Harmonized governance system for heterogeneous agile information technology environments

US 9,734,349 B1
Filed: 07/15/2016
Issued: 08/15/2017
Est. Priority Date: 02/08/2016
Status: Active Grant

First Claim

Patent Images

1. A harmonized governance system for a heterogeneous agile environment, comprising:

one or more computing devices configured as;

a computer-based policy administration element (PAE) communicatively coupled to respective management platforms of a plurality of individual agile environments that make up the heterogeneous agile environment, the PAE configured to administer and report governance policies, including rules, roles and assignment to resources of the heterogeneous agile environment according to abstracted and normalized (i) representations of the resources, (ii) operations which are performed by and on said resources, and (iii) roles assignable to one or more subjects that will interact with said resources, and (iv) respective attributes of said representations, operations and roles; and

a computer-based policy decision element (PDE) communicatively coupled to receive indications of attempted governance operations by the one or more subjects to resources within the individual agile environments that make up the heterogeneous agile environment, the PDE configured to determine and report whether the attempted governance operations should be permitted or not;

one or more data sources accessible to the PAE and the PDE storing information about (i) the one or more subjects and respective attributes thereof, and (ii) resources of the heterogeneous agile environment and respective attributes of said resources,wherein different respective ones of the individual agile environments that make up the heterogeneous agile environment have individual, associated access policies for resources within the respective individual agile environments;

each respective individual agile environment has an associated, respective access control system for subjects, resources, and operations of the respective individual agile environment; and

the resources of each respective individual agile environment comprise one or more of computer systems, network systems, application containers, application systems, management systems, and storage systems,wherein the PAE is further configured to (i) in response to receiving a new attribute concerning a resource of an individual agile environment that is not yet mapped to an abstracted, normalized attribute of the heterogeneous agile environment, mapping the new attribute to the abstracted, normalized attribute, and saving the mapping of the new attribute to the one or more data sources, (ii) in response to receiving a new operation concerning a resource of the individual agile environment that is not yet mapped to the abstracted, normalized operation of the heterogeneous agile environment, mapping the new operation to the abstracted, normalized operation, and saving the mapping of the new operation to the one or more data sources, and (iii) define new abstracted access control policies based on the abstracted roles, abstracted operations and abstracted resources.

View all claims

5 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A harmonized governance system for a heterogeneous agile environment affords abstraction and normalization of resources, operations, and roles, and respective attributes and contexts of such resources, operations, and roles, of respective individual agile environments that make up the heterogeneous agile environment. Such abstraction frees administrators from having to understand and be conversant in agile environment-specific syntaxes required for management of the different agile environments, and allows for normalized reporting and auditing across them. Data sources of the harmonized governance system store information mappings that facilitate this abstraction and normalization of the agile environment-specific syntaxes and as new attributes and contexts of resources, operations, and roles of the agile environment-specific syntax are discovered they are mapped to new counterparts in a heterogeneous agile environment syntax.

45 Citations

View as Search Results

13 Claims

1. A harmonized governance system for a heterogeneous agile environment, comprising:
- one or more computing devices configured as;
  
  a computer-based policy administration element (PAE) communicatively coupled to respective management platforms of a plurality of individual agile environments that make up the heterogeneous agile environment, the PAE configured to administer and report governance policies, including rules, roles and assignment to resources of the heterogeneous agile environment according to abstracted and normalized (i) representations of the resources, (ii) operations which are performed by and on said resources, and (iii) roles assignable to one or more subjects that will interact with said resources, and (iv) respective attributes of said representations, operations and roles; and
  
  a computer-based policy decision element (PDE) communicatively coupled to receive indications of attempted governance operations by the one or more subjects to resources within the individual agile environments that make up the heterogeneous agile environment, the PDE configured to determine and report whether the attempted governance operations should be permitted or not;
  
  one or more data sources accessible to the PAE and the PDE storing information about (i) the one or more subjects and respective attributes thereof, and (ii) resources of the heterogeneous agile environment and respective attributes of said resources,wherein different respective ones of the individual agile environments that make up the heterogeneous agile environment have individual, associated access policies for resources within the respective individual agile environments;
  
  each respective individual agile environment has an associated, respective access control system for subjects, resources, and operations of the respective individual agile environment; and
  
