SECURE AND CONTROL DATA MIGRATING BETWEEN ENTERPRISE AND CLOUD SERVICES
First Claim
1. A method for operating a cloud gateway, comprising:
- generating a plurality of rules relating users and groups to data access at a plurality of cloud service providers;
encrypting, at one of a plurality of connectors, outgoing data that is moving through a cloud gateway en route from a proxy server to one of the plurality of cloud service providers, responsive to a data write request associated with a first user, the encrypting in accordance to one of the plurality of rules as related to the first user; and
decrypting, at one of the plurality of connectors, incoming data that is moving through the cloud gateway en route from one of the plurality of cloud service providers to the server, responsive to a data read request associated with a second user, the decrypting in accordance to one of the plurality of rules as related to the second user.
4 Assignments
0 Petitions
Accused Products
Abstract
A method for operating a cloud gateway is provided. The method includes generating a plurality of rules relating users and groups to data access at a plurality of cloud service providers. The method includes encrypting, at one of a plurality of connectors, outgoing data that is moving through a cloud gateway en route from a proxy server to one of the plurality of cloud service providers, responsive to a data write request associated with a first user, the encrypting in accordance to one of the plurality of rules as related to the first user. The method includes decrypting, at one of the plurality of connectors, incoming data that is moving through the cloud gateway en route from one of the plurality of cloud service providers to the server, responsive to a data read request associated with a second user, the decrypting in accordance to one of the plurality of rules as related to the second user.
-
Citations
20 Claims
-
1. A method for operating a cloud gateway, comprising:
-
generating a plurality of rules relating users and groups to data access at a plurality of cloud service providers; encrypting, at one of a plurality of connectors, outgoing data that is moving through a cloud gateway en route from a proxy server to one of the plurality of cloud service providers, responsive to a data write request associated with a first user, the encrypting in accordance to one of the plurality of rules as related to the first user; and decrypting, at one of the plurality of connectors, incoming data that is moving through the cloud gateway en route from one of the plurality of cloud service providers to the server, responsive to a data read request associated with a second user, the decrypting in accordance to one of the plurality of rules as related to the second user. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
-
8. A tangible, non-transitory, computer-readable media having instructions thereupon which, when executed by a processor, cause the processor to perform a method comprising:
-
mapping users and network groups to access permissions relative to a plurality of cloud service providers; encrypting a first data, at one of a plurality of connectors coupled to a proxy server, responsive to a request associated with one of the users or one of the network groups to write the first data to one of the plurality of cloud service providers, the encrypting in accordance with the mapping; and decrypting a second data, at one of the plurality of connectors coupled to the proxy server, responsive to a request associated with one of the users or one of the network groups to read the second data from one of the plurality of cloud service providers, the decrypting in accordance with the mapping. - View Dependent Claims (9, 10, 11, 12, 13)
-
-
14. A mapping and access control system in a cloud gateway, comprising:
-
a proxy server configured to access a plurality of cloud service providers; a plurality of connectors coupled to the proxy server and configured to couple to the plurality of cloud service providers via a network; an administration module configured to derive a plurality of access control rules based on users and network groups; and the plurality of connectors configured to encrypt data traveling from the proxy server to the plurality of cloud service providers and decrypt data traveling from the plurality of cloud service providers to the server, in accordance with the plurality of access control rules on a basis of individual users and individual network groups. - View Dependent Claims (15, 16, 17, 18, 19, 20)
-
Specification