Method and apparatus for multi-tenancy secrets management
First Claim
1. A computing system implemented method for managing secrets of tenants of a multi-tenant computing environment, comprising:
- maintaining, by a service provider computing system, a service provider secrets policy,wherein the service provider secrets policy includes security requirements associated with the secrets of tenants within the multi-tenant computing environment;
receiving, by the service provider computing system, a first tenant secrets policy from a first tenant computing system for a first tenant of the multi-tenant computing environment;
receiving a request from the first tenant computing system to apply the first tenant secrets policy to at least one multi-tenant asset in the multi-tenant computing environment;
in response to receiving the request from the first tenant computing system, comparing the first tenant secrets policy with the security requirements of the service provider secrets policy;
if the first tenant secrets policy satisfies the security requirements, authorizing, with the service provider computing system, the request from the first tenant computing system to apply the first tenant secrets policy to the at least one multi-tenant asset;
if the first tenant secrets policy fails the security requirements, rejecting the request from the first tenant computing system to apply the first tenant secrets policy to the at least one multi-tenant asset; and
applying the first tenant secrets policy to the at least one multi-tenant asset if the request from the first tenant computing system is authorized.
1 Assignment
0 Petitions
Accused Products
Abstract
A service provider computing environment includes a service provider secrets policy. A service provider computing device receives tenant secrets policies from tenants. The tenants are tenants of multi-tenant assets of a service provider. The service provider computing environment determines of the tenant secrets policies satisfy the requirements of the service provider secrets policy. If the tenant secrets policies satisfy the requirements of the service provider secrets policy, the service provider computing environment allows the tenant secrets policies to be applied to tenant data or information in the multi-tenant assets.
81 Citations
30 Claims
-
1. A computing system implemented method for managing secrets of tenants of a multi-tenant computing environment, comprising:
-
maintaining, by a service provider computing system, a service provider secrets policy, wherein the service provider secrets policy includes security requirements associated with the secrets of tenants within the multi-tenant computing environment; receiving, by the service provider computing system, a first tenant secrets policy from a first tenant computing system for a first tenant of the multi-tenant computing environment; receiving a request from the first tenant computing system to apply the first tenant secrets policy to at least one multi-tenant asset in the multi-tenant computing environment; in response to receiving the request from the first tenant computing system, comparing the first tenant secrets policy with the security requirements of the service provider secrets policy; if the first tenant secrets policy satisfies the security requirements, authorizing, with the service provider computing system, the request from the first tenant computing system to apply the first tenant secrets policy to the at least one multi-tenant asset; if the first tenant secrets policy fails the security requirements, rejecting the request from the first tenant computing system to apply the first tenant secrets policy to the at least one multi-tenant asset; and applying the first tenant secrets policy to the at least one multi-tenant asset if the request from the first tenant computing system is authorized. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
-
-
11. A computing system implemented method for managing secrets of customers of a service provider for a multi-tenant computing environment, comprising:
-
maintaining, by a service provider computing system, a service provider security policy that includes security requirements for the customers of a multi-tenant asset, wherein the multi-tenant asset is hosted for the customers by the service provider, wherein the multi-tenant asset includes at least one of; an application shared by the customers; a server computing system shared by customers; a virtual machine; and non-volatile memory device logically divided between at least two of the customers; receiving a request from a first one of the customers to apply a first customer security policy to a part of the multi-tenant asset allocated to the first one of the customers, wherein the first customer security policy includes rules for managing first customer secrets with the multi-tenant asset in the multi-tenant computing environment; comparing the first customer security policy of the request from the first one of the customers to the service provider security policy; and if the first customer security policy is at least as restrictive as the service provider security policy, authorizing the request from the first one of the customers to enable the first one of the customers to apply the first customer security policy to the part of the multi-tenant asset allocated to the first one of the customers. - View Dependent Claims (12, 13, 14, 15)
-
-
16. A system for managing secrets of tenants of a multi-tenant computing environment, the system comprising:
-
at least one processor; and at least one memory coupled to the at least one processor, the at least one memory having stored therein instructions which when executed by any set of the one or more processors, perform a process for managing secrets of tenants of the multi-tenant computing environment, the process including; maintaining, by a service provider computing system, a service provider secrets policy, wherein the service provider secrets policy includes security requirements associated with the secrets of tenants within the multi-tenant computing environment; receiving, by the service provider computing system, a first tenant secrets policy from a first tenant computing system for a first tenant of the multi-tenant computing environment; receiving a request from the first tenant computing system to apply the first tenant secrets policy to at least one multi-tenant asset in the multi-tenant computing environment; in response to receiving the request from the first tenant computing system, comparing the first tenant secrets policy with the security requirements of the service provider secrets policy; if the first tenant secrets policy satisfies the security requirements, authorizing, with the service provider computing system, the request from the first tenant computing system to apply the first tenant secrets policy to the at least one multi-tenant asset; if the first tenant secrets policy fails the security requirements, rejecting the request from the first tenant computing system to apply the first tenant secrets policy to the at least one multi-tenant asset; and applying the first tenant secrets policy to the at least one multi-tenant asset if the request from the first tenant computing system is authorized. - View Dependent Claims (17, 18, 19, 20, 21, 22, 23, 24, 25)
-
-
26. A system for managing secrets of customers of a service provider for a multi-tenant computing environment, comprising:
-
at least one processor; and at least one memory coupled to the at least one processor, the at least one memory having stored therein instructions which when executed by any set of the one or more processors, perform a process for managing secrets of customers of a service provider for a multi-tenant computing environment, the process including; maintaining, by a service provider computing system, a service provider security policy that includes security requirements for customers of a multi-tenant asset, wherein the multi-tenant asset is hosted for the customers by the service provider, wherein the multi-tenant asset includes at least one of; an application shared by the customers; server computing system shared by customers; a virtual machine; and non-volatile memory device logically divided between at least some of the customers; receiving a request from a first one of the customers to apply a first customer security policy to a part of the multi-tenant asset allocated to the first one of the customers, wherein the first customer security policy includes rules for managing first customer secrets with the multi-tenant asset in the multi-tenant computing environment; comparing the first customer security policy of the request from the first one of the customers to the service provider security policy; and if the first customer security policy is at least as restrictive as the service provider security policy, authorizing the request from the first one of the customers to enable the first one of the customers to apply the first customer security policy to the part of the multi-tenant asset allocated to the first one of the customers. - View Dependent Claims (27, 28, 29, 30)
-
Specification