  the resources of each respective individual agile environment comprise one or more of computer systems, network systems, application containers, application systems, management systems, and storage systems,wherein the PAE is further configured to (i) in response to receiving a new attribute concerning a resource of an individual agile environment that is not yet mapped to an abstracted, normalized attribute of the heterogeneous agile environment, mapping the new attribute to the abstracted, normalized attribute, and saving the mapping of the new attribute to the one or more data sources, (ii) in response to receiving a new operation concerning a resource of the individual agile environment that is not yet mapped to the abstracted, normalized operation of the heterogeneous agile environment, mapping the new operation to the abstracted, normalized operation, and saving the mapping of the new operation to the one or more data sources, and (iii) define new abstracted access control policies based on the abstracted roles, abstracted operations and abstracted resources.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The harmonized governance system of claim 1, wherein for each of the respective ones of the individual agile environments that make up the heterogeneous agile environment, the computer-based PAE maintains harmonized mappings of the abstracted and normalized representations of the resources, and respective attributes of said resources, of the respective individual agile environments and corresponding equivalent virtualized agile environment-specific resources, said mappings stored in the one or more data sources.
  - 3. The harmonized governance system of claim 1, wherein for each of the respective ones of the individual agile environments that make up the heterogeneous agile environment, the computer-based PAE maintains harmonized mappings of the abstracted and normalized operations, and respective attributes of said operations, which are performed by said resources of the respective individual agile environments and corresponding equivalent agile environment-specific operations, said mappings stored in the one or more data sources.
  - 4. The harmonized governance system of claim 1, wherein for each of the respective ones of the individual agile environments that make up the heterogeneous agile environment, the computer-based PAE maintains harmonized mappings of the abstracted and normalized roles, and respective attributes of said roles, assignable to subjects that will interact with said resources of the respective individual agile environments and corresponding equivalent agile environment-specific roles, said mappings stored in the one or more data sources.
  - 5. The harmonized governance system of claim 4, wherein the abstracted and normalized roles comprise abstracted operations which are performed by said resources of the respective individual agile environments.
  - 6. The harmonized governance system of claim 1, further comprising:
    - a computer-based policy enforcement element (PEE) communicatively coupled to the respective management platforms and resources of the individual agile environments that make up the heterogeneous agile environment, the PEE configured to enforce and report authorization decisions of the PDE.
  - 7. The harmonized governance system of claim 1, further comprising:
    - a computer-based policy provisioning element (PPE) configured to translate the abstracted, normalized access control policies defined by the PAE into respective management platform-specific access control policies, and provision the management platform-specific access control policies to the respective management platforms.

8. A method comprising:
- receiving, at a harmonized governance system for a heterogeneous agile environment that includes a number, n, of individual agile environments each comprising one or more computer systems, network systems, application containers, application systems, management systems, and storage systems, an indication of an attempted operation concerning a resource of a first one of the individual agile environments, and wherein the number, n, of individual agile environments each have individual, associated access policies for resources within the respective individual agile environments; and
  
  each respective individual agile environment has an associated, respective access control system for subjects, resources, and operations of the respective individual agile environment;
  
  mapping the indication of the attempted operation concerning the resource from an agile environment-specific operation of the first one of the individual agile environments to an abstracted, normalized operation of the heterogeneous agile environment;
  
  the harmonized governance system of the heterogeneous agile environment making a decision whether to allow or not allow the attempted operation;
  
  in response to the attempted operation being allowed, translating the abstracted, normalized operation of the heterogeneous agile environment to the agile environment-specific operation of the first one of the individual agile environments;
  
  transmitting the agile environment-specific operation of the first one of the individual agile environments to a management platform of the first one of the individual agile environments for execution thereby;
  
  in response to receiving a new attribute concerning a resource of an individual agile environment that is not yet mapped to an abstracted, normalized attribute of the heterogeneous agile environment, mapping the new attribute to the abstracted, normalized attribute, and saving the mapping of the new attribute to one or more data sources; and
  
  in response to receiving a new operation concerning a resource of an individual agile environment that is not yet mapped to an abstracted, normalized operation of the heterogeneous agile environment, mapping the new operation to the abstracted, normalized operation, and saving the mapping of the new operation to one or more data sources; and
  
  defining new abstracted access control policies based on the abstracted roles, abstracted operations and abstracted resources.
- View Dependent Claims (9, 10, 11, 12, 13)
- - 9. The method of claim 8, further comprising reporting the abstracted, normalized operation of the heterogeneous agile environment to an administrator of the harmonized governance system.
  - 10. The method of claim 9, wherein said reporting is via one of:
    - a dashboard or a transmitted report.
  - 11. The method of claim 8, wherein the indication of the attempted operation concerning the resource of the first one of the individual agile environments comprises an indication of an action to be performed on or by the resource.
  - 12. The method of claim 8, wherein making the decision whether to authorize or not authorize the attempted operation comprises determining whether policies governing the attempted operation concerning the resource permit said attempted operation.
  - 13. The method of claim 12, wherein the policies governing the attempted operation concerning the resource comprise one or more of governance policies, role-based access control policies, attribute-based access control policies, placement-policies, and relationship policies.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Entrust Corp.
Original Assignee
HyTrust, Inc. (Entrust Corp.)
Inventors
Rangarajan, Govindarajan, Prafullchandra, Hemma
Primary Examiner(s)
SCHMIDT, KARI L

Application Number

US15/211,947
Publication Number

US 20170228552A1
Time in Patent Office

396 Days
Field of Search
US Class Current
CPC Class Codes

G06F 21/55   Detecting local intrusion o...

G06F 21/604   Tools and structures for ma...

G06F 21/6218   to a system of files or obj...

G06F 9/45558   Hypervisor-specific managem...

G06F 9/50   Allocation of resources, e....

H04L 63/08   for authentication of entit...

H04L 63/10   for controlling access to d...

H04L 63/101   Access control lists [ACL]

H04L 63/102   Entity profiles

H04L 63/20   for managing network securi...

Harmonized governance system for heterogeneous agile information technology environments

First Claim

5 Assignments

0 Petitions

Accused Products

Abstract

45 Citations

13 Claims

Specification

Solutions

Use Cases

Quick Links

Harmonized governance system for heterogeneous agile information technology environments

First Claim

5 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

45 Citations

13 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links