JP2025160084A - Information processing system, information processing method and program - Google Patents

Abstract

To provide an information processing system, a method and program that can set conditions on security of cloud services of an organization and confirm results of determining whether the cloud services are available or not.SOLUTION: In an information processing system, a server device, a plurality of client devices and a service providing apparatus can communicate with each other over a network. The server device includes a control unit which controls the service providing apparatus, in accordance with a request, to display a first screen for setting conditions on security of cloud services in an organization. The control unit determines whether the cloud services are available or not on the basis of the conditions set through the first screen and information on the security of the cloud service, receives a search request including a search condition on the cloud services from a client device, and controls the service providing apparatus to display a second screen. The second screen includes a list of the cloud services acquired based on the search condition.SELECTED DRAWING: Figure 4

Description

The present invention relates to an information processing system, an information processing method, and a program.

Patent Document 1 discloses a method for detecting the use of cloud services.

Japanese Patent Application Laid-Open No. 2021-77271

The method described in Patent Document 1 manages the use of cloud services based on user information, but there are cases where management based on information related to the security of the cloud services is required.

According to one aspect of the present disclosure, an information processing system is provided. The information processing system has at least one or more control units. The control unit controls the display of a first screen to an organization's administrator in response to a request. The first screen is configured to allow the setting of conditions related to the security of cloud services in the organization. The control unit determines whether the cloud service can be used based on the conditions set via the first screen and information related to the security of the cloud service. The control unit receives a search request from a device of a person under management in the organization. The search request includes search conditions related to the cloud service. The control unit controls the display of a second screen on the device of the person under management. The second screen includes a list of cloud services. The cloud services included in the list are cloud services obtained based on the search conditions. Each cloud service included in the list is associated with and assigned label information. The label information is information indicating the result of the determination of whether the cloud service can be used.

FIG. 1 is a diagram illustrating an example of a system configuration of an information processing system. FIG. 2 is a diagram illustrating an example of a hardware configuration of the server device. FIG. 3 is a diagram illustrating an example of a hardware configuration of a client device. FIG. 4 is a sequence diagram illustrating an example of information processing in the information processing system. FIG. 5 is a diagram showing an example of the condition setting screen. FIG. 6 is a diagram showing an example of the list screen. FIG. 7 is a diagram showing a part of a list of cloud services. FIG. 8 shows an example of a pop-up window for editing label information. FIG. 9 is a diagram showing an example of outputting OK condition information in a pop-up window for editing label information. FIG. 10 is a diagram showing an example of a screen including a service ledger of a predetermined cloud service. FIG. 11 is a diagram showing an example of a condition setting screen according to the third modification. FIG. 12 is a diagram showing an example of screen transitions in the fourth modification.

Embodiments of the present invention will be described below using the drawings. The various features shown in the embodiments below can be combined with each other. The same applies to the modified examples shown below.

In this embodiment, a "unit" can include, for example, hardware resources implemented by a circuit in the broad sense, and software information processing that can be specifically realized by these hardware resources. Furthermore, this embodiment handles a variety of information, which can be represented, for example, by physical signal values representing voltage or current, high or low signal values as a collection of binary bits consisting of 0 or 1, or quantum superposition (so-called quantum bits), and communication and calculations can be performed on a circuit in the broad sense.

In a broad sense, a circuit is a circuit realized by at least an appropriate combination of a circuit, circuitry, processor, memory, etc. In other words, it includes application-specific integrated circuits (ASICs), programmable logic devices (e.g., simple programmable logic devices (SPLDs), complex programmable logic devices (CPLDs), and field programmable gate arrays (FPGAs)), etc.

<Embodiment 1>
1. System Configuration Diagram FIG. 1 is a diagram illustrating an example of the system configuration of an information processing system 1000. As illustrated in FIG. 1, the information processing system 1000 includes, as a system configuration, a server device 100, a client device 110, a client device 120, and a service providing device 130 that provides cloud services. The server device 100, the client device 110, the client device 120, and the service providing device 130 are communicatively connected via a network 150. The network 150 may include either or both of a wide area network (WAN) and the Internet. The network 150 is configured to enable communication between devices included in the network 150 via wired and wireless connections.

Server device 100 is a server device that provides the functionality of a security evaluation platform. Server device 100 executes the main processing of embodiment 1, etc.

The client device 110 is a device/terminal used by the managed person of the organization, and may also be called the managed terminal. The managed person of the organization uses the client device 110 to apply for use of cloud services provided by the service providing device 130 and to use approved cloud services. Organizations include, for example, companies, individual businesses, local governments, schools, and other organizations. Managed people of an organization are users other than the administrator, such as employees of a company, who do not have specified security-related authority. Note that this specification uses a company as an example of an organization. Managed people of an organization may simply be called first users.

For simplicity of explanation, FIG. 1 shows only one client device 110 included in the information processing system 1000, but the information processing system 1000 may include multiple client devices 110. Also, while FIG. 1 illustrates the client device 110 as a PC (Personal Computer), the client device 110 is not limited to a PC. The client device 110 may also be a smartphone or a tablet terminal. The client device 110 may be any device that can display the screen described below and accept user selection operations, input operations, etc. The same applies to the client device 120 described below.

The client device 120 is a device/terminal used by the organization's administrator, and may be referred to as the administrator terminal. The organization's administrator sets the conditions of the organization's security policy on the server device 100 and registers security evaluation information for cloud services on the server device 100. The organization's administrator includes, for example, a person with specific authority regarding the organization's security, such as a security department official or the head of a specific department, and has the authority to set the conditions for whether or not cloud services can be used within the organization. The organization's administrator may also be simply referred to as the second user.

The service providing device 130 is a device that provides cloud services. The service providing device 130 may be composed of a single server device, or may be composed of multiple server devices. For simplicity of explanation, only one service providing device 130 is shown in FIG. 1, but the information processing system 1000 actually includes multiple service providing devices 130. Each of the multiple service providing devices 130 provides a different cloud service.

