Cloud service providers provide various services in the “cloud;” that is, over a network, such as the public Internet, and remotely accessible to any network-connected client device. Examples of the service models used by cloud service providers (also referred to herein as “cloud providers” or “providers”) include infrastructure as a service (IaaS), platform as a service (PaaS), software as a service (SaaS), and network as a service (NaaS). IaaS providers provide customers with infrastructure resources such as processing, storage, networks, and other computing resources that the customer is able to use to run software. The customer does not manage the infrastructure, but has control over operating systems, storage, and deployed applications, among other things, and may be able to control some networking components, such as firewalls. PaaS providers provide a customer with a platform on which the customer can develop, run, and manage an application without needing to maintain the underlying computing infrastructure. SaaS is a software licensing and delivery model in which software is licensed to customer on a subscription basis, and is centrally hosted by the cloud provider. Under this model, applications can be accessed, for example, using a web browser. NaaS providers provide network services to customers, for example by provisioning a virtual network on the network infrastructure operated by another party. In each of these service models, the cloud service provider maintains and manages the hardware and/or software that provide the services, and little, if any, software executes on a user's device.
Customers of cloud service providers, which can be referred to as users or tenants, can subscribe to the service provider to obtain access to the particular services provided by the service provider. The service provider can maintain an account for a user or tenant, through which the user and/or tenant can access the provider's services. The service provider can further maintain user accounts that are associated with the tenant, for individual users. Examples of service providers include Box, Dropbox, Microsoft, Docusign, Google, Salesforce, Oracle, Amazon, and others. Service provider such as these can provide multiple different services, but different service providers need not have any affiliation with one another, including not sharing infrastructure or security boundaries. Service provider systems are often also heavily secured and closed to non-tenants.
The reliance of organizations on computing environments has led to widespread adoption of cloud services for operations such as collaboration, sales and customer services, infrastructures, and so on. Applications provided through a cloud environment may enable organizations to rollout services faster and without much upfront investment on data center, hardware, software, and deployment projects. The accessibility of applications can increase employee productivity due to the availability of cloud enabled services from many locations, such as at work, at home, at a hotel, and other locations.
Because organizations and/or users of an organization may subscribe to the services of many different cloud services providers, an organization may need ways to ensure the organization's own systems do not come to harm through the use of cloud services. Use of cloud services can lead to security risks that are not present when an organization hosts and manages services within the organization itself.