Method and apparatus for associating data loss protection (DLP) policies with endpoints
First Claim
Patent Images
1. A method of policy management in a data loss prevention (DLP) system, comprising:
- defining a policy model that associates a user with one or more endpoints, the user being associated with at least one role or group;
determining a set of policies for an endpoint in the DLP system using an identity of the user that is associated with the endpoint and a list of roles or groups for the user; and
determining a set of endpoints to which a policy is to be distributed.
5 Assignments
0 Petitions
Accused Products
Abstract
A method of policy management in a Data Loss Prevention (DLP) system uses a policy model that associates a user with one or more DLP endpoints. When an endpoint is added to the system, a set of policies for that endpoint are determined using an identity of the user that is associated with the endpoint and a list of roles or groups for that user. At policy distribution time, the method determines a set of endpoints to which the policy is to be distributed.
-
Citations
24 Claims
-
1. A method of policy management in a data loss prevention (DLP) system, comprising:
-
defining a policy model that associates a user with one or more endpoints, the user being associated with at least one role or group; determining a set of policies for an endpoint in the DLP system using an identity of the user that is associated with the endpoint and a list of roles or groups for the user; and determining a set of endpoints to which a policy is to be distributed. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
-
8. Apparatus for policy management in a data loss prevention (DLP) system, comprising:
-
a processor; computer memory holding computer program instructions that when executed by the processor perform a method comprising; defining a policy model that associates a user with one or more endpoints, the user being associated with at least one role or group; determining a set of policies for an endpoint in the DLP system using an identity of the user that is associated with the endpoint and a list of roles or groups for the user; and determining a set of endpoints to which a policy is to be distributed. - View Dependent Claims (9, 10, 11, 12, 13, 14)
-
-
15. A computer program product in a computer readable medium for policy management in a data loss prevention (DLP) system, the computer program product holding computer program instructions which, when executed by the data processing system, perform a method comprising:
-
defining a policy model that associates a user with one or more endpoints, the user being associated with at least one role or group; determining a set of policies for an endpoint in the DLP system using an identity of the user that is associated with the endpoint and a list of roles or groups for the user; and determining a set of endpoints to which a policy is to be distributed. - View Dependent Claims (16, 17, 18, 19, 20, 21)
-
-
22. A method of policy management in a data loss prevention (DLP) system, comprising:
-
in response to creation or modification of a policy, determining which subset of a set of endpoints should receive the policy by the following sub-steps; for each role or group that is a target of the policy, identifying each user associated with the role or group; and for each user associated with the role or group, identifying one or more endpoints with which the user is associated; and distributing the policy to the subset of the set of endpoints identified by the determining step. - View Dependent Claims (23, 24)
-
Specification