SYSTEMS AND METHODS FOR CLOUD DATA LOSS PREVENTION INTEGRATION

US 20150100357A1
Filed: 12/21/2013
Published: 04/09/2015
Est. Priority Date: 10/03/2013
Status: Active Grant

First Claim

Patent Images

1. A computer-implemented system comprising:

a job scheduler implemented by one or more processors and configured to receive an activity notification from a cloud service that stores data on behalf of an enterprise, the activity notification specifying a file name of a file involved in an activity performed by the cloud service;

the job scheduler further configured to, responsive to receiving the activity notification, storing the activity notification in a queue prior to downloading the file from the cloud service;

a backend server implemented by one or more processors and configured to download the file from the cloud service using the file name specified by the activity notification and an enterprise user identifier;

a data loss prevention engine, implemented by one or more processors, wherein the data loss prevention engine is separate from the cloud service, and configured to analyze the downloaded file against a data loss prevention rule which identifies and tracks confidential data;

the backend server is further configured to, responsive to an outcome of an analysis of the downloaded file against the data loss prevention rule, communicate an action response to the cloud service directing the cloud service to perform an action on the file stored by the cloud service, the action being based on the outcome of the analysis;

the analysis by the one or more processors is performed independently of any logic residing on, or operations performed by, the cloud based service; and

the data loss prevention engine further configured to generate a report that tracks and reports on the activity notification.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A system, method, and computer readable medium is provided to provide an integrated storage system. For example, an embodiment may detect, by an enterprise computer system, an activity notification from a cloud service that stores data on behalf of an enterprise. The activity notification may specify a file name involved in an activity performed by the cloud service (e.g., creating or modifying a file). The enterprise computer system may then download a file (or contents thereof) from the cloud service using the file name specified by the activity notification. After downloading the file, the enterprise computer system may analyze the file against a data loss prevention rule. Based on an outcome from the data loss prevention rule, the enterprise computer system may communicate an action response to the cloud service. The action response may direct the cloud service to perform an action on the file stored by the cloud service.

26 Citations

View as Search Results

20 Claims

1. A computer-implemented system comprising:
- a job scheduler implemented by one or more processors and configured to receive an activity notification from a cloud service that stores data on behalf of an enterprise, the activity notification specifying a file name of a file involved in an activity performed by the cloud service;
  
  the job scheduler further configured to, responsive to receiving the activity notification, storing the activity notification in a queue prior to downloading the file from the cloud service;
  
  a backend server implemented by one or more processors and configured to download the file from the cloud service using the file name specified by the activity notification and an enterprise user identifier;
  
  a data loss prevention engine, implemented by one or more processors, wherein the data loss prevention engine is separate from the cloud service, and configured to analyze the downloaded file against a data loss prevention rule which identifies and tracks confidential data;
  
  the backend server is further configured to, responsive to an outcome of an analysis of the downloaded file against the data loss prevention rule, communicate an action response to the cloud service directing the cloud service to perform an action on the file stored by the cloud service, the action being based on the outcome of the analysis;
  
  the analysis by the one or more processors is performed independently of any logic residing on, or operations performed by, the cloud based service; and
  
  the data loss prevention engine further configured to generate a report that tracks and reports on the activity notification.
- View Dependent Claims (3, 4, 5, 6, 7, 8, 9, 10)
- - 3. The computer-implemented system of claim 1, wherein the activity notification further specifies at least one of:
    - cloud service identifier, enterprise user, identifier, file path, or file activity.
  - 4. The computer-implemented system of claim 1, wherein downloading the file from the cloud service further comprises sending a file request to the cloud service that includes the file name.
  - 5. The computer-implemented system of claim 3, wherein downloading the file from the cloud service further comprises sending a file request to the cloud service based on selecting the cloud service using the cloud service identifier.
  - 6. The computer-implemented system of claim 5, wherein the cloud service identifier is a uniform resource locator.
  - 7. The computer-implemented system of claim 1, wherein the action response includes the file name specified by the activity notification.
  - 8. The computer-implemented system of claim 1, wherein the backend server is further configured to:
    - send the downloaded file to the data loss prevention engine; and
      
      delete a copy of the downloaded file after the downloaded file is sent to the data loss prevention engine.
  - 9. The computer-implemented system of claim 1, wherein the data loss prevention rule determines whether the file includes data representing a social security number.
  - 10. The computer-implemented system of claim 1, wherein the data loss prevention rule determines whether the file includes data representing financial data.

