Instant data security in untrusted environments
First Claim
Patent Images
1. A method of managing keys and policies, comprising:
- communicating enterprise policies from a key and policy manager in a computing device in an enterprise environment to an agent while the agent is in a computing or communication device in a cloud environment;
generating keys at the key and policy manager;
distributing one or more of the keys from the key and policy manager in the enterprise environment to computing or communication devices in the enterprise environment, in accordance with the enterprise policies; and
enforcing the enterprise policies in the cloud environment via an application of the enterprise policies by the agent in the cloud environment, wherein at least one method operation is executed through a processor,migrating data in the cloud environment from usage of keys generated in the cloud environment to usage of the keys generated at the key and policy manager, via decryption with the keys generated in the cloud environment and re-encryption with the keys generated at the key and policy manager.
3 Assignments
0 Petitions
Accused Products
Abstract
A method of managing keys and policies is provided. The method includes communicating policies from a key and policy manager in an enterprise environment to an agent in a cloud environment. The method includes generating keys at the key and policy manager and distributing one or more of the keys to computing or communication devices in the enterprise environment, in accordance with the policies. The method includes enforcing the policies in the cloud environment via an application of the policies by the agent, wherein at least one method operation is executed through a processor.
63 Citations
19 Claims
-
1. A method of managing keys and policies, comprising:
-
communicating enterprise policies from a key and policy manager in a computing device in an enterprise environment to an agent while the agent is in a computing or communication device in a cloud environment; generating keys at the key and policy manager; distributing one or more of the keys from the key and policy manager in the enterprise environment to computing or communication devices in the enterprise environment, in accordance with the enterprise policies; and enforcing the enterprise policies in the cloud environment via an application of the enterprise policies by the agent in the cloud environment, wherein at least one method operation is executed through a processor, migrating data in the cloud environment from usage of keys generated in the cloud environment to usage of the keys generated at the key and policy manager, via decryption with the keys generated in the cloud environment and re-encryption with the keys generated at the key and policy manager. - View Dependent Claims (2, 3, 4, 5, 6)
-
-
7. A non-transient, tangible, computer-readable medium having thereupon instructions which, when executed by a processor cause the processor to perform a method comprising:
-
generating, at a key and policy manager implemented in a computing device in an enterprise environment, enterprise policies relating to computing devices in the enterprise environment and relating to cloud services; generating keys at the key and policy manager in the enterprise environment; distributing the keys from the key and policy manager in the enterprise environment to the computing devices in the enterprise environment in accordance with the enterprise policies; and communicating the enterprise policies from the key and policy manager in the enterprise environment to one or more agents operating in one or more computing or communication devices outside of the enterprise environment, wherein the one or more agents enforce the enterprise policies relative to the environment outside of the enterprise environment as provided to the computing devices in the enterprise environment, migrating data in the cloud environment from usage of keys generated in the cloud environment to usage of the keys generated at the key and policy manager, via decryption with the keys generated in the cloud environment and re-encryption with the keys generated at the key and policy manager. - View Dependent Claims (8, 9, 10, 11)
-
-
12. A data security system comprising:
-
a key and policy manager that is operable in a computing device in an enterprise environment and includes at least one processor, the key and policy manager configured to; receive enterprise policies relating to communication devices in the enterprise environment and relating to cloud services; generate keys, and distribute the keys to the communication devices in the enterprise environment in accordance with the enterprise policies; and communicate the enterprise policies to one or more agents operating in a cloud environment external to the enterprise environment, the cloud environment associated with the cloud services; and an agent that is operable in a computing or communication device in a software as a service (SaaS) provider in the cloud, the agent configured to; receive the enterprise policies from the key and policy manager that is operable in the enterprise environment; and enforce the enterprise policies relative to services provided by the SaaS provider and relative to the computing or communication devices in the enterprise environment receiving the services provided by the SaaS provider, whether the system migrates data in the cloud environment from usage of keys generated in the cloud environment to usage of the keys generated at the key and policy manager, via decryption with the keys generated in the cloud environment and re-encryption with the keys generated at the key and policy manager. - View Dependent Claims (13, 14, 15, 16, 17, 18, 19)
-
Specification