Leveraging Security As A Service For Cloud-Based File Sharing
First Claim
1. A method comprising:
- at a cloud-based file sharing server external to an enterprise network and having connectivity to the enterprise network, receiving instructions from the enterprise network to validate a file uploaded by a first user associated with the enterprise network before allowing the file to be downloaded;
receiving the file from the first user, the file specifying at least one second user authorized to download the file;
forwarding the file to a cloud-based security-as-a-service (SECaaS) server;
receiving a determination of validation from the cloud-based SECaaS server; and
allowing the at least one second user to download the file based on the determination.
1 Assignment
0 Petitions
Accused Products
Abstract
A method of leveraging security-as-a-service for cloud-based file sharing includes receiving, at a cloud-based file sharing server external to an enterprise network and having connectivity to the enterprise network, instructions from an enterprise network to validate a file uploaded by a first user associated with the enterprise network before allowing the file to be downloaded. The file sharing server may then receive the file from the first user and forward the file to a cloud-based security-as-a-service (SECaaS) server that is also external to the enterprise network and has connectivity to the enterprise network. The file sharing server receives a determination of validation from the cloud-based SECaaS server and allows a second user to download the file based on the determination. To make the determination, the SECaaS server retrieves cryptographic keying material from a cloud-based key management server, and decrypts the file.
35 Citations
20 Claims
-
1. A method comprising:
-
at a cloud-based file sharing server external to an enterprise network and having connectivity to the enterprise network, receiving instructions from the enterprise network to validate a file uploaded by a first user associated with the enterprise network before allowing the file to be downloaded; receiving the file from the first user, the file specifying at least one second user authorized to download the file; forwarding the file to a cloud-based security-as-a-service (SECaaS) server; receiving a determination of validation from the cloud-based SECaaS server; and allowing the at least one second user to download the file based on the determination. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
-
8. A system comprising
an enterprise network; -
a cloud-based security-as-a-service (SECaaS) server external to the enterprise network and having connectivity to the enterprise network; and a cloud-based file sharing server external to the enterprise network and having connectivity to the enterprise network, the cloud-based file sharing server being configured to; receive instructions from the enterprise network to validate a file uploaded by a first user associated with the enterprise network before allowing the file to be downloaded; receive the file from the first user, the file specifying at least one second user authorized to download the file; forward the file to the cloud-based SECaaS server; receive a determination of validation from the cloud-based SECaaS server; and allow the at least one second user to download the file based on the determination. - View Dependent Claims (9, 10, 11, 12, 13, 14)
-
-
15. A system comprising
an enterprise network; -
a cloud-based file sharing server external to the enterprise network and having connectivity to the enterprise network; a cloud-based key management server external to the enterprise network and having connectivity to the enterprise network; and a cloud-based security-as-a-service (SECaaS) server external to an enterprise network and having connectivity to the enterprise network, the cloud-based SECaaS server being configured to; receive a request from the enterprise network for authorization information that authorizes the SECaaS server to perform file scanning services; provide the requested authorization information to the enterprise network; authenticate the file sharing server using the authorization information; receive a file from the file sharing server; retrieve cryptographic keying material from the key management server, the keying material allowing the file to be decrypted; decrypt the file; inspect the decrypted file to determine whether the file is malicious; and notify the file sharing server as to whether the file is malicious. - View Dependent Claims (16, 17, 18, 19, 20)
-
Specification