A modern organization typically maintains a data storage system to store and deliver sensitive information concerning various significant business aspects of the organization. Sensitive information may include data on customers (or patients), contracts, deliveries, supplies, employees, manufacturing, or the like. In addition, sensitive information may include intellectual property (IP) of an organization such as software code developed by employees of the organization, documents describing inventions conceived by employees of the organization, etc.
Organizations invest significant efforts in installing data loss prevention (DLP) components, especially on important machines where confidential data is getting generated, but they may not be able to protect each computer in the enterprise, due to reasons like large number of different platforms or operating systems (OS), machine outages, quick and dynamic provisioning of virtual machines, no clear and individual accounting for test and lab machines. DLP technologies apply configurable rules to identify objects, such as files, that contain sensitive data and should not be found outside of a particular enterprise or specific set of host computers or storage devices and should be accessible to certain users who are authorized for the purpose. Even when these technologies are deployed, it is possible for sensitive objects to ‘leak’. Occasionally, leakage is deliberