Automatically applying data loss prevention rules during migration
First Claim
1. A method, implemented by a system that includes one or more processors and computer executable instructions which implement a migration engine and a data loss prevention (DLP) engine when executed by at least one of the one or more processors, for performing DLP processing on selected items during an email migration from a source system to a target system, the method comprising:
- accessing, by the migration engine and as part of the email migration, a first email that is stored in a first mailbox that corresponds to a first user on the source system;
processing, by the migration engine, the first email to determine, based on DLP configuration settings that define rules for protecting against loss, misuse or unauthorized access of sensitive data, whether the first email should be subjected to the DLP processing;
upon determining, based on the DLP configuration settings, that the first email should not be subjected to the DLP processing, migrating, by the migration engine, the first email to the target system without routing the first email to the DLP engine by storing the first email in a first mailbox that corresponds to the first user on the target system;
accessing, by the migration engine and as part of the email migration, a second email that is stored in the first mailbox that corresponds to the first user on the source system;
processing, by the migration engine, the second email to determine, based on the DLP configuration settings, whether the second email should be subjected to the DLP processing;
upon determining, based on the DLP configuration settings, that the second email should be subject to the DLP processing, routing, by the migration engine, the second email to the DLP engine rather than migrating the second email to the target system;
performing, by the DLP engine, the DLP processing on the second email to generate a processed version of the second email, wherein performing the DLP processing on the second email to generate the processed version of the second email comprises removing sensitive data from the second email to ensure that the sensitive data is not lost, misused or accessed by unauthorized users once the processed version of the second email is migrated to the target system;
providing, by the DLP engine, the processed version of the second email to the migration engine; and
migrating, by the migration engine, the processed version of the second email, rather than the second email, to the target system by storing the processed version of the second email in the first mailbox that corresponds to the first user on the target system.
23 Assignments
0 Petitions
Accused Products
Abstract
Data loss prevention (“DLP”) rules can be automatically applied to items during a migration. When a migration is performed, a migration engine may be configured with migration configuration settings which define the items to be migrated from the source system to the target system. The migration engine may also be configured with DLP configuration settings which define the type of items on which DLP should be performed. When the DLP configuration settings indicate that DLP should be applied to an item to be migrated, the migration engine routes the item to a DLP engine rather than directly migrating the item to the target system. After the DLP engine has processed the item, the DLP engine can return the processed item to the migration engine which in turn can migrate the processed item to the appropriate location in the target system.
10 Citations
20 Claims
-
1. A method, implemented by a system that includes one or more processors and computer executable instructions which implement a migration engine and a data loss prevention (DLP) engine when executed by at least one of the one or more processors, for performing DLP processing on selected items during an email migration from a source system to a target system, the method comprising:
-
accessing, by the migration engine and as part of the email migration, a first email that is stored in a first mailbox that corresponds to a first user on the source system; processing, by the migration engine, the first email to determine, based on DLP configuration settings that define rules for protecting against loss, misuse or unauthorized access of sensitive data, whether the first email should be subjected to the DLP processing; upon determining, based on the DLP configuration settings, that the first email should not be subjected to the DLP processing, migrating, by the migration engine, the first email to the target system without routing the first email to the DLP engine by storing the first email in a first mailbox that corresponds to the first user on the target system; accessing, by the migration engine and as part of the email migration, a second email that is stored in the first mailbox that corresponds to the first user on the source system; processing, by the migration engine, the second email to determine, based on the DLP configuration settings, whether the second email should be subjected to the DLP processing; upon determining, based on the DLP configuration settings, that the second email should be subject to the DLP processing, routing, by the migration engine, the second email to the DLP engine rather than migrating the second email to the target system; performing, by the DLP engine, the DLP processing on the second email to generate a processed version of the second email, wherein performing the DLP processing on the second email to generate the processed version of the second email comprises removing sensitive data from the second email to ensure that the sensitive data is not lost, misused or accessed by unauthorized users once the processed version of the second email is migrated to the target system; providing, by the DLP engine, the processed version of the second email to the migration engine; and migrating, by the migration engine, the processed version of the second email, rather than the second email, to the target system by storing the processed version of the second email in the first mailbox that corresponds to the first user on the target system. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14)
