Just-in-time access based on geolocation to maintain control of restricted data in cloud computing environments
First Claim
1. A computerized system comprising:
- one or more hardware processors; and
one or more computer storage media storing computer-useable instructions that, when used by the one or more hardware processors, cause the one or more hardware processors to;
receive, at a service within a cloud computing environment, a request for just-in-time (JIT) access to a resource within a production environment of the cloud computing environment in response to an incident in the cloud computing environment, the request being received from a portal on a development operations (DevOps) device operated by a DevOps personnel who does not have persistent access to restricted data in the cloud computing environment, the request specifying request parameters including a level or type of access requested and information regarding the incident;
access, from a database of JIT policies stored in the cloud computing environment for a plurality of resources within the production environment of the cloud computing environment, a JIT policy for the resource specified by the request, the JIT policy stored in the database for processing by the service within the cloud computing environment to allow the service to automatically determine whether to grant JIT access to the resource;
determine, from the JIT policy for the resource, geolocation criteria restricting JIT access to the resource based on geolocation;
receive information identifying a geolocation of the DevOps device;
determine, by the service within the cloud computing environment, whether to approve the request for JIT access based at least in part on automatically evaluating the request parameters using the JIT policy for the resource to determine whether the level or type of access requested is automatically approved depending on a type of the incident and whether the incident is active and comparison of the geolocation of the DevOps device to the geolocation criteria;
if it is determined to automatically approve the request for JIT access, provision a JIT access session for the DevOps device including setting a time limit for the JIT access session; and
if it is determined not to automatically approve the request for JIT access, send the request for JIT access to a portal on an operator device for review by an operating personnel who has access to restricted data in the cloud computing environment.
1 Assignment
0 Petitions
Accused Products
Abstract
A JIT service in a cloud computing environment manages just-in-time access to resources in the cloud computing environment for DevOps personnel who do not have persistent access to restricted data or the ability to modify the cloud computing environment to gain access to restricted data. When JIT access to a resource is requested by a DevOps device, the JIT service retrieves a JIT policy for the resource that includes geolocation criteria limiting the geolocation from which JIT access can be automatically granted. The geolocation of the DevOps device is evaluated against the geolocation criteria. If the geolocation criteria and any other criteria of the JIT policy are satisfied, the JIT service provisions JIT access to the resource for the DevOps device.
-
Citations
18 Claims
-
1. A computerized system comprising:
-
one or more hardware processors; and one or more computer storage media storing computer-useable instructions that, when used by the one or more hardware processors, cause the one or more hardware processors to; receive, at a service within a cloud computing environment, a request for just-in-time (JIT) access to a resource within a production environment of the cloud computing environment in response to an incident in the cloud computing environment, the request being received from a portal on a development operations (DevOps) device operated by a DevOps personnel who does not have persistent access to restricted data in the cloud computing environment, the request specifying request parameters including a level or type of access requested and information regarding the incident; access, from a database of JIT policies stored in the cloud computing environment for a plurality of resources within the production environment of the cloud computing environment, a JIT policy for the resource specified by the request, the JIT policy stored in the database for processing by the service within the cloud computing environment to allow the service to automatically determine whether to grant JIT access to the resource; determine, from the JIT policy for the resource, geolocation criteria restricting JIT access to the resource based on geolocation; receive information identifying a geolocation of the DevOps device; determine, by the service within the cloud computing environment, whether to approve the request for JIT access based at least in part on automatically evaluating the request parameters using the JIT policy for the resource to determine whether the level or type of access requested is automatically approved depending on a type of the incident and whether the incident is active and comparison of the geolocation of the DevOps device to the geolocation criteria; if it is determined to automatically approve the request for JIT access, provision a JIT access session for the DevOps device including setting a time limit for the JIT access session; and if it is determined not to automatically approve the request for JIT access, send the request for JIT access to a portal on an operator device for review by an operating personnel who has access to restricted data in the cloud computing environment. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
-
-
9. One or more computer storage media storing computer-useable instructions that, when used by one or more computing devices, cause the one or more computing devices to perform operations comprising:
-
Receiving an incident information regarding an incident in a cloud computing environment; providing the incident information to a portal on a development operations (DevOps) device for review by a DevOps personnel who does not have persistent access to restricted data in the cloud computing environment; receiving, at a service within the cloud computing environment and from the portal on the DevOps device, a request for a just-in-time (JIT) access session to access a resource in a production environment of the cloud computing environment, the request specifying request parameters including a level or type of access requested and information regarding the incident; accessing a JIT policy for the resource from a database of JIT policies stored in the cloud computing environment for a plurality of resources in the production environment of the cloud computing environment, the JIT policy stored in the database for processing by the service within the cloud computing environment to allow the service to automatically determine whether to grant JIT access to the resource; determining that the JIT policy for the resource includes geolocation criteria restricting JIT access to the resource; accessing geolocation information identifying a geolocation for the DevOps device; determining, by the service within the cloud computing environment, whether to automatically approve the request for the JIT access session based at least in part on automatically evaluating the request parameters using the JIT policy for the resource to determine whether the level or type of access requested is automatically approved depending on a type of the incident and whether the incident is active and determining whether the geolocation information for the DevOps device satisfies the geolocation criteria of the JIT policy for the resource; if it is determined to automatically approve the request for the JIT access session, provisioning the JIT access session for the DevOps device including setting a time limit for the JIT access; and if it is determined not to automatically approve the request for the JIT access session, sending the request for the JIT access session to a portal on an operator device for review by an operating personnel who has access to restricted data in the cloud computing environment. - View Dependent Claims (10, 11, 12, 13, 14)
-
-
15. A computerized method comprising:
-
receiving at a service within a cloud computing environment, a request for a just-in-time (JIT) access session to a resource within the cloud computing environment in response to an incident in the cloud computing environment, the request being received from a development operations (DevOps) device operated by a DevOps personnel who does not have persistent access to restricted data in the cloud computing environment, the request specifying request parameters including a level or type of access requested and information regarding the incident; identifying geolocation criteria from a JIT policy for the resource stored in a database of JIT policies within the cloud computing environment, the JIT policy stored in the database for processing by the service within the cloud computing environment to allow the service to automatically determine whether to grant JIT access to the resource; receiving information identifying a geolocation of the DevOps device; determining, by the service within the cloud computing environment, whether to approve the request for the JIT access session based at least in part on automatically evaluating the request parameters using the JIT policy for the resource to determine whether the level or type of access requested is automatically approved depending on a type of the incident and whether the incident is active and comparison of the geolocation of the DevOps device to the geolocation criteria; if it is determined to automatically approve the request for the JIT access session, provisioning the JIT access session for the DevOps device; and if it is determined not to automatically approve the request for the JIT access session, sending the request for the JIT access session to a portal on an operator device for review by an operating personnel who has access to restricted data in the cloud computing environment. - View Dependent Claims (16, 17, 18)
-
Specification