Data loss prevention (DLP) methods and architectures by a cloud service

摘要

Embodiments of the present disclosure include data loss prevention (DLP) methods and architectures by a cloud-based service. The disclosed techniques of the cloud-based platform (e.g., collaboration platform in an enterprise environment) can detect (and may optionally prevent) violations to, e.g., corporate policies, which can be configurable by a corporate administrator, for example regarding the use, storage, or transmission of sensitive information. The types of sensitive information can include, for example, financial information—credit card and bank account numbers, Personally Identifiable Information (PII)—Social Security Number (SSN), health/healthcare information, Intellectual Property—earnings forecasts, sales pipeline, trade secrets, source code, etc.

主权项

1. A method comprising:
receiving, by one or more processors of a cloud-based collaboration platform, a request to upload a file to the cloud-based collaboration platform,
wherein the request is initiated by one of multiple collaborators of the cloud-based collaboration platform; responsive to receiving the request, placing, by the one or more processors, the file in a limited administrative access state,
wherein the limited administrative access state suppresses notifications to the multiple collaborators regarding the upload of the file and restricts access to the file to system administrators; identifying, by the one or more processors, a client associated with the file; determining, by the one or more processors, a data loss prevention policy corresponding to the client,
wherein the data loss prevention policy includes various data loss prevention rules; comparing, by the one or more processors, contents of the file with the data loss prevention rules; determining that at least one of the data loss prevention rules is triggered based on a portion of the contents in the file; performing a responsive action associated with the at least one of the data loss prevention rules,
wherein the data loss prevention rules are set of rules preconfigured by the client; providing the one of the multiple collaborators with an opportunity to modify the portion of the contents in the files causing the at least one of the data loss prevention rules to be triggered; and responsive to the modification of the portion of the contents in the file, remove the file from the limited administrative access state.