MITIGATION OF DATA LEAKAGE IN A MULTI-SITE COMPUTING INFRASTRUCTURE
First Claim
Patent Images
1. A method comprising:
- for an entity owning a file in a file sharing environment in communication with memory, specifying a first tier of a mandatory access control policy to the file, the mandatory access control policy controlling a maximum sharing scope of the file and placing a restriction around a discretionary sharing decision made by the entity;
generating a profile for an entity contact, the profile including keywords representing collaboration topics between the entity and the entity contact, the keyword associated with a weight;
calculating a contact score defining relevance matching between the file and the entity contact, the contact score calculated based upon the weight of each keyword in the profile of the entity contact and keywords associated with the file;
interactively recommending a contact to the entity as a candidate for file sharing based upon an associated contact score;
periodically updating the profile of each entity contact using new collaboration information; and
dynamically adjusting the recommendation for file sharing based on the updated contact profile.
1 Assignment
0 Petitions
Accused Products
Abstract
Embodiments of the invention relate to a method, system, and computer program product to dynamically mitigate data leakage in a file sharing environment. Mandatory access control policies are provided to address and maintain restrictions on file sharing both with respect to security rules of an organization and restrictions pertaining to discretionary sharing decisions. In addition, suggestions for potential recipients for file sharing are supported, as well as examination of abnormal recipients in response to the discretionary sharing decisions.
-
Citations
20 Claims
-
1. A method comprising:
-
for an entity owning a file in a file sharing environment in communication with memory, specifying a first tier of a mandatory access control policy to the file, the mandatory access control policy controlling a maximum sharing scope of the file and placing a restriction around a discretionary sharing decision made by the entity; generating a profile for an entity contact, the profile including keywords representing collaboration topics between the entity and the entity contact, the keyword associated with a weight; calculating a contact score defining relevance matching between the file and the entity contact, the contact score calculated based upon the weight of each keyword in the profile of the entity contact and keywords associated with the file; interactively recommending a contact to the entity as a candidate for file sharing based upon an associated contact score; periodically updating the profile of each entity contact using new collaboration information; and dynamically adjusting the recommendation for file sharing based on the updated contact profile. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
-
-
9. A computer program product delivered as a service through a network connection, the computer program product comprising a computer readable storage medium having computer readable program code embodied therewith, the computer readable program code comprising:
-
computer readable program code configured to specify a first tier of a mandatory access control policy to a file in a file sharing environment, the mandatory access control policies to control a maximum sharing scope of the file and to place a security boundary around a discretionary sharing decision made by a user of a shared pool of resources; computer readable program code configured to generate a profile for an entity contact, the profile including a keyword representing a collaboration topic between the entity and the entity contact, the keyword associated with a weight; computer readable program code configured to calculate a contact score defining relevance matching between the file and the entity contact, the contact score calculated based upon the weight of the keyword in the profile of the entity contact and keywords associated with the file; computer readable program code configured to recommend a contact to the entity as a candidates to share the file, wherein the recommendation is based upon the contact score; computer readable program code configured to periodically update the profile of each contact associated with the entity using new collaboration information; and computer readable program code configured to dynamically adjust the recommendation for file sharing based on the updated contact profile. - View Dependent Claims (10, 11, 12, 13)
-
-
14. A system comprising:
-
a storage component that includes information describing a mandatory access control policy to data; a functional unit in communication with a processor that is in communication with the storage component, the functional unit comprising; an access manager that is in communication with a file sharing environment, the access manager to specify a first tier having a mandatory access control policy to a file in the file sharing environment, the mandatory access control policy to control maximum sharing scopes of the file and to place a security boundary around a sharing decision made by a user of a resource of the file sharing environment. a profile manager in communication with the access manager, the profile manager to create an attribute profile for an entity contact, the profile including a keyword representing collaboration topics between the entity and the contact, the keyword associated with a weight; a history manager in communication with the profile manager, the history manager to mine a past collaboration activity; a recommendation manager to calculate a contact score defining relevance matching between the file and the entity contact, the contact score calculated based upon the weight of the keyword in the profile of the contact and keywords associated with the file, and to recommend a contact to the entity as a candidate to share the file, wherein a recommendation is based upon the contact score of the entity contact; an update manager that is in communication with the history manager, the update manager to periodically update the profile of each contact, including using new collaboration information; and an adjustment manager in communication with the update manager, the adjustment manager to dynamically adjust the recommendation for file sharing based on the updated contact profile. - View Dependent Claims (15, 16, 17, 18)
-
-
19. A method to support collaboration in an entity owning file sharing environment, the method comprising:
-
specifying a first tier of a mandatory access control policy to a file owned by an entity, the mandatory access control policy controlling a maximum sharing scope of the file and placing a restriction around a discretionary sharing decision; creating an attribute profile for an entity contact, including mining a past collaboration activity, the profile including a keyword representing a collaboration topic between the entity and the entity contact, the keyword associated with a weight; calculating a contact score defining relevance matching between the file and the entity contact, the contact score calculated based upon the weight of the keyword in the profile of the entity contact and the keyword associated with the file; interactively recommending a contact to the entity as a candidate for file sharing based upon an associated contact score; updating a contact profile of the entity using new collaboration information on a periodic basis; and dynamically adjusting the recommendation for file sharing based on the updated contact profile. - View Dependent Claims (20)
-
Specification