Data loss prevention
First Claim
Patent Images
1. A method comprising:
- detecting a file system operation targeting data on a shared storage device, wherein the file system operation creates or modifies the data or a set of permissions associated with the data;
in response to the detecting, comparing the set of permissions associated with the data to a set of appropriate permissions, whereinthe set of appropriate permissions restricts unauthorized access to the data,if the set of permissions associated with the data is less restrictive than the set of appropriate permissions, the set of appropriate permissions is violated, andwhen the detecting and the comparing are performed, the set of permissions associated with the data does not restrict unauthorized access to the data;
in response to the comparing, preventing unauthorized access to the data, wherein the preventing begins after the detecting and before any subsequent read access to the data,the preventing comprises generating an error message in response to detecting that the set of permissions associated with the data is more permissive than the set of appropriate permissions,the set of appropriate permissions was determined by a data loss prevention (DLP) processor, andthe error message indicates that the set of appropriate permissions proposed by the DLP processor can be accepted, the file system operation can be retried, or the set of permissions associated with the data can be overridden.
7 Assignments
0 Petitions
Accused Products
Abstract
Data loss prevention systems and methods begin protecting data upon the creation of the data. One such method involves detecting a file system operation targeting data on a storage device. The file system operation creates or modifies the data or a set of permissions associated with the data. In response to detecting the file system operation, the method prevents unauthorized access to the data. The method begins preventing unauthorized access after the detection of the file system operation and before any subsequent read access to the data via the file system.
23 Citations
21 Claims
-
1. A method comprising:
-
detecting a file system operation targeting data on a shared storage device, wherein the file system operation creates or modifies the data or a set of permissions associated with the data; in response to the detecting, comparing the set of permissions associated with the data to a set of appropriate permissions, wherein the set of appropriate permissions restricts unauthorized access to the data, if the set of permissions associated with the data is less restrictive than the set of appropriate permissions, the set of appropriate permissions is violated, and when the detecting and the comparing are performed, the set of permissions associated with the data does not restrict unauthorized access to the data; in response to the comparing, preventing unauthorized access to the data, wherein the preventing begins after the detecting and before any subsequent read access to the data, the preventing comprises generating an error message in response to detecting that the set of permissions associated with the data is more permissive than the set of appropriate permissions, the set of appropriate permissions was determined by a data loss prevention (DLP) processor, and the error message indicates that the set of appropriate permissions proposed by the DLP processor can be accepted, the file system operation can be retried, or the set of permissions associated with the data can be overridden. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
-
-
10. A non-transitory computer readable storage medium storing program instructions executable to:
-
detect a file system operation targeting data on a shared storage device, wherein the file system operation creates or modifies the data or a set of permissions associated with the data; in response to detection of the file system operation, compare the set of permissions associated with the data to a set of appropriate permissions, wherein the set of appropriate permissions restricts unauthorized access to the data, if the set of permissions associated with the data is less restrictive than the set of appropriate permissions, the set of appropriate permissions is violated, and when the file system operation is detected and the set of permissions is compared, the set of permissions associated with the data does not restrict unauthorized access to the data; and in response to the comparison, prevent unauthorized access to the data, wherein the prevention of the unauthorized access begins after the detection of the file system operation and before any subsequent read access to the data, the prevention comprises generation of an error message in response to detection that the set of permissions associated with the data is more permissive than the set of appropriate permissions, the set of appropriate permissions was determined by a data loss prevention (DLP) processor; and the error message indicates that the set of appropriate permissions determined by the DLP processor can be accepted, the file system operation can be retried, or the set of permissions associated with the data can be overridden. - View Dependent Claims (11, 12, 13, 14, 15)
-
-
16. A system comprising:
-
one or more processors; and a memory coupled to the one or more processors, wherein the memory stores program instructions executable by the one or more processors to; detect a file system operation targeting data on a shared storage device, wherein the file system operation creates or modifies the data or a set of permissions associated with the data; in response to detection of the file system operation, compare the set of permissions associated with the data to a set of appropriate permissions, wherein the set of appropriate permissions restricts unauthorized access to the data, if the set of permissions associated with the data is less restrictive than the set of appropriate permissions, the set of appropriate permissions is violated, and when the file system operation is detected and the set of permissions is compared, the set of permissions associated with the data does not restrict unauthorized access to the data; and in response to the comparison, prevent unauthorized access to the data, wherein the prevention of the unauthorized access begins after the detection of the file system operation and before any subsequent read access to the data, the prevention comprises generation of an error message in response to detection that the set of permissions associated with the data is more permissive than the set of appropriate permissions, the set of appropriate permissions was determined by a data loss prevention (DLP) processor, and the error message indicates that the set of appropriate permissions determined by the DLP processor can be accepted, the file system operation can be retried, or the set of permissions associated with the data can be overridden. - View Dependent Claims (17, 18, 19, 20, 21)
-
Specification