Generating zero-trust policy for application access using machine learning

What is claimed is: 1. A non-transitory computer-readable storage medium having computer readable code stored thereon for programming at least one processor to perform steps of: obtaining log data for a plurality of users of an enterprise where the log data relates to usage of a plurality of applications by the plurality of users; determining and defining, based on the obtained log data, i) one or more app-segments, each of the one or more app-segments comprising groupings of applications of the plurality of applications and ii) user-groups that are groupings of users of the plurality of users; and providing access policy of the plurality of applications based on the defined user-groups and the one or more defined app-segments; wherein the log data is transformed to feature vectors, and wherein the determining includes clustering with the feature vectors adapted to form any of an access matrix, app-segments, and user-groups, the clustering is based on a compressed feature vector, wherein the compressed feature vector defines a user app usage access pattern in a numerical format and is one of k-means clustering, DBScan, and Hierarchical DBScan. 2. The non-transitory computer-readable storage medium of claim 1 , wherein the steps further include monitoring the access policy over time based on ongoing log data generated for every transaction, manual verification of the access policy, and incidents where users are prevented from accessing any application; and adjusting the access policy based on the monitoring. 3. The non-transitory computer-readable storage medium of claim 1 , wherein the steps further include allowing usage of the plurality of applications by the plurality of users via wildcard rules based on non-individual criteria allowing a large subset of users to coarse-grain access the plurality of applications during the obtaining; and responsive to the providing, enforcing the access policy of the plurality of applications in place of the wildcard rules which override the wildcard rules. 4. The non-transitory computer-readable storage medium of claim 3 , wherein the access policy of the plurality of applications has tightened access control and less access than via the wildcard rules. 5. The non-transitory computer-readable storage medium of claim 1 , wherein the log data is obtained over a period of time and the determining and providing is performed over the period of time until the access policy meets a quality threshold. 6. The non-transitory computer-readable storage medium of claim 1 , wherein the enterprise is an existing customer of a cloud service and the access policy is for one of existing applications and new applications, and wherein the determining is based on a similarity metric with existing user-groups. 7. The non-transitory computer-readable storage medium of claim 1 , wherein the enterprise is a new customer of a cloud service, and wherein the determining is based on clustering to determine the user-groups and the app-segments. 8. The non-transitory computer-readable storage medium of claim 7 , wherein user-groups are fixed to determine the app-segments, and wherein each of the plurality of applications is characterized by the user-groups who access it and a corresponding frequency. 9. The non-transitory computer-readable storage medium of claim 1 , wherein the access policy includes which user-group can access which app-segments on which ports, wherein the app-segments define a sub-grouping of applications of the plurality of applications and wherein the user groups define one or more elements of usage. 10. The non-transitory computer-readable storage medium of claim 1 , wherein the determining is via a machine learning model configured to observe application access, tighten an access control, and make policy recommendations, wherein the machine learning model uses features including any of port and protocol usage pattern; a computer process that initiated a connection to the application; similarity based on domain names; an organization's network addressing structure; app location; user location; job title; department; manager; and behavior patterns. 11. The non-transitory computer-readable storage medium of claim 10 , wherein the machine learning model includes an ensemble of different models, wherein the ensemble is configured in one of a parallel ensemble or a sequential ensemble. 12. A method comprising steps of: obtaining log data for a plurality of users of an enterprise where the log data relates to usage of a plurality of applications by the plurality of users; determining and defining, based on the obtained log data, i) one or more app-segments, each of the one or more app-segments comprising groupings of applications of the plurality of applications and ii) user-groups that are groupings of users of the plurality of users; and providing access policy of the plurality of applications based on the defined user-groups and the one or more defined app-segments; wherein the log data is transformed to feature vectors, and wherein the determining includes clustering with the feature vectors adapted to form any of an access matrix, app-segments, and user-groups, the clustering is based on a compressed feature vector, wherein the compressed feature vector defines a user app usage access pattern in a numerical format and is one of k-means clustering, DBScan, and Hierarchical DBScan. 13. The method of claim 12 , wherein the steps further include monitoring the access policy over time based on ongoing log data, manual verification of the access policy, and incidents where users are prevented from accessing any application; and adjusting the access policy based on the monitoring. 14. The method of claim 12 , wherein the steps further include allowing usage of the plurality of applications by the plurality of users via wildcard rules allowing a large subset of users to access the plurality of applications during the obtaining; and responsive to the providing, enforcing the access policy of the plurality of applications in place of the wildcard rules. 15. The method of claim 12 , wherein the log data is transformed to feature vectors, and wherein the determining includes clustering with the feature vectors. 16. The method of claim 12 , wherein the log data is obtained over a period of time and the determining and providing is performed over the period of time until the access policy meets a quality threshold. 17. The method of claim 12 , wherein the enterprise is an existing customer of a cloud service and the access policy is for one of existing applications and new applications, and wherein the determining is based on a similarity metric with existing user-groups. 18. The method of claim 12 , wherein the enterprise is a new customer of a cloud service, and wherein the determining is based on clustering to determine the user-groups and the app-segments. 19. The method of claim 12 , wherein the access policy includes which user-group can access which app-segments on which ports.