Abstract: Tenant approval for operator access to tenant data is provided. In order to grant service personnel operators access to a tenant's data for performing a requested action, a lockbox determines a security group role to which an operator needs to be elevated to perform a requested action, computes a set of internal administrators and tenant administrators authorized to grant a temporary role elevation, and sends an access control request to the administrators. Upon receiving approval of the access control request from an internal administrator and a tenant administrator, the lockbox elevates the operator to the security group role, granting the operator a set of permissions needed in order to allow the operator to perform the requested action. Accordingly, tenants are enabled to control access to their data and scrutinize access requests per their company procedures and compliance needs.

Abstract: Techniques to contain lateral movement of attackers through just-in-time (JIT) provisioned accounts comprising an account management component to receive a request from a first account via a client device for a second account to access a server device in a set of server devices, an account authorization component to authorize the request for the second account based at least partially on account information associated with the first account, an account provisioning component to provision the second account to enable a client to access the server device, and an account notification component to provide account information associated with the second account to a client via the client device. Other embodiments are described and claimed.

Abstract: Techniques to track resource usage statistics per transaction across multiple layers of protocols and across multiple threads, processes and/or devices are disclosed. In one embodiment, for example, a technique may comprise assigning an activity context to a request at the beginning of a first stage, where the activity context has an initial set of properties. The values of the properties may be assigned to the properties in the initial set during the first stage. The value of a property may be stored on a data store local to the first stage. The activity context may be transferred to a second stage when the request begins the second stage. The transferred activity context may include a property from the initial set of properties. The stored values may be analyzed to determine a resource usage statistic. Other embodiments are described and claimed.

Abstract: Techniques to contain lateral movement of attackers through just-in-time (JIT) provisioned accounts comprising an account management component to receive a request from a first account via a client device for a second account to access a server device in a set of server devices, an account authorization component to authorize the request for the second account based at least partially on account information associated with the first account, an account provisioning component to provision the second account to enable a client to access the server device, and an account notification component to provide account information associated with the second account to a client via the client device. Other embodiments are described and claimed.

Abstract: Techniques to contain lateral movement of attackers through just-in-time (JIT) provisioned accounts comprising an account management component to receive a request from a first account via a client device for a second account to access a server device in a set of server devices, an account authorization component to authorize the request for the second account based at least partially on account information associated with the first account, an account provisioning component to provision the second account to enable a client to access the server device, and an account notification component to provide account information associated with the second account to a client via the client device. Other embodiments are described and claimed.

Abstract: A current request for a server to perform work for a user profile can be received and processed at the server. It can be determined whether server usage by the profile exhibits a sufficient trend toward a threshold value to warrant performing traffic shaping for the user profile. If so, then a delay time can be calculated based on, or as a function of, server resources used in processing the current request, and a response to the current request can be delayed by the delay time.

Abstract: Tenant approval for operator access to tenant data is provided. In order to grant service personnel operators access to a tenant's data for performing a requested action, a lockbox determines a security group role to which an operator needs to be elevated to perform a requested action, computes a set of internal administrators and tenant administrators authorized to grant a temporary role elevation, and sends an access control request to the administrators. Upon receiving approval of the access control request from an internal administrator and a tenant administrator, the lockbox elevates the operator to the security group role, granting the operator a set of permissions needed in order to allow the operator to perform the requested action. Accordingly, tenants are enabled to control access to their data and scrutinize access requests per their company procedures and compliance needs.

Abstract: Techniques to track resource usage statistics per transaction across multiple layers of protocols and across multiple threads, processes and/or devices are disclosed. In one embodiment, for example, a technique may comprise assigning an activity context to a request at the beginning of a first stage, where the activity context has an initial set of properties. The values of the properties may be assigned to the properties in the initial set during the first stage. The value of a property may be stored on a data store local to the first stage. The activity context may be transferred to a second stage when the request begins the second stage. The transferred activity context may include a property from the initial set of properties. The stored values may be analyzed to determine a resource usage statistic. Other embodiments are described and claimed.

Abstract: Tenant approval for operator access to tenant data is provided. In order to grant service personnel operators access to a tenant's data for performing a requested action, a lockbox determines a security group role to which an operator needs to be elevated to perform a requested action, computes a set of internal administrators and tenant administrators authorized to grant a temporary role elevation, and sends an access control request to the administrators. Upon receiving approval of the access control request from an internal administrator and a tenant administrator, the lockbox elevates the operator to the security group role, granting the operator a set of permissions needed in order to allow the operator to perform the requested action. Accordingly, tenants are enabled to control access to their data and scrutinize access requests per their company procedures and compliance needs.

