Policy engine for cloud platform
First Claim
1. A method for enforcing organizational policies of an organization for web applications deployed in a cloud computing environment by users in the organization, the method comprising the steps of:
- intercepting, by a policy engine installed on a device associated with the organization, a communications packet transmitted by a user device and intended for the cloud computing environment;
determining that the intercepted communications packet comprises data including a cloud controller command and a command payload and that the cloud controller command relates to management of web applications in the cloud computing environment;
in response to the determining, dispatching the intercepted communications packet to a rules engine corresponding to the cloud controller command;
executing, by the rules engine, a set of rules representing a policy of the organization for web applications in the cloud computing environment, including editing the command payload in the intercepted communications packet according to the set of rules representing the policy; and
forwarding the intercepted communications packet to the cloud computing environment if a result of execution of the set of rules by the rules engine indicates compliance of the intercepted communications packet with the policy.
2 Assignments
0 Petitions
Accused Products
Abstract
A policy engine is situated within the communications path of a cloud computing environment and a user of the cloud computing environment to comply with an organization'"'"'s policies for deploying web applications in the cloud computing environment. The policy engine intercepts communications packets to the cloud computing environment from a user, such as a web application developer, for example, in preparation for deploying a web application in the cloud computing environment. The policy engine identifies commands corresponding to the communications packets and directs the communications packets to appropriate rules engines corresponding to such commands in order to execute rules to comply with an organization'"'"'s policies. Upon completion of execution of the rules, the communications packets are forwarded to the cloud computing environment if they comply with the policies.
56 Citations
17 Claims
-
1. A method for enforcing organizational policies of an organization for web applications deployed in a cloud computing environment by users in the organization, the method comprising the steps of:
-
intercepting, by a policy engine installed on a device associated with the organization, a communications packet transmitted by a user device and intended for the cloud computing environment; determining that the intercepted communications packet comprises data including a cloud controller command and a command payload and that the cloud controller command relates to management of web applications in the cloud computing environment; in response to the determining, dispatching the intercepted communications packet to a rules engine corresponding to the cloud controller command; executing, by the rules engine, a set of rules representing a policy of the organization for web applications in the cloud computing environment, including editing the command payload in the intercepted communications packet according to the set of rules representing the policy; and forwarding the intercepted communications packet to the cloud computing environment if a result of execution of the set of rules by the rules engine indicates compliance of the intercepted communications packet with the policy. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
-
8. A computer program product for enforcing organizational policies of an organization for web applications deployed in a cloud computing environment by users in the organization, the computer program product being encoded on one or more non-transitory computer storage media and comprising instructions that when executed by one or more computers cause the one or more computers to perform operations comprising:
-
intercepting, by a policy engine installed on a device associated with the organization, a communications packet transmitted by a user device and intended for the cloud computing environment; determining that the intercepted communications packet comprises data including a cloud controller command and a command payload and that the cloud controller command relates to management of web applications in the cloud computing environment; in response to the determining, dispatching the intercepted communications packet to a rules engine corresponding to the cloud controller command; executing, by the rules engine, a set of rules representing a policy of the organization for web applications in the cloud computing environment, including editing the command payload in the intercepted communications packet according to the set of rules representing the policy; and forwarding the intercepted communications packet to the cloud computing environment if a result of execution of the set of rules by the rules engine indicates compliance of the intercepted communications packet with the policy. - View Dependent Claims (9, 10, 11, 12, 13)
-
-
14. A system for enforcing organizational policies of an organization for web applications deployed in a cloud computing environment by user in the organization, the system comprising one or more computers and one or more storage devices storing instructions that are operable, when executed by the one or more computers, to cause the one or more computers to perform operations comprising:
-
intercepting, by a policy engine of the system, a communications packet transmitted by a user device and intended for the cloud computing environment; determining that the communications packet comprises data including a cloud controller command and a command payload and that the cloud controller command relates to management of web applications in the cloud computing environment; in response to the determining, dispatching the intercepted communications packet to a rules engine corresponding to the cloud controller command; executing, by the rules engine, a set of rules representing a policy of the organization for web applications in the cloud computing environment, including editing the command payload in the intercepted communications packet according to the set of rules representing the policy; and forwarding the intercepted communications packet to the cloud computing environment if a second result of execution of the set of rules by the rules engine indicates compliance of the intercepted communications packet with the policy. - View Dependent Claims (15, 16, 17)
-
Specification