DATA LOSS PREVENTION TECHNIQUES
First Claim
Patent Images
1. A system, comprising:
- a first data storage service comprising a plurality of data storage devices and a first web service interface configured to receive web service requests transmitted to the first web service interface, the first data storage service being configured to process the web service requests transmitted to the first web service interface using the plurality of data storage devices;
a second data storage service comprising a second web service interface, the second data storage service configured to operate as a proxy to the first data storage service by at least;
receiving data in connection with a request, submitted to the second web service interface from a requestor, to store data;
analyzing the received data to generate a determination whether the received data satisfies one or more criteria of one or more data loss prevention policies;
processing the received request in accordance with the generated determination, wherein;
when the determination indicates that the received data satisfies the one or more criteria of the one or more data loss prevention policies, processing the received request includes;
using a key maintained inaccessible to the first data storage service to encrypt the received data; and
transmitting the encrypted received data to the second data storage service by submitting a second request to the first web service interface.
1 Assignment
0 Petitions
Accused Products
Abstract
Data received through a proxy for a service is analyzed for compliance with one or more data policies, such as one or more data loss prevention policies. When data satisfies the criteria of one or more data policies, the data is manipulated at the proxy prior to transmission of the data to the service. In some examples, the manipulation of the data includes encryption.
-
Citations
25 Claims
-
1. A system, comprising:
-
a first data storage service comprising a plurality of data storage devices and a first web service interface configured to receive web service requests transmitted to the first web service interface, the first data storage service being configured to process the web service requests transmitted to the first web service interface using the plurality of data storage devices; a second data storage service comprising a second web service interface, the second data storage service configured to operate as a proxy to the first data storage service by at least; receiving data in connection with a request, submitted to the second web service interface from a requestor, to store data; analyzing the received data to generate a determination whether the received data satisfies one or more criteria of one or more data loss prevention policies; processing the received request in accordance with the generated determination, wherein; when the determination indicates that the received data satisfies the one or more criteria of the one or more data loss prevention policies, processing the received request includes;
using a key maintained inaccessible to the first data storage service to encrypt the received data; and
transmitting the encrypted received data to the second data storage service by submitting a second request to the first web service interface. - View Dependent Claims (2, 3, 4, 5, 6)
-
-
7. A system, comprising:
-
one or more processors; and memory including computer executable instructions that, when executed by the one or more processors, cause the system to; provide an application programming interface accessible at a network address; receive data in connection with requests to perform one or more operations submitted to the application programming interface; analyze the data to identify a subset of the data meeting one or more criteria of one or more data policies; modifying the subset of data in accordance with the one or more data policies; and transmit the modified subset of data to a remote service that is independently capable of processing requests to perform the one or more operations. - View Dependent Claims (8, 9, 10, 11, 12, 13)
-
-
14. A computer-implemented method, comprising:
under the control of one or more computer systems configured with executable instructions, receiving, at an application programming interface proxy to a remote service, a request to process data whose fulfillment involves utilization of the remote service; analyzing the data to generate a determination whether the data implicates one or more data policies; and processing the data in accordance with the generated determination, wherein processing the data includes modifying the data according to one or more implicated data policies of the one or more data policies prior to utilization of the remote service. - View Dependent Claims (15, 16, 17, 18, 19)
-
20. One or more computer-readable storage media having collectively stored thereon executable instructions that, when executed by one or more processors of a system, cause the system to:
-
provide an application programming interface proxy to a remote service; cause enforcement of one or more data loss prevention policies on data received through the provided application programming interface proxy to the remote service, the enforcement including at least; identifying a subset of the received data that satisfies one or more data loss prevention criteria of the one or more data loss prevention policies; and performing one or more actions on the identified subset in accordance with the one or more data loss prevention criteria the one or more actions including modifying data in the identified subset and transmitting the modified data to the remote service. - View Dependent Claims (21, 22, 23, 24, 25)
-
Specification