Browse Prior Art Database

Method and System for Detecting Unauthorized Use of Cloud Services Disclosure Number: IPCOM000225605D
Publication Date: 2013-Feb-21
Document File: 6 page(s) / 75K

Publishing Venue

The Prior Art Database


Many enterprises are concerned about unauthorized use of cloud services by their employees. This paper describes a method to monitor and control use of these cloud services by enterprise employees utilizing the capabilities of a security governance tool, next generation inline network device and directory server.

This text was extracted from a PDF file.
This is the abbreviated version, containing approximately 41% of the total text.

Page 01 of 6

Method and System for Detecting Unauthorized Use of Cloud Services

Public cloud services provide IT environments that can be rapidly provisioned with minimal governance, at times requiring little more than a credit card to get started. It is well known within enterprises that unauthorized use of public cloud services occurs, potentially putting the enterprise at increased risk if appropriate security and privacy controls are not employed. As an example, see this article:

The above shows that a purely policy based approach is insufficient.

Preventing this unauthorized access by blocking all traffic to public cloud sites IP address ranges is not an effective approach, because the enterprise may be making valid, authorized use of such cloud services. In addition, well known Internet services which are valid for enterprise use are hosted on these same

public cloud services.

Better solutions are needed to manage the risk of enterprises exploiting public cloud services.

This article describes an improved method and system for detecting unauthorized use of cloud services, consisting of:

optionally defining cloud governance policy from a business perspective

using a next generation network security device to detect attempted access to public cloud services

authorizing user access to public cloud services based on configured policy

taking action based on the defined security policy and resulting authorization decisions

Advantages of this invention over known prior art include:

Reduced risk for an enterprise wishing to manage access to public cloud services

Finer grained access control policy than simply blocking at the IP address

The working of the invention is described in the diagram below.


Page 02 of 6

Ahead of time, the network security administrator configures policies that define acceptable and unacceptable use, in terms of combinations of identity (who is

attempting access), the network protocol used and the destination network address.


Page 03 of 6


These policies may be defined in a policy governance tool in business policy terms, using that tool's existing user interfaces for policy management.

Where policy is defined in business terms in a policy governance tool, existing capabilities in the tool for translating policy from business to technical are needed, and considered prior art and not novel in this invention disclosure.



The IP address ranges of public cloud providers are well known and could be pre-configured in the network device's policy subsystem. It could be updated by the device vendor as part of existing firmware update capabilities, or alternatively could be configurable by the enterprise's security administrators, or both.

A user attempts to access an unauthorized virtual machine hosted at a public cloud provider. It could be Data/Storage as a Service, Infrastructure as a


Service, Platform as a Servi...