Identifying and Securing Sensitive Data at its Source
First Claim
1. A method for discovering and protecting sensitive data within an enterprise, the method comprising steps performed by one or more processors, the steps comprising:
- obtaining database descriptions of enterprise databases, each database description indicating a database attribute of the corresponding database;
obtaining a record classification rule for a sensitive data type, the record classification rule specifying at least one field type;
identifying sensitive data records of the sensitive data type by identifying data records having the at least one field type specified by the record classification rule;
determining assessment scores for the enterprise databases, an assessment score determined from a number of identified sensitive data records in the corresponding database;
generating status indicators for groups of enterprise databases each having a common database attribute, a status indicator for an enterprise group reflecting a total number of identified sensitive data records in enterprise databases having membership in the enterprise group;
providing an interface comprising the generated status indicators;
receiving via the user interface a selection of one of the generated status indicators and a selection of a protection policy; and
applying the selected protection policy to sensitive data records of an enterprise database having membership in the enterprise group corresponding to the selected status indicator.
8 Assignments
0 Petitions
Accused Products
Abstract
A data management service identifies sensitive data stored on enterprise databases according to record classification rules that classify a data record as having a sensitive data type if the data record includes fields matching at least one of the record classification rules. The data management service determines assessment scores for enterprise databases according to sensitive data records and protection policies on the enterprise databases. The data management service provides an interface that groups enterprise databases having common attributes or common sensitive data types and indicates aggregated assessment scores for the groups of enterprise databases. Through the interface with the grouped enterprise databases, an administrator apply protection policies to enterprise databases. To apply the protection policy, the data management service applies the protection policy to a source database from which dependent enterprise databases access the sensitive database.
53 Citations
20 Claims
-
1. A method for discovering and protecting sensitive data within an enterprise, the method comprising steps performed by one or more processors, the steps comprising:
-
obtaining database descriptions of enterprise databases, each database description indicating a database attribute of the corresponding database; obtaining a record classification rule for a sensitive data type, the record classification rule specifying at least one field type; identifying sensitive data records of the sensitive data type by identifying data records having the at least one field type specified by the record classification rule; determining assessment scores for the enterprise databases, an assessment score determined from a number of identified sensitive data records in the corresponding database; generating status indicators for groups of enterprise databases each having a common database attribute, a status indicator for an enterprise group reflecting a total number of identified sensitive data records in enterprise databases having membership in the enterprise group; providing an interface comprising the generated status indicators; receiving via the user interface a selection of one of the generated status indicators and a selection of a protection policy; and applying the selected protection policy to sensitive data records of an enterprise database having membership in the enterprise group corresponding to the selected status indicator. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15)
-
-
16. A non-transitory computer-readable storage medium storing instructions, the instructions executable by at least one processor to cause it to:
-
obtain database descriptions of enterprise databases, each database description indicating enterprise group membership of the corresponding database; obtain a record classification rule for a sensitive data type, the record classification rule specifying at least one field type; identify sensitive data records of the sensitive data type by identifying data records having the at least one field type specified by the record classification rule; determine assessment scores for the enterprise databases, an assessment score determined from a number of identified sensitive data records in the corresponding database; generate status indicators for groups of enterprise databases, a status indicator for an enterprise group reflecting a total number of identified sensitive data records in enterprise databases having membership in the enterprise group; provide an interface comprising the generated status indicators; receive via the user interface a selection of one of the generated status indicators and a selection of a protection policy; and apply the selected protection policy to sensitive data records of an enterprise database having membership in the enterprise group corresponding to the selected status indicator. - View Dependent Claims (17, 18, 19, 20)
-
Specification