US Patent 11637864 Hardening of cloud security policies

A method and system for hardening cloud security policies of a cloud computing platform are presented. The method includes gathering cloud activity logs from at least the cloud computing platform, wherein the cloud computing platform includes a plurality of cloud entities; gathering a plurality of cloud security policies provisioned to protect the cloud entities; for each of the plurality of cloud security policies, generating a permission usage map, wherein the permission usage map represents the permissions granted to each cloud entity and the permissions used by each cloud entity; analyzing the permission usage map to discover at least one hardening gap, wherein each hardening gap is at least a difference between permissions granted and permissions used by a cloud entity; for each discovered hardening gap, computing a risk score designating a potential risk reduction achieved by addressing the hardening gap; generating at least one hardening recommendation for the at least one hardening gap and its respective computed risk score; and applying the at least one hardening recommendation to the respective cloud security policy, thereby hardening the cloud computing platform.