Real-time data leakage prevention and reporting

US 10,169,603 B2
Filed: 03/16/2016
Issued: 01/01/2019
Est. Priority Date: 03/16/2016
Status: Active Grant

First Claim

Patent Images

1. A method comprising:

detecting, by an analysis engine, that an extract transform load (ETL) job in an ETL system has been submitted for execution, the ETL job including an input data storage location and an output data storage location;

analyzing, by the analysis engine, the ETL job to predict whether execution of the ETL job will result in sensitive information being made accessible to an unauthorized user, the analyzing based on a sensitivity status of contents of the input data storage location and a data lineage of contents of the output data storage location;

preventing, by the analysis engine, the ETL job from executing based on predicting that execution of the ETL job will result in sensitive information being made accessible to an unauthorized user; and

initiating execution of the ETL job based on predicting that execution of the ETL job will not result in sensitive information being made accessible to an unauthorized user,wherein the predicting includes a recursive or iterative process of tracing data of the output data storage location through subsequent ETL jobs in the ETL system.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Aspects include detecting that an extract transform load (ETL) job in an ETL system has been submitted for execution. The ETL job can include an input data storage location and an output data storage location. The ETL job is analyzed to predict whether execution of the ETL job will result in sensitive information being made accessible to an unauthorized user. The analyzing can be based on a sensitivity status of contents of the input data storage location and a data lineage of contents of the output data storage location. The ETL job is prevented from executing based on predicting that execution of the ETL job will result in sensitive information being made accessible to an unauthorized user. Execution of the ETL job is initiated based on predicting that execution of the ETL job will not result in sensitive information being made accessible to an unauthorized user.

12 Citations

View as Search Results

18 Claims

1. A method comprising:
- detecting, by an analysis engine, that an extract transform load (ETL) job in an ETL system has been submitted for execution, the ETL job including an input data storage location and an output data storage location;
  
  analyzing, by the analysis engine, the ETL job to predict whether execution of the ETL job will result in sensitive information being made accessible to an unauthorized user, the analyzing based on a sensitivity status of contents of the input data storage location and a data lineage of contents of the output data storage location;
  
  preventing, by the analysis engine, the ETL job from executing based on predicting that execution of the ETL job will result in sensitive information being made accessible to an unauthorized user; and
  
  initiating execution of the ETL job based on predicting that execution of the ETL job will not result in sensitive information being made accessible to an unauthorized user,wherein the predicting includes a recursive or iterative process of tracing data of the output data storage location through subsequent ETL jobs in the ETL system.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
- - 2. The method of claim 1, wherein the input data storage location includes data that is classified as sensitive data and the method further comprises:
    - generating a report that indicates a flow of the data that is classified as sensitive data through ETL jobs defined in the ETL system.
  - 3. The method of claim 1, wherein the sensitivity status is received in real-time in response to a request from the analysis engine.
  - 4. The method of claim 3, wherein the sensitivity status is received from one or more of a database activity monitoring system and a file activity monitoring system.
  - 5. The method of claim 1, wherein the data lineage is contained in a data lineage report that is generated based on one or more of a planned data flow, a design time data flow, and a run-time data flow in the ETL system.
  - 6. The method of claim 1, wherein the data lineage of contents of the output data storage location is located in a report that was generated by a data lineage tool based on a flow of ETL jobs in the ETL system.
  - 7. The method of claim 1, further comprising:
    - subsequent to the initiating execution of the ETL job, receiving, by the analysis engine, a sensitivity status change alert; and
      
      halting execution of the ETL job based on the receiving.
  - 8. The method of claim 1, wherein inputs at the input data storage location do not contain sensitive data and the analysis engine predicts that execution of the ETL job will result in sensitive information being made accessible to an unauthorized user.

