In the digital age, organizations increasingly depend on computing resources to manage data and to provide internal and external services. In order to manage increasingly complex information technology infrastructures, some organizations may use platform-as-a-service platforms for deploying applications. The platform-as-a-service model may allow organizations to bring applications online without acquiring, configuring, or maintaining the underlying hardware and software stack.
Delegating the maintenance of a computing platform to a third-party may save an organization time, may save the organization money, and/or may increase the flexibility with which the organization may select resources for and allocate resources to applications. Unfortunately, by outsourcing computing platforms, the same organization may reduce its control over the computing platforms, preventing the organization from applying security policies and other compliance policies not provided for by the platform-as-a-service provider.
Some traditional platform-as-a-service platforms may allow administrators to launch computing instances with specified roles that are associated with permissions to access specified data sets. For example, an administrator may launch a computing instance that is granted credentials to access a cloud-stored database of credit card data but is not granted credentials to access a cloud-stored database of medical data (or vice versa). However, some organizations may employ multiple administrators with separate organizational roles and, therefore, responsibility over differing datasets. Unfortunately, traditional platform-as-a-service platforms may allow all administrators in an organization to launch a computing instance with any or all available permissions and/or allow administrators to access data outside the scope of their responsibilities.
Accordingly, the instant disclosure identifies and addresses a need for additional and improved systems and methods for enforcing enterprise data access control policies in cloud computing environments.