Cloud data loss prevention system

US 9,716,724 B1
Filed: 02/18/2015
Issued: 07/25/2017
Est. Priority Date: 02/24/2014
Status: Active Grant

First Claim

Patent Images

1. A system for providing data loss prevention services to an enterprise operating an enterprise data network, the enterprise data network being in communication with a cloud service provider to store cloud content belonging to the enterprise and to access the stored cloud content on the cloud service provider, the system comprising:

a connector client installed on the premises of the enterprise data network and a cloud based computing system configured outside of the enterprise data network;

the connector client being in communication with the cloud service provider and the cloud based computing system, the connector client being configured to receive, from within the enterprise data network, an access credential of the enterprise for the cloud service provider, the connector client being configured to obtain an access token from the cloud service provider using the access credential of the enterprise, the connector client being configured to provide the access token for the cloud service provider to the cloud based computing system, and the connector client being configured to receive an alert or a report from the cloud based computing system; and

the cloud based computing system including at least one hardware processor and being in communication with the connector client and the cloud service provider, the cloud based computing system being configured to receive the access token from the connector client and to distribute the access token to the one or more processors, the cloud based computing system being configured to use the access token to access the cloud service provider on behalf of the enterprise, the cloud based computing system being configured to use the access token to access cloud content at the cloud service provider belonging to the enterprise and to perform multi-thread scanning of the cloud content for compliance with a security policy of the enterprise, the cloud based computing system being configured to identify a non-compliance cloud content in response to detecting certain cloud content stored on the cloud service provider as being in violation of the security policy, the cloud based computing system being configured to generate the alert or the report in response to the detecting and to provide the alert or the report to the connector client, and the cloud based computing system being further configured to initiate a remediation measure in response to detecting certain cloud content as being in violation of the security policy, the remediation measure comprising one or more of deleting the non-compliance cloud content and quarantining the non-compliance cloud content.

View all claims

11 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A cloud based data loss prevention (DLP) system (“cloud DLP system”) implements offline scanning of content stored in a cloud-based service belonging to an enterprise in accordance with the enterprise'"'"'s policy and control. The cloud DLP system provides alerts or remediation in response to detection of non-compliance cloud content. In some embodiments, the cloud DLP system is provided with the access credential of the enterprise to access the cloud-based service. In other embodiments, the enterprise'"'"'s login credential remains within the enterprise data network and an on-premises client obtains an access token for the cloud DLP system.

Citations

16 Claims

1. A system for providing data loss prevention services to an enterprise operating an enterprise data network, the enterprise data network being in communication with a cloud service provider to store cloud content belonging to the enterprise and to access the stored cloud content on the cloud service provider, the system comprising:
- a connector client installed on the premises of the enterprise data network and a cloud based computing system configured outside of the enterprise data network;
  
  the connector client being in communication with the cloud service provider and the cloud based computing system, the connector client being configured to receive, from within the enterprise data network, an access credential of the enterprise for the cloud service provider, the connector client being configured to obtain an access token from the cloud service provider using the access credential of the enterprise, the connector client being configured to provide the access token for the cloud service provider to the cloud based computing system, and the connector client being configured to receive an alert or a report from the cloud based computing system; and
  
  the cloud based computing system including at least one hardware processor and being in communication with the connector client and the cloud service provider, the cloud based computing system being configured to receive the access token from the connector client and to distribute the access token to the one or more processors, the cloud based computing system being configured to use the access token to access the cloud service provider on behalf of the enterprise, the cloud based computing system being configured to use the access token to access cloud content at the cloud service provider belonging to the enterprise and to perform multi-thread scanning of the cloud content for compliance with a security policy of the enterprise, the cloud based computing system being configured to identify a non-compliance cloud content in response to detecting certain cloud content stored on the cloud service provider as being in violation of the security policy, the cloud based computing system being configured to generate the alert or the report in response to the detecting and to provide the alert or the report to the connector client, and the cloud based computing system being further configured to initiate a remediation measure in response to detecting certain cloud content as being in violation of the security policy, the remediation measure comprising one or more of deleting the non-compliance cloud content and quarantining the non-compliance cloud content.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
- - 2. The system of claim 1, wherein the connector client is configured to receive a plurality of access credentials of the enterprise for respective plurality of cloud service providers and to obtain a plurality of access tokens from the respective plurality of cloud service providers using the plurality of access credential of the enterprise, the connector client being configured to provide the plurality of access tokens to the cloud based computing system;
    - and the cloud based computing system is configured to obtain the plurality access tokens from the connector client for accessing the respective plurality of cloud service providers on behalf of the enterprise, the cloud based computing system being configured to use the access tokens to access cloud content at the plurality of cloud service providers belonging to the enterprise and to perform multi-thread scanning of the cloud content for compliance with the security policy of the enterprise.
  - 3. The system of claim 1, wherein the cloud based computing system comprises a distributed real-time computing system comprising a plurality of processors configured to perform multi-thread scanning of the enterprise'"'"'s cloud content at the cloud service provider.
  - 4. The system of claim 3, wherein the cloud based computing system is configured to distribute the access token to the plurality of processors of the distributed real-time computing system.
  - 5. The system of claim 1, wherein the cloud based computing system is further configured to generate the alert or the report in response to detecting certain cloud content as being in violation of the security policy, the alert or the report identifying the non-compliance cloud content.
  - 6. The system of claim 1, wherein the cloud content comprises data files or documents or content in other data formats.
  - 7. The system of claim 1, wherein the cloud based computing system is configured to access the cloud service provider using the cloud service provider'"'"'s application programming interface (API) to access events and contents at the cloud service provider.
  - 8. The system of claim 7, wherein the cloud based computing system is configured to access the cloud service provider using the cloud service provider'"'"'s event API to poll for cloud content recently uploaded to the cloud service provider and belonging to the enterprise and to retrieve the recently uploaded cloud content to scan for compliance with the security policy of the enterprise.

