AUTOMATED ACCESS CONTROL MANAGEMENT FOR COMPUTING SYSTEMS
First Claim
1. A processor-implemented method comprising:
- obtaining one or more normalized access control policies associated with one or more first entities based on a stored access control policy representation governing access to a set of resources in an information technology (IT) infrastructure comprising a plurality of subsystems;
determining, based on the one or more normalized access control policies, at least one entity cluster associated with the one or more first entities;
determining one or more derived access control policies corresponding to the at least one entity cluster; and
determining a set of non-compliant access control policies, wherein the set of non-compliant access control policies comprises;
a first subset of the one or more normalized access control policies that are non-compliant with one or more stated access control policies applicable to the at least one entity cluster, ora subset of the one or more derived access control policies that are non-compliant with the one or more stated access control policies, ora combination thereof.
3 Assignments
0 Petitions
Accused Products
Abstract
Normalized access control policies associated with entities in an information technology (IT) infrastructure comprising a plurality of subsystems may be obtained based on a stored access control policy representation governing access to resources in the IT infrastructure. Based on the normalized access control policies, entity clusters associated with the entities may be determined. Further, derived access control policies corresponding to the at least one entity cluster may be determined. A set of non-compliant access control policies may be determined where the set of non-compliant access control policies may comprise: a subset of the normalized access control policies that are non-compliant with stated access control policies applicable to the entity clusters, and/or a subset of the derived access control policies that are non-compliant with the stated access control policies. Machine learning and/or Artificial Intelligence techniques may be used to determine, maintain, and audit policies for the IT infrastructure.
74 Citations
27 Claims
-
1. A processor-implemented method comprising:
-
obtaining one or more normalized access control policies associated with one or more first entities based on a stored access control policy representation governing access to a set of resources in an information technology (IT) infrastructure comprising a plurality of subsystems; determining, based on the one or more normalized access control policies, at least one entity cluster associated with the one or more first entities; determining one or more derived access control policies corresponding to the at least one entity cluster; and determining a set of non-compliant access control policies, wherein the set of non-compliant access control policies comprises; a first subset of the one or more normalized access control policies that are non-compliant with one or more stated access control policies applicable to the at least one entity cluster, or a subset of the one or more derived access control policies that are non-compliant with the one or more stated access control policies, or a combination thereof. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14)
-
-
15. A computing system comprising:
- a memory, and a processor coupled to the memory, wherein the processor is configured to;
obtain one or more normalized access control policies associated with one or more first entities based on a stored access control policy representation governing access to a set of resources in an information technology (IT) infrastructure comprising a plurality of subsystems; determine, based on the one or more normalized access control policies, at least one entity cluster associated with the one or more first entities; determine one or more derived access control policies corresponding to the at least one entity cluster; and determine a set of non-compliant access control policies, wherein the set of non-compliant access control policies comprises; a first subset of the one or more normalized access control policies that are non-compliant with one or more stated access control policies applicable to the at least one entity cluster, or a subset of the one or more derived access control policies that are non-compliant with the one or more stated access control policies, or a combination thereof. - View Dependent Claims (16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26)
- a memory, and a processor coupled to the memory, wherein the processor is configured to;
-
27. A non-transitory computer readable medium comprising instructions to configure a processor to:
-
obtain one or more normalized access control policies associated with one or more first entities based on a stored access control policy representation governing access to a set of resources in an information technology (IT) infrastructure comprising a plurality of subsystems; determine, based on the one or more normalized access control policies, at least one entity cluster associated with the one or more first entities; determine one or more derived access control policies corresponding to the at least one entity cluster; and determine a set of non-compliant access control policies, wherein the set of non-compliant access control policies comprises; a first subset of the one or more normalized access control policies that are non-compliant with one or more stated access control policies applicable to the at least one entity cluster, or a subset of the one or more derived access control policies that are non-compliant with the one or more stated access control policies, or a combination thereof.
-
Specification