Authentication in a globally distributed infrastructure for secure content management

摘要

Secure content management is enabled as a cloud-based service through which security protection and policy enforcement may be implemented for both on-premise network users and roaming users. The global SCM service integrates the security functionalities—such as anti-virus, spyware, and phishing protection, firewall, intrusion detection, centralized management, and the like—that are typically provided by enterprise network SCM appliance hardware or servers into a cloud-based service that users reach via Internet-based points-of-presence (“POPs”). The POPs are configured with forward proxy servers, and in some implementations, caching and network acceleration components, and coupled to hubs which provide configuration management and identity management services such as active directory services.

主权项

1. A method for providing a Secure Content Management (SCM) service to users of information technology (IT) devices, the method comprising the steps of:
utilizing, to support the SCM service, a distributed infrastructure that is accessible by the users over an Internet connection, the infrastructure including a plurality of points-of-presence (POPs), each POP in the plurality including at least a forward proxy server for forwarding traffic from the IT devices to resource servers that are accessible on the Internet and further including one or more policy databases that are non-centralized within the infrastructure for storing security policies, each of the non-centralized policy databases including non-centralized and duplicated security policies; authenticating the users of the IT devices to the SCM service; redirecting a user to a co-located POP, a POP being co-located when a set of parameters is optimized including network latency compared with non-co-located POPs and localization of a user experience is implementable; and providing the SCM service to the authenticated users through the co-located POP, the SCM service a) implementing security monitoring of the authenticated user's interactions with resources that are accessed over the Internet connection and applying the non-centralized and duplicated security policies to govern the authenticated user's interactions with the resources once accessed so that an authenticated user is subject to identical security policy enforcement irrespective of which of the co-located POPs is utilized to provide the SCM service, the security monitoring including content filtering between the users' IT devices and the resource servers, the content filtering being implemented subsequent to a user being authenticated, and the security monitoring further including anti-virus protection and intrusion detection, and b) content caching based on a profile of a user, the user profile being generated responsively to the monitored interactions.