Abstract: Access to secured items in a computing system is requested instead of being persistent. Access requests may be granted on a just-in-time basis. Anomalous access requests are detected using machine learning models based on historic patterns. Models utilizing conditional probability or collaborative filtering also facilitate the creation of human-understandable explanations of threat assessments. Individual machine learning models are based on historic data of users, peers, cohorts, services, or resources. Models may be weighted, and then aggregated in a subsystem to produce an access request risk score. Scoring principles and conditions utilized in the scoring subsystem may include probabilities, distribution entropies, and data item counts. A feedback loop allows incremental refinement of the subsystem. Anomalous requests that would be automatically approved under a policy may instead face human review, and low threat requests that would have been delayed by human review may instead be approved automatically.

Abstract: Methods, systems, and computer storage media for providing access to computing environments are provided. Based on a resource-ownership policy manager (i.e., a self-service engine and a runtime policy evaluation engine) that provides resource-ownership policy operations executed to apply a resource owner's policies only on resource owned by the resource owner. In operation, at runtime, a first resource instance is identified and an entity is determined to be the resource owner of the first policy and first resource instance. The first policy is applied to the first resource instance because the entity owns both the first policy and the first resource instance. A second resource instance is identified and the entity is determined not to be the resource owner of the second resource instance. A second resource policy of the entity is not applied to the second resource instance because the entity is not the owner of the second resource instance.