Here, the information processing system described in the claims may be composed of multiple devices, or may be composed of a single device. When the information processing system described in the claims is composed of a single device, an example of one device is server device 100. When it is composed of multiple devices, the multiple devices are, for example, multiple server devices that provide server device 100.

2. Hardware Configuration (1) Hardware Configuration of Server Apparatus 100 FIG. 2 is a diagram showing an example of the hardware configuration of the server apparatus 100.
2, the server device 100 includes, as its hardware configuration, a control unit 210, a storage unit 220, a communication unit 230, and a communication bus 240. The control unit 210, the storage unit 220, and the communication unit 230 are electrically connected within the server device 100 via the communication bus 240.

The control unit 210 is, for example, a central processing unit (CPU) or the like, and performs overall processing and control for the server device 100. The control unit 210 realizes various functions related to the server device 100 by reading out predetermined programs stored in the storage unit 220. In other words, information processing by software stored in the storage unit 220 is specifically realized by the control unit 210, which is an example of hardware, and can be executed as each functional unit included in the control unit 210. These will be described in further detail in the next section. Note that the control unit 210 is not limited to being single, and implementation may include multiple control units 210 for each function. A combination of these may also be used.

The storage unit 220 stores various information as defined above. This may be, for example, a storage device such as an HDD (Hard Disk Drive), a ROM (Read Only Memory), a RAM (Random Access Memory), or an SSD (Solid State Drive) that stores various programs related to the server device 100 executed by the control unit 210, or a memory that stores temporarily required information (arguments, arrays, etc.) related to program calculations, or any combination thereof, and stores programs, data used when the control unit 210 executes processing based on the programs, etc. The storage unit 220 is an example of a storage medium.
The program for realizing the software appearing in this embodiment may be provided as a non-transitory computer-readable recording medium, or may be provided so as to be downloadable from an external server, or may be provided so that the program is started on an external computer and its functions are realized on a client terminal (so-called cloud computing).

In the specification, data used by the control unit 210 when executing processing based on a program (e.g., security policy conditions for each organization, security assessment information for each cloud service, and a service ledger for each cloud service described below) is described as being stored in the storage unit 220, but the data may also be stored in the storage unit of another device that can communicate with the server device 100. In other words, the data may be stored in the storage unit of any device that can be referenced or acquired by the control unit 210. The control unit 210 executes processing based on the program stored in the storage unit 220, thereby realizing the functions of the server device 100 and the processing of the server device 100 in the sequence diagram shown in Figure 4 described below.

The communication unit 250 connects the server device 100 to the network 150 and manages communication with other devices. The communication unit 250 may be a wired communication means such as USB, IEEE 1394, Thunderbolt (registered trademark), wired LAN network communication, etc., or may also include wireless LAN network communication, mobile communication such as 3G/LTE/5G, BLUETOOTH (registered trademark) communication, etc. as necessary. In other words, it is more preferable to implement the communication unit 250 as a collection of multiple communication means. In other words, the server device 100 may communicate various information from the outside via the communication unit 250 and the network 150.
The number of each piece of hardware constituting the server device 100 is not limited to one, and may be multiple. The server device 100 may be in an on-premise form or a cloud form. As a cloud-based server device 10, the above-described functions and processes may be provided in the form of, for example, SaaS (Software as a Service) or cloud computing.

(2) Hardware Configuration of the Client Device 110 FIG. 3 is a diagram illustrating an example of the hardware configuration of the client device 110. As shown in FIG.
As shown in FIG. 3, the client device 110 includes, as its hardware configuration, a control unit 310, a storage unit 320, an input unit 330, an output unit 340, a communication unit 350, and a communication bus 360.

The control unit 310 is, for example, a central processing unit (CPU) or the like, and performs overall processing and control for the client device 110. The control unit 310 realizes various functions related to the client device 110 by reading out predetermined programs stored in the storage unit 320. In other words, information processing by software stored in the storage unit 320 is specifically realized by the control unit 310, which is an example of hardware, and can be executed as each functional unit included in the control unit 310. These will be described in further detail in the next section. Note that the control unit 310 is not limited to being single, and implementation may include multiple control units 310 for each function. A combination of these may also be used.

The storage unit 320 stores various information as defined above. This may be, for example, a storage device such as an HDD, ROM, RAM, or SSD that stores various programs related to the client device 110 executed by the control unit 310, or a memory that stores temporarily required information related to program calculations (arguments, arrays, etc.), or any combination thereof. It stores programs, data used by the control unit 310 when executing processing based on the programs, and the like. The storage unit 320 is an example of a storage medium. Although the specification describes the data used by the control unit 310 when executing processing based on the programs as being stored in the storage unit 320, the data may also be stored in a storage unit of another device that can communicate with the client device 110. In other words, the data may be stored in a storage unit of any device that can be accessed by the control unit 310. The control unit 310 executes processing based on the programs stored in the storage unit 320, thereby realizing the functions of the client device 110 and the processing of the client device 110 in the sequence diagram shown in Figure 4, described below.

The input unit 330 is a device that inputs information to the client device 110 in response to operations by an operator. The input unit 330 accepts operational inputs made by the user. The operational inputs are transferred as command signals to the control unit 310 via the communication bus 360. The control unit 310 can execute predetermined control or calculations based on the transferred command signals as necessary. The input unit 330 may be included in the housing of the client device 110 or may be attached externally. For example, the input unit 330 may be implemented as a touch panel integrated with the output unit 340. When the input unit 330 is implemented as a touch panel, the user can input tap operations, swipe operations, etc. to the input unit 330. Instead of a touch panel, switch buttons, a mouse, a trackpad, a QWERTY keyboard, etc. can be used as the input unit 330.

