Access blocking for data loss prevention in collaborative environments
First Claim
1. A computing device to provide access blocking as part of data loss prevention (DLP) within a collaborative service environment, the computing device comprising:
- a memory configured to store instructions; and
a processor coupled to the memory, wherein the processor is configured to;
detect an action associated with content processed by a collaborative service;
determine if the action matches access blocking criteria defined by one or more DLP policy rules;
in response to a determination that the action matches at least one access blocking criterion defined by the one or more DLP policy rules, activate a block access tag associated with the content, ignore previously defined permissions associated with the content, and restrict access to the content to users; and
in response to a determination that the action does not match at least one of the access blocking criterion,provide a notification to the users through a user experience of the collaborative service, wherein the notification includes a link to a DLP policy document that includes the one or more DLP policy rules, a link to a location of the content, and control elements associated with one or more actions; and
enable one or more of the users to execute one or more of the control elements to deactivate the block access tag, reinstate the previously defined permissions associated with the content, and revoke the restricted access to the content.
2 Assignments
0 Petitions
Accused Products
Abstract
Data loss prevention (DLP) systems may be implemented with collaborative services that may be integrated with or work in coordination with productivity services. Administrators may be enabled to configure DLP policies in the collaborative service to mitigate their organization'"'"'s information disclosure risks, along with the detection and remediation of sensitive information. Access blocking may be a feature of the DLP system, where provision of access blocking may include determining if a detected action associated with content processed by the collaborative service matches access blocking criteria defined by DIP policy rules. In response to the determination that the action matches at least one access blocking criterion defined by the DLP policy rules, a block access tag associated with the content may be activated, previously defined permissions associated with the content may be ignored or altered, and access to the content may be restricted to a number of predefined users.
-
Citations
18 Claims
-
1. A computing device to provide access blocking as part of data loss prevention (DLP) within a collaborative service environment, the computing device comprising:
-
a memory configured to store instructions; and a processor coupled to the memory, wherein the processor is configured to; detect an action associated with content processed by a collaborative service; determine if the action matches access blocking criteria defined by one or more DLP policy rules; in response to a determination that the action matches at least one access blocking criterion defined by the one or more DLP policy rules, activate a block access tag associated with the content, ignore previously defined permissions associated with the content, and restrict access to the content to users; and in response to a determination that the action does not match at least one of the access blocking criterion, provide a notification to the users through a user experience of the collaborative service, wherein the notification includes a link to a DLP policy document that includes the one or more DLP policy rules, a link to a location of the content, and control elements associated with one or more actions; and enable one or more of the users to execute one or more of the control elements to deactivate the block access tag, reinstate the previously defined permissions associated with the content, and revoke the restricted access to the content. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
-
8. A system to provide access blocking as part of data loss prevention (DLP) within a collaborative service environment, the system comprising:
-
a first computing device comprising a memory and a hardware processor, wherein the hardware processor is configured to provide access to one or more applications within the collaborative service; and a second computing device comprising another memory and another hardware processor, wherein the second computing device is configured to manage the DLP within the collaborative service, and wherein the other hardware processor is configured to execute an access blocking module configured to; detect an action associated with content processed by the collaborative service; determine if the action matches access blocking criteria defined by one or more DLP policy rules; in response to a determination that the action matches at least one access blocking criterion defined by the one or more DLP policy rules, activate a block access tag associated with the content, ignore previously defined permissions associated with the content, and restrict access to the content to users; and in response to a determination that the action does not match at least one of the access blocking criterion, provide a notification to the users through a user experience of the collaborative service, wherein the notification includes a link to a DLP policy document that includes the one or more DLP policy rules, a link to a location of the content, and control elements associated with one or more actions; and enable one or more of the users to execute one or more of the control elements to deactivate the block access tag, reinstate the previously defined permissions associated with the content, and revoke the restricted access to the content. - View Dependent Claims (9)
-
-
10. A method to provide access blocking as part of data loss prevention (DLP) within a collaborative service environment, the method comprising:
-
detecting sensitive information within content processed by the collaborative service; determining if the sensitive information matches access blocking criteria defined by one or more DLP policy rules; in response to a determination that the sensitive information matches at least one access blocking criterion defined by the one or more DLP policy rules, activating a block access tag associated with the content, ignoring previously defined permissions associated with the content, and restricting access to the content to users; and in response to a determination that the action does not match at least one of the access blocking criterion, providing a notification to the users through a user experience of the collaborative service, wherein the notification includes a link to a DLP policy document that includes the one or more DLP policy rules, a link to a location of the content, and control elements associated with one or more actions; and enabling one or more of the users to execute one or more of the control elements to deactivate the block access tag, reinstate the previously defined permissions associated with the content, and revoke the restricted access to the content. - View Dependent Claims (11, 12, 13, 14, 15, 16, 17, 18)
-
Specification