Access blocking for data loss prevention in collaborative environments
First Claim
1. A method to provide access blocking as part of data loss prevention (DLP) within a collaborative service environment, the method comprising:
- evaluating content of a user processed by a collaborative service, wherein the content is associated with an application executed within an infrastructure provided by the collaborative service;
determining if information associated with the content matches access blocking criteria defined by one or more DLP policy rules;
in response to a determination that a portion of the information matches at least one access blocking criterion defined by the one or more DLP policy rules, automatically activating a block access tag associated with the content to restrict access to the content;
providing for display, on a user experience of the application that is displaying the content, a notification to the user, wherein the notification describes the at least one access blocking criterion and the portion of the information, and the notification includes a control element associated with an action to remove the portion of the information in order to deactivate the block access tag associated with the content;
detecting a selection of the control element on the user experience by the user to remove the portion of the information that matches the at least one access blocking criterion defined by the one or more DLP policy rules from the content; and
responsive to the removal, automatically deactivating the block access tag associated with the content to provide access to the content based on a determination that the information associated with the content does not match the access blocking criteria defined by the one or more DLP policy rules.
1 Assignment
0 Petitions
Accused Products
Abstract
Data loss prevention (DLP) systems may be implemented in conjunction with collaborative services that may be integrated with or work in coordination with productivity services. Administrators may be enabled to configure DLP policies in the collaborative service to mitigate their organization'"'"'s information disclosure risks, along with the detection and remediation of sensitive information. Access blocking may be one feature of the DLP system, where provision of access blocking may include determining if a detected action associated with content processed by the collaborative service matches access blocking criteria defined by DLP policy rules. In response to the determination that the action matches at least one access blocking criterion defined by the DLP policy rules, a block access tag associated with the content may be activated, previously defined permissions associated with the content may be ignored or altered, and access to the content may be restricted to a number of predefined users.
-
Citations
20 Claims
-
1. A method to provide access blocking as part of data loss prevention (DLP) within a collaborative service environment, the method comprising:
-
evaluating content of a user processed by a collaborative service, wherein the content is associated with an application executed within an infrastructure provided by the collaborative service; determining if information associated with the content matches access blocking criteria defined by one or more DLP policy rules; in response to a determination that a portion of the information matches at least one access blocking criterion defined by the one or more DLP policy rules, automatically activating a block access tag associated with the content to restrict access to the content; providing for display, on a user experience of the application that is displaying the content, a notification to the user, wherein the notification describes the at least one access blocking criterion and the portion of the information, and the notification includes a control element associated with an action to remove the portion of the information in order to deactivate the block access tag associated with the content; detecting a selection of the control element on the user experience by the user to remove the portion of the information that matches the at least one access blocking criterion defined by the one or more DLP policy rules from the content; and responsive to the removal, automatically deactivating the block access tag associated with the content to provide access to the content based on a determination that the information associated with the content does not match the access blocking criteria defined by the one or more DLP policy rules. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
-
-
10. A computing device to provide access blocking as part of data loss prevention (DLP) within a collaborative service environment, the computing device comprising:
-
a communication interface configured to facilitate communication between the computing device and a collaboration service; a memory configured to store instructions; and a processor coupled to the communication interface and the memory, wherein the processor is configured to; evaluate content of a user processed by the collaborative service, wherein the content is associated with an application executed within an infrastructure provided by the collaborative service; determine if information associated with the content matches access blocking criteria defined by one or more DLP policy rules; in response to a determination that a portion of the information matches at least one access blocking criterion defined by the one or more DLP policy rules, automatically activate a block access tag associated with the content to restrict access to the content; provide for display, on a user experience of the application that is displaying the content, a notification to the user, wherein the notification describes the at least one access blocking criterion and the portion of the information, and the notification includes a control element associated with an action to remove the portion of the information in order to deactivate the block access tag associated with the content; detect a selection of the control element on the user experience by the user to remove the portion of the information that matches the at least one access blocking criterion defined by the one or more DLP policy rules from the content; and responsive to the removal, automatically deactivate the block access tag associated with the content to provide access to the content based on a determination that the information associated with the content does not match the access blocking criteria defined by the one or more DLP policy rules. - View Dependent Claims (11, 12, 13, 14, 15, 16)
-
-
17. A method to provide access blocking as part of data loss prevention (DLP) within a collaborative service environment, the method comprising:
-
evaluating content of a user processed by a collaborative service, wherein the content is associated with an application executed within an infrastructure provided by the collaborative service; determining if information associated with the content, a user with access to the content, or a location of the content matches access blocking criteria defined by one or more DLP policy rules; in response to a determination that one or more of a portion of the information, the user, and the location matches at least one access blocking criterion defined by the one or more DLP policy rules, automatically activating a block access tag associated with the content to restrict access to the content; providing for display, on a user experience of the application that is displaying the content, a notification to the user, wherein the notification describes the at least one access blocking criterion and the one or more of the portion of the information, the user, and the location, and the notification includes a control element associated with an action to remove the one or more of the portion of the information, the user, and the location in order to deactivate the block access tag associated with the content; detecting a selection of the control element on the user experience by the user to remove the one or more of the portion of the information, the user, and the location that matches the at least one access blocking criterion defined by the one or more DLP policy rules from the content; and responsive to the removal, automatically deactivating the block access tag to provide access to the content based on a determination that the information associated with the content, the user with access to the content, and the location of the content do not match the access blocking criteria defined by the one or more DLP policy rules. - View Dependent Claims (18, 19, 20)
-
Specification