Method and system for dynamically and automatically managing resource access permissions

摘要

Employment role data, trust data, and special permissions data, associated with a party is automatically obtained and/or monitored. The employment role data associated with the party, the trust data associated with the party, and the special permissions data associated with the party, is then analyzed to determine a set of allowed access permissions data to be associated with the party, the set of allowed access permissions data providing the party access to one or more resources. It is then either recommended that the set of allowed access permissions data be provided to the party, or the set of allowed access permissions data is automatically provided to the party.

主权项

1. A system for dynamically and automatically managing resource access permissions comprising:
at least one processor; and at least one memory coupled to the at least one processor, the at least one memory having stored therein instructions which when executed by any set of the one or more processors, perform a process for dynamically and automatically managing resource access permissions, the process for dynamically and automatically managing resource access permissions including: automatically obtaining and monitoring employment role data associated with a party, the employment role data associated with the party including data indicating the party's role and/or job description within an organization; automatically obtaining and monitoring trust data associated with the party, the trust data associated with the party including data indicating the party's trust related activities and a trust level/trust score assigned to the party, wherein the trust data includes internal trust data associated with the party and that is obtained by monitoring interactions of the party with one or more resources within the organization, wherein the trust data includes external trust data associated with the party and that is obtained by monitoring interactions of the party with one or more resources outside of the organization; automatically obtaining and monitoring special permissions data associated with the party, the special permissions data associated with the party indicating any special resource access permissions granted to the party, the special resource access permissions being resource access permissions granted on a temporary basis to the party and that are outside a scope of the other permissions granted to the party based on the employment role of the party and/or the trust level/trust score assigned to the party; automatically analyzing the employment role data associated with the party, the trust data associated with the party, and the special permissions data associated with the party, to determine a set of allowed access permissions data to be associated with the party; applying the set of allowed access permissions data to an account associated with the party, the allowed access permissions data indicating the party is allowed access to one or more resources that provide services for the organization, the one or more resources that provide services for the organization including one or more virtual assets configured to host services for the organization, the one or more virtual assets including one or more virtual server instances that provide the services for the organization to customers of the organization from an untrusted cloud computing environment, the set of allowed access permissions data enabling the party to instantiate the one or more virtual server instances that provide the services for the organization to customers of the organization from the untrusted cloud computing environment, the untrusted cloud computing environment including hardware infrastructure that is allocated under the control of a cloud environment service provider for use by the organization and that is not allocated under the control of the organization, to provide the services to the customers of the organization; and automatically providing the party access to the one or more resources that provide services for the organization at least partially based on the set of allowed access permissions data, to enable the party to instantiate the one or more virtual server instances in the untrusted cloud computing environment, to securely migrate the services for the organization to the untrusted cloud computing environment.