SYSTEMS AND METHODS FOR PROVIDING TARGETED DATA LOSS PREVENTION ON UNMANAGED COMPUTING DEVICES

摘要

A computer-implemented method for providing targeted data loss prevention on unmanaged computing devices may include (1) identifying a data loss prevention policy that defines permissible data handling within set bounds to prevent unauthorized data exfiltration from the set bounds, (2) identifying an application to install on at least one unmanaged endpoint device, where (i) the unmanaged endpoint device lacks a data loss prevention agent configured to apply the data loss prevention policy to the entire unmanaged endpoint device and (ii) the application is to be provided to the unmanaged endpoint device to operate on sensitive data from within the set bounds, and (3) wrapping the application in an application wrapper that intercepts system calls from the application and applies the data loss prevention policy to sensitive data implicated in the system calls. Various other methods, systems, and computer-readable media are also disclosed.

主权项

1. A computer-implemented method for providing targeted data loss prevention on unmanaged computing devices, at least a portion of the method being performed by a computing device comprising at least one processor, the method comprising:
identifying a data loss prevention policy that defines permissible data handling within set bounds to prevent unauthorized data exfiltration from the set bounds; identifying an application to install on at least one unmanaged endpoint device, where: the unmanaged endpoint device lacks a data loss prevention agent configured to apply the data loss prevention policy to the entire unmanaged endpoint device; the application is to be provided to the unmanaged endpoint device to operate on sensitive data from within the set bounds; wrapping the application in an application wrapper that intercepts system calls from the application and applies the data loss prevention policy to sensitive data implicated in the system calls, where the application wrapper thereby applies the data loss prevention policy to data handled by the application instead of applying the data loss prevention policy to the entire unmanaged endpoint device.