HIGH GRANULARITY APPLICATION AND DATA SECURITY IN CLOUD ENVIRONMENTS
First Claim
1. A computer-implemented method, comprising, at a computer system of a security management system:
- obtaining application data from a service provider system, wherein the application data includes a record of actions performed by an application during use of the application by one or more users associated with a tenant, wherein the application executes in a service platform provided for the tenant by the service provider system, wherein the service provider system provides the tenant with a tenant account, and wherein the tenant account enables the one or more users to access the service platform;
analyzing the application data to identify an event associated with a security risk, wherein the event is identified from one or more actions performed by the application;
determining an action to perform in response to identifying the event; and
performing the action.
1 Assignment
0 Petitions
Accused Products
Abstract
Provided are systems, methods, and computer-readable medium for identifying security risks in applications executing in a cloud environment. In various implementations, a security monitoring and management system can obtain application data from a service provider system. The application data can include a record of actions performed by an application during use of the application by users associated with a tenant. The application executes in a service platform provided for the tenant by the service provider system. In various implementations, the application data is analyzed to identify an event associated with a security risk, where the event is identified from one or more actions performed by the application. The system can determine an action to perform in response to identifying the event. In various examples, an agent executing on the service platform can add instrumentation codes used by the application, where the instrumentation provides the application data.
53 Citations
20 Claims
-
1. A computer-implemented method, comprising, at a computer system of a security management system:
-
obtaining application data from a service provider system, wherein the application data includes a record of actions performed by an application during use of the application by one or more users associated with a tenant, wherein the application executes in a service platform provided for the tenant by the service provider system, wherein the service provider system provides the tenant with a tenant account, and wherein the tenant account enables the one or more users to access the service platform; analyzing the application data to identify an event associated with a security risk, wherein the event is identified from one or more actions performed by the application; determining an action to perform in response to identifying the event; and performing the action. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
-
-
10. A computing system, comprising:
-
one or more processors; and a memory coupled to and readable by the one or more processors, the memory including instructions that, when executed by the one or more processors, cause the one or more processors to perform operations including; obtaining application data from a service provider system, wherein the application data includes a record of actions performed by an application during use of the application by one or more users associated with a tenant, wherein the application executes in a service platform provided for the tenant by the service provider system, wherein the service provider system provides the tenant with a tenant account, and wherein the tenant account enables the one or more users to access the service platform; analyzing the application data to identify an event associated with a security risk, wherein the event is identified from one or more actions performed by the application; determining an action to perform in response to identifying the event; and performing the action. - View Dependent Claims (11, 12, 13, 14, 15, 16, 17)
-
-
18. A non-transitory computer-readable medium having stored thereon instructions that, when executed by one or more processors, cause the one or more processors to:
-
obtain application data from a service provider system, wherein the application data includes a record of actions performed by an application during use of the application by one or more users associated with a tenant, wherein the application executes in a service platform provided for the tenant by the service provider system, wherein the service provider system provides the tenant with a tenant account, and wherein the tenant account enables the one or more users to access the service platform; analyze the application data to identify an event associated with a security risk, wherein the event is identified from one or more actions performed by the application; determine an action to perform in response to identifying the event; and perform the action. - View Dependent Claims (19, 20)
-
Specification