-
-
15. One or more computer storage media storing computer executable instructions which implement a migration engine and a data loss prevention (DLP) engine when executed by at least one processor, the migration engine and the DLP engine being configured to implement a method for performing DLP processing on selected items during an email migration from a source system to a target system, the method comprising:
-
accessing, by the migration engine and as part of the email migration, a first email that is stored in a first mailbox that corresponds to a first user on the source system; processing, by the migration engine, the first email to determine, based on DLP configuration settings that define rules for protecting against loss, misuse or unauthorized access of sensitive data, whether the first email should be subjected to the DLP processing; upon determining, based on the DLP configuration settings, that the first email should not be subjected to the DLP processing, migrating, by the migration engine, the first email to the target system without routing the first email to the DLP engine by storing the first email in a first mailbox that corresponds to the first user on the target system; accessing, by the migration engine and as part of the email migration, a second email that is stored in the first mailbox that corresponds to the first user on the source system; processing, by the migration engine, the second email to determine, based on the DLP configuration settings, whether the second email should be subjected to the DLP processing; upon determining, based on the DLP configuration settings, that the second email should be subject to the DLP processing, routing, by the migration engine, the second email to the DLP engine rather than migrating the second email to the target system; performing, by the DLP engine, the DLP processing on the second email to generate a processed version of the second email, wherein performing the DLP processing on the second email to generate the processed version of the second email comprises removing sensitive data from the second email to ensure that the sensitive data is not lost, misused or accessed by unauthorized users once the processed version of the second email is migrated to the target system; providing, by the DLP engine, the processed version of the second email to the migration engine; and migrating, by the migration engine, the processed version of the second email, rather than the second email, to the target system by storing the processed version of the second email in the first mailbox that corresponds to the first user on the target system. - View Dependent Claims (16, 17, 18)
-
-
19. A method, implemented by a system that includes one or more processors and computer executable instructions which implement a migration engine and a data loss prevention (DLP) engine when executed by at least one of the one or more processors, for performing DLP processing on selected items during an email migration from a source system to a target system, the method comprising:
-
accessing, by the migration engine and as part of the email migration, a first email that is stored in a first user'"'"'s inbox on the source system; processing, by the migration engine, the first email to determine, based on DLP configuration settings that define rules for protecting against loss, misuse or unauthorized access of sensitive data, whether the first email should be subjected to the DLP processing; upon determining, based on the DLP configuration settings, that the first email should not be subjected to the DLP processing, migrating, by the migration engine, the first email to the target system without routing the first email to the DLP engine by storing the first email in an inbox that has been created for the first user on the target system; accessing, by the migration engine and as part of the email migration, a second email that is stored in the first user'"'"'s inbox on the source system; processing, by the migration engine, the second email to determine, based on the DLP configuration settings, whether the second email should be subjected to the DLP processing; upon determining, based on the DLP configuration settings, that the second email should be subject to the DLP processing, routing, by the migration engine, the second email to the DLP engine rather than migrating the second email to the target system; performing, by the DLP engine, the DLP processing on the second email to generate a processed version of the second email, wherein performing the DLP processing on the second email to generate the processed version of the second email comprises removing sensitive data from the second email to ensure that the sensitive data is not lost, misused or accessed by unauthorized users once the processed version of the second email is migrated to the target system; providing, by the DLP engine, the processed version of the second email to the migration engine; and migrating, by the migration engine, the processed version of the second email, rather than the second email, to the target system by storing the processed version of the second email in the inbox that has been created for the first user on the target system. - View Dependent Claims (20)
-
Specification