Control of cloud application access for enterprise customers
First Claim
Patent Images
1. A computer-implemented method of controlling access to cloud applications, the method comprising:
- receiving network traffic between a cloud application client and a cloud application being accessed by the cloud application client;
examining the network traffic to identify the cloud application;
identifying an application handler in a plurality of application handlers for processing the network traffic involving the cloud application hosted by a particular server computer, each application handler in the plurality of application handlers being configured to process network traffic of a particular cloud application in a plurality of cloud applications to identify and log access to a corresponding cloud application, each of the plurality of cloud applications being hosted by a corresponding particular server computer;
forwarding the network traffic to the application handler; and
enforcing on the network traffic an application policy in a plurality of application policies;
generating a cloud access log that indicates the network traffic;
forwarding the cloud access log to a log analysis server over the Internet; and
generating a cloud access report based on the cloud access log,(a) wherein a first application policy in the plurality of application policies indicates blocking cloud applications that belong to a category of cloud applications, and wherein enforcing the application policy comprises determining a category of the cloud application and blocking the network traffic in response to determining that the cloud application belongs to the category of cloud applications,(b) wherein a second application policy in the plurality of application policies indicates which user can access which cloud application in the plurality of cloud applications, and wherein enforcing the application policy comprises determining a user of the cloud application client and blocking the network traffic in response to determining that the user is not authorized to access the cloud application, and(c) wherein a server that is hosting the cloud application is in a blacklist, and wherein enforcing the application policy comprises blocking the network traffic in accordance with the blacklist.
1 Assignment
0 Petitions
Accused Products
Abstract
A system for controlling access to cloud applications includes a cloud security server that receives network traffic stream from cloud application clients of a private computer network. The cloud security server examines the network traffic stream to identify a cloud application that is associated with the network traffic stream and directs the network traffic stream to one of several application handlers that is configured to process network traffic stream for the cloud application. The application handler enforces on the network traffic stream an application policy that is applicable to the cloud application.
45 Citations
8 Claims
-
1. A computer-implemented method of controlling access to cloud applications, the method comprising:
-
receiving network traffic between a cloud application client and a cloud application being accessed by the cloud application client; examining the network traffic to identify the cloud application; identifying an application handler in a plurality of application handlers for processing the network traffic involving the cloud application hosted by a particular server computer, each application handler in the plurality of application handlers being configured to process network traffic of a particular cloud application in a plurality of cloud applications to identify and log access to a corresponding cloud application, each of the plurality of cloud applications being hosted by a corresponding particular server computer; forwarding the network traffic to the application handler; and enforcing on the network traffic an application policy in a plurality of application policies; generating a cloud access log that indicates the network traffic; forwarding the cloud access log to a log analysis server over the Internet; and generating a cloud access report based on the cloud access log, (a) wherein a first application policy in the plurality of application policies indicates blocking cloud applications that belong to a category of cloud applications, and wherein enforcing the application policy comprises determining a category of the cloud application and blocking the network traffic in response to determining that the cloud application belongs to the category of cloud applications, (b) wherein a second application policy in the plurality of application policies indicates which user can access which cloud application in the plurality of cloud applications, and wherein enforcing the application policy comprises determining a user of the cloud application client and blocking the network traffic in response to determining that the user is not authorized to access the cloud application, and (c) wherein a server that is hosting the cloud application is in a blacklist, and wherein enforcing the application policy comprises blocking the network traffic in accordance with the blacklist. - View Dependent Claims (2, 3, 4)
-
-
5. A system for controlling access to cloud applications, the system comprising:
-
a cloud application server hosting a first cloud application; a plurality of cloud application clients of a private computer network; and a cloud security server that receives over the Internet a network traffic stream from a first cloud application client in the plurality of cloud application clients, identifies the first cloud application in a plurality of cloud applications as being associated with the network traffic stream, directs the network traffic stream to a first application handler in a plurality of application handlers that is configured to identify and log access to the first cloud application hosted by the cloud application server, enforces on the network traffic stream an application policy rule in a plurality of application policy rules that is applicable to the first cloud application, and forwards the network traffic stream to the first cloud application when the application policy rule does not prohibit forwarding of the network stream to the first cloud application, generates a cloud access boa that indicates the network traffic stream, forwards the cloud access log to a log analysis server over the Internet, and generates a cloud access report based on the cloud access log, (a) wherein a first application policy rule in the plurality of application policy rules indicates blocking cloud applications that belong to a category of cloud applications, and wherein the application policy rule is enforced by determining a category of the first cloud application and blocking the network traffic stream in response to determining that the first cloud application belongs to the category of cloud applications, (b) wherein a second application policy rule in the plurality of application policy rules indicates which user can access which cloud application, and wherein the application policy rule is enforced by determining a user of the first cloud application and blocking the network traffic stream in response to determining that the user is not authorized to access the first cloud application, and (c) wherein the cloud application server is in a blacklist, and wherein the application policy rule is enforced by blocking the network traffic stream in accordance with the blacklist. - View Dependent Claims (6, 7, 8)
-
Specification