9. A method for providing data loss prevention services to an enterprise operating an enterprise data network, the enterprise data network being in communication with a cloud service provider to store cloud content belonging to the enterprise and to access the stored cloud content on the cloud service provider, the method comprising:
- receiving from within the enterprise data network and at a connector client installed on the premises of the enterprise data network, an access credential of the enterprise for the cloud service provider;
  
  obtaining, at the connector client installed on the premises of the enterprise data network, an access token from the cloud service provider using the access credential of the enterprise;
  
  providing, from the connector client, the access token to a cloud based computing system configured outside of the enterprise data network, the cloud based computing system comprising one or more processors;
  
  receiving, at the cloud based computing system, the access token from the connector client, the access token being used to access the cloud service provider on behalf of the enterprise;
  
  distributing the access token to the one or more processors;
  
  assessing, at the cloud based computing system and using the access token, the cloud content at the cloud service provider belonging to the enterprise;
  
  performing multi-thread scanning, at the cloud based computing system, the cloud content for compliance with a security policy of the enterprise;
  
  identifying, at the cloud based computing system, a non-compliance cloud content in response to detecting certain cloud content stored on the cloud service provider as being in violation of the security policy;
  
  generating, at the cloud based computing system, an alert or a report in response to the detecting;
  
  providing, from the cloud based computing system, the alert or the report to the connector client; and
  
  initiating, at the cloud based computing system, a remediation measure in response to detecting certain cloud content as being in violation of the security policy, wherein initiating the remediation measure comprising deleting the non-compliance cloud content or quarantining the non-compliance cloud content.
- View Dependent Claims (10, 11, 12, 13, 14, 15, 16)
- - 10. The method of claim 9, further comprising:
    - receiving, from within the enterprise data network and at the connector client, a plurality of access credentials of the enterprise for respective plurality of cloud service providers;
      
      obtaining a plurality of access tokens from the respective plurality of cloud service providers using the plurality of access credential of the enterprise;
      
      providing the plurality of access tokens to the cloud based computing system;
      
      receiving, at the cloud based computing system, the plurality access tokens from the connector client for accessing respective plurality of cloud service providers on behalf of the enterprise; and
      
      assessing, at the cloud based computing system and using the plurality of access tokens, the cloud contents at the plurality of cloud service providers belonging to the enterprise.
  - 11. The method of claim 9, further comprising:
    - providing a distributed real-time computing system comprising a plurality of processors configured as the cloud based computing system; and
      
      performing multi-thread scanning of the enterprise'"'"'s cloud content at the cloud service using the distributed real-time computing system.
  - 12. The method of claim 11, further comprising:
    - distributing the access token to the plurality of processors of the distributed real-time computing system.
  - 13. The method of claim 9, further comprising:
    - generating, at the cloud based computing system, the alert or the report in response to detecting certain cloud content as being in violation of the security policy, the alert or the report identifying the non-compliance cloud content.
  - 14. The method of claim 9, wherein the cloud content comprises data files or documents or content in other data formats.
  - 15. The method of claim 9, wherein assessing, at the cloud based computing system and using the access token, the cloud content at the cloud service provider belonging to the enterprise comprises:
    - accessing the cloud service provider using the cloud service provider'"'"'s application programming interface (API) to access events and contents at the cloud service provider.
  - 16. The method of claim 15, wherein accessing the cloud service provider using the cloud service provider'"'"'s application programming interface (API) to access events and contents at the cloud service provider comprises:
    - accessing the cloud service provider using the cloud service provider'"'"'s event API to poll for cloud content recently uploaded to the cloud service provider and belonging to the enterprise; and
      
      retrieving the recently uploaded cloud content to scan for compliance with the security policy of the enterprise.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Skyhigh Security LLC
Original Assignee
Skyhigh Networks Incorporated (McAfee, LLC)
Inventors
Chennuru, Snehal, Sarukkai, Sekhar
Primary Examiner(s)
Pham, Luu
Assistant Examiner(s)
Malinowski, Walter

Application Number

US14/625,571
Time in Patent Office

888 Days
Field of Search

726 1, 726 2, 726 10, 726 23, 726 25
US Class Current
CPC Class Codes

H04L 63/08   for authentication of entit...

H04L 63/1433   Vulnerability analysis

H04L 63/20   for managing network securi...

Cloud data loss prevention system

First Claim

11 Assignments

0 Petitions

Accused Products

Abstract

Citations

16 Claims

Specification

Solutions

Use Cases

Quick Links

Cloud data loss prevention system

First Claim

11 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

16 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links