System and method for user-context-based data loss prevention
First Claim
1. A method comprising, by at least one computer system comprising computer hardware:
- determining a user context of at least one user device currently accessing an enterprise communication platform;
selecting a dynamic data loss prevention (DLP) policy applicable to the at least one user device based, at least in part, on the user context;
wherein the dynamic DLP policy specifies one or more pre-transmission communication events of interest;
wherein the one or more pre-transmission communication events of interest comprise creation of an unsent draft communication via the at least one user device;
monitoring communication events initiated by the at least one user device for the one or more pre-transmission communication events of interest;
responsive to the monitoring, determining that a pre-transmission communication event of interest has occurred, the determining comprising detecting a new unsent draft communication, initiated by the at least one user device, in a designated storage location for unsent draft communications;
assessing the pre-transmission communication event of interest based, at least in part, on a content-based classification of the new unsent draft communication; and
responsive to a risk assessment meeting certain criteria, taking at least one action specified by the dynamic DLP policy.
22 Assignments
0 Petitions
Accused Products
Abstract
In one embodiment, a method includes determining a user context of at least one user device currently accessing an enterprise communication platform. The method further includes selecting a dynamic data loss prevention (DLP) policy applicable to the at least one user device based, at least in part, on the user context. The dynamic DLP policy specifies one or more communication events of interest. In addition, the method includes monitoring communication events initiated by the at least one user device for the one or more communication events of interest. Moreover, the method includes, responsive to each communication event of interest: assessing the communication event of interest based, at least in part, on a content-based classification of a communication associated with the communication event of interest; and responsive to a risk assessment meeting certain criteria, taking at least one action specified by the dynamic DLP policy.
368 Citations
16 Claims
-
1. A method comprising, by at least one computer system comprising computer hardware:
-
determining a user context of at least one user device currently accessing an enterprise communication platform; selecting a dynamic data loss prevention (DLP) policy applicable to the at least one user device based, at least in part, on the user context; wherein the dynamic DLP policy specifies one or more pre-transmission communication events of interest; wherein the one or more pre-transmission communication events of interest comprise creation of an unsent draft communication via the at least one user device; monitoring communication events initiated by the at least one user device for the one or more pre-transmission communication events of interest; responsive to the monitoring, determining that a pre-transmission communication event of interest has occurred, the determining comprising detecting a new unsent draft communication, initiated by the at least one user device, in a designated storage location for unsent draft communications; assessing the pre-transmission communication event of interest based, at least in part, on a content-based classification of the new unsent draft communication; and responsive to a risk assessment meeting certain criteria, taking at least one action specified by the dynamic DLP policy. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
-
-
10. An information handling system comprising:
a processor comprising computer hardware, wherein the processor is configured to implement a method, the method comprising; determining a user context of at least one user device currently accessing an enterprise communication platform; selecting a dynamic data loss prevention (DLP) policy applicable to the at least one user device based, at least in part, on the user context; wherein the dynamic DLP policy specifies one or more pre-transmission communication events of interest; wherein the one or more pre-transmission communication events of interest comprise creation of an unsent draft communication via the at least one user device; monitoring communication events initiated by the at least one user device for the one or more pre-transmission communication events of interest; responsive to the monitoring, determining that a pre-transmission communication event of interest has occurred, the determining comprising detecting a new unsent draft communication, initiated by the at least one user device, in a designated storage location for unsent draft communications; assessing the pre-transmission communication event of interest based, at least in part, on a content-based classification of the new unsent draft communication; and responsive to a risk assessment meeting certain criteria, taking at least one action specified by the dynamic DLP policy. - View Dependent Claims (11, 12, 13, 14, 15)
-
16. A computer-program product comprising a non-transitory computer-usable medium having computer-readable program code embodied therein, the computer-readable program code adapted to be executed to implement a method comprising:
-
determining a user context of at least one user device currently accessing an enterprise communication platform; selecting a dynamic data loss prevention (DLP) policy applicable to the at least one user device based, at least in part, on the user context; wherein the dynamic DLP policy specifies one or more pre-transmission communication events of interest; wherein the one or more pre-transmission communication events of interest comprise creation of an unsent draft communication via the at least one user device; monitoring communication events initiated by the at least one user device for the one or more pre-transmission communication events of interest; responsive to the monitoring, determining that a pre-transmission communication event of interest has occurred, the determining comprising detecting a new unsent draft communication, initiated by the at least one user device, in a designated storage location for unsent draft communications; assessing the pre-transmission communication event of interest based, at least in part, on a content-based classification of the new unsent draft communication; and responsive to a risk assessment meeting certain criteria, taking at least one action specified by the dynamic DLP policy.
-
Specification