METHOD AND SYSTEM FOR MANAGING AND SECURING SUBSETS OF DATA IN A LARGE DISTRIBUTED DATA STORE
First Claim
1. A method, comprising:
- defining a subset of data entities in a large distributed data store (DDS) as a data domain;
establishing one or more policies for the data domain as a unit;
securing the subset of data entities in the defined data domain, including limiting access and establishing a security protocol for the data domain according to the one or more policies; and
determining operations allowable on the data domain according to the one or more policies.
5 Assignments
0 Petitions
Accused Products
Abstract
A system groups multiple entities in a large distributed data store (DDS), such as directories and files, into a subset called a domain. The domain is treated as a unit for defining policies to detect and treat sensitive data. Sensitive data can be defined by enterprise or industry. Treatment of sensitive data may include quarantining, masking, and encrypting, of the data or the entity containing the data. Data in a domain can be copied as a unit, with or without the same structure, and with transformations such as masking or encryption, into parts of the same DDS or to a different DDS. Domains can be the unit of access control for organizations, and assigned tags useful for identifying their purpose, ownership, location, or other characteristics. Policies and operations, assigned at the domain level, may vary from domain to domain, but within a domain are uniform, except for specific exclusions.
-
Citations
20 Claims
-
1. A method, comprising:
-
defining a subset of data entities in a large distributed data store (DDS) as a data domain; establishing one or more policies for the data domain as a unit; securing the subset of data entities in the defined data domain, including limiting access and establishing a security protocol for the data domain according to the one or more policies; and determining operations allowable on the data domain according to the one or more policies. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
-
-
12. A system, comprising:
-
a controller for defining a data domain within a large distributed data store (DDS) and for operating on the data domain; an agent for interacting with clusters of the DDS; and a user interface for accessing and using the DDS through the controller. - View Dependent Claims (13, 14, 15, 16, 17, 18, 19, 20)
-
Specification