Abstract: Access privileges of at least one identity to resources are adjusted within an authorization system of a computing environment. Over a detection period, accesses by the identity to the resources are detected and a usage score is computed as a usage function of a measure of use by the identity of access privilege(s) it has been granted to at least one of the resources relative to a measure of a set of possible grantable privileges. In accordance with a least privilege security policy, and according to the usage score, the set of access privileges granted to the identity may then be adjusted.

Abstract: Access privileges of at least one identity to resources are adjusted within an authorization system of a computing environment. Over a detection period, accesses by the identity to the resources are detected and a usage score is computed as a usage function of a measure of use by the identity of access privilege(s) it has been granted to at least one of the resources relative to a measure of a set of possible grantable privileges. In accordance with a least privilege security policy, and according to the usage score, the set of access privileges granted to the identity may then be adjusted.

Abstract: A security server provides dynamic permissions for an enterprise data source. The security server establishes permissions rules for a data source of the enterprise. For example, the permissions rules describe permissions policies applicable to users of the enterprise in given contexts. The security server evaluates the permissions rules in view of a context to produce a dynamic permissions policy for the data source. The context describes the environment of the data source at a point in time (e.g., a current time). The dynamic permissions policy describes permissions of users of the enterprise with respect to the data source and the context. The security server transmits the dynamic permissions policy to the enterprise such that the enterprise is able to implement the dynamic permissions policy at the data source.

Abstract: Methods, systems, apparatuses, and computer-readable storage mediums are described for assigning a security risk score to a resource. In one example, resource access data is collected for a resource. Based at least on the resource access data, a data risk index (DRI) score is generated for the resource. The DRI score comprises a value that is indicative of a level of risk that the resource will be compromised. At least one of the DRI score, an alert based at least on the DRI score, or a policy change for the resource based at least on the generated DRI score is reported to an administrator.

Abstract: Access privileges of at least one identity to resources are adjusted within an authorization system of a computing environment. Over a detection period, accesses by the identity to the resources are detected and a usage score is computed as a usage function of a measure of use by the identity of access privilege(s) it has been granted to at least one of the resources relative to a measure of a set of possible grantable privileges. In accordance with a least privilege security policy, and according to the usage score, the set of access privileges granted to the identity may then be adjusted.

Abstract: A security server provides dynamic permissions for an enterprise data source. The security server establishes permissions rules for a data source of the enterprise. For example, the permissions rules describe permissions policies applicable to users of the enterprise in given contexts. The security server evaluates the permissions rules in view of a context to produce a dynamic permissions policy for the data source. The context describes the environment of the data source at a point in time (e.g., a current time). The dynamic permissions policy describes permissions of users of the enterprise with respect to the data source and the context. The security server transmits the dynamic permissions policy to the enterprise such that the enterprise is able to implement the dynamic permissions policy at the data source.

Abstract: A method, a system and/or an apparatus of activity based access control in heterogeneous information technology infrastructure is disclosed. The infrastructure security server authenticates that a user is authorized to access a set of heterogeneous cloud-based services using at least one heterogeneous authorization system. The method monitors an activity of the user when accessing any of the set of heterogeneous cloud-based services over a period of time using a processor and a memory. The method dynamically adjusts access privileges to the set of heterogeneous cloud-based services. The adjustment to the access privileges includes a revocation of access to the user to a particular service of the set of heterogeneous cloud-based services and/or dynamically granting of access to the user to the particular service of the set of heterogeneous cloud-based services.

Abstract: A method, system and/or an apparatus to detect discrepancy in infrastructure security configurations from translated security best practice configurations in heterogeneous environments is disclosed. A method of an infrastructure security server communicatively coupled with a set of heterogeneous infrastructures translates a set of security best practice configurations of the heterogeneous infrastructures and/or a set of common vulnerabilities and exposures (CVE) of the heterogeneous infrastructures to programmatic execution. The method monitors the infrastructure security configurations associated with the heterogeneous infrastructures using a processor and a memory. The method analyzes the infrastructure security configurations based on the translated security best practice configurations and/or the translated common vulnerabilities and exposures (CVE).

Abstract: A method, system and/or an apparatus to detect discrepancy in infrastructure security configurations from translated security best practice configurations in heterogeneous environments is disclosed. A method of an infrastructure security server communicatively coupled with a set of heterogeneous infrastructures translates a set of security best practice configurations of the heterogeneous infrastructures and/or a set of common vulnerabilities and exposures (CVE) of the heterogeneous infrastructures to programmatic execution. The method monitors the infrastructure security configurations associated with the heterogeneous infrastructures using a processor and a memory. The method analyzes the infrastructure security configurations based on the translated security best practice configurations and/or the translated common vulnerabilities and exposures (CVE).

