Identifying and securing sensitive data at its source
First Claim
1. A method executed by one or more computing devices for discovering and protecting sensitive data within an enterprise, the method comprising:
- receiving, by at least one of the one or more computing devices, a record classification rule configured to identify sensitive records having a sensitive data type stored on a plurality of enterprise databases, wherein the record classification rule specifies one or more field types;
identifying, by at least one of the one or more computing devices, sensitive data records having the sensitive data type based at least in part on header data corresponding to a plurality of data records stored on the plurality of enterprise databases and the one or more field types specified by the record classification rule;
transmitting, by at least one of the one or more computing devices, a plurality of status indicators corresponding to a plurality of groups of enterprise databases, wherein each group of enterprise databases shares at least one common attribute and wherein each status indicator is based at least in part on identified sensitive data records in each group of enterprise databases;
receiving, by at least one of the one or more computing devices, selection of a status indicator in the plurality of status indicators, the status indicator corresponding to a group of enterprise databases in the plurality of groups of enterprise databases;
receiving, by at least one of the one or more computing devices, a selection of a protection policy, the protection policy configured to apply a data transformation to data associated with any data records that are linked to the protection policy; and
applying, by at least one of the one or more computing devices, the selected protection policy to the identified sensitive data records in the group of enterprise databases corresponding to the selected status indicator to link the identified sensitive data records in the group of enterprise databases with the selected protection policy.
8 Assignments
0 Petitions
Accused Products
Abstract
A data management service identifies sensitive data stored on enterprise databases according to record classification rules that classify a data record as having a sensitive data type if the data record includes fields matching at least one of the record classification rules. The data management service determines assessment scores for enterprise databases according to sensitive data records and protection policies on the enterprise databases. The data management service provides an interface that groups enterprise databases having common attributes or common sensitive data types and indicates aggregated assessment scores for the groups of enterprise databases. Through the interface with the grouped enterprise databases, an administrator apply protection policies to enterprise databases. To apply the protection policy, the data management service applies the protection policy to a source database from which dependent enterprise databases access the sensitive database.
266 Citations
21 Claims
-
1. A method executed by one or more computing devices for discovering and protecting sensitive data within an enterprise, the method comprising:
-
receiving, by at least one of the one or more computing devices, a record classification rule configured to identify sensitive records having a sensitive data type stored on a plurality of enterprise databases, wherein the record classification rule specifies one or more field types; identifying, by at least one of the one or more computing devices, sensitive data records having the sensitive data type based at least in part on header data corresponding to a plurality of data records stored on the plurality of enterprise databases and the one or more field types specified by the record classification rule; transmitting, by at least one of the one or more computing devices, a plurality of status indicators corresponding to a plurality of groups of enterprise databases, wherein each group of enterprise databases shares at least one common attribute and wherein each status indicator is based at least in part on identified sensitive data records in each group of enterprise databases; receiving, by at least one of the one or more computing devices, selection of a status indicator in the plurality of status indicators, the status indicator corresponding to a group of enterprise databases in the plurality of groups of enterprise databases; receiving, by at least one of the one or more computing devices, a selection of a protection policy, the protection policy configured to apply a data transformation to data associated with any data records that are linked to the protection policy; and applying, by at least one of the one or more computing devices, the selected protection policy to the identified sensitive data records in the group of enterprise databases corresponding to the selected status indicator to link the identified sensitive data records in the group of enterprise databases with the selected protection policy. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
-
8. An apparatus for discovering and protecting sensitive data within an enterprise, the apparatus comprising:
-
one or more processors; and one or more memories operatively coupled to at least one of the one or more processors and having instructions stored thereon that, when executed by at least one of the one or more processors, cause at least one of the one or more processors to; receive a record classification rule configured to identify sensitive records having a sensitive data type stored on a plurality of enterprise databases, wherein the record classification rule specifies one or more field types; identify sensitive data records having the sensitive data type based at least in part on header data corresponding to a plurality of data records stored on the plurality of enterprise databases and the one or more field types specified by the record classification rule; transmit a plurality of status indicators corresponding to a plurality of groups of enterprise databases, wherein each group of enterprise databases shares at least one common attribute and wherein each status indicator is based at least in part on identified sensitive data records in each group of enterprise databases; receive a selection of a status indicator in the plurality of status indicators, the status indicator corresponding to a group of enterprise databases in the plurality of groups of enterprise databases; receive a selection of a protection policy, the protection policy configured to apply a data transformation to data associated with any data records that are linked to the protection policy; and apply the selected protection policy to the identified sensitive data records in the group of enterprise databases corresponding to the selected status indicator to link the identified sensitive data records in the group of enterprise databases with the selected protection policy. - View Dependent Claims (9, 10, 11, 12, 13, 14)
-
-
15. At least one non-transitory computer-readable medium storing computer-readable instructions that, when executed by one or more computing devices, cause at least one of the one or more computing devices to:
-
receive a record classification rule configured to identify sensitive records having a sensitive data type stored on a plurality of enterprise databases, wherein the record classification rule specifies one or more field types; identify sensitive data records having the sensitive data type based at least in part on header data corresponding to a plurality of data records stored on the plurality of enterprise databases and the one or more field types specified by the record classification rule; transmit a plurality of status indicators corresponding to a plurality of groups of enterprise databases, wherein each group of enterprise databases shares at least one common attribute and wherein each status indicator is based at least in part on identified sensitive data records in each group of enterprise databases; receive a selection of a status indicator in the plurality of status indicators, the status indicator corresponding to a group of enterprise databases in the plurality of groups of enterprise databases; receive a selection of a protection policy, the protection policy configured to apply a data transformation to data associated with any data records that are linked to the protection policy; and apply the selected protection policy to the identified sensitive data records in the group of enterprise databases corresponding to the selected status indicator to link the identified sensitive data records in the group of enterprise databases with the selected protection policy. - View Dependent Claims (16, 17, 18, 19, 20, 21)
-
Specification