DATA LOSS PREVENTION (DLP) METHODS BY A CLOUD SERVICE INCLUDING THIRD PARTY INTEGRATION ARCHITECTURES

US 20140026182A1
Filed: 07/17/2013
Published: 01/23/2014
Est. Priority Date: 07/19/2012
Status: Active Grant

First Claim

Patent Images

1. A method comprising:

receiving a first file for upload to a cloud-based platform from a first user;

determining a policy corresponding to the file for upload;

determining that at least one of a plurality of data loss prevention rules is triggered based upon a portion of contents of the first file;

determining whether to branch a copy of the first file based on a time of upload corresponding to a second file of a second user; and

performing a responsive action associated with the at least one of the plurality of data loss prevention rules.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Embodiments of the present disclosure include data loss prevention methods by a cloud-based service including third party integration architectures. The disclosed techniques of the cloud-based platform (e.g., collaboration platform in an enterprise environment) can detect (and may optionally prevent) violations to, e.g., corporate policies, which can be configurable by a corporate administrator, for example, regarding the use, storage, and/or transmission of sensitive information. The types of sensitive information can include, for example, financial information—credit card and bank account numbers, Personally Identifiable Information (PII)—Social Security Number (SSN), health/healthcare information, Intellectual Property—earnings forecasts, sales pipeline, trade secrets, source code, etc.

135 Citations

36 Claims

1. A method comprising:
- receiving a first file for upload to a cloud-based platform from a first user;
  
  determining a policy corresponding to the file for upload;
  
  determining that at least one of a plurality of data loss prevention rules is triggered based upon a portion of contents of the first file;
  
  determining whether to branch a copy of the first file based on a time of upload corresponding to a second file of a second user; and
  
  performing a responsive action associated with the at least one of the plurality of data loss prevention rules.
- View Dependent Claims (2, 3, 4, 5)
- - 2. The method of claim 1, further comprising:
    - receiving a third file for upload to the cloud-based platform from the first user;
      
      determining that the at least one of a plurality of data loss prevention rules is not triggered based upon the third file; and
      
      making a copy of the third file available to the second user.
  - 3. The method of claim 1, wherein the third file comprises the contents of the second file wherein a sequence of characters have been redacted.
  - 4. The method of claim 3, wherein the sequence of characters comprises a keyword associated with the at least one of a plurality of data loss prevention rules;
    - wherein, the keyword is obtained from or provided by a third party metadata provider.
  - 5. The method of claim 1, further comprising:
    - receiving a third file for upload to the cloud-based platform from the first user.

6. A method performed by a cloud-based platform, comprising:
- presenting a user with a plurality of quarantine policy parameter input fields;
  
  receiving a plurality of quarantine policy parameters via the plurality of quarantine policy parameter input fields;
  
  creating a new quarantine policy configured to prevent data loss by the cloud-based platform based at least in part upon the plurality of quarantine policy parameters;
  
  receiving a file for upload; and
  
  determining whether the new quarantine policy applies to at least a portion of contents of the file.
- View Dependent Claims (7, 8, 9, 10, 11, 12, 13, 14, 15)
- - 7. The method of claim 6, wherein the plurality of quarantine policy parameter input fields comprise a plurality of steps, each step comprising an if-condition input and a then-consequent input.
  - 8. The method of claim 6, wherein the policy comprises a plurality of data loss prevention rules.
  - 9. The method of claim 8, the at least one of the plurality of data loss prevention rules comprises a character-based search for a particular information type.
  - 10. The method of claim 9, wherein the information type comprises one of a social security number, a tax identification number, and a medical services identification number.
  - 11. The method of claim 9, wherein the information type comprises a user-specified textual string.
  - 12. The method of claim 11, wherein the textual string comprises a product-specific name.
  - 13. The method of claim 6, wherein at least one of the a plurality of quarantine policy parameter input fields includes an indication of a responsive action.
  - 14. The method of claim 13, wherein the responsive action comprises notifying an administrator of the file for upload.
  - 15. The method of claim 13, wherein the responsive action comprises preventing a group of individuals from modifying, deleting, or sharing the file for upload.

16. A method performed by a data loss prevention system of a cloud-based platform, the method, comprising:
- receiving a request for a policy report associated with a policy, the policy configured to prevent data loss for an enterprise client;
  
  determining a plurality of files that has been quarantined based on the policy if the data loss prevention system of the cloud-based platform; and
  
  displaying a list of the quarantined files to the enterprise client;
  
  wherein, the policy is specified by the enterprise client.