Abstract: A method, a system and/or an apparatus of activity based access control in heterogeneous information technology infrastructure is disclosed. The infrastructure security server authenticates that a user is authorized to access a set of heterogeneous cloud-based services using at least one heterogeneous authorization system. The method monitors an activity of the user when accessing any of the set of heterogeneous cloud-based services over a period of time using a processor and a memory. The method dynamically adjusts access privileges to the set of heterogeneous cloud-based services. The adjustment to the access privileges includes a revocation of access to the user to a particular service of the set of heterogeneous cloud-based services and/or dynamically granting of access to the user to the particular service of the set of heterogeneous cloud-based services.

Abstract: Disclosed herein is a method of verifying that a reconstructed inventory of a virtualized computer system has been accurately reproduced from an original inventory of a virtualized computer system. A first snapshot and a second snapshot are received, where the first snapshot is a snapshot of the original inventory and the second snapshot is a snapshot of the reconstructed inventory. The first snapshot and the second snapshot are then analyzed to determine that hierarchical relationships, roles and permissions, configuration settings, and/or custom definitions of items in the original inventory match hierarchical relationships of corresponding items in the reconstructed inventory.

Abstract: A server system is configured to provide an e-mail based interface for executing management operations on a virtualized infrastructure which includes a plurality of virtual machines (VMs), underlying host computers, clusters, and/or data centers. Such an interface may be provided in a virtualized infrastructure to enable a system administrator to execute administrative operations remotely from a mobile device without requiring custom installation of an application on the mobile device or a secure connection to the server system. The server system receives e-mails at a pre-determined e-mail address, authenticates the sender of the e-mail, and extracts and executes commands from the e-mail. A number of techniques for validating the e-mail containing server commands may also be provided.

Abstract: A technique for remotely managing virtual machines employs a user interface (UI) of a rich e-mail client that is configured to interpret metadata included in a communication received from a management server for the virtual machines and, in response, generate one or more UI elements. The UI includes a first region that displays a message from the management server and a second region that displays the one or more UI elements for causing a command to be generated and sent to the management server in response to a predetermined input made thereon.

Abstract: A snapshot of an inventory of a virtualized computer system is produced and a user-editable code is generated therefrom, so that the inventory can be reconstructed entirely or partially. The snapshot includes identifying data for items in the virtualized computer system, and relationship data that indicate hierarchical and non-hierarchical relationships between the items. The items in the inventory of the virtualized computer system include virtual machines, servers on which the virtual machines are running, one or more data centers in which the servers reside, and logical containers such as folders for virtual machines, resource pools that each contain one or more virtual machines, and server clusters that each contain one or more servers.

Abstract: A technique for remotely managing virtual machines employs a user interface (UI) of a rich e-mail client that is configured to interpret metadata included in a communication received from a management server for the virtual machines and, in response, generate one or more UI elements. The UI includes a first region that displays a message from the management server and a second region that displays the one or more UI elements for causing a command to be generated and sent to the management server in response to a predetermined input made thereon.

Abstract: A server system is configured to provide an e-mail based interface for executing management operations on a virtualized infrastructure which includes a plurality of virtual machines (VMs), underlying host computers, clusters, and/or data centers. Such an interface may be provided in a virtualized infrastructure to enable a system administrator to execute administrative operations remotely from a mobile device without requiring custom installation of an application on the mobile device or a secure connection to the server system. The server system receives e-mails at a pre-determined e-mail address, authenticates the sender of the e-mail, and extracts and executes commands from the e-mail. A number of techniques for validating the e-mail containing server commands may also be provided.

Abstract: Disclosed herein is a method of verifying that a reconstructed inventory of a virtualized computer system has been accurately reproduced from an original inventory of a virtualized computer system. A first snapshot and a second snapshot are received, where the first snapshot is a snapshot of the original inventory and the second snapshot is a snapshot of the reconstructed inventory. The first snapshot and the second snapshot are then analyzed to determine that hierarchical relationships, roles and permissions, configuration settings, and/or custom definitions of items in the original inventory match hierarchical relationships of corresponding items in the reconstructed inventory.

Abstract: A snapshot of an inventory of a virtualized computer system is produced and a user-editable code is generated therefrom, so that the inventory can be reconstructed entirely or partially. The snapshot includes identifying data for items in the virtualized computer system, and relationship data that indicate hierarchical and non-hierarchical relationships between the items. The items in the inventory of the virtualized computer system include virtual machines, servers on which the virtual machines are running, one or more data centers in which the servers reside, and logical containers such as folders for virtual machines, resource pools that each contain one or more virtual machines, and server clusters that each contain one or more servers.