Method to improve data loss prevention via cross leveraging fingerprints
First Claim
1. A computer-implemented method, comprising:
- obtaining, by a data loss protection (DLP) service provider, fingerprints of confidential source data of a plurality of organizations;
distributing, by the DLP service provider, DLP policies defined by the plurality of organizations across DLP systems of the plurality of organizations, the DLP policies specifying conditions to trigger a violation based on regulations concerning handling of sensitive data maintained by the plurality of organizations;
sharing, by the DLP service provider, the fingerprints of the confidential source data of the plurality of organizations across DLP systems of the plurality of organizations, the plurality of fingerprints being associated with an identifier of a corresponding organization of the plurality of organizations that provided the fingerprints to the DLP service provider, the identifier not revealing an identity of the corresponding organization;
causing, by the DLP service provider, a DLP system of each of the plurality of organizations to monitor information content to detect policy violations of the plurality of organizations based on the DLP policies of the plurality of organizations using the shared fingerprints;
causing one or more users within a first organization of the plurality of organizations to be notified about a detection of a policy violation of a DLP policy of a second organization of the plurality of organizations in information content of the first organization without revealing an identity of the second organization;
receiving, by the DLP service provider, information on the detection of the DLP policy violation of the second organization from a DLP system of the first organization, the information including an identifier of the second organization;
identifying, by the DLP service provider, the second organization based on the identifier included in the received information; and
notifying, by the DLP service provider, one or more users within the second organization about the detection of the policy violation of a DLP policy of the second organization in the information content.
2 Assignments
0 Petitions
Accused Products
Abstract
A method and system for improving data loss prevention via cross leveraging fingerprints of protected data is described. In one embodiment, fingerprints of sensitive data of multiple organizations are shared across data loss prevention (DLP) systems of these organizations. A DLP system of each organization monitors information content associated with this organization to detect sensitive data of other organizations, and notifies one or more users within the organization upon detecting sensitive data of other organizations. In addition, a report of external data loss detection is provided to users within an organization whose sensitive data is detected in information content of the other organizations.
-
Citations
18 Claims
-
1. A computer-implemented method, comprising:
-
obtaining, by a data loss protection (DLP) service provider, fingerprints of confidential source data of a plurality of organizations; distributing, by the DLP service provider, DLP policies defined by the plurality of organizations across DLP systems of the plurality of organizations, the DLP policies specifying conditions to trigger a violation based on regulations concerning handling of sensitive data maintained by the plurality of organizations; sharing, by the DLP service provider, the fingerprints of the confidential source data of the plurality of organizations across DLP systems of the plurality of organizations, the plurality of fingerprints being associated with an identifier of a corresponding organization of the plurality of organizations that provided the fingerprints to the DLP service provider, the identifier not revealing an identity of the corresponding organization; causing, by the DLP service provider, a DLP system of each of the plurality of organizations to monitor information content to detect policy violations of the plurality of organizations based on the DLP policies of the plurality of organizations using the shared fingerprints; causing one or more users within a first organization of the plurality of organizations to be notified about a detection of a policy violation of a DLP policy of a second organization of the plurality of organizations in information content of the first organization without revealing an identity of the second organization; receiving, by the DLP service provider, information on the detection of the DLP policy violation of the second organization from a DLP system of the first organization, the information including an identifier of the second organization; identifying, by the DLP service provider, the second organization based on the identifier included in the received information; and notifying, by the DLP service provider, one or more users within the second organization about the detection of the policy violation of a DLP policy of the second organization in the information content. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
-
-
9. A system comprising:
-
a processor; a memory coupled to the processor; a fingerprint distributor executed from the memory by the processor to obtain fingerprints of confidential source data of a plurality of organizations to distribute data loss prevention (DLP) policies defined by the plurality of organizations across DLP systems of the plurality of organizations, the DLP policies specifying conditions to trigger a violation based on regulations concerning handling of sensitive data maintained by the plurality of organizations, to share the fingerprints of the confidential source data of the plurality of organizations across DLP systems of the plurality of organizations, the plurality of fingerprints being associated with an identifier of a corresponding organization of the plurality of organizations that provided the fingerprints to the DLP service provider, the identifier not revealing an identity of the corresponding organization, to cause a DLP system of each of the plurality of organizations to monitor information content to detect policy violations of the plurality of organizations based on the DLP policies of the plurality of organizations using the shared fingerprints, and to cause one or more users within a first organization of the plurality of organizations to be notified about a detection of a policy violation of a DLP policy of a second organization of the plurality of organizations in information content of the first organization without revealing an identity of the second organization; and a report generator, coupled to the fingerprint distributor, executed from the memory by the processor to receive information on the detection of the DLP policy violation of the second organization from a DLP system of the first organization, the information including an identifier of the second organization, to identify the second organization based on the identifier included in the received information, and to notify one or more users within the second organization about the detection of the policy violation of a DLP policy of the second organization in the information content. - View Dependent Claims (10, 11, 12, 13, 14)
-
-
15. A non-transitory computer readable storage medium that provides instructions, which when executed on a processing system, cause the processing system to perform a method comprising:
-
obtaining, by the processing system, fingerprints of confidential source data of a plurality of organizations; distributing, by the processing system, DLP policies defined by the plurality of organizations across DLP systems of the plurality of organizations, the DLP policies specifying conditions to trigger a violation based on regulations concerning handling of sensitive data maintained by the plurality of organizations; sharing fingerprints of the confidential source data of the plurality of organizations across data loss prevention (DLP) systems of the plurality of organizations, the plurality of fingerprints being associated with an identifier of a corresponding organization of the plurality of organizations that provided the fingerprints to the DLP service provider, the identifier not revealing an identity of the corresponding organization; causing a DLP system of each of the plurality of organizations to monitor information content to detect policy violations of the plurality of organizations based on the DLP policies of the plurality of organizations using the shared fingerprints; causing one or more users within a first organization of the plurality of organizations to be notified about a detection of a policy violation of a DLP policy of a second organization of the plurality of organizations in information content of the first organization without revealing an identity of the second organization; receiving information on the detection of the DLP policy violation of the second organization from a DLP system of the first organization, the information including an identifier of the second organization; identifying the second organization based on the identifier included in the received information; and notifying one or more users within the second organization about the detection of the policy violation of a DLP policy of the second organization in the information content. - View Dependent Claims (16, 17, 18)
-
Specification