Mitigation of data leakage in a multi-site computing infrastructure
First Claim
Patent Images
1. A method comprising:
- uploading, by an owning entity, a file to a file sharing environment including, a security label and a keyword associated with the file;
specifying a first tier of a mandatory access control policy to the file based on the security label, the mandatory access control policy limiting sharing scope of the file and placing a restriction on an ability of the owning entity to share the file within the file sharing environment including limiting an ability to grant a second entity outside the restricted maximum sharing scope access to the file;
generating a profile for an entity contact and storing the generated profile in memory, the profile including a collaboration vector comprising keywords representing collaboration topics between the owning entity and the entity contact, the keywords associated with a calculated weight;
calculating a contact score for each entity contact defining relevance matching between the file and the entity contact, the contact score calculated based upon the weight of each keyword in the profile of the entity contact and the keywords associated with the file;
interactively recommending a first entity contact within the limited sharing scope of the file to the owning entity as a candidate for file sharing based upon an associated contact score of the first entity contact;
periodically updating the profile of each entity contact and the collaboration vector of each entity contact using new collaboration information; and
interactively adjusting the recommendation for file sharing based on the updated contact profile, wherein the interactive adjustment includes an automated evaluation within the limited sharing scope of the file.
1 Assignment
0 Petitions
Accused Products
Abstract
Embodiments of the invention relate to a method, system, and computer program product to dynamically mitigate data leakage in a file sharing environment. Mandatory access control policies are provided to address and maintain restrictions on file sharing both with respect to security rules of an organization and restrictions pertaining to discretionary sharing decisions. In addition, suggestions for potential recipients for file sharing are supported, as well as examination of abnormal recipients in response to the discretionary sharing decisions.
-
Citations
20 Claims
-
1. A method comprising:
-
uploading, by an owning entity, a file to a file sharing environment including, a security label and a keyword associated with the file; specifying a first tier of a mandatory access control policy to the file based on the security label, the mandatory access control policy limiting sharing scope of the file and placing a restriction on an ability of the owning entity to share the file within the file sharing environment including limiting an ability to grant a second entity outside the restricted maximum sharing scope access to the file; generating a profile for an entity contact and storing the generated profile in memory, the profile including a collaboration vector comprising keywords representing collaboration topics between the owning entity and the entity contact, the keywords associated with a calculated weight; calculating a contact score for each entity contact defining relevance matching between the file and the entity contact, the contact score calculated based upon the weight of each keyword in the profile of the entity contact and the keywords associated with the file; interactively recommending a first entity contact within the limited sharing scope of the file to the owning entity as a candidate for file sharing based upon an associated contact score of the first entity contact; periodically updating the profile of each entity contact and the collaboration vector of each entity contact using new collaboration information; and interactively adjusting the recommendation for file sharing based on the updated contact profile, wherein the interactive adjustment includes an automated evaluation within the limited sharing scope of the file. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
-
-
10. A computer program product comprising a computer readable hardware storage device having computer readable program code embodied therewith, the program code when executed on a processor causes the computer to:
-
upload, by a first entity, a file to the file sharing environment including, a security label and a keyword associated with the file; specify a first tier of a mandatory access control policy to the file in the file sharing environment based on the security label, the mandatory access control policies to restrict a maximum sharing scope of the file and to place a security boundary on an ability of the first entity to share the file within the file sharing environment including, to limit an ability to grant a second entity outside the restricted maximum sharing scope access to the file; generate a profile for an entity contact, the profile including a collaboration vector comprising a keyword representing a collaboration topic between the first entity and the entity contact, the keyword associated with a calculated weight; calculate a contact score for each entity contact defining relevance matching between the file and the first entity contact, the contact score calculated based upon the weight of the keyword in the profile of the entity contact and the keywords associated with the file; recommend a first entity contact within the restricted maximum sharing scope to the first entity as a candidate to share the file, wherein the recommendation is based upon the contact score of the first entity contact; periodically update the profile and the collaboration vector of each of the entity contact associated with the first entity using new collaboration information; and interactively adjust the recommendation for file sharing based on the updated contact profile, wherein the interactive adjustment includes an automated evaluation within the restricted maximum sharing scope. - View Dependent Claims (11, 12, 13, 14)
-
-
15. A system comprising:
-
a file uploaded to a file sharing environment by a first entity, including a security label and a keyword associated with the file; an access manager that is in communication with the file sharing environment, the access manager to specify a first tier of a mandatory access control policy to the file in the file sharing environment based on the security label, the mandatory access control policy to restrict maximum sharing scope of the file and to place a security boundary on an ability of the first entity to share the file within the file sharing environment including, to limit the ability to grant a second entity outside the restricted maximum sharing scope access to the file; a profile manager in communication with the access manager, the profile manager to create an attribute profile for an entity contact, the profile including a collaboration vector comprising a keyword representing collaboration topics between the first entity and the entity contact, the keyword associated with a calculated weight; a history manager in communication with the profile manager, the history manager to mine a past collaboration activity between the first entity and the entity contact; a recommendation manager to calculate a contact score defining relevance matching between the file and the entity contact, the contact score calculated based upon the weight of the keyword in the profile of the entity contact and the keyword associated with the file, and to recommend a first entity contact within the restricted maximum sharing scope to the first entity as a candidate to share the file, wherein a recommendation is based upon the contact score of the first entity contact; an update manager that is in communication with the history manager, the update manager to periodically update the profile of each entity contact and the collaboration vector of each entity contact, including using new collaboration information; and an adjustment manager in communication with the update manager, the adjustment manager to interactively adjust the recommendation for file sharing based on the updated contact profile, wherein the interactive adjustment includes an automated evaluation within the restricted maximum sharing scope. - View Dependent Claims (16, 17, 18)
-
-
19. A method to support collaboration in an entity owning file sharing environment, the method comprising:
-
uploading, by a first entity, a file to a file sharing environment including, a security label and a keyword associated with the file; specifying a first tier of a mandatory access control policy to the file based on the security label, the mandatory access control policy restricting a maximum sharing scope of the file and placing a restriction on an ability of the first entity to share the file including, to limit an ability to grant a second entity outside the restricted maximum sharing scope access to the file; creating an attribute profile for an entity contact and storing the created attribute profile in memory, including mining a past collaboration activity, the profile including a collaboration vector comprising a keyword representing a collaboration topic between the first entity and the entity contact, the keyword associated with a calculated weight; calculating a contact score for each entity contact defining relevance matching between the file and the entity contact, the contact score calculated based upon the weight of the keyword in the profile of the entity contact and the keyword associated with the file; interactively recommending a first entity contact within the restricted maximum sharing scope to the first entity as a candidate for file sharing based upon an associated contact score; updating a contact profile and the collaboration vector of each entity contact using new collaboration information on a periodic basis; and interactively adjusting the recommendation for file sharing based on the updated contact profile, wherein the interactive adjustment includes an automated evaluation within the restricted maximum sharing scope. - View Dependent Claims (20)
-
Specification