Data loss prevention (DLP) methods by a cloud service including third party integration architectures
First Claim
1. A method performed by a cloud-based computer platform for reconciling quarantined drafts and revisions of a file, the method comprising:
- receiving, by one or more processors of the cloud-based computer platform, a first revision of the file for upload to a cloud-based platform, the first revision of the file initiated by a first user;
receiving, by the one or more processors of the cloud-based computer platform, a second revision of the file for upload to the cloud-based platform, the second revision of the file initiated by a second user;
determining a policy corresponding to the file, wherein the policy comprises a plurality of data loss prevention rules;
determining that at least one data loss prevention rule of the plurality of data loss prevention rules is triggered based on contents of the first revision of the file;
committing the second revision of the file to the cloud-based platform;
quarantining the first revision of the file, wherein quarantining restricts the second user from accessing the first revision of the file;
performing a responsive action associated with the at least one of the plurality of data loss prevention rules, wherein the responsive action comprises notifying the first user of the at least one triggered data loss prevention rule;
receiving a branched revision of the first revision of the file for upload to the cloud-based platform, wherein the branched revision of the first revision of the file comprises a redaction of a sequence of characters causing the at least one triggered data loss prevention rule to be triggered;
determining that the plurality of data loss prevention rules are not triggered based on the branched revision of the first revision of the file;
making a copy of the branched revision of the first revision of the file available to the second user; and
committing the branched revision of the first revision of the file to the cloud-based platform.
2 Assignments
0 Petitions
Accused Products
Abstract
Embodiments of the present disclosure include data loss prevention methods by a cloud-based service including third party integration architectures. The disclosed techniques of the cloud-based platform (e.g., collaboration platform in an enterprise environment) can detect (and may optionally prevent) violations to, e.g., corporate policies, which can be configurable by a corporate administrator, for example, regarding the use, storage, and/or transmission of sensitive information. The types of sensitive information can include, for example, financial information—credit card and bank account numbers, Personally Identifiable Information (PII)—Social Security Number (SSN), health/healthcare information, Intellectual Property—earnings forecasts, sales pipeline, trade secrets, source code, etc.
-
Citations
26 Claims
-
1. A method performed by a cloud-based computer platform for reconciling quarantined drafts and revisions of a file, the method comprising:
-
receiving, by one or more processors of the cloud-based computer platform, a first revision of the file for upload to a cloud-based platform, the first revision of the file initiated by a first user; receiving, by the one or more processors of the cloud-based computer platform, a second revision of the file for upload to the cloud-based platform, the second revision of the file initiated by a second user; determining a policy corresponding to the file, wherein the policy comprises a plurality of data loss prevention rules; determining that at least one data loss prevention rule of the plurality of data loss prevention rules is triggered based on contents of the first revision of the file; committing the second revision of the file to the cloud-based platform; quarantining the first revision of the file, wherein quarantining restricts the second user from accessing the first revision of the file; performing a responsive action associated with the at least one of the plurality of data loss prevention rules, wherein the responsive action comprises notifying the first user of the at least one triggered data loss prevention rule; receiving a branched revision of the first revision of the file for upload to the cloud-based platform, wherein the branched revision of the first revision of the file comprises a redaction of a sequence of characters causing the at least one triggered data loss prevention rule to be triggered; determining that the plurality of data loss prevention rules are not triggered based on the branched revision of the first revision of the file; making a copy of the branched revision of the first revision of the file available to the second user; and committing the branched revision of the first revision of the file to the cloud-based platform. - View Dependent Claims (2, 3)
-
-
4. A method performed by a cloud-based platform, comprising:
-
presenting an administrator with a plurality of quarantine policy parameter input fields; receiving, via the plurality of quarantine policy parameter input fields, input from the administrator indicating a plurality of quarantine policy parameters; creating, by one or more processors of the cloud-based platform, a quarantine policy to prevent data loss based, at least in part, on the plurality of quarantine policy parameters; receiving, from a first user, a first revision of a file for upload; receiving, from a second user, a second revision of the file for upload; determining that the quarantine policy applies to at least a portion of contents of the first revision of the file; committing the second revision of the file to the cloud-based platform; quarantining the first revision of the file, wherein quarantining restricts the second user from accessing the first revision of the file; notifying the first user that the quarantine policy applies to at least a portion of contents of the first revision of the file; receiving a branched revision of the first revision of the file for upload, wherein the branched revision of the first revision of the file comprises a redaction of a sequence of characters causing the quarantine policy to be applied; determining that the quarantine policy does not apply to the branched revision of the first revision of the file; making a copy of the branched revision of the first revision of the file available to the second user; and committing the branched revision of the first revision of the file to the cloud-based platform. - View Dependent Claims (5, 6, 7, 8, 9, 10, 11, 12, 13)
-
-
14. A non-transitory machine readable storage medium having instructions stored thereon, which when executed by one or more processors of a cloud-based computer platform, causes the cloud-based computer platform to:
-
present a user with a plurality of quarantine policy parameter input fields; receive, by the cloud-based computer platform a plurality of quarantine policy parameters via the plurality of quarantine policy parameter input fields; create, by the cloud-based computer platform, a new quarantine policy configured to prevent data loss by a cloud-based service based at least in part upon the plurality of quarantine policy parameters; receive, by the cloud-based computer platform, a first revision of a file for upload; receive, by the cloud-based computer platform, a second revision of the file for upload; determine that the new quarantine policy applies to at least a portion of contents of the first revision of the file, commit the second revision of the file to the cloud-based computer platform; quarantine the first revision of the file, wherein the quarantine restricts the second user from accessing the first revision of the file; perform a responsive action associated with the at least one of the plurality of data loss prevention rules, wherein the responsive action comprises notifying the first user that the new quarantine policy applies to at least a portion of contents of the first revision of the file; receive a branched revision of the first revision of the file for upload to the cloud-based computer platform, wherein the branched revision of the first revision of the file comprises a redaction of a sequence of characters causing the new quarantine policy to be applied; determine that the new quarantine policy does not apply to the branched revision of the first revision of the file; make a copy of the branched revision of the first revision of the file available to the second user; and commit the branched revision of the first revision of the file to the cloud-based computer platform. - View Dependent Claims (15, 16, 17, 18, 19, 20, 21, 22, 23)
-
-
24. A system for reconciling quarantined drafts and revisions of a file, the system comprising:
-
one or more processors; one or more computer readable storage media having instructions stored thereon, which when executed by the one or more processors, cause the system to; receive a first revision of the file for upload to a cloud-based platform, the first revision of the file initiated by a first user; receive a second revision of the file for upload to the cloud-based platform, the second revision of the file initiated by a second user; determine a policy corresponding to the file, wherein the policy comprises a plurality of data loss prevention rules; determine that at least one data loss prevention rule of the plurality of data loss prevention rules is triggered based on contents of the first revision of the file; commit the second revision of the file to the cloud-based platform; quarantine the first revision of the file, wherein the quarantine restricts the second user from accessing the first revision of the file; perform a responsive action associated with the at least one of the plurality of data loss prevention rules, wherein the responsive action comprises notifying the first user of the at least one triggered data loss prevention rule; receive a branched revision of the first revision of the file for upload to the cloud-based platform, wherein the branched revision of the first revision of the file comprises a redaction of a sequence of characters causing the at least one data loss prevention rule to be triggered; determine that the plurality of data loss prevention rules are not triggered based on the branched revision of the first revision of the file; make a copy of the branched revision of the first revision of the file available to the second user; and commit the branched revision of the first revision of the file to the cloud-based platform. - View Dependent Claims (25, 26)
-
Specification