Protecting sensitive information from a secure data store
First Claim
1. A method of protecting stored information, the method comprising:
- storing a security policy for controlling access by a network endpoint to an encrypted remote data store, the security policy requiring a data store connected to the network endpoint to meet one or more security requirements for identification as a secure data store, the one or more security requirements including a requirement that the data store connected to the network endpoint be encrypted;
receiving an indication at a threat management facility that a first endpoint has access to the encrypted remote data store;
auditing the first endpoint to determine whether a security parameter of a first data store connected to the first endpoint is compliant with the one or more security requirements for identification as a secure data store;
when the security parameter of the first data store is compliant with the one or more security requirements for identification as a secure data store, permitting dissemination of data from the encrypted remote data store to the first endpoint; and
when the security parameter of the first data store is not compliant with at least one of the one or more security requirements, causing the first endpoint to implement an action by the first endpoint to regulate dissemination of data from the encrypted remote data store to the first endpoint.
5 Assignments
0 Petitions
Accused Products
Abstract
In embodiments of the present invention improved capabilities are described for the steps of receiving an indication that a computer facility has access to a secure data store, causing a security parameter of a storage medium local to the computer facility to be assessed, determining if the security parameter is compliant with a security policy relating to computer access of the remote secure data store, and in response to an indication that the security parameter is non-compliant, cause the computer facility to implement an action to prevent further dissemination of information, to disable access to network communications, to implement an action to prevent further dissemination of information, and the like.
-
Citations
19 Claims
-
1. A method of protecting stored information, the method comprising:
-
storing a security policy for controlling access by a network endpoint to an encrypted remote data store, the security policy requiring a data store connected to the network endpoint to meet one or more security requirements for identification as a secure data store, the one or more security requirements including a requirement that the data store connected to the network endpoint be encrypted; receiving an indication at a threat management facility that a first endpoint has access to the encrypted remote data store; auditing the first endpoint to determine whether a security parameter of a first data store connected to the first endpoint is compliant with the one or more security requirements for identification as a secure data store; when the security parameter of the first data store is compliant with the one or more security requirements for identification as a secure data store, permitting dissemination of data from the encrypted remote data store to the first endpoint; and when the security parameter of the first data store is not compliant with at least one of the one or more security requirements, causing the first endpoint to implement an action by the first endpoint to regulate dissemination of data from the encrypted remote data store to the first endpoint. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12)
-
-
13. A computer program product embodied in a non-transitory computer readable medium that, when executing on a threat management facility, performs steps comprising:
-
storing a security policy for controlling access by a network endpoint to an encrypted remote data store, the security policy requiring a data store connected to the network endpoint to meet one or more security requirements for identification as a secure data store, the one or more security requirements including a requirement that the data store connected to the network endpoint be encrypted; receiving an indication at the threat management facility that a first endpoint has access to the encrypted remote data store; auditing the first endpoint to determine whether a security parameter of a first data store connected to the first endpoint is compliant with the one or more security requirements for identification as a secure data store; when the security parameter of the first data store is compliant with the one or more security requirements for identification as a secure data store, permitting dissemination of data from the encrypted remote data store to the first endpoint; and when the security parameter of the first data store is not compliant with at least one of the one or more security requirements, causing the first endpoint to implement an action by the first endpoint to regulate dissemination of data from the encrypted remote data store to the first endpoint. - View Dependent Claims (14, 15, 16)
-
-
17. A system comprising:
-
an encrypted remote data store; a first endpoint including a computing device comprising a memory and a processor, the first endpoint in a communicating relationship with the encrypted remote data store, and the first endpoint storing a security policy for controlling access by a network endpoint to the encrypted remote data store, the security policy requiring a data store connected to the network endpoint to meet one or more security requirements for identification as a secure data store, the one or more security requirements including a requirement that the data store connected to the network endpoint be encrypted; and a threat management facility coupled in a communicating relationship with the first endpoint, the threat management facility configured to, in response to an indication that the first endpoint has access to the encrypted remote data store, audit the first endpoint to determine whether a first internal data store connected to the first endpoint is compliant with one or more security requirements for identification as a secure data store, to permit dissemination of data from the encrypted remote data store to the first endpoint when the first internal data store is compliant with the one or more security requirements for identification as a secure data store, and, when the first internal data store is not compliant with at least one of the one or more security requirements, to cause the first endpoint to implement an action, by the first endpoint to regulate dissemination of data from the encrypted remote data store to the first endpoint. - View Dependent Claims (18, 19)
-
Specification