The output unit 340 is, for example, a display, and is a device that outputs information as a screen of a graphical user interface (GUI) that can be operated by the user. The output unit 340 may be included in the housing of the client device 110, or may be attached externally. Specifically, the output unit 340 may be implemented as a display device such as a CRT display, liquid crystal display, organic EL display, or plasma display. It is preferable that these display devices are used appropriately depending on the type of client device 110.

The communication unit 350 connects the client device 110 to the network 150 and manages communication with other devices.

The hardware configuration of client device 120 is the same as that of client device 110.

3. Information Processing The information processing of the first embodiment will now be described.

(1) Overview of Processing In response to a request, the control unit 210 controls the display of a usage policy setting screen for organization settings, such as that shown in FIG. 5 (described later), on the terminal of the organization's administrator. The usage policy setting screen is an example of a first screen. The usage policy setting screen is configured to allow the setting of security policy conditions for cloud services used by the organization. The security policy conditions for cloud services used by the organization are an example of conditions related to the security of cloud services in the organization. The control unit 210 determines whether a cloud service can be used based on the conditions set via the usage policy setting screen (also referred to as organizational security policy conditions) and information related to the security of the cloud service. The information related to the security of the cloud service includes security evaluation information for the cloud service, etc. Note that the information related to the security of the cloud service is information related to the security of each of multiple cloud services. The information related to the security of the cloud service is stored in the storage unit 220 or the like in association with identification information that identifies the cloud service.

Information about the security of cloud services also includes security evaluation information (hereinafter simply referred to as evaluation information) registered based on the responses of cloud service providers to security surveys conducted by organizations using cloud services or organizations that evaluate the security of cloud services (such as security research companies) for the providers of cloud services provided by the service providing device 130. Security evaluation information includes, for example, responses to a checklist containing multiple security-related questions, such as a security checklist completed by the cloud service provider. Security evaluation information includes information about basic items, information about the security measures of the cloud service itself, and information about security measures when specific functions are provided. Information about basic items includes the presence or absence of third-party authentication, handling of deposited data, and security incident history. Information about the security measures of the cloud service itself includes information about the organizational structure for ensuring information security, access control information, encryption information, security incident management information, etc. Information about security measures when specific functions are provided includes information about whether the cloud service has a file upload function, whether there are external services with which deposited data is shared, etc.

Information related to the security of cloud services also includes risk information generated by the control unit 210, which automatically collects publicly available cloud service configuration information based on the cloud service's domain information. Cloud service configuration information collected based on the cloud service's domain information includes information on related domains, related IP addresses, web access results, SSL certificate information, and other third-party sources. Risk information generated based on cloud service configuration information includes information on the status of cloud service security measures, whether there are public servers that could be the source of unauthorized access, whether there are domains that may be hijacked, and information on the status of measures against email spoofing.

Information regarding the security of cloud services may include information other than that described above. Details will be provided below.

The processing of the control unit 210 described above allows an organization's administrator to set security conditions for the organization's cloud services.

The control unit 210 receives a search request from a device of a managed person in the organization. The search request includes search conditions related to cloud services. The control unit 210 controls the device of the managed person to display a list screen. The list screen is an example of a second screen. The list screen includes a list of cloud services. The cloud services included in the list are cloud services obtained based on the search conditions. Each cloud service included in the list is associated with and assigned label information. The label information is information that indicates the result of a determination of whether the cloud service can be used.

With this configuration, you can check the availability of each cloud service on the cloud service search results list screen.

(2) Processing details (security policy settings)
4 is a sequence diagram showing an example of information processing in the information processing system 1000. The server device 100 identifies whether a user who logs in to the information processing system 1000 is a manager or a person under management of the organization by authenticating the user with the user ID and password.
In sequence SQ401, the control unit of the client device 120 transmits a request to the server device 100 to display a condition setting screen based on a predetermined operation on a predetermined screen by an administrator of the organization.

When a request to display the condition setting screen is received from the client device 120 to which the administrator is logged in, in sequence SQ402, the control unit 210 of the server device 100 retrieves the condition setting screen from the memory unit 220, etc. Note that, while the description here assumes that the condition setting screen is generated in advance and stored in the memory unit 220, the control unit 210 may also generate the screen when a display request is received.

In sequence SQ403, the control unit 210 transmits the condition setting screen to the requesting client device 120. The client device 120 receives the condition setting screen from the server device 100.
The processing of sequence SQ402 and sequence SQ403 is an example of a process for controlling the display of a condition setting screen on the terminal of the administrator of the organization in response to a request.

In sequence SQ404, the control unit of the client device 120 controls the output unit of the client device 120 to output the condition setting screen received from the server device 100.

In this embodiment, the server device 100 that receives the request generates a screen and transmits it to the client device that made the request. The following explanation assumes that the client device that received the screen displays the screen. However, the server device 100 may also obtain the data necessary to generate the screen and transmit it to the client device that made the request. The client device may then generate and display the screen based on the received data. In such cases, the process of obtaining the data necessary to generate the screen and transmitting it to the client device that made the request is an example of a process of controlling the display of a condition setting screen on the terminal of an organization's administrator in response to a request.

Figure 5 shows an example of the condition setting screen 500. When the organization setting tab 520 is selected and the availability policy tab 530 is selected on the organization setting screen, a display request for the condition setting screen 500 is sent from the client device 120 to the server device 100, and the condition setting area 510 is displayed. The screen including the condition setting area 510 is the condition setting screen 500.

As shown in FIG. 5, the condition setting screen 500 is configured to allow the setting of conditions related to the security of cloud services within an organization. Conditions related to the security of cloud services can also be referred to as security policies. A security policy is a guideline and/or code of conduct for information security measures implemented within an organization. Furthermore, conditions related to the security of cloud services may be conditions that determine whether or not members of an organization, such as employees of a company, can use the cloud service. Furthermore, as shown in FIG. 5, the condition setting screen 500 is configured to allow multiple conditions to be combined using either or both AND and OR conditions.