Abstract: Techniques to track resource usage statistics per transaction across multiple layers of protocols and across multiple threads, processes and/or devices are disclosed. In one embodiment, for example, a technique may comprise assigning an activity context to a request at the beginning of a first stage, where the activity context has an initial set of properties. The values of the properties may be assigned to the properties in the initial set during the first stage. The value of a property may be stored on a data store local to the first stage. The activity context may be transferred to a second stage when the request begins the second stage. The transferred activity context may include a property from the initial set of properties. The stored values may be analyzed to determine a resource usage statistic. Other embodiments are described and claimed.

Abstract: Allocation of computing threads can include receiving a registration of a workload, the registration including a workload classification and a workload priority; monitoring statuses of a plurality of resources; identifying, by a computing device, a thread of a resource from the plurality of resources, the thread being programmed to execute a task associated with the workload; evaluating, by the computing device, the workload classification and the workload priority of the workload with workload classifications and workload priorities of other workloads requesting the thread; and allocating the thread to one of the workloads based on evaluation of the workload classification and the workload priority.

Abstract: Tenant approval for operator access to tenant data is provided. In order to grant service personnel operators access to a tenant's data for performing a requested action, a lockbox determines a security group role to which an operator needs to be elevated to perform a requested action, computes a set of internal administrators and tenant administrators authorized to grant a temporary role elevation, and sends an access control request to the administrators. Upon receiving approval of the access control request from an internal administrator and a tenant administrator, the lockbox elevates the operator to the security group role, granting the operator a set of permissions needed in order to allow the operator to perform the requested action. Accordingly, tenants are enabled to control access to their data and scrutinize access requests per their company procedures and compliance needs.

Abstract: Allocation of computing threads can include receiving a registration of a workload, the registration including a workload classification and a workload priority; monitoring statuses of a plurality of resources; identifying, by a computing device, a thread of a resource from the plurality of resources, the thread being programmed to execute a task associated with the workload; evaluating, by the computing device, the workload classification and the workload priority of the workload with workload classifications and workload priorities of other workloads requesting the thread; and allocating the thread to one of the workloads based on evaluation of the workload classification and the workload priority.

Abstract: A current request for a server to perform work for a user profile can be received and processed at the server. It can be determined whether server usage by the profile exhibits a sufficient trend toward a threshold value to warrant performing traffic shaping for the user profile. If so, then a delay time can be calculated based on, or as a function of, server resources used in processing the current request, and a response to the current request can be delayed by the delay time.

Abstract: A computer-implemented method for allocating threads includes: receiving a registration of a workload, the registration including a workload classification and a workload priority; monitoring statuses of a plurality of resources; identifying, by a computing device, a thread of a resource from the plurality of resources, the thread being programmed to execute a task associated with the workload; evaluating, by the computing device, the workload classification and the workload priority of the workload with workload classifications and workload priorities of other workloads requesting the thread; and allocating the thread to one of the workloads based on evaluation of the workload classification and the workload priority.

Abstract: A current request for a server to perform work for a user profile can be received and processed at the server. It can be determined whether server usage by the profile exhibits a sufficient trend toward a threshold value to warrant performing traffic shaping for the user profile. If so, then a delay time can be calculated based on, or as a function of, server resources used in processing the current request, and a response to the current request can be delayed by the delay time.

Abstract: Techniques to operate a service with machine generated authentication tokens comprising a authentication token management component to establish a secure connection with a client device based at least partially on client authentication information associated with a first account of the client, receive a request for account information of one or more accounts associated with the first account of the client, provide account information for a second account associated with the first account to the client via the client device, receive a request to generate an authentication token for the second account, validate the request to generate the authentication token based on the client authentication information associated with the client, and a token generation component to generate the authentication token for the second account. Other embodiments are described and claimed.

Abstract: Techniques to contain lateral movement of attackers through just-in-time (JIT) provisioned accounts comprising an account management component to receive a request from a first account via a client device for a second account to access a server device in a set of server devices, an account authorization component to authorize the request for the second account based at least partially on account information associated with the first account, an account provisioning component to provision the second account to enable a client to access the server device, and an account notification component to provide account information associated with the second account to a client via the client device. Other embodiments are described and claimed.

Abstract: The described implementations relate to processing of electronic data. One implementation is manifest as a system that can include logic and at least one processing device configured to execute the logic. The logic can be configured to receive a first task request to execute a first task that uses a resource when performed. The first task can have an associated first level of interactivity. The logic can also be configured to receive a second task request to execute a second task that also uses the resource when performed. The second task can have an associated second level of interactivity. The logic can also be configured to selectively throttle the first task and the second task based upon the first level of interactivity and the second level of interactivity.

Abstract: The described implementations relate to processing of electronic data. One implementation is manifest as a system that can include logic and at least one processing device configured to execute the logic. The logic can be configured to receive a first task request to execute a first task that uses a resource when performed. The first task can have an associated first level of interactivity. The logic can also be configured to receive a second task request to execute a second task that also uses the resource when performed. The second task can have an associated second level of interactivity. The logic can also be configured to selectively throttle the first task and the second task based upon the first level of interactivity and the second level of interactivity.