Abstract: An identity and access management IAM system is augmented to provide for supervised, iterative machine learning (ML), preferably with a user-generated training set for classification. The training set may include various types of data, including characteristics or attributes of the account types, the users, or the like. A goal of the initial ML training, which may include one or multiple passes, is to enable the machine to identify specific characteristics or attributes that provide a good classification result, with the resulting classifications then applied within the IAM system. In particular, the output of the ML system may be used by the IAM system for enforcing rights associated with the identified accounts, managing accounts, and so forth.

Abstract: An identity and access management (IAM) system is associated with a set of data sources from which data is collected. A set of vulnerabilities that the IAM system should attempt to detect is identified. For each vulnerability to be detected, a prioritized list of strategies used to detect that vulnerability is generated. Preferably, each strategy specifies the type(s) of data required to detect that vulnerability. An algorithm to determine a best strategy to be used for detecting each vulnerability, preferably based on the data available from the data sources, is then identified. The IAM system then collects data in an optimized manner. In particular, during the collection process, the IAM system preferably collects only what is necessary based on the configuration, even if the data source is capable of providing additional data. The collected data is then processed to detect security vulnerabilities associated with the IAM accounts.

Abstract: An identity and access management (IAM) system is associated with a set of data sources from which data is collected. A set of vulnerabilities that the IAM system should attempt to detect is identified. For each vulnerability to be detected, a prioritized list of strategies used to detect that vulnerability is generated. Preferably, each strategy specifies the type(s) of data required to detect that vulnerability. An algorithm to determine a best strategy to be used for detecting each vulnerability, preferably based on the data available from the data sources, is then identified. The IAM system then collects data in an optimized manner. In particular, during the collection process, the IAM system preferably collects only what is necessary based on the configuration, even if the data source is capable of providing additional data. The collected data is then processed to detect security vulnerabilities associated with the IAM accounts.

Abstract: An identity and access management IAM system is augmented to provide for supervised, iterative machine learning (ML), preferably with a user-generated training set for classification. The training set may include various types of data, including characteristics or attributes of the account types, the users, or the like. A goal of the initial ML training, which may include one or multiple passes, is to enable the machine to identify specific characteristics or attributes that provide a good classification result, with the resulting classifications then applied within the IAM system. In particular, the output of the ML system may be used by the IAM system for enforcing rights associated with the identified accounts, managing accounts, and so forth.

Abstract: An identity and access management (IAM) system is associated with a set of data sources from which data is collected. A set of vulnerabilities that the IAM system should attempt to detect is identified. For each vulnerability to be detected, a prioritized list of strategies used to detect that vulnerability is generated. Preferably, each strategy specifies the type(s) of data required to detect that vulnerability. An algorithm to determine a best strategy to be used for detecting each vulnerability, preferably based on the data available from the data sources, is then identified. The IAM system then collects data in an optimized manner. In particular, during the collection process, the IAM system preferably collects only what is necessary based on the configuration, even if the data source is capable of providing additional data. The collected data is then processed to detect security vulnerabilities associated with the IAM accounts.

Abstract: A method for assessing security risks associated with a cloud application to which one or more connected applications are coupled begins by configuring a security risk assessment application to function as a connected application. The security risk assessment application collects “first” data associated with one or more accounts, and “second” data associated with the one or more connected applications coupled to the cloud application. After receiving the first and second data, the security risk assessment application instantiates that data into a generic “data object” that the system uses to represent each account and each of the connected applications. Each such data object thus is populated either with the first data or the second data, depending on whether the data object represents an account or a connected application. A risk assessment is then applied to the generic data object to assess a security risk associated with the cloud application.

Abstract: A method, system, and computer usable program product for automated document governance in a data processing environment are provided in the illustrative embodiments. A set of structured documents is received at an application executing in a computer in the data processing environment. A structure is recognized, parts of which structure are present in the documents in the set. A set of similarities in the documents in the set is summarized according to the recognized structure. A summarized information from the summarizing is presented such that a document governance action can be performed on a subset of the set of documents using the summarized information.

Abstract: Apparatus and accompanying methods for use preferably in a multi-system shared data (sysplex) environment (100), wherein each system (110) provides one or more servers (115), for dynamically and adaptively assigning and balancing new work and for new session requests, among the servers in the sysplex, in view of attendant user-defined business importance of these requests and available sysplex resource capacity so as to meet overall business goals. Specifically, systems and servers are categorized into two classes: eligible, i.e., goal-oriented servers running under a policy and for which capacity information is currently available, and candidate, i.e., servers which lack capacity information.