Cloud computing is becoming more prevalent. Some of the more basic cloud computing services store files so that the files can be accessed from any computer system that is able to log into the cloud computing service storing the files. More complex cloud computing services provide a remote platform for providing their services to customers. These more complex cloud computing services are sometimes referred to as Software as a Service (SaaS), Platform as a service (PaaS), and Infrastructure as a Service (IaaS).
While various cloud computing services provide services to individuals, some cloud computing services also provide services to entities. For example, a business entity may subscribe to a particular cloud computing service for use by employees of the business entity. Each of the employees may be able to independently modify access settings for data objects maintained in the cloud computing service. Consequently, the entity may not be aware when settings for the data objects provide more exposure for the object than would be desired by the entity. For example, an entity may prefer that settings for an object prevent access by people or applications outside of the entity because of sensitive information within the object but has no practicable means of enforcing such a preference.
Overview
Embodiments disclosed herein provide systems, methods, and computer readable media for determining user reputation regarding data object exposure in a cloud computing environment. In a particular embodiment, a method provides receiving, from the cloud computing environment, information regarding behavior of a user in the cloud computing environment. The method further provides analyzing the information to determine a plurality of exposure characteristics for the user. The method provides determining a reputation of the user for exposing data objects in the cloud computing environment based on the plurality of exposure characteristics.
In some embodiments, the method further provides that determining a reputation of the user for exposing data objects in the cloud computing environment, comprises applying a plurality of rules to the plurality of exposure characteristics and determining the reputation based on how well the plurality of exposure characteristics comply with the plurality of rules.
In some embodiments, the information includes accessibility settings for a plurality of data objects associated with the user in the cloud computing environment.
In some embodiments, the information includes classifications for each of a plurality of data objects associated with the user.
In some embodiments, the method provides that receiving the information comprises using Application Programming Interface (API) calls for the cloud computing environment to request the information.
In some embodiments, the method provides that using API calls for the cloud computing environment to request the information comprises impersonating a user associated with the data object, wherein the API calls comprise API calls only available to the user.
In some embodiments, the method further provides generating a notification indicating the reputation and remedial actions that will compensate for the reputation.
In some embodiments, the cloud computing environment includes at least two cloud computing services associated with the user and the method provides that receiving the information comprises receiving first information regarding behavior of the user from a first cloud computing service of the cloud computing services and receiving second information regarding behavior of the user from a second cloud computing service of the cloud computing services.
In some embodiments, the method provides that determining the reputation comprises lowering a current reputation if the plurality of exposure characteristics indicates a higher risk of exposure than a risk of exposure indicated by the current reputation.
In a further embodiment, a computer readable storage medium having instructions stored thereon is provided for operating a reputation analysis system to determine user reputation regarding data object exposure in a cloud computing environment. The instructions, when executed by the reputation analysis system, direct the reputation analysis system to receive, from the cloud computing environment, information regarding behavior of a user in the cloud computing environment. The instructions further direct the reputation analysis system to analyze the information to determine a plurality of exposure characteristics for the user and determine a reputation of the user for exposing data objects in the cloud computing environment based on the plurality of exposure characteristics.
In yet another embodiment, a reputation analysis system is provided for determining user reputation regarding data object exposure in a cloud computing environment. The reputation analysis system includes a network communication interface configured to receive, from the cloud computing environment, information regarding behavior of a user in the cloud computing environment. The reputation analysis system further includes a processing system configured to analyze the information to determine a plurality of exposure characteristics for the user and determining a reputation of the user for exposing data objects in the cloud computing environment based on the plurality of exposure characteristics.