CPC H04L 63/205 (2013.01) [H04L 63/10 (2013.01); H04L 63/102 (2013.01); H04L 63/107 (2013.01); H04L 63/20 (2013.01); H04L 67/10 (2013.01)] | 21 Claims |
1. A method comprising:
receiving, by a security zone policy enforcement system in a cloud service provider infrastructure, a request to perform an operation on a resource;
determining, by the security zone policy enforcement system, a compartment associated with the resource, the compartment associated with a set of one or more compartment policies;
determining, by the security zone policy enforcement system, that the operation on the resource is permitted based on the set of one or more compartment policies;
responsive to determining that the operation on the resource is permitted based on the set of one or more compartment policies, determining, by the security zone policy enforcement system, that the compartment is associated with a security zone, the security zone associated with one or more security zone policies;
determining, by the security zone policy enforcement system, whether the operation on the resource is permitted or not based on the set of one or more security zone policies; and
disallowing, by the security zone policy enforcement system, the operation to be performed on the resource upon determining that the operation on the resource is not permitted based on the set of one or more security zone policies.
|