Real-time data leakage prevention and reporting
First Claim
1. A method comprising:
- detecting, by an analysis engine, that an extract transform load (ETL) job in an ETL system has been submitted for execution, the ETL job including an input data storage location and an output data storage location;
analyzing, by the analysis engine, the ETL job to predict whether execution of the ETL job will result in sensitive information being made accessible to an unauthorized user, the analyzing based on a sensitivity status of contents of the input data storage location and a data lineage of contents of the output data storage location;
preventing, by the analysis engine, the ETL job from executing based on predicting that execution of the ETL job will result in sensitive information being made accessible to an unauthorized user; and
initiating execution of the ETL job based on predicting that execution of the ETL job will not result in sensitive information being made accessible to an unauthorized user,wherein the predicting includes a recursive or iterative process of tracing data of the output data storage location through subsequent ETL jobs in the ETL system.
1 Assignment
0 Petitions
Accused Products
Abstract
Aspects include detecting that an extract transform load (ETL) job in an ETL system has been submitted for execution. The ETL job can include an input data storage location and an output data storage location. The ETL job is analyzed to predict whether execution of the ETL job will result in sensitive information being made accessible to an unauthorized user. The analyzing can be based on a sensitivity status of contents of the input data storage location and a data lineage of contents of the output data storage location. The ETL job is prevented from executing based on predicting that execution of the ETL job will result in sensitive information being made accessible to an unauthorized user. Execution of the ETL job is initiated based on predicting that execution of the ETL job will not result in sensitive information being made accessible to an unauthorized user.
-
Citations
18 Claims
-
1. A method comprising:
-
detecting, by an analysis engine, that an extract transform load (ETL) job in an ETL system has been submitted for execution, the ETL job including an input data storage location and an output data storage location; analyzing, by the analysis engine, the ETL job to predict whether execution of the ETL job will result in sensitive information being made accessible to an unauthorized user, the analyzing based on a sensitivity status of contents of the input data storage location and a data lineage of contents of the output data storage location; preventing, by the analysis engine, the ETL job from executing based on predicting that execution of the ETL job will result in sensitive information being made accessible to an unauthorized user; and initiating execution of the ETL job based on predicting that execution of the ETL job will not result in sensitive information being made accessible to an unauthorized user, wherein the predicting includes a recursive or iterative process of tracing data of the output data storage location through subsequent ETL jobs in the ETL system. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
-
-
9. A system comprising:
-
a memory having computer readable instructions; and one or more processors for executing the computer readable instructions, the computer readable instructions comprising; detecting, by an analysis engine, that an extract transform load (ETL) job in an ETL system has been submitted for execution, the ETL job including an input data storage location and an output data storage location; analyzing, by the analysis engine, the ETL job to predict whether execution of the ETL job will result in sensitive information being made accessible to an unauthorized user, the analyzing based on a sensitivity status of contents of the input data storage location and a data lineage of contents of the output data storage location; preventing, by the analysis engine, the ETL job from executing based on predicting that execution of the ETL job will result in sensitive information being made accessible to an unauthorized user; and initiating execution of the ETL job based on predicting that execution of the ETL job will not result in sensitive information being made accessible to an unauthorized user, wherein the predicting includes a recursive or iterative process of tracing data of the output data storage location through subsequent ETL jobs in the ETL system. - View Dependent Claims (10, 11, 12, 13, 14)
-
-
15. A computer program product comprising a non-transitory computer readable storage medium having program instructions embodied therewith, the program instructions executable by a processor to cause the processor to perform:
-
detecting that an extract transform load (ETL) job in an ETL system has been submitted for execution, the ETL job including an input data storage location and an output data storage location; analyzing the ETL job to predict whether execution of the ETL job will result in sensitive information being made accessible to an unauthorized user, the analyzing based on a sensitivity status of contents of the input data storage location and a data lineage of contents of the output data storage location; preventing the ETL job from executing based on predicting that execution of the ETL job will result in sensitive information being made accessible to an unauthorized user; and initiating execution of the ETL job based on predicting that execution of the ETL job will not result in sensitive information being made accessible to an unauthorized user, wherein the predicting includes a recursive or iterative process of tracing data of the output data storage location through subsequent ETL jobs in the ETL system. - View Dependent Claims (16, 17, 18)
-
Specification