Data protection within an unsecured storage environment

US 10,540,516 B2
Filed: 10/13/2016
Issued: 01/21/2020
Est. Priority Date: 10/13/2016
Status: Active Grant

First Claim

Patent Images

1. A system for securing data within an unsecured environment, the system comprising:

a storage management system implemented in computer hardware, the storage management system separate from a primary storage environment, the storage management system configured to;

receive data to be backed up from the primary storage environment, the data comprising a plurality of files, the primary storage environment comprising an at least partially unsecured storage environment, wherein at least some data stored in the at least partially unsecured storage environment is stored in an unencrypted form or in a storage location with shared access;

perform a natural language processing process on the plurality of files to determine content of files within the plurality of files;

access a security policy for the primary storage environment;

tag the files within the plurality of files based at least in part on the content of the files and the security policy;

select a file from the plurality files based at least in part on the tags of the files;

index a location of the file at the primary storage environment, thereby enabling a secured version of the file to replace the file at the location of the file at the primary storage environment; and

secure the file at the primary storage environment by at least modifying a storage location or storage format of the file.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A backup or storage management system is provided that can secure data within a primary storage environment that stores data in an unsecured format. The storage management system can automatically analyze data received for backup from the primary storage environment and determine whether the data includes information that has been identified as sensitive and/or information that is determined within a threshold degree of probability to be sensitive. The storage management system can then modify the storage of the data that includes sensitive information at the primary storage environment, thereby enabling the data to be secured within the unsecured, or partially secured, primary storage environment. Advantageously, in certain embodiments, by securing data with sensitive information within an unsecured storage environment, embodiments disclosed herein can reduce the occurrences of a data breach or data leak.

484 Citations

18 Claims

1. A system for securing data within an unsecured environment, the system comprising:
- a storage management system implemented in computer hardware, the storage management system separate from a primary storage environment, the storage management system configured to;
  
  receive data to be backed up from the primary storage environment, the data comprising a plurality of files, the primary storage environment comprising an at least partially unsecured storage environment, wherein at least some data stored in the at least partially unsecured storage environment is stored in an unencrypted form or in a storage location with shared access;
  
  perform a natural language processing process on the plurality of files to determine content of files within the plurality of files;
  
  access a security policy for the primary storage environment;
  
  tag the files within the plurality of files based at least in part on the content of the files and the security policy;
  
  select a file from the plurality files based at least in part on the tags of the files;
  
  index a location of the file at the primary storage environment, thereby enabling a secured version of the file to replace the file at the location of the file at the primary storage environment; and
  
  secure the file at the primary storage environment by at least modifying a storage location or storage format of the file.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
- - 2. The system of claim 1, wherein the storage management system is further configured to secure the file by replacing the file at the primary storage environment with a stub file that points to a location of the file within a secure storage environment.
  - 3. The system of claim 2, wherein the secure storage environment comprises a backup storage environment.
  - 4. The system of claim 2, wherein the secure storage environment comprises the storage management system.
  - 5. The system of claim 1, wherein the storage management system is further configured to secure the file by replacing the file at the primary storage environment with an encrypted copy of the file.
  - 6. The system of claim 1, wherein the storage management system is further configured to secure the file by moving the file to a secure area within the primary storage environment.
  - 7. The system of claim 1, wherein the storage management system is further configured to determine a process for securing the file at the primary storage environment based at least in part on the security policy.
  - 8. The system of claim 1, wherein the storage management system is further configured to:
    - detect an attempt to access the file by a user at an unsecured client device;
      
      prevent access to the file; and
      
      cause a message to be output to the user to access the file at a secured client device.
  - 9. The system of claim 1, wherein at least one file from the plurality of files comprises a proprietary format and wherein the storage management system is further configured to convert the at least one file to a non-proprietary text format prior to performing the natural language processing process on the at least one file.

10. A computer-implemented method of securing data within an unsecured environment, the computer-implemented method comprising:
- as implemented by a storage management system implemented in computer hardware and configured with specific computer-executable instructions,receiving data to be backed up from a primary storage environment, the data comprising a plurality of files, the primary storage environment comprising an at least partially unsecured storage environment, wherein at least some data stored in the at least partially unsecured storage environment is stored in an unencrypted form or in a storage location with shared access;
  
  performing a natural language processing process on the plurality of files to determine content of files within the plurality of files;
  
  accessing a security policy for the primary storage environment;
  
  tagging the files within the plurality of files based at least in part on the content of the files and the security policy;
  
  selecting a file from the plurality files based at least in part on the tags of the files;
  
  indexing a location of the file at the primary storage environment, thereby enabling a secured version of the file to replace the file at the location of the file at the primary storage environment; and
  
  securing the file at the primary storage environment by at least modifying a storage location or storage format of the file.
- View Dependent Claims (11, 12, 13, 14, 15, 16, 17, 18)
- - 11. The computer-implemented method of claim 10, wherein securing the file comprises replacing the file at the primary storage environment with a stub file that points to a location of the file within a secure storage environment.
  - 12. The computer-implemented method of claim 11, wherein the secure storage environment comprises a backup storage environment.
  - 13. The computer-implemented method of claim 11, wherein the secure storage environment comprises the storage management system.
  - 14. The computer-implemented method of claim 10, wherein securing the file comprises replacing the file at the primary storage environment with an encrypted copy of the file.
  - 15. The computer-implemented method of claim 10, wherein securing the file comprises moving the file to a secure area within the primary storage environment.
  - 16. The computer-implemented method of claim 10, further comprising determining a process for securing the file at the primary storage environment based at least in part on the security policy.
  - 17. The computer-implemented method of claim 10, further comprising:
    - detecting an attempt to access the file by a user at an unsecured client device;
      
      preventing access to the file; and
      
      causing a message to be output to the user to access the file at a secured client device.
  - 18. The computer-implemented method of claim 10, wherein at least one file from the plurality of files comprises a proprietary format and wherein the method further comprises converting the at least one file to a non-proprietary text format prior to performing the natural language processing process on the at least one file.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
CommVault Systems Incorporated
Original Assignee
CommVault Systems Incorporated
Inventors
Amarendran, Arun Prasad, Chatterjee, Tirthankar, Ramaswamy, Chitra, Pamidiparthi, Sandeep Naidu
Primary Examiner(s)
Pwu, Jeffrey C
Assistant Examiner(s)
Anderson, Michael D

Application Number

US15/292,606
Publication Number

US 20180107838A1
Time in Patent Office

1,195 Days
Field of Search

726 1
US Class Current
CPC Class Codes

G06F 11/1448   Management of the data invo...

G06F 11/1451   by selection of backup cont...

G06F 11/1469   Backup restoration techniques

G06F 11/2071   using a plurality of contro...

G06F 16/122   using management policies b...

G06F 16/90332   Natural language query form...

G06F 21/6245   Protecting personal data, e...

G06F 2201/84   Using snapshots, i.e. a log...

Data protection within an unsecured storage environment

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

484 Citations

18 Claims

Specification

Solutions

Use Cases

Quick Links

Data protection within an unsecured storage environment

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

484 Citations

18 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links