Activity based access control in heterogeneous environments
First Claim
1. A method for providing data security, the method comprising:
- obtaining privilege data from a plurality of authorization systems authorizing access to a set of heterogeneous cloud-based services, the privilege data describing, for a user of the authorization systems, one or more of;
monitored activities, behaviors, privileges, and derived information for privileges;
transforming the privilege data to a common privilege information model, the common privilege information model normalizing the privilege data across the plurality of authorization systems;
monitoring an activity of the user when accessing any of the plurality of authorization systems over a period of time;
applying a security policy to the common privilege information model, the security policy determining adjustments to the privilege data in the common privilege information model based at least in part on the monitored activity; and
dynamically adjusting the common privilege information model based on the applied security policy,wherein the adjustment to the common privilege information model comprises at least one of;
a revocation of access to the user to a particular service of the plurality of authorization systems, anddynamically granting of access to the user to the particular service of the plurality of authorization systems.
2 Assignments
0 Petitions
Accused Products
Abstract
A method, a system and/or an apparatus of activity based access control in heterogeneous information technology infrastructure is disclosed. The infrastructure security server authenticates that a user is authorized to access a set of heterogeneous cloud-based services using at least one heterogeneous authorization system. The method monitors an activity of the user when accessing any of the set of heterogeneous cloud-based services over a period of time using a processor and a memory. The method dynamically adjusts access privileges to the set of heterogeneous cloud-based services. The adjustment to the access privileges includes a revocation of access to the user to a particular service of the set of heterogeneous cloud-based services and/or dynamically granting of access to the user to the particular service of the set of heterogeneous cloud-based services.
223 Citations
14 Claims
-
1. A method for providing data security, the method comprising:
-
obtaining privilege data from a plurality of authorization systems authorizing access to a set of heterogeneous cloud-based services, the privilege data describing, for a user of the authorization systems, one or more of;
monitored activities, behaviors, privileges, and derived information for privileges;transforming the privilege data to a common privilege information model, the common privilege information model normalizing the privilege data across the plurality of authorization systems; monitoring an activity of the user when accessing any of the plurality of authorization systems over a period of time; applying a security policy to the common privilege information model, the security policy determining adjustments to the privilege data in the common privilege information model based at least in part on the monitored activity; and dynamically adjusting the common privilege information model based on the applied security policy, wherein the adjustment to the common privilege information model comprises at least one of; a revocation of access to the user to a particular service of the plurality of authorization systems, and dynamically granting of access to the user to the particular service of the plurality of authorization systems. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12)
-
-
13. A system comprising:
-
a computer processor for executing computer program instructions; and a non-transitory computer-readable storage medium storing computer program instructions executable by the processor to perform operations comprising; obtaining privilege data from a plurality of authorization systems authorizing access to a set of heterogeneous cloud-based services, the privilege data describing, for a user of the authorization systems, one or more of;
monitored activities, behaviors, privileges, and derived information for privileges;transforming the privilege data to a common privilege information model, the common privilege information model normalizing the privilege data across the plurality of authorization systems; monitoring an activity of the user when accessing any of the plurality of authorization systems over a period of time; applying a security policy to the common privilege information model, the security policy determining adjustments to the privilege data in the common privilege information model based at least in part on the monitored activity; and dynamically adjusting the common privilege information model based on the applied security policy, wherein the adjustment to the common privilege information model comprises at least one of; a revocation of access to the user to a particular service of the plurality of authorization systems, and dynamically granting of access to the user to the particular service of the plurality of authorization systems. - View Dependent Claims (14)
-
Specification