9. A system comprising:
- a memory having computer readable instructions; and
  
  one or more processors for executing the computer readable instructions, the computer readable instructions comprising;
  
  detecting, by an analysis engine, that an extract transform load (ETL) job in an ETL system has been submitted for execution, the ETL job including an input data storage location and an output data storage location;
  
  analyzing, by the analysis engine, the ETL job to predict whether execution of the ETL job will result in sensitive information being made accessible to an unauthorized user, the analyzing based on a sensitivity status of contents of the input data storage location and a data lineage of contents of the output data storage location;
  
  preventing, by the analysis engine, the ETL job from executing based on predicting that execution of the ETL job will result in sensitive information being made accessible to an unauthorized user; and
  
  initiating execution of the ETL job based on predicting that execution of the ETL job will not result in sensitive information being made accessible to an unauthorized user,wherein the predicting includes a recursive or iterative process of tracing data of the output data storage location through subsequent ETL jobs in the ETL system.
- View Dependent Claims (10, 11, 12, 13, 14)
- - 10. The system of claim 9, wherein the input data storage location includes data that is classified as sensitive data and the instructions further comprise:
    - generating a report that indicates a flow of the data that is classified as sensitive data through ETL jobs defined in the ETL system.
  - 11. The system of claim 9, wherein the sensitivity status is received in real-time in response to a request from the analysis engine.
  - 12. The system of claim 9, wherein the sensitivity status is received from one or more of a database activity monitoring system and a file activity monitoring system.
  - 13. The system of claim 9, wherein the data lineage is contained in a data lineage report that is generated based on one or more of a planned data flow, a design time data flow, and a run-time data flow in the ETL system.
  - 14. The system of claim 9, wherein the data lineage of contents of the output data storage location is located in a report that was generated by a data lineage tool based on a flow of ETL jobs in the ETL system.

15. A computer program product comprising a non-transitory computer readable storage medium having program instructions embodied therewith, the program instructions executable by a processor to cause the processor to perform:
- detecting that an extract transform load (ETL) job in an ETL system has been submitted for execution, the ETL job including an input data storage location and an output data storage location;
  
  analyzing the ETL job to predict whether execution of the ETL job will result in sensitive information being made accessible to an unauthorized user, the analyzing based on a sensitivity status of contents of the input data storage location and a data lineage of contents of the output data storage location;
  
  preventing the ETL job from executing based on predicting that execution of the ETL job will result in sensitive information being made accessible to an unauthorized user; and
  
  initiating execution of the ETL job based on predicting that execution of the ETL job will not result in sensitive information being made accessible to an unauthorized user,wherein the predicting includes a recursive or iterative process of tracing data of the output data storage location through subsequent ETL jobs in the ETL system.
- View Dependent Claims (16, 17, 18)
- - 16. The computer program product of claim 15, wherein the input data storage location includes data that is classified as sensitive data and the program instructions are further executable by the processor to cause the processor to perform:
    - generating a report that indicates a flow of the data that is classified as sensitive data through ETL jobs defined in the ETL system.
  - 17. The computer program product of claim 15, wherein the sensitivity status is received in real-time in response to a request from the analysis engine.
  - 18. The computer program product of claim 15, wherein the sensitivity status is received from one or more of a database activity monitoring system and a file activity monitoring system.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
International Business Machines Corporation
Original Assignee
International Business Machines Corporation
Inventors
Becker, Shlomit, Melamed, Boris, Pyasik, Alexander, Turgeman, Shani, Weber, Gidi, Yulevich, Yifat
Primary Examiner(s)
To, Baotran N

Application Number

US15/071,347
Publication Number

US 20170270310A1
Time in Patent Office

1,021 Days
Field of Search
US Class Current
CPC Class Codes

G06F 16/254   Extract, transform and load...

G06F 21/552   involving long-term monitor...

G06F 21/556   involving covert channels, ...

G06F 21/6218   to a system of files or obj...

G06F 2221/2101   Auditing as a secondary aspect

G06F 2221/2141   Access rights, e.g. capabil...

Real-time data leakage prevention and reporting

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

12 Citations

18 Claims

Specification

Solutions

Use Cases

Quick Links

Real-time data leakage prevention and reporting

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

12 Citations

18 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links