More specifically, the condition setting screen 500 is configured to allow selection of multiple target items (condition setting items) for setting conditions as conditions related to the security of the cloud service. In the example of FIG. 5, "Usage history,""Investigationhistory,""Investigationscore,""Web assessment score,""SOC2certification," and "Items 1-15" are selected as target items. The condition setting screen 500 is also configured to allow selection of how to determine the conditions for each of the multiple target items in the "Condition" column and the "Determination" column. The determination methods (determination results) include "OK to use,""NG to use," and "OK with conditions (hereinafter simply referred to as "conditional")," as will be described later.
That is, the condition setting screen 500 is configured so that the conditions "OK to use", "NG to use", and "OK with conditions" can be set.

When the organization administrator sets conditions on the condition setting screen 500 and selects the save button, the client device 110 sends the set conditions to the server device 100.

When conditions are received from the client device 110, in sequence SQ406, the control unit 210 stores the received conditions in a specified storage area of the storage unit 220. The control unit 210 stores the conditions in the storage unit 220 in association with company information including identification information that identifies companies that meet the conditions. The company information includes information such as the company's business type, industry, information on the services and/or products that the company provides, business model, number of years since establishment, number of employees, etc.

In sequence SQ407, the control unit 210 determines whether or not each of multiple cloud services can be used based on information about the security of the cloud services stored in the memory unit 220, etc., and the conditions stored in sequence SQ406. The determination results include "OK to use," "NG to use," "Conditional," "Undetermined," etc., as shown in Figure 7, which will be described later. OK to use indicates that the cloud service may be used. NG to use indicates that the cloud service may not be used. Conditional indicates that the cloud service may be used if certain conditions regarding the usage mode, etc. are met. Undetermined indicates that none of the set conditions are met. In other words, undetermined indicates that a determination has not been made based on the conditions as to whether or not the cloud service can be used.

If the information about the security of a cloud service meets the conditions set in the "Judgment" column of the condition setting screen 500 as conditions for judging it as "OK to use," the control unit 210 judges the cloud service as "OK to use." If the information about the security of a cloud service meets the conditions set in the "Judgment" column of the condition setting screen 500 as conditions for judging it as "NG to use," the control unit 210 judges the cloud service as "NG to use." If the information about the security of a cloud service meets the conditions set in the "Judgment" column of the condition setting screen 500 as conditions for judging it as "conditional," the control unit 210 judges the cloud service as "conditional (OK with conditions)." If it is not possible to judge the cloud service because there is insufficient information about the security of the cloud service, or if it does not meet any of the set conditions, the control unit 210 judges the cloud service as "unassessed."

The processing of sequence SQ407 is an example of processing in which the control unit 210 determines whether a cloud service can be used based on the conditions set via the condition setting screen and information related to the security of the cloud service.

The control unit 210 stores the result of the usability determination, as well as the reason for the usability determination (or the basis for the determination), in a specified storage area of the storage unit 220, in association with the identification information identifying the relevant organization and the identification information identifying the cloud service.

Here, details of information relating to the security of cloud services will be explained. In this embodiment, the information relating to the security of cloud services includes information about the cloud service itself, information about the usage record of the cloud service, information about security evaluation, and information about the detection of services used by employees (managed persons) of the organization. This information is used to set conditions for determining whether or not a cloud service can be used. For example, the information relating to the security of cloud services includes the following information. Note that the information in parentheses is an example of information to be entered or selected in the "Condition" field (a field for entering or selecting under what circumstances the set condition setting item will be judged as "OK to use,""NG to use," or "OK with conditions") when that information is selected as a condition setting item.
・Whether various certifications (ISO27001, SOC2, etc.) have been obtained ・Date of certification acquisition ・Data center location ・IaaS (Infrastructure as a Service) provider ・Governing law (Japanese law, etc.)
Supported languages Information related to cloud service usage records includes the following information: The usage records are records of how each cloud service is used and how it is managed, and are stored in a specified storage area of the storage unit 220 in association with identification information that identifies the cloud service.
・Usage history (X or more items)
・Purpose of use ・Number of users (more than X people)
・Number of accounts used (X accounts or more)
・Department using the system ・Whether or not personal information is handled ・Type of information assets handled (personal information, My Number, confidential information, other important information, etc.)
- The degree of impact when the service is stopped (large (service stoppage causes business to stop), medium (service stoppage causes business to be delayed), small (impact is minor), etc.)
- Other information recorded in usage records Information regarding security evaluation includes the following information.
・Investigation history (X or more cases)
・Survey result score (score N or above, top 1% or above, etc.)
・Web evaluation score (score N or above, top 1% or above, etc.)
・Date of completion of final investigation ・Implementation status of specific measures (storage of access logs, regular vulnerability assessments, etc.)
Information regarding the detection of services used by employees (managed persons) of an organization includes the following information:
- User operations (number of specific operations such as logins and downloads)
・Service features/functionality (file upload available, SSO not supported, etc.)
・Service category (IaaS, accounting system, human resources system, etc.)
・Number of visits in the past 30 days (X or more)
・Number of visitors in the past 30 days (X or more)
-Last access date and time

Here, the importance of information assets handled (deposited) by the cloud service may be determined and evaluated in terms of confidentiality, integrity, and availability, and may be stored as information related to the security of the cloud service.
Confidentiality is an indicator of whether information is accessible only to designated users who are authorized to access it, and is determined and evaluated from the perspective of whether the information is required by law to be managed securely (personal information, specific personal information, etc.), whether it is subject to confidentiality obligations (information provided in confidence by a business partner, etc.), or whether it should be managed as an internal trade secret (a company's proprietary technology or know-how, etc.).
Integrity is an indicator of whether the information and the way it is processed are required to be accurate and complete, and is judged and evaluated from the perspective of whether tampering would have a serious impact on the company, business partners, etc.
Availability is an indicator of whether information can be accessed by designated users who have been granted access when necessary, and is judged and evaluated from the perspective of whether its unavailability would have a serious impact on the company, business partners, etc.
Using these perspectives, the importance of handled information assets may be evaluated and determined, stored, and used to set conditions for determining whether or not to allow cloud services to be used. For example, a condition may be set such as, "Use is OK as long as information whose security management is required by law is not handled." Furthermore, using these perspectives, the importance of information may be scored and used to set conditions for determining whether or not to allow cloud services to be used. For example, the higher the confidentiality, the higher the score, the higher the required integrity, and the higher the required availability, the higher the score. A condition may be set such that, "Use is OK if the score of the importance of handled information is below a predetermined value."

