US 12,388,711 B2
Policy management across multiple cloud computing environments within a network
Jonathan Michael Bosanac, San Francisco, CA (US); Christopher Robert Geeringh, Berkeley, CA (US); Jason Eggleston, Newport Beach, CA (US); Lonhyn Jasinskyj, Palo Alto, CA (US); and John Sengenberger, Meridian, ID (US)
Assigned to Netskope, Inc., Santa Clara, CA (US)
Filed by Netskope, Inc., Santa Clara, CA (US)
Filed on Mar. 22, 2022, as Appl. No. 17/701,467.
Application 17/701,467 is a continuation of application No. 17/101,892, filed on Nov. 23, 2020, granted, now 11,316,741.
Prior Publication US 2022/0217050 A1, Jul. 7, 2022
This patent is subject to a terminal disclaimer.
Int. Cl. H04L 41/0866 (2022.01); H04L 41/0893 (2022.01); H04L 41/0894 (2022.01)
CPC H04L 41/0866 (2013.01) [H04L 41/0893 (2013.01); H04L 41/0894 (2022.05)] 20 Claims
OG exemplary drawing
 
1. A system for providing policy-controlled communication over the Internet between a plurality of different cloud computing environments, detecting violations of policies and responding to the violations, the system comprising:
a user interface that receives configuration settings to be applied to a plurality of first instances within a first cloud computing environment and a plurality of second instances within a second cloud computing environment, wherein:
the first cloud computing environment comprises one or more first processors and one or more first memories, and
the second cloud computing environment comprises one or more second processors and one or more memories;
a plurality of collectors that retrieve information from the first cloud computing environment and the second cloud computing environment, wherein the information comprises a plurality of functionalities of the first cloud computing environment and the second cloud computing environment;
a controller that determines policies for the plurality of first instances within the first cloud computing environment and the plurality of second instances within the second cloud computing environment as functions of the configuration settings and the information;
a configurator that applies the policies to the plurality of first instances within the first cloud computing environment and the plurality of second instances within the second cloud computing environment;
a first tester that inspects operations of the plurality of first instances within the first cloud computing environment and detects violations of the policies by the plurality of first instances within the first cloud computing environment, wherein the first tester inspects the operations based on a testing schedule which indicates a frequency of testing for the first instance for compliance after each specific policies was applied to the first instance and a table that stores a list of a number of times at which the first instance was tested for the compliance with the specific policies; and
an enforcer that responds to the detected violations by receiving a notification from the first tester that a first instance from the plurality of first instances violated a first policy, wherein the controller instructs the configurator to apply the first policy to the first instance again, shut down the first instance or cut off communications with the first instance.