As various forms of distributed computing, such as cloud computing, have come to dominate the computing landscape, security has become a bottleneck issue that currently prevents the complete migration of various capabilities and systems associated with sensitive data, such as financial data, to cloud-based infrastructures, and/or other distributive computing models.
Historically, in an effort to control access provided to entities charged with taking part in the development, and/or deployment, and/or operation of an application, the security industry has employed role-based access and permission control and management systems to try and ensure that only authorized entities, such as individual persons, can access specific systems, applications, and resources within traditional data centers. While role-based access and permission control and management was arguably effective when used in traditional data center hardware defined environments, within a software defined environment, such as a cloud computing environment, role-based access and permission control and management systems create a great deal of complexity and inefficiency. This is due in part to the fact that, using traditional role-based access and permission control and management, each stage of each individual application's development, deployment, and operation requires numerous, largely customized, roles to be defined for each entity, each with a set of permissions further customized to that entity, and customized with respect to each stage of development of each individual application. To make matters worse, this process must typically be repeated for each application and/or service.
The situation described above represents a significant issue that must be resolved before highly sensitive data, such as financial data, can be safely and efficiently processed in a cloud computing environment.
What is needed is a permissions management system centered on reference architecture patterns, e.g., blueprints, cookbooks, and templates, for various types, or classes of applications. Then these reference architecture pattern-based permission management systems can be used for multiple applications of the same reference architecture pattern type and the permissions for a given entity can be automatically assigned and provided based on the reference architecture pattern in use, and the tier or account associated with the reference architecture pattern being utilized/accessed, and the role assigned to the entity within the reference architecture pattern.