In addition to information related to the security of cloud services, the storage unit 220 of the server device 100 also stores information about the cloud services, such as the name of the cloud service, the name of the company providing the cloud service, and the category of the cloud service (service category), in association with the information related to the security of the cloud service.

In sequence SQ408, the control unit 210 stores the results of the determination as the results of availability for the organization in a predetermined storage area such as the storage unit 220. More specifically, the control unit 210 associates the results of availability for each of the multiple cloud services with information about each cloud service and stores them in a predetermined storage area such as the storage unit 220.

(Search for cloud services)
In sequence SQ409, the control unit 310 of the client device 110 sends a request to the server device 100 to display a cloud service list screen based on a predetermined operation on a predetermined screen by the person being managed. The request to display the cloud service list screen includes search conditions for cloud services, as described below. The request to display the cloud service list screen is an example of a search condition for cloud services.

When a request to display a cloud service list screen is received from the client device 110 to which the managed user is logged in, in sequence SQ410, the control unit 210 of the server device 100 searches the cloud service information for relevant cloud services based on the search conditions included in the display request and obtains the search results.

In sequence SQ411, the control unit 210 generates a list screen containing a list of relevant cloud service information, etc. as search results. The list screen is an example of a second screen.

In sequence SQ412, the control unit 210 sends the list screen to the requesting client device 110. The client device 110 receives the list screen from the server device 100.

The processing of sequence SQ411 and sequence SQ412 is an example of a process that controls the display of a list screen on the terminal of a managed person in an organization upon request.

In sequence SQ413, the control unit 310 of the client device 110 controls the output unit 340 of the client device 110 to output the list screen received from the server device 100.

Figure 6 is a diagram showing an example of a list screen 600. When the service search tab 620 is selected and search criteria (e.g., free words, service categories, etc.) are selected in the display area 610, a request to display a cloud service list screen is sent from the client device 110 to the server device 100, and a list of cloud services is displayed in the display area 610. Examples of free words include the name of the company providing the cloud service and the name of the cloud service. The list screen 600 is a screen containing a list of cloud services. The list screen 600 displays a list of summary information for each cloud service that matches the search criteria. The summary information includes information such as the service name, cloud service provider (vendor, etc.), and service type. In other words, the list screen 600 contains a list of cloud services.

On the list screen 600, when security evaluation information related to cloud services is stored in association with the cloud services and cloud service providers, an icon 640 labeled "Disclose investigation results" and an estimated delivery date 650 are displayed, as shown in association with cloud services A to C and cloud service E. For example, for cloud service A, an estimated delivery date 650 of approximately one week is displayed, and for cloud service B, an estimated delivery date 650 of approximately two weeks is displayed. When the person under management selects (e.g., clicks) the icon 640 labeled "Disclose investigation results," a request is sent to the server device 100 to transmit the security evaluation information of the cloud services stored in the storage unit 220 or the like to the client device 110 or the client device 120.
An icon is a small picture or symbol image displayed on the screen that represents a process or function that is performed when selected, and is designed to be intuitively operable by the user.

On the other hand, if no past security evaluations for the cloud service are stored, an icon 660 reading "Request a new investigation" will be displayed, as shown for cloud service D. In such cases, information such as "No investigation history" may be displayed along with the icon, indicating that no security evaluations have been conducted in the past.

Figure 7 shows an enlarged view of area 630, which is part of the list of cloud services. Figure 7 shows part of the list of cloud services. Each cloud service included in the list of cloud services is associated with label information. The label information indicates the result of a determination as to whether the cloud service is available.

The types of label information include at least information indicating that the cloud service may be used (in the example of Figure 7, label information 710, "Use OK") and information indicating that the cloud service may not be used (in the example of Figure 7, label information 740, "Use Not Allowed").

The type of label information further includes information indicating that the cloud service may be used under certain conditions (in the example of Figure 7, label information 720 is "conditional").

The types of label information also include information indicating that it is impossible to assess whether the cloud service can be used (in the example of Figure 7, label information 730 is "Undeterminable").

In this way, different types of label information (labels with different wording) may be attached to the cloud service list screen. In other words, the label information that can be attached to the cloud service list screen may be selected from multiple types depending on the availability determination result.

A person under management who wishes to use a cloud service can check whether the desired cloud service is available in their organization by referring to the label information for each cloud service included in the list screen shown in Figure 7.

The processing of embodiment 1 allows an organization's administrator to set security conditions for the organization's cloud services. Furthermore, the processing of embodiment 1 makes it possible to display cloud services that are available to the organization, cloud services that are unavailable, or cloud services that are available under certain conditions, based on the set conditions. Furthermore, the processing of embodiment 1 makes it possible to display a security-related label indicating whether or not each cloud service is available.

<Modification 1>
The following describes Modification 1 of Embodiment 1. Modification 1 is included in Embodiment 1, but is not a different embodiment from Embodiment 1. Configurations and processes not described in Modification 1 are the same as those in Embodiment 1.

In the above explanation, the cloud service list screen is described as being displayed on the output unit 340 of the managed client device 110. However, the cloud service list screen can also be displayed on the output unit of the administrator's client device 120. More specifically, when the control unit 210 of variant 1 receives a request to display the cloud service list screen from the administrator's client device 120, it generates a cloud service list screen configured to allow editing of label information associated with the cloud services, and sends it to the administrator's client device 120.

