Extending security platforms to cloud-based networks
First Claim
1. A method, comprising:
- generating a set of security policies for a set of managed machines in a network;
identifying a cloud-accessible subset of the set of managed machines to be used as a shared resource by an external cloud environment;
identifying a first subset of security policies within the set of security policies, the first subset of security policies corresponding to a set of access conditions for the cloud-accessible subset of the set of managed machines;
identifying a second subset of baseline security policies within the set of security policies to apply to the cloud-accessible subset of the set of managed machines when the cloud-accessible subset of the set of managed machines are not exposed to the external cloud environment;
generating, by a processor, a partitioned security class in the set of security policies that includes the first subset of security policies corresponding to the set of access conditions for the cloud-accessible subset of the set of managed machines; and
in response to determining that the cloud-accessible subset of the set of managed machines is exposed to the external cloud environment, applying the partitioned security class to the subset of the set of managed machines, wherein the partitioned security class permits sharing of the cloud-accessible subset of the set of managed machines with the external cloud environment based on the first subset of security policies.
1 Assignment
0 Petitions
Accused Products
Abstract
Embodiments relate to systems and methods for extending a network security platform to a cloud-based network. A set of managed machines, such as personal computers or servers, can be managed by a network security engine. The network security engine can govern access to and operation of the set of managed machines through a set of security policies. According to embodiments, the set of security policies can be sub-divided into a partitioned security class corresponding to a subset of the managed network which is intended to be deployed as a cloud-accessible subset of the overall managed network. The partitioned security class can specify access restrictions for the cloud-accessible subset to receive resources from or provide resources to the external cloud environment. A corporate campus network or other managed network can therefore permit access of the cloud to some or all of its machines, while still maintaining desired local security conditions.
-
Citations
20 Claims
-
1. A method, comprising:
-
generating a set of security policies for a set of managed machines in a network;
identifying a cloud-accessible subset of the set of managed machines to be used as a shared resource by an external cloud environment;identifying a first subset of security policies within the set of security policies, the first subset of security policies corresponding to a set of access conditions for the cloud-accessible subset of the set of managed machines; identifying a second subset of baseline security policies within the set of security policies to apply to the cloud-accessible subset of the set of managed machines when the cloud-accessible subset of the set of managed machines are not exposed to the external cloud environment; generating, by a processor, a partitioned security class in the set of security policies that includes the first subset of security policies corresponding to the set of access conditions for the cloud-accessible subset of the set of managed machines; and in response to determining that the cloud-accessible subset of the set of managed machines is exposed to the external cloud environment, applying the partitioned security class to the subset of the set of managed machines, wherein the partitioned security class permits sharing of the cloud-accessible subset of the set of managed machines with the external cloud environment based on the first subset of security policies. - View Dependent Claims (2, 3, 4, 5, 6, 18)
-
-
7. A computer system, comprising:
-
a memory component; and a processor coupled to the memory component, wherein the processor is to; generate a set of security policies for a set of managed machines in a managed network; identify a cloud-accessible subset of the set of the managed machines to be used as a shared resource by an external cloud environment; identify a first subset of security policies within the set of security policies, the first subset of security policies corresponding to a set of access conditions for the cloud-accessible subset of the set of managed machines; identify a second subset of baseline security policies within the set of security policies to apply to the cloud-accessible subset of the set of managed machines when the cloud-accessible subset of the set of managed machines are not exposed to the external cloud environment; generate a partitioned security class in the set of security policies that includes the first subset of security policies corresponding to the set of access conditions for the cloud- accessible subset of the set of managed machines; and in response to determining that the cloud-accessible subset of the set of managed machines is exposed to the external cloud environment, apply the partitioned security class to the subset of the set of managed machines, wherein the partitioned security class permits sharing of the cloud-accessible subset of the set of managed machines with the external cloud environment based on the first subset of security policies. - View Dependent Claims (8, 9, 10, 11, 12, 19)
-
-
13. A non-transitory computer readable medium programmed to include instructions that, when executed by a processor, cause the processor to:
-
generate a set of security policies for a set of managed machines in a network; identify a cloud-accessible subset of the set of managed machines to be used as a shared resource by an external cloud environment; identify a first subset of security policies within the set of security policies, the first subset of security policies corresponding to a set of access conditions for the cloud- accessible subset of the set of managed machines; identify a second subset of baseline security policies within the set of security policies to apply to the cloud-accessible subset of the set of managed machines when the cloud-accessible subset of the set of managed machines are not exposed to the external cloud environment; generate a partitioned security class in the set of security policies that includes the first subset of security policies corresponding to the set of access conditions for the cloud-accessible subset of the set of managed machines; and in response to determining that the cloud-accessible subset of the set of managed machines is exposed to the external cloud environment, apply the partitioned security class to the subset of the set of managed machines, wherein the partitioned security class permits sharing of the cloud-accessible subset of the set of managed machines with the external cloud environment based on the first subset of security policies. - View Dependent Claims (14, 15, 16, 17, 20)
-
Specification