MULTI-TENANCY GOVERNANCE IN A CLOUD COMPUTING ENVIRONMENT
First Claim
1. A cloud computing system comprising:
- a plurality of cloud resident applications, wherein the plurality of cloud resident applications reside on one or more computer readable media and are executable by one or more computer processors, wherein each of a plurality of tenants, one or more tenants comprising multiple corresponding users, is permitted to access one or more of the plurality of cloud resident applications, and wherein one or more of the plurality of tenants and its corresponding users are associated with one or more business organizations;
an input governance layer associated with each application; and
an output governance layer associated with each application;
wherein the input governance layer and the output governance layer comprise an encapsulation of a cloud resident application, and the input governance layer and output governance layer associated with a computer processor are operable to;
receive a request from a tenant-user to access a first application on the cloud computing system;
check a governance database to determine if the tenant-user is authorized to access the first application;
when the tenant-user is authorized to access the first application, process the request using the first application, and when the request and the first application generate an output to transmit to a second application in the cloud computing system, check the governance database to determine if the tenant-user is authorized to transmit the output to the second application;
when the tenant-user is not authorized to access the first application, prevent the request from accessing the first application, and transmit an indication of the tenant-user and the request to a cloud system security administrator; and
when the tenant-user is not authorized to transmit the output to the second application, transmit an indication of the tenant-user and the output to the cloud system security administrator.
1 Assignment
0 Petitions
Accused Products
Abstract
A cloud computing system includes a plurality of tenants that are permitted to access cloud hosted applications. The system includes an input governance layer associated with each application, and an output governance layer associated with each application. The input governance layer and the output governance layer include an encapsulation of a cloud hosted application. The governance layers receive a request from a tenant-user to access a first application on the cloud computing system, check a governance database to determine if the tenant-user is authorized to access the first application, and allows or denies access accordingly.
103 Citations
20 Claims
-
1. A cloud computing system comprising:
-
a plurality of cloud resident applications, wherein the plurality of cloud resident applications reside on one or more computer readable media and are executable by one or more computer processors, wherein each of a plurality of tenants, one or more tenants comprising multiple corresponding users, is permitted to access one or more of the plurality of cloud resident applications, and wherein one or more of the plurality of tenants and its corresponding users are associated with one or more business organizations; an input governance layer associated with each application; and an output governance layer associated with each application; wherein the input governance layer and the output governance layer comprise an encapsulation of a cloud resident application, and the input governance layer and output governance layer associated with a computer processor are operable to; receive a request from a tenant-user to access a first application on the cloud computing system; check a governance database to determine if the tenant-user is authorized to access the first application; when the tenant-user is authorized to access the first application, process the request using the first application, and when the request and the first application generate an output to transmit to a second application in the cloud computing system, check the governance database to determine if the tenant-user is authorized to transmit the output to the second application; when the tenant-user is not authorized to access the first application, prevent the request from accessing the first application, and transmit an indication of the tenant-user and the request to a cloud system security administrator; and when the tenant-user is not authorized to transmit the output to the second application, transmit an indication of the tenant-user and the output to the cloud system security administrator. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13)
-
-
14. A process comprising:
-
receiving a request from a tenant-user on a cloud computing system to access a first application on the cloud computing system; checking a governance database to determine if the tenant-user is authorized to access the first application; when the tenant-user is authorized to access the first application, processing the request using the first application, and when the request and the first application generate an output to transmit to a second application in the cloud computing system, checking the governance database to determine if the tenant-user is authorized to transmit the output to the second application; when the tenant-user is not authorized to access the first application, preventing the request from accessing the first application, and transmitting an indication of the tenant-user and the request to a cloud system security administrator; and when the tenant-user is not authorized to transmit the output to the second application, transmitting an indication of the tenant-user and the output to the cloud system security administrator. - View Dependent Claims (15, 16, 17, 18, 19)
-
-
20. A computer readable storage device comprising instructions that when executed by a processor execute a process comprising:
-
receiving a request from a tenant-user on a cloud computing system to access a first application on the cloud computing system; checking a governance database to determine if the tenant-user is authorized to access the first application; when the tenant-user is authorized to access the first application, processing the request using the first application, and when the request and the first application generate an output to transmit to a second application in the cloud computing system, checking the governance database to determine if the tenant-user is authorized to transmit the output to the second application; when the tenant-user is not authorized to access the first application, preventing the request from accessing the first application, and transmitting an indication of the tenant-user and the request to a cloud system security administrator; and when the tenant-user is not authorized to transmit the output to the second application, transmitting an indication of the tenant-user and the output to the cloud system security administrator.
-
Specification