When the control unit 210 receives an operation to select label information from the client device 120 (for example, when it receives an operation to select label information 730 in FIG. 7), it causes the client device 120 to display a pop-up window 800 for editing the label information (label information "Conditional" in FIG. 7). This process is an example of control processing by the control unit 210 to display a list screen on the administrator's terminal in response to a request.

Figure 8 shows an example of a pop-up window 800 for editing label information. The administrator can edit label information individually via the pop-up window 800. More specifically, the administrator can individually input and edit whether or not a cloud service can be used and the reason for that decision via the pop-up window 800 that appears when the administrator selects, by clicking or otherwise, label information displayed in association with a cloud service. In other words, the list screen displayed to the administrator is configured to allow editing of label information for cloud services.

If the availability is "conditionally OK," the control unit 210 may allow users to input and edit the "OK" conditions (additional conditions for availability) via a pop-up window for editing label information. The additional conditions input here supplement the security-related conditions for the cloud service set on the condition setting screen 500. FIG. 9 illustrates an example of inputting and editing "OK" condition information 910 in the pop-up window 900 for editing label information. In the example of FIG. 9, the "OK" condition information 910 includes "no personal information,""usage by fewer than 10 people," and "spot use for less than six months." If all the "OK" conditions are met, the associated cloud service is available for use. Thus, "conditionally OK" is used when the cloud service availability determination varies depending on the usage pattern within the organization. Usage patterns include, for example, the type of information handled (whether it contains important information such as personal information or confidential information), the number of users, the usage period, and the department using the service. These availability conditions may be referred to as additional or supplementary conditions.
That is, if the label information is "conditionally OK," the pop-up window 900 is configured to allow input of additional conditions for determining whether the cloud service is permitted to be used.

The control unit 210 stores the edited label information and condition information in a specified storage area of the storage unit 220, in association with the identification information identifying the relevant organization and the identification information identifying the cloud service. The control unit 210 also stores the edited result of the usability determination, as well as the reason for the usability determination (or the basis for the determination), in association with the identification information identifying the relevant organization and the identification information identifying the cloud service, in a specified storage area of the storage unit 220. For example, if a cloud service that was determined to be "not usable" based on the security conditions for the cloud service set on the condition setting screen is edited to be "usable," the control unit 210 stores a phrase such as "individually determined" as the reason for the determination (or the basis for the determination).

On the other hand, the label information displayed on the output unit 340 of the managed client device 110 is controlled so that it cannot be edited by the managed user. In other words, the control unit 210 controls whether the label information can be edited depending on the attributes and authority of the user using the client device or terminal that displays the label information. This makes it possible to restrict the editing of label information for users who are not desired to edit label information, such as users who do not have the required security authority within the organization.

According to Variation 1, the administrator can input and edit label information for each cloud service individually, based on the results of individual investigations and reviews of the cloud service. Furthermore, if the label information is "conditionally OK," the administrator can input and edit additional information, such as information about the usage patterns and other conditions that must be met for use to be permitted. This not only allows the administrator to set conditions for determining whether cloud services can be used in bulk, but also allows the administrator to set the results of the usage eligibility determination and additional conditions based on individual circumstances and review results.

<Modification 2>
The following describes Modification 2 of Embodiment 1. Modification 2 is included in Embodiment 1, and is not a different embodiment from Embodiment 1. Configurations and processes not described in Modification 2 are the same as those in Embodiment 1.

Figure 10 is a diagram showing an example of a screen 1010 including a service ledger for a specific cloud service. For example, when an organization's administrator or the person being managed selects a specific cloud service on the screen displayed on the client device 110 and performs an operation to select the service ledger, the control unit 210 of variant 2 generates screen 1010, transmits it to the client device 110, and controls it to be displayed on the output unit 340. Here, the service ledger is registered information on cloud services currently in use or under consideration for use within the organization, and is a digital ledger that centrally manages individual information (such as the user department and usage purpose) and evaluation information for each cloud service. Cloud services may be registered in the service ledger by the administrator.

As shown in FIG. 10, screen 1010 includes label information indicating whether the cloud service is available ("OK to use"), as well as information 1030 on the reason for the usability determination. In the example of FIG. 10, the reason for the determination of a cloud service named Human Resources Cloud Service A is listed as "Because the survey score is 70 points or more (determined based on the usability policy)." The reason for the determination may be displayed together with the label information indicating usability, or may be displayed in a manner that distinguishes it from the label information. For example, the control unit 210 may display the reason for the determination by changing the shape, color, size, etc. of the label or text from the label information indicating usability. The reason for the usability determination may be, for example, "Determined based on the usability policy" if the cloud service meets the security conditions for the organization set on the condition setting screen, or "Determined based on individual editing" if the label information is individually edited by an administrator via a pop-up window and deemed usable. Furthermore, the reason for the determination of whether or not use is possible may not only be displayed on screen 1010 including the service ledger, but may also be displayed together with label information indicating whether or not use is possible on a cloud service list screen 600 viewed by the administrator or the person under management, as shown in FIG. 6. Furthermore, when the user hovers the cursor over the label information on the cloud service list screen 600 or performs an operation such as pressing it, the reason for the determination of whether or not use is possible may be displayed in the form of a pop-up or the like.

The above-described process is an example of a process in which the control unit 210 outputs the reason for determining whether or not a cloud service is available in response to a request.

Variant 2 allows users to know not only the result of the cloud service availability determination, but also the reason for the determination.

<Modification 3>
The following describes Modification 3 of Embodiment 1. Modification 3 is included in Embodiment 1, and is not a different embodiment from Embodiment 1. Configurations and processes not described in Modification 3 are the same as those in Embodiment 1.

