PROTECTING SENSITIVE INFORMATION FROM A SECURE DATA STORE
5 Assignments
0 Petitions
Accused Products
Abstract
In embodiments of the present invention improved capabilities are described for the steps of receiving an indication that a computer facility has access to a secure data store, causing a security parameter of a storage medium local to the computer facility to be assessed, determining if the security parameter is compliant with a security policy relating to computer access of the remote secure data store, and in response to an indication that the security parameter is non-compliant, cause the computer facility to implement an action to prevent further dissemination of information, to disable access to network communications, to implement an action to prevent further dissemination of information, and the like.
-
Citations
23 Claims
-
1-3. -3. (canceled)
-
4. A method of protecting stored information, the method comprising:
-
storing a security policy for controlling access by a network endpoint to an encrypted remote data store, the security policy requiring a data store connected to the network endpoint to meet one or more security requirements; receiving an indication at a threat management facility that a first endpoint has access to the encrypted remote data store; auditing the first endpoint to determine whether a security parameter of a first data store connected to the first endpoint is compliant with the one or more security requirements for identification as a secure data store; and causing the first endpoint to implement an action to regulate dissemination, by the first endpoint, of data from the encrypted remote data store in response to a determination that the security parameter of the first data store connected to the first endpoint is non-compliant. - View Dependent Claims (5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16)
-
-
17. A computer program product embodied in a non-transitory computer readable medium that, when executing on a threat management facility, performs steps comprising:
-
storing a security policy for controlling access by a network endpoint to an encrypted remote data store, the security policy requiring a data store connected to the network endpoint to meet one or more security requirements; receiving an indication at the threat management facility that a first endpoint has access to the encrypted remote data store; auditing the first endpoint to determine whether a security parameter of a first data store connected to the first endpoint is compliant with the one or more security requirements for identification as a secure data store; and causing the first endpoint to implement an action to regulate dissemination, by the first endpoint, of data from the encrypted remote data store in response to a determination that the security parameter of the first data store connected to the first endpoint is non-compliant. - View Dependent Claims (18, 19, 20)
-
-
21. A system comprising:
-
an encrypted remote data store; a first endpoint including a computing device comprising a memory and a processor, the first endpoint in a communicating relationship with the encrypted remote data store, and the first endpoint storing a security policy for controlling access by a network endpoint to the encrypted remote data store, the security policy requiring a data store connected to the network endpoint to meet one or more security requirements; and a threat management facility coupled in a communicating relationship with the first endpoint, the threat management facility configured to, in response to an indication that the first endpoint has access to the encrypted remote data store, audit the first endpoint to determine whether a first internal data store connected to the first endpoint is compliant with one or more requirements for identification as a secure data store, and to cause the first endpoint to regulate dissemination, by the first endpoint, of data from the encrypted remote data store in response to a determination that the first internal data store connected to the first endpoint is non-compliant. - View Dependent Claims (22, 23)
-
Specification