Data loss prevention (DLP) methods by a cloud service including third party integration architectures

摘要

Embodiments of the present disclosure include data loss prevention methods by a cloud-based service including third party integration architectures. The disclosed techniques of the cloud-based platform (e.g., collaboration platform in an enterprise environment) can detect (and may optionally prevent) violations to, e.g., corporate policies, which can be configurable by a corporate administrator, for example, regarding the use, storage, and/or transmission of sensitive information. The types of sensitive information can include, for example, financial information—credit card and bank account numbers, Personally Identifiable Information (PII)—Social Security Number (SSN), health/healthcare information, Intellectual Property—earnings forecasts, sales pipeline, trade secrets, source code, etc.

主权项

1. A method performed by a cloud-based computer platform for reconciling quarantined drafts and revisions of a file, the method comprising:
receiving, by one or more processors of the cloud-based computer platform, a first revision of the file for upload to a cloud-based platform, the first revision of the file initiated by a first user; receiving, by the one or more processors of the cloud-based computer platform, a second revision of the file for upload to the cloud-based platform, the second revision of the file initiated by a second user; determining a policy corresponding to the file, wherein the policy comprises a plurality of data loss prevention rules; determining that at least one data loss prevention rule of the plurality of data loss prevention rules is triggered based on contents of the first revision of the file; committing the second revision of the file to the cloud-based platform; quarantining the first revision of the file, wherein quarantining restricts the second user from accessing the first revision of the file; performing a responsive action associated with the at least one of the plurality of data loss prevention rules, wherein the responsive action comprises notifying the first user of the at least one triggered data loss prevention rule; receiving a branched revision of the first revision of the file for upload to the cloud-based platform, wherein the branched revision of the first revision of the file comprises a redaction of a sequence of characters causing the at least one triggered data loss prevention rule to be triggered; determining that the plurality of data loss prevention rules are not triggered based on the branched revision of the first revision of the file; making a copy of the branched revision of the first revision of the file available to the second user; and committing the branched revision of the first revision of the file to the cloud-based platform.