Incident management to maintain control of restricted data in cloud computing environments
First Claim
1. One or more computer storage media storing computer-useable instructions that, when used by one or more computing devices, cause the one or more computing devices to perform operations comprising:
- receiving incident information regarding an incident in a cloud computing environment;
providing the incident information to a portal on a DevOps device for review by a DevOps personnel who does not have persistent access to restricted data in the cloud computing environment;
receiving, at a service within the cloud computing environment, a request for a just-in-time (JIT) access session to access a resource in a production environment of the cloud computing environment from the portal on the DevOps device, wherein the request specifies request parameters including a level or type of access requested and information regarding the incident including a type of the incident and whether the incident is active;
accessing, from a database of JIT policies stored in the cloud computing environment for a plurality of resources within the production environment of the cloud computing environment, a JIT policy for the resource specified by the request, the JIT policy stored in the database for processing by the service within the cloud computing environment to allow the service to automatically determine whether to grant JIT access to the resource;
determining, by the service within the cloud computing environment, whether to approve the request for the JIT access session based at least in part on automatically evaluating the request parameters using the JIT policy for the resource to determine whether the level or type of access requested is automatically approved depending on the type of the incident and whether the incident is active;
if it is determined to approve the request for the JIT access session, provisioning JIT access for the DevOps personnel including setting a time limit for the JIT access; and
if it is determined to not approve the request for the JIT access session, providing a notice to the portal on the DevOps device.
1 Assignment
0 Petitions
Accused Products
Abstract
Techniques allow DevOps personnel to perform incident management for cloud computing environments in a manner that maintains control over restricted data and the data plane. The DevOps personnel do not have access to restricted data or the ability to modify the cloud computing environment to gain access to restricted data. The incident management techniques include executing automatic operations to resolve an incident and allowing DevOps personnel to execute remote operations without providing the DevOps personnel access. A further incident management technique provides DevOps personnel with just-in-time (JIT) access that is limited to a certain level or type of access and limited in time. Still another technique for incident management is using an escort model, in which an escort session between operating personnel and DevOps personnel is established and connected to the cloud computing environment to allow the DevOps personnel access to the production environment while escorted by the operating personnel.
30 Citations
20 Claims
-
1. One or more computer storage media storing computer-useable instructions that, when used by one or more computing devices, cause the one or more computing devices to perform operations comprising:
-
receiving incident information regarding an incident in a cloud computing environment; providing the incident information to a portal on a DevOps device for review by a DevOps personnel who does not have persistent access to restricted data in the cloud computing environment; receiving, at a service within the cloud computing environment, a request for a just-in-time (JIT) access session to access a resource in a production environment of the cloud computing environment from the portal on the DevOps device, wherein the request specifies request parameters including a level or type of access requested and information regarding the incident including a type of the incident and whether the incident is active; accessing, from a database of JIT policies stored in the cloud computing environment for a plurality of resources within the production environment of the cloud computing environment, a JIT policy for the resource specified by the request, the JIT policy stored in the database for processing by the service within the cloud computing environment to allow the service to automatically determine whether to grant JIT access to the resource;
determining, by the service within the cloud computing environment, whether to approve the request for the JIT access session based at least in part on automatically evaluating the request parameters using the JIT policy for the resource to determine whether the level or type of access requested is automatically approved depending on the type of the incident and whether the incident is active;if it is determined to approve the request for the JIT access session, provisioning JIT access for the DevOps personnel including setting a time limit for the JIT access; and if it is determined to not approve the request for the JIT access session, providing a notice to the portal on the DevOps device. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
-
8. A computer-implement method comprising:
-
receiving incident information regarding an incident in a cloud computing environment; providing the incident information to a portal on a DevOps device for review by a DevOps personnel who does not have persistent access to restricted data in the cloud computing environment; receiving, at a service within the cloud computing environment, a request for a just-in-time (JIT) access session to access a resource in a production environment of the cloud computing environment from the portal on the DevOps device, wherein the request specifies request parameters including a level or type of access requested and information regarding the incident including a type of the incident and whether the incident is active; accessing, from a database of JIT policies stored in the cloud computing environment for a plurality of resources within the production environment of the cloud computing environment, a JIT policy for the resource specified by the request, the JIT policy stored in the database for processing by the service within the cloud computing environment to allow the service to automatically determine whether to grant JIT access to the resource; determining, by the service within the cloud computing environment, whether to approve the request for the JIT access session based at least in part on automatically evaluating the request parameters using the JIT policy for the resource to determine whether the level or type of access requested is automatically approved depending on the type of the incident and whether the incident is active; if it is determined to approve the request for the JIT access session, provisioning JIT access for the DevOps personnel including setting a time limit for the JIT access; and if it is determined to not approve the request for the JIT access session, providing a notice to the portal on the DevOps device. - View Dependent Claims (9, 10, 11, 12, 13, 14)
-
-
15. A system comprising:
-
one or more hardware processors; and one or more computer storage media storing computer-usable instructions that, when used by the one or more processors, cause the one or more processors to; receive incident information regarding an incident in a cloud computing environment; provide the incident information to a portal on a DevOps device for review by a DevOps personnel who does not have persistent access to restricted data in the cloud computing environment; receive, at a service within the cloud computing environment, a request for a just-in-time (JIT) access session to access a resource in a production environment of the cloud computing environment from the portal on the DevOps device, wherein the request specifies request parameters including a level or type of access requested and information regarding the incident including a type of the incident and whether the incident is active; access, from a database of JIT policies stored in the cloud computing environment for a plurality of resources within the production environment of the cloud computing environment, a JIT policy for the resource specified by the request, the JIT policy stored in the database for processing by the service within the cloud computing environment to allow the service to automatically determine whether to grant JIT access to the resource; determine, by the service within the cloud computing environment, whether to approve the request for the JIT access session based at least in part on automatically evaluating the request parameters using the JIT policy for the resource to determine whether the level or type of access requested is automatically approved depending on the type of the incident and whether the incident is active; if it is determined to approve the request for the JIT access session, provision JIT access for the DevOps personnel including setting a time limit for the JIT access; and if it is determined to not approve the request for the JIT access session, provide a notice to the portal on the DevOps device. - View Dependent Claims (16, 17, 18, 19, 20)
-
Specification