×

Data loss prevention

  • US 9,141,808 B1
  • Filed: 10/29/2010
  • Issued: 09/22/2015
  • Est. Priority Date: 10/29/2010
  • Status: Active Grant
First Claim
Patent Images

1. A method comprising:

  • detecting a file system operation targeting data on a shared storage device, wherein the file system operation creates or modifies the data or a set of permissions associated with the data;

    in response to the detecting, comparing the set of permissions associated with the data to a set of appropriate permissions, whereinthe set of appropriate permissions restricts unauthorized access to the data,if the set of permissions associated with the data is less restrictive than the set of appropriate permissions, the set of appropriate permissions is violated, andwhen the detecting and the comparing are performed, the set of permissions associated with the data does not restrict unauthorized access to the data;

    in response to the comparing, preventing unauthorized access to the data, wherein the preventing begins after the detecting and before any subsequent read access to the data,the preventing comprises generating an error message in response to detecting that the set of permissions associated with the data is more permissive than the set of appropriate permissions,the set of appropriate permissions was determined by a data loss prevention (DLP) processor, andthe error message indicates that the set of appropriate permissions proposed by the DLP processor can be accepted, the file system operation can be retried, or the set of permissions associated with the data can be overridden.

View all claims
  • 7 Assignments
Timeline View
Assignment View
    ×
    ×