2. (canceled)

11. A computer-implemented method comprising:
- receiving an activity notification from a cloud service that stores data on behalf of an enterprise, the activity notification specifying a file name of a file involved in an activity performed by the cloud service;
  
  responsive to receiving the activity notification, storing the activity notification in a queue prior to downloading the file from the cloud service;
  
  downloading the file from the cloud service using the file name specified by the activity notification;
  
  analyzing, by one or more processors, the downloaded file against a data prevention loss rule, wherein the analysis of the one or more processors is performed independently of any logic residing on, or operations performed by, the cloud based service;
  
  responsive to an outcome of the analyzing of the downloaded file against the data loss prevention rule, communicating an action response to the cloud service, the action response directing the cloud service to perform an action on the file stored by the cloud service based on the outcome of the analyzing; and
  
  generating a report on the activity notification over a time period.
- View Dependent Claims (13, 14, 15, 16, 17, 18, 19)
- - 13. The computer-implemented method of claim 11, wherein the activity notification further specifies at least one of:
    - cloud service identifier, enterprise user identifier, file path, or file activity.
  - 14. The computer-implemented method of claim 11, wherein downloading the file from the cloud service further comprises sending a file request to the cloud service that includes the file name and enterprise user identifier.
  - 15. The computer-implemented method of claim 13, wherein downloading the file from the cloud service further comprises sending a file request to the cloud service based on selecting the cloud service using the cloud service identifier.
  - 16. The computer-implemented method of claim 15, wherein the cloud service identifier is a uniform resource locator.
  - 17. The computer-implemented method of claim 11, wherein the action response includes the file name specified by the activity notification.
  - 18. The computer-implemented method of claim 11, wherein the downloading is performed by a backend server, and the analyzing the file against the data loss prevention rule is performed by a data loss prevention engine, and the method of claim 11 further comprises:
    - sending, by the backend server, the downloaded file to the data loss prevention engine; and
      
      deleting, by the backend server, the downloaded the after the downloaded file is sent to the data loss prevention engine.
  - 19. The computer-implemented method of claim 11, wherein the data loss prevention rule determines whether the file includes data representing confidential data, the data loss prevention rule including criteria that determines whether data is confidential, the criteria being defined by the enterprise.

12. (canceled)

20. A non-transitory computer-readable medium storing executable instructions thereon, which, when executed by a processor, cause the processor to perform operations comprising:
- detecting an activity notification from a cloud service that stores data on behalf of an enterprise, the activity notification specifying a file name of a file involved in an activity performed by the cloud service;
  
  responsive to receiving the activity notification, storing the activity notification in a queue prior to downloading the file from the cloud service;
  
  downloading the file from the cloud service using the file name specified by the activity notification;
  
  analyzing the downloaded file against a data loss prevention rule, wherein the analysis is performed independently of any logic residing on, or operations performed by, the cloud based service;
  
  responsive to an outcome of the analyzing of the downloaded file against the data loss prevention rule, communicating an action response to the cloud service, the action response directing the cloud service to perform an action on the file stored by the cloud service, the action being based on the outcome of the analyzing; and
  
  generating a report on the activity notification.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
PayPal, Inc. (PayPal Holdings, Inc.)
Original Assignee
PayPal, Inc. (PayPal Holdings, Inc.)
Inventors
Seese, Scott Alan, Vijayan, Sachin, Shah, Chirag

Granted Patent

US 9,460,405 B2
Time in Patent Office

Days
Field of Search
US Class Current

705/7.12
CPC Class Codes

G06Q 10/0631   Resource planning, allocati...

H04L 63/20   for managing network securi...

H04L 67/06   specially adapted for file ...

H04L 67/1097   for distributed storage of ...

H04L 67/14   Session management for real...

SYSTEMS AND METHODS FOR CLOUD DATA LOSS PREVENTION INTEGRATION

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

26 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

SYSTEMS AND METHODS FOR CLOUD DATA LOSS PREVENTION INTEGRATION

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

26 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links