Data loss prevention (DLP) methods and architectures by a cloud service
First Claim
1. A method comprising:
- receiving, by one or more processors of a cloud-based collaboration platform, a request to upload a file to the cloud-based collaboration platform,wherein the request is initiated by one of multiple collaborators of the cloud-based collaboration platform;
responsive to receiving the request, placing, by the one or more processors, the file in a limited administrative access state,wherein the limited administrative access state suppresses notifications to the multiple collaborators regarding the upload of the file and restricts access to the file to system administrators;
identifying, by the one or more processors, a client associated with the file;
determining, by the one or more processors, a data loss prevention policy corresponding to the client,wherein the data loss prevention policy includes various data loss prevention rules;
comparing, by the one or more processors, contents of the file with the data loss prevention rules;
determining that at least one of the data loss prevention rules is triggered based on a portion of the contents in the file;
performing a responsive action associated with the at least one of the data loss prevention rules,wherein the data loss prevention rules are set of rules preconfigured by the client;
providing the one of the multiple collaborators with an opportunity to modify the portion of the contents in the files causing the at least one of the data loss prevention rules to be triggered; and
responsive to the modification of the portion of the contents in the file, remove the file from the limited administrative access state.
2 Assignments
0 Petitions
Accused Products
Abstract
Embodiments of the present disclosure include data loss prevention (DLP) methods and architectures by a cloud-based service. The disclosed techniques of the cloud-based platform (e.g., collaboration platform in an enterprise environment) can detect (and may optionally prevent) violations to, e.g., corporate policies, which can be configurable by a corporate administrator, for example regarding the use, storage, or transmission of sensitive information. The types of sensitive information can include, for example, financial information—credit card and bank account numbers, Personally Identifiable Information (PII)—Social Security Number (SSN), health/healthcare information, Intellectual Property—earnings forecasts, sales pipeline, trade secrets, source code, etc.
482 Citations
26 Claims
-
1. A method comprising:
-
receiving, by one or more processors of a cloud-based collaboration platform, a request to upload a file to the cloud-based collaboration platform, wherein the request is initiated by one of multiple collaborators of the cloud-based collaboration platform; responsive to receiving the request, placing, by the one or more processors, the file in a limited administrative access state, wherein the limited administrative access state suppresses notifications to the multiple collaborators regarding the upload of the file and restricts access to the file to system administrators; identifying, by the one or more processors, a client associated with the file; determining, by the one or more processors, a data loss prevention policy corresponding to the client, wherein the data loss prevention policy includes various data loss prevention rules; comparing, by the one or more processors, contents of the file with the data loss prevention rules; determining that at least one of the data loss prevention rules is triggered based on a portion of the contents in the file; performing a responsive action associated with the at least one of the data loss prevention rules, wherein the data loss prevention rules are set of rules preconfigured by the client; providing the one of the multiple collaborators with an opportunity to modify the portion of the contents in the files causing the at least one of the data loss prevention rules to be triggered; and responsive to the modification of the portion of the contents in the file, remove the file from the limited administrative access state. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
-
-
9. A system which hosts a cloud-based collaboration service having data loss prevention capabilities, the system, comprising:
-
one or more processors; a storage medium having instructions stored thereon, which when executed by the one or more processors, cause the system to; responsive to receiving a request initiated by a collaborator of multiple collaborators to upload a file to a cloud-based collaboration platform, place the file in a limited administrative access state, wherein the limited administrative access state suppresses notifications to the multiple collaborators regarding the upload of the file and restricts access to the file to system administrators; identify an enterprise client associated with the file; determine a data loss prevention policy corresponding to the enterprise client, wherein the data loss prevention policy includes various data loss prevention rules; compare contents of the file with the set of data loss prevention rules; determine that one of the set rules is triggered based on a portion of the contents in the file; perform a responsive action associated with the rules, wherein the data loss prevention rules are a set of rules preconfigured by the enterprise client; provide the one of multiple collaborators with an opportunity to modify the portion of the contents in the file causing the at least one of the data loss prevention rules to be triggered; and responsive to the modification of the portion of the contents in the file, remove the file from the limited administrative access state. - View Dependent Claims (10, 11, 12, 13, 14, 15, 16, 17)
-
-
18. A non-transitory computer readable storage medium having instructions stored thereon, which when executed by one or more processors, cause the one or more processors to:
-
responsive to receiving a request initiated by a collaborator of multiple collaborators to upload a file to a cloud-based collaboration platform, place the file in a limited administrative access state, wherein the limited administrative access state suppresses notifications to the multiple collaborators regarding the upload of the file and restricts access to the file to system administrators; identify an enterprise client associated with the file; determine a data loss prevention policy corresponding to the enterprise client, wherein the data loss prevention policy includes various data loss prevention rules; compare contents of the file with the set of data loss prevention rules; determine that one of the set rules is triggered based on a portion of the contents in the file; perform a responsive action associated with the rules, wherein the data loss prevention rules are a set of rules preconfigured by the enterprise client; provide the one of multiple collaborators with an opportunity to modify the portion of the contents in the file causing the at least one of the data loss prevention rules to be triggered; and responsive to the modification of the portion of the contents in the file, remove the file from the limited administrative access state. - View Dependent Claims (19, 20, 21, 22, 23, 24, 25, 26)
-
Specification