Data loss prevention

摘要

Data loss prevention systems and methods begin protecting data upon the creation of the data. One such method involves detecting a file system operation targeting data on a storage device. The file system operation creates or modifies the data or a set of permissions associated with the data. In response to detecting the file system operation, the method prevents unauthorized access to the data. The method begins preventing unauthorized access after the detection of the file system operation and before any subsequent read access to the data via the file system.

主权项

1. A method comprising:
detecting a file system operation targeting data on a shared storage device, wherein the file system operation creates or modifies the data or a set of permissions associated with the data; in response to the detecting, comparing the set of permissions associated with the data to a set of appropriate permissions, wherein the set of appropriate permissions restricts unauthorized access to the data, if the set of permissions associated with the data is less restrictive than the set of appropriate permissions, the set of appropriate permissions is violated, and when the detecting and the comparing are performed, the set of permissions associated with the data does not restrict unauthorized access to the data; in response to the comparing, preventing unauthorized access to the data, wherein the preventing begins after the detecting and before any subsequent read access to the data, the preventing comprises generating an error message in response to detecting that the set of permissions associated with the data is more permissive than the set of appropriate permissions, the set of appropriate permissions was determined by a data loss prevention (DLP) processor, and the error message indicates that the set of appropriate permissions proposed by the DLP processor can be accepted, the file system operation can be retried, or the set of permissions associated with the data can be overridden.