Figure 11 is a diagram showing an example of a condition setting screen 500 of Variation 3. In Variation 3, the control unit 210 controls the condition setting screen 500 to output information on the average setting values of the organization and organizations in the same industry as the organization as reference information. More specifically, the control unit 210 acquires the conditions of the organization and organizations in the same industry on the condition setting screen 500 from the storage unit 220, etc. Here, organizations in the same industry include organizations in the same industry, organizations that provide similar products or services, and organizations with the same business model. Organizations in the same industry may be, for example, companies that compete in business. Note that the control unit 210 may acquire setting values of organizations in the same industry that have been in business for a similar number of years as the organization, or setting values of organizations in the same industry that have a similar number of employees, and calculate the average value.

In the example of Figure 11, the condition setting screen 500 contains reference information 1110 indicating that the condition regarding the survey score is an average of 75 points or more in the same industry, and reference information 1120 indicating that the condition regarding the web evaluation score is an average of 80 points or more in the same industry. Note that the conditions for other organizations displayed alongside the set conditions on the condition setting screen are not limited to conditions for organizations in the same industry, etc., as long as they are conditions related to conditions other than the company's own organization. For example, conditions for the industry, business type, or organization (company, etc.) previously set by the administrator may be retrieved from the memory unit 220, etc., and displayed.

As shown in Figure 11, the condition setting screen includes conditions for organizations other than the relevant organization as reference information.

Note that, for simplicity of explanation, Figure 11 shows that the control unit 210 outputs reference information for the conditions of some of the multiple items. However, the control unit 210 may be configured to output reference information for the conditions of all of the items.

The control unit 210 may output the average value for the entire organization (or all companies) as reference information, instead of the average value for the same industry.
The control unit 210 may output other values, such as the most frequent value, instead of the average value as reference information.

Variant 3 allows you to refer to the conditions of other organizations when setting conditions.

As another example, if the input conditions differ from the average values, etc. of the conditions of other organizations other than the relevant organization, the control unit 210 may output the average values, etc. of the conditions of the other organizations as reference information on the condition setting screen. With this configuration, if the input conditions differ from the average values, etc. of the conditions of the other organizations, the average values, etc. of the conditions of the other organizations are output, and this value can be used as a reference.

<Modification 4>
The following describes Modification 4 of Embodiment 1. Modification 4 is included in Embodiment 1, and is not a different embodiment from Embodiment 1. Configurations and processes not described in Modification 4 are the same as those in Embodiment 1.

FIG. 12 is a diagram showing an example of screen transitions in the fourth modification.
When conditions are set on the condition setting screen 500 and the Save button is selected, the control unit 210 of Variation 4 searches for cloud services that satisfy the conditions set on the condition setting screen 500. If cloud services that satisfy the conditions are found, the control unit 210 generates a confirmation screen 1200 that includes information on at least the cloud services that satisfy the conditions and the number of cloud services that satisfy the conditions, and controls the control unit 210 to output the confirmation screen 1200 to the output unit of the client device 120. Here, cloud services that satisfy the conditions are cloud services whose label information is "OK to use," as described above. This process is an example of a process in which the control unit 210 outputs information including the number of cloud services whose security information satisfies the conditions set via the condition setting screen. Alternatively, the control unit 210 may search for cloud services that satisfy the set conditions after the conditions are entered and set on the condition setting screen 500 (without selecting the Save button). In this case, if a cloud service that satisfies the conditions is found as a result of the search, the control unit 210 may control the condition setting screen 500 to display information regarding the number of cloud services that satisfy the conditions. This allows the user to check the number of cloud services that satisfy the entered conditions without transitioning to a separate confirmation screen, thereby enabling efficient review of the conditions.

When the register button 1210 included in the confirmation screen 1200 is selected, the control unit 210 registers the conditions set on the condition setting screen 500 by storing them in a specified storage area such as the storage unit 220. On the other hand, when the edit button 1220 included in the confirmation screen 1200 is selected, the control unit 210 transitions the screen display to the condition setting screen 500 and prompts the user to edit the conditions.

According to variant 4, the number of cloud services that meet the conditions that the administrator is trying to set can be displayed. For example, if the conditions are too strict and there are zero or one cloud services that meet the conditions, the administrator can review the conditions by looking at this number.

<Others>
In the above embodiment, cloud services have been used as an example, but this is not limited to this and the present invention can also be widely applied to determining whether or not services, applications, software, etc. that are provided in other formats such as download or installation are available.

In the above embodiment, the server device 100 performed various storage and control functions, but multiple external devices may be used instead of the server device 100. In other words, various information and programs may be distributed and stored across multiple external devices using blockchain technology, etc.

This embodiment is not limited to the information processing system 1000, and may also be an information processing method or a program. The information processing method includes each step executed by the information processing system 1000. The program causes a computer to execute each step of the information processing system 1000.

<Additional Notes>
(Appendix 1)
An information processing system,
having at least one or more control units,
The control unit
Controlling the display of the first screen on the terminal of the administrator of the organization in response to a request;
the first screen is configured to allow the organization to set conditions related to security of cloud services;
determining whether or not the cloud service is available based on the conditions set via the first screen and information related to the security of the cloud service;
receiving a search request from a terminal of a person under management in the organization;
the search request includes search conditions related to the cloud service;
Controlling the terminal of the person to be managed to display a second screen;
the second screen includes a list of cloud services;
the cloud services included in the list are cloud services acquired based on the search criteria;
Each cloud service included in the list is assigned label information, and
The label information is information indicating a result of a determination as to whether the cloud service is available.
Information processing system.

(Appendix 2)
10. The information processing system according to claim 1,
The types of the label information include at least information indicating that the cloud service is permitted to be used and information indicating that the cloud service is not permitted to be used.
Information processing system.

(Appendix 3)
3. The information processing system according to claim 2,
The type of the label information further includes information indicating that the cloud service may be used under certain conditions.
Information processing system.

