Cloud intelligence data model and framework
First Claim
1. A computing system accessible over a network, comprising:
- a processor;
computer memory holding computer program instructions executed by the processor to provide a service to one or more subscribers, the computer program instructions configured, with respect to each of the one or more subscribers, to;
receive a subscriber-specific data set from each of a set of cloud computing infrastructures, wherein each of the cloud computing infrastructures has cloud-specific service types or action types, the cloud-specific service types or action types conforming to a unified classification model common to all of the cloud computing infrastructures, wherein the subscriber-specific data set comprises identities of subscriber users and their associated permissions with respect to resources in the cloud computing infrastructure;
initialize a data model conforming to a schema model;
store the data model and the subscriber-specific data set within a knowledge graph, the knowledge graph including, collectively, the associated permissions of the subscriber users for the set of cloud computing infrastructures;
as changes in the set of cloud computing infrastructures occur, dynamically update the data model and knowledge graph responsive to the changes; and
responsive to one or more queries structured according to a query language, the query language being dynamically-generated at least in part from the schema model, selectively retrieve information from the knowledge graph.
0 Assignments
0 Petitions
Accused Products
Abstract
A network-accessible service provides an enterprise with a view of all identity and data activity in the enterprise'"'"'s cloud accounts. The service enables distinct cloud provider management models to be normalized with centralized analytics and views across large numbers of cloud accounts. The service enables an enterprise to model all activity and relationships across cloud vendors, accounts and third party stores. Display views of this information preferably can pivot on cloud provider, country, cloud accounts, application or data store. Using a domain-specific query language, the system enables rapid interrogation of a complete and centralized data model of all data and identity relationships. User reports may be generated showing all privileges and data to which a particular identity has access. Similarly, data reports shown all entities having access to an asset can be generated. Using the display views, a user can pivot all functions across teams, applications and data, geography, provider and compliance mandates, and the like.
25 Citations
20 Claims
-
1. A computing system accessible over a network, comprising:
-
a processor; computer memory holding computer program instructions executed by the processor to provide a service to one or more subscribers, the computer program instructions configured, with respect to each of the one or more subscribers, to; receive a subscriber-specific data set from each of a set of cloud computing infrastructures, wherein each of the cloud computing infrastructures has cloud-specific service types or action types, the cloud-specific service types or action types conforming to a unified classification model common to all of the cloud computing infrastructures, wherein the subscriber-specific data set comprises identities of subscriber users and their associated permissions with respect to resources in the cloud computing infrastructure; initialize a data model conforming to a schema model; store the data model and the subscriber-specific data set within a knowledge graph, the knowledge graph including, collectively, the associated permissions of the subscriber users for the set of cloud computing infrastructures; as changes in the set of cloud computing infrastructures occur, dynamically update the data model and knowledge graph responsive to the changes; and responsive to one or more queries structured according to a query language, the query language being dynamically-generated at least in part from the schema model, selectively retrieve information from the knowledge graph. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16)
-
-
17. A method for monitoring a set of cloud deployments associated with an enterprise, comprising:
-
generating a unified classification model common to the set of cloud deployments; dynamically-generating, from the unified classification model, a set of one or more reporting code components; receiving a data set generated by execution of the one or more reporting code components, the one or more reporting code components having been instantiated within each cloud deployment, the data set comprising comprises identities of subscriber users and their associated permissions with respect to resources in the respective cloud deployment; generating a knowledge graph that embeds data from the data set and the unified classification model, the knowledge graph instantiating, collectively, the associated permissions of the enterprise for the cloud deployments; and responsive to receipt of an information request structured according to a query language, the query language being dynamically-generated at least in part from a schema associated with the unified classification model, querying the knowledge graph and returning a response to the information request. - View Dependent Claims (18, 19, 20)
-
Specification