Enforcing consistent enterprise and cloud security profiles
First Claim
1. A computer-implemented method of enforcing consistent enterprise and cloud security profiles comprising:
- defining a domain model describing cloud resource objects associated with an enterprise, wherein the cloud security profiles associated with enterprise users describe permissions of the users with respect to the objects;
specifying a relationship map mapping permissions for objects of the domain model to one or more roles of enterprise users, wherein local security profiles maintained by the enterprise associate users with one or more roles, the domain model and relationship map collectively forming an access policy for the cloud resource objects;
monitoring network traffic to detect an attempt to configure a cloud security profile associated with a user in a manner inconsistent with the access policy; and
remediating a detected attempt to configure the cloud security profile in the manner inconsistent with the access policy.
2 Assignments
0 Petitions
Accused Products
Abstract
Consistent enterprise and cloud security profiles are enforced. A domain model describing cloud resource objects associated with an enterprise is defined. Further, a relationship map describing relationships between the objects of the domain model and roles of enterprise users described by local security profiles maintained by the enterprise is specified. The domain model and relationship map collectively form an access policy for the cloud resource objects. Network traffic is monitored to detect network traffic attempting to configure a cloud security profile describing permissions of an enterprise user with respect to cloud resource objects in a manner inconsistent with the access policy. Detected network traffic attempting to configure the cloud security profile in the manner inconsistent with access policy is remediated.
-
Citations
20 Claims
-
1. A computer-implemented method of enforcing consistent enterprise and cloud security profiles comprising:
-
defining a domain model describing cloud resource objects associated with an enterprise, wherein the cloud security profiles associated with enterprise users describe permissions of the users with respect to the objects; specifying a relationship map mapping permissions for objects of the domain model to one or more roles of enterprise users, wherein local security profiles maintained by the enterprise associate users with one or more roles, the domain model and relationship map collectively forming an access policy for the cloud resource objects; monitoring network traffic to detect an attempt to configure a cloud security profile associated with a user in a manner inconsistent with the access policy; and remediating a detected attempt to configure the cloud security profile in the manner inconsistent with the access policy. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
-
8. A non-transitory computer-readable storage medium storing executable computer program instructions for enforcing consistent enterprise and cloud security profiles, the instructions executable to perform steps comprising:
-
defining a domain model describing cloud resource objects associated with an enterprise, wherein the cloud security profiles associated with enterprise users describe permissions of the users with respect to the objects; specifying a relationship map mapping permissions for objects of the domain model to one or more roles of enterprise users, wherein local security profiles maintained by the enterprise associate users with one or more roles, the domain model and relationship map collectively forming an access policy for the cloud resource objects; monitoring network traffic to detect an attempt to configure a cloud security profile associated with a user in a manner inconsistent with the access policy; and remediating a detected attempt to configure the cloud security profile in the manner inconsistent with the access policy. - View Dependent Claims (9, 10, 11, 12, 13, 14)
-
-
15. A computer system for enforcing consistent enterprise and cloud security profiles, comprising:
-
a non-transitory computer-readable storage medium storing executable computer program instructions comprising instructions for; defining a domain model describing cloud resource objects associated with an enterprise, wherein the cloud security profiles associated with enterprise users describe permissions of the users with respect to the objects; specifying a relationship map mapping permissions for objects of the domain model to one or more roles of enterprise users, wherein local security profiles maintained by the enterprise associate users with one or more roles, the domain model and relationship map collectively forming an access policy for the cloud resource objects; monitoring network traffic to detect an attempt to configure a cloud security profile associated with a user in a manner inconsistent with the access policy; and remediating a detected attempt to configure the cloud security profile in the manner inconsistent with the access policy; and a processor for executing the computer program instructions. - View Dependent Claims (16, 17, 18, 19, 20)
-
Specification