| 发明名称 |
Assessing security risks associated with connected application clients |
| 摘要 |
A method for assessing security risks associated with a cloud application to which one or more connected applications are coupled begins by configuring a security risk assessment application to function as a connected application. The security risk assessment application collects “first” data associated with one or more accounts, and “second” data associated with the one or more connected applications coupled to the cloud application. After receiving the first and second data, the security risk assessment application instantiates that data into a generic “data object” that the system uses to represent each account and each of the connected applications. Each such data object thus is populated either with the first data or the second data, depending on whether the data object represents an account or a connected application. A risk assessment is then applied to the generic data object to assess a security risk associated with the cloud application. |
| 申请公布号 |
US9591016(B1) |
申请公布日期 |
2017.03.07 |
| 申请号 |
US201514946921 |
申请日期 |
2015.11.20 |
| 申请人 |
International Business Machines Corporation |
发明人 |
Palmieri David Walsh;Chia Gee Ngoo;Robke Jeffrey Tobias |
| 分类号 |
H04L29/06;G06F21/00;H04L29/08 |
主分类号 |
H04L29/06 |
| 代理机构 |
|
代理人 |
LaBaw Jeffrey S.;Judson David H. |
| 主权项 |
1. A method for assessing security risks associated with a cloud application to which one or more connected applications are coupled, comprising:
configuring a security risk assessment application to function as a connected application to the cloud application, wherein a connected application is an application that has been granted access to the cloud application with one or more privileges or permissions to collect data and manage the cloud application; collecting, by the security risk assessment application, first data associated with one or more accounts, and second data associated with the one or more connected applications coupled to the cloud application, wherein at least one account is an identity and access management (IAM) account that is an entity that includes a set of parameters defining application-specific attributes of a principal; generating, by the security risk assessment application, multiple data objects of a same type, wherein each account is represented by one of the multiple data objects, and wherein each connected application is represented by one of the multiple data objects, wherein a data object that represents an account is populated with the first data, wherein a data object that represents a connected application is populated with the second data; and applying a risk assessment to a particular data object to assess a security risk associated with the cloud application. |
| 地址 |
Armonk NY US |