(Appendix 4)
3. The information processing system according to claim 2,
The type of the label information further includes information indicating that it has not yet been determined whether or not the cloud service is permitted to be used.
Information processing system.

(Appendix 5)
10. The information processing system according to claim 1,
The control unit
Controlling the manager's terminal to display the second screen in response to a request;
the second screen displayed on the terminal of the administrator is configured to allow editing of the label information of the cloud service;
The label information is updated according to the editing result.
Information processing system.

(Appendix 6)
6. The information processing system according to claim 5,
When the label information before editing is information indicating that the cloud service may be used under certain conditions, the second screen is configured to allow input of predetermined conditions,
The predetermined condition is an additional condition for determining whether the cloud service is permitted to be used.
Information processing system.

(Appendix 7)
10. The information processing system according to claim 1,
The control unit
outputting a reason for determining whether or not the cloud service is available in association with the label information;
Information processing system.

(Appendix 8)
10. The information processing system according to claim 1, wherein:
The first screen includes the conditions of organizations other than the organization as reference information.
Information processing system.

(Appendix 9)
10. The information processing system according to claim 1,
The first screen is configured so that the plurality of conditions can be combined using either or both of an AND condition and an OR condition.
Information processing system.

(Appendix 10)
10. The information processing system according to any one of claims 1 to 9,
The control unit
Searching for cloud services based on the conditions set via the first screen regarding security, and acquiring and outputting information including the number of cloud services that satisfy the conditions.
Information processing system.

(Appendix 11)
An information processing method executed by an information processing system,
Controlling the display of the first screen on the terminal of the administrator of the organization in response to a request;
the first screen is configured to allow the organization to set conditions related to security of cloud services;
determining whether or not the cloud service can be used based on the conditions set via the first screen and information related to the security of the cloud service;
receiving a search request from a terminal of a person under management in the organization;
the search request includes search conditions related to the cloud service;
Controlling the terminal of the person to be managed to display a second screen;
the second screen includes a list of cloud services;
the cloud services included in the list are cloud services acquired based on the search criteria;
Each cloud service included in the list is assigned label information, and
The label information is information indicating a result of a determination as to whether the cloud service is available.
Information processing methods.

(Appendix 12)
A program,
Computer,
A program for causing the information processing system according to any one of claims 1 to 10 to function as such.

Finally, while various embodiments of the present invention have been described, these are presented as examples and are not intended to limit the scope of the invention. Novel embodiments may be embodied in a variety of other forms, and various omissions, substitutions, and modifications may be made without departing from the spirit of the invention. Such embodiments and their modifications are within the scope and spirit of the invention, and are also within the scope of the inventions and their equivalents as set forth in the claims.

Any of the variations may be implemented in combination with each other.

100 Server device 110 Client device 120 Client device 130 Service providing device 150 Network 210 Control unit 220 Storage unit 230 Communication unit

Claims (12)

An information processing system,
having at least one or more control units,
The control unit
Controlling the display of the first screen on the terminal of the administrator of the organization in response to a request;
the first screen is configured to allow the organization to set conditions related to security of cloud services;
determining whether or not the cloud service is available based on the conditions set via the first screen and information related to the security of the cloud service;
receiving a search request from a terminal of a person under management in the organization;
the search request includes search conditions related to the cloud service;
Controlling the terminal of the person to be managed to display a second screen;
the second screen includes a list of cloud services;
the cloud services included in the list are cloud services acquired based on the search criteria;
Each cloud service included in the list is assigned label information, and
The label information is information indicating a result of a determination as to whether the cloud service is available.
Information processing system. 2. The information processing system according to claim 1,
The types of the label information include at least information indicating that the cloud service is permitted to be used and information indicating that the cloud service is not permitted to be used.
Information processing system. 3. The information processing system according to claim 2,
The type of the label information further includes information indicating that the cloud service may be used under certain conditions.
Information processing system. 3. The information processing system according to claim 2,
The type of the label information further includes information indicating that it has not yet been determined whether or not the cloud service is permitted to be used.
Information processing system. 2. The information processing system according to claim 1,
The control unit
Controlling the manager's terminal to display the second screen in response to a request;
the second screen displayed on the terminal of the administrator is configured to allow editing of the label information of the cloud service;
The label information is updated according to the editing result.
Information processing system. 6. The information processing system according to claim 5,
When the label information before editing is information indicating that the cloud service may be used under certain conditions, the second screen is configured to allow input of predetermined conditions,
The predetermined condition is an additional condition for determining whether the cloud service is permitted to be used.
Information processing system. 2. The information processing system according to claim 1,
The control unit
outputting a reason for determining whether or not the cloud service is available in association with the label information;
Information processing system. 2. The information processing system according to claim 1,
The first screen includes the conditions of organizations other than the organization as reference information.
Information processing system. 2. The information processing system according to claim 1,
The first screen is configured so that the plurality of conditions can be combined using either or both of an AND condition and an OR condition.
Information processing system. 2. The information processing system according to claim 1,
The control unit
Searching for cloud services based on the conditions set via the first screen regarding security, and acquiring and outputting information including the number of cloud services that satisfy the conditions.
Information processing system. An information processing method executed by an information processing system,
Controlling the display of the first screen on the terminal of the administrator of the organization in response to a request;
the first screen is configured to allow the organization to set conditions related to security of cloud services;
determining whether or not the cloud service can be used based on the conditions set via the first screen and information related to the security of the cloud service;
receiving a search request from a terminal of a person under management in the organization;
the search request includes search conditions related to the cloud service;
Controlling the terminal of the person to be managed to display a second screen;
the second screen includes a list of cloud services;
the cloud services included in the list are cloud services acquired based on the search criteria;
Each cloud service included in the list is assigned label information, and
The label information is information indicating a result of a determination as to whether the cloud service is available.
Information processing methods. A program,
Computer,
A program for causing the information processing system according to any one of claims 1 to 10 to function.