MIDDLE WARE SECURITY LAYER FOR CLOUD COMPUTING SERVICES
First Claim
1. A method of establishing a middle ware object security layer between an organization'"'"'s user systems and independent object stores, the method including:
- combining active proxy analysis of object deposit to, retrieval from and sharing via the independent object stores with inspection of objects in the independent object stores, each of the analysis and inspection generating and persisting metadata of the objects, including;
using a proxy interposed between the user systems and the independent object stores, actively controlling manipulation of proxy-subject objects on the independent object stores by applying rules that utilize the active proxy analysis and sensitivity metadata to actively control the deposit to, the retrieval from and the sharing via the independent object stores by the user systems; and
inspecting proxy-bypassing objects on the independent object stores, and classifying and persisting sensitivity metadata of the proxy-bypassing objects deposited to and retrieved by users able to bypass the proxy and machines not subject to the proxy; and
making the metadata available to the proxy to enforce policies based on the metadata.
1 Assignment
0 Petitions
Accused Products
Abstract
The technology disclosed relates to enforcing multi-part policies on data-deficient transactions of independent data stores. In particular, it relates to combining active analysis of access requests for the independent object stores with inspection of objects in the independent object stores, each of the analysis and inspection generating and persisting object metadata in a supplemental data store, actively processing data-deficient transactions that apply to the objects by accessing the supplemental data store to retrieve object metadata not available in transaction streams of the data-deficient transactions, and actively enforcing the multi-part policies using the retrieved object metadata.
-
Citations
20 Claims
-
1. A method of establishing a middle ware object security layer between an organization'"'"'s user systems and independent object stores, the method including:
-
combining active proxy analysis of object deposit to, retrieval from and sharing via the independent object stores with inspection of objects in the independent object stores, each of the analysis and inspection generating and persisting metadata of the objects, including; using a proxy interposed between the user systems and the independent object stores, actively controlling manipulation of proxy-subject objects on the independent object stores by applying rules that utilize the active proxy analysis and sensitivity metadata to actively control the deposit to, the retrieval from and the sharing via the independent object stores by the user systems; and inspecting proxy-bypassing objects on the independent object stores, and classifying and persisting sensitivity metadata of the proxy-bypassing objects deposited to and retrieved by users able to bypass the proxy and machines not subject to the proxy; and making the metadata available to the proxy to enforce policies based on the metadata. - View Dependent Claims (2, 3, 4, 5, 6, 7, 16)
-
-
8. A method of establishing a middle ware object security layer between an organization'"'"'s user systems and independent object stores, the method including:
-
combining active analysis of access requests for independent object stores with inspection of objects in the independent object stores, each of the analysis and inspection generating and persisting object metadata; and actively controlling manipulation of the objects by applying rules that utilize the persisted metadata. - View Dependent Claims (17, 19)
-
-
9. A method of providing visibility of enterprise information stored on a cloud computing service (CCS), the method including:
-
using a cross-application monitor to detect a cloud computing service (CCS) application programming interface (API) in use; determining object metadata of objects in the CCS by parsing a data stream based on the CCS API including exposure information of the objects; and generating for display, visual representation data for the objects in the CCS that graphical summarize; number of privately owned objects; number of publicly accessible objects; number of intra-organizationally shared objects; number of extra-organizationally shared objects; true file types of the objects; and number of policy violations. - View Dependent Claims (18, 20)
-
-
10. A non-transitory computer readable storage medium impressed with computer program instructions to establish a middle ware object security layer between an organization'"'"'s user systems and independent object stores, the instructions, when executed on a processor, implement a method comprising:
-
combining active proxy analysis of object deposit to, retrieval from and sharing via the independent object stores with inspection of objects in the independent object stores, each of the analysis and inspection generating and persisting metadata of the objects, including; using a proxy interposed between the user systems and the independent object stores, actively controlling manipulation of proxy-subject objects on the independent object stores by applying rules that utilize the active proxy analysis and sensitivity metadata to actively control the deposit to, the retrieval from and the sharing via the independent object stores by the user systems; and inspecting proxy-bypassing objects on the independent object stores, and classifying and persisting sensitivity metadata of the proxy-bypassing objects deposited to and retrieved by users able to bypass the proxy and machines not subject to the proxy; and making the metadata available to the proxy to enforce policies based on the metadata. - View Dependent Claims (11, 12, 13, 14, 15)
-
Specification