. A method of implementing cloud service access control in a network device associated with an enterprise data network, comprising:
- receiving, by a cloud access control server that includes a hardware processor and that is outside of the enterprise data network, on a periodic basis, information relating to a plurality of cloud service providers and risk scores indicative of risk associated with the plurality of cloud service providers;
storing, at a cloud service access control database associated with the cloud access control server, a first cloud service block list, the first cloud service block list comprising first cloud service identifiers associated with a first set of two or more of the plurality of cloud service providers, wherein the risk scores of the first set of two or more of the plurality of cloud service providers are above a given threshold;
providing the first cloud service block list to the network device of the enterprise data network, the network device applying the first cloud service block list to allow or deny network traffic between the enterprise data network and at least one of the first set of two or more of the plurality of cloud service providers; and
storing a second cloud service block list, the second cloud service block list comprising second cloud service identifiers associated with a second set of two or more of the plurality of cloud service providers,wherein storing, at the cloud service access control database associated with the cloud access control server, the first cloud service block list comprises storing universal resource locators (URLs) of the first set of two or more of the plurality of cloud service providers as the cloud service identifiers associated with the first set of two or more of the plurality of cloud service providers having the risk scores above the given threshold, andwherein the first set of two or more of the plurality of cloud service providers and the second set of two or more of the plurality of cloud service providers belong to different service categories.
11 Assignments
0 Petitions
Accused Products
Abstract
A cloud access control server and method provides a cloud service access control database to implement cloud services access control policy. The cloud service access control database stores thereon cloud service identifiers associated with cloud service providers having high risk scores. In some embodiments, the cloud service identifiers form a block list of cloud services which is provided to network device of the enterprise data network to implement cloud service access control. In other embodiments, a cloud access control server and method implements cloud services access control policy for an enterprise. The cloud access control server and method receives network traffic data from the installed firewall or proxy at the enterprise and process the network traffic data with respect to cloud service access. The cloud access control server provides instructions to the firewall or proxy to allow or deny the network access at the enterprise.
-
Citations
8 Claims
-
1. A method of implementing cloud service access control in a network device associated with an enterprise data network, comprising:
-
receiving, by a cloud access control server that includes a hardware processor and that is outside of the enterprise data network, on a periodic basis, information relating to a plurality of cloud service providers and risk scores indicative of risk associated with the plurality of cloud service providers; storing, at a cloud service access control database associated with the cloud access control server, a first cloud service block list, the first cloud service block list comprising first cloud service identifiers associated with a first set of two or more of the plurality of cloud service providers, wherein the risk scores of the first set of two or more of the plurality of cloud service providers are above a given threshold; providing the first cloud service block list to the network device of the enterprise data network, the network device applying the first cloud service block list to allow or deny network traffic between the enterprise data network and at least one of the first set of two or more of the plurality of cloud service providers; and storing a second cloud service block list, the second cloud service block list comprising second cloud service identifiers associated with a second set of two or more of the plurality of cloud service providers, wherein storing, at the cloud service access control database associated with the cloud access control server, the first cloud service block list comprises storing universal resource locators (URLs) of the first set of two or more of the plurality of cloud service providers as the cloud service identifiers associated with the first set of two or more of the plurality of cloud service providers having the risk scores above the given threshold, and wherein the first set of two or more of the plurality of cloud service providers and the second set of two or more of the plurality of cloud service providers belong to different service categories. - View Dependent Claims (2, 3, 4)
-
-
5. A system for providing cloud service access control to a network device of an enterprise data network, comprising:
-
a cloud access control server that includes a hardware processor and that is configured outside of the enterprise data network, the cloud access control server being configured to receive information relating to a plurality of cloud service providers and risk scores indicative of risk associated with the plurality of cloud service providers, to store in a cloud service access control database a first cloud service block list, the first cloud service block list comprising first cloud service identifiers associated with a first set of two or more of the plurality of cloud service providers, wherein the risk scores of the first set of two or more of the plurality of cloud service providers are above a given threshold, and to provide the first cloud service block list to the network device of the enterprise data network, wherein the network device applies the first cloud service block list to allow or deny network traffic between the enterprise data network and at least one of the first set of two or more of the plurality of cloud service providers, wherein the cloud service identifiers in the first cloud service block list comprise universal resource locators (URLs) of the first set of two or more of the plurality of cloud service providers, wherein the cloud access control server is further configured to store in a cloud service access control database a second cloud service block list including second cloud service identifiers associated with a second set of two or more of the plurality of cloud service providers, and wherein the first set of two or more of the plurality of cloud service providers and the second set of two or more of the plurality of cloud service providers belong to different service categories. - View Dependent Claims (6, 7, 8)
-
Specification