17. A machine readable storage medium having instructions stored thereon, which when executed by a processor, causes the processor to:
- present a user with a plurality of quarantine policy parameter input fields;
  
  receive a plurality of quarantine policy parameters via the plurality of quarantine policy parameter input fields;
  
  create a new quarantine policy configured to prevent data loss by a cloud-based service based at least in part upon the plurality of quarantine policy parameters;
  
  receive a file for upload; and
  
  determining whether the new quarantine policy applies to at least a portion of contents of the file.
- View Dependent Claims (18, 19, 20, 21, 22, 23, 24, 25, 26)
- - 18. The machine readable storage medium of claim 17, wherein the plurality of quarantine policy parameter input fields comprise a plurality of steps, each step comprising an if-condition input and a then-consequent input.
  - 19. The machine readable storage medium of claim 17, wherein the policy comprises a plurality of data loss prevention rules.
  - 20. The machine readable storage medium of claim 19, the at least one of the plurality of data loss prevention rules comprises a character-based search for a particular information type.
  - 21. The machine readable storage medium of claim 20, wherein the information type comprises one of a social security number, a tax identification number, and a medical services identification number.
  - 22. The machine readable storage medium of claim 20, wherein the information type comprises a user-specified textual string.
  - 23. The machine readable storage medium of claim 22, wherein the textual string comprises a product-specific name.
  - 24. The machine readable storage medium of claim 17, wherein at least one of the a plurality of quarantine policy parameter input fields includes an indication of a responsive action.
  - 25. The machine readable storage medium of claim 24, wherein the responsive action comprises notifying an administrator of the file for upload.
  - 26. The machine readable storage medium of claim 24, wherein the responsive action comprises preventing a group of individuals from modifying, deleting, or sharing the file for upload.

27. A system comprising:
- at least one processor;
  
  a memory comprising instructions stored there on which when executed by the at least one processor causes the at least one processor to;
  
  present a user with a plurality of quarantine policy parameter input fields;
  
  receive a plurality of quarantine policy parameters via the plurality of quarantine policy parameter input fields;
  
  create a new quarantine policy configured to prevent data loss by a cloud-based service based at least in part upon the plurality of quarantine policy parameters;
  
  receive a file for upload; and
  
  determining whether the new quarantine policy applies to at least a portion of contents of the file.
- View Dependent Claims (28, 29, 30, 31, 32, 33, 34, 35, 36)
- - 28. The system of claim 27, wherein the plurality of quarantine policy parameter input fields comprise a plurality of steps, each step comprising an if-condition input and a then-consequent input.
  - 29. The system of claim 27, wherein the policy comprises a plurality of data loss prevention rules.
  - 30. The system of claim 29, the at least one of the plurality of data loss prevention rules comprises a character-based search for a particular information type.
  - 31. The system of claim 30, wherein the information type comprises one of a social security number, a tax identification number, and a medical services identification number.
  - 32. The system of claim 30, wherein the information type comprises a user-specified textual string.
  - 33. The system of claim 32, wherein the textual string comprises a product-specific name.
  - 34. The system of claim 27, wherein at least one of the a plurality of quarantine policy parameter input fields includes an indication of a responsive action.
  - 35. The system of claim 34, wherein the responsive action comprises notifying an administrator of the file for upload.
  - 36. The system of claim 34, wherein the responsive action comprises preventing a group of individuals from modifying, deleting, or sharing the file for upload.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Box Incorporated
Original Assignee
Box Incorporated
Inventors
Kiang, Andy, Pearl, Annie, Bailon, Joel

Granted Patent

US 9,473,532 B2
Time in Patent Office

Days
Field of Search
US Class Current

726/1
CPC Class Codes

G06F 21/554   involving event detection a...

G06F 21/60   Protecting data

G06F 2221/2123   Dummy operation

G06Q 10/103   Workflow collaboration or p...

H04L 63/20   for managing network securi...

DATA LOSS PREVENTION (DLP) METHODS BY A CLOUD SERVICE INCLUDING THIRD PARTY INTEGRATION ARCHITECTURES

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

135 Citations

36 Claims

Specification

Solutions

Use Cases

Quick Links

DATA LOSS PREVENTION (DLP) METHODS BY A CLOUD SERVICE INCLUDING THIRD PARTY INTEGRATION ARCHITECTURES

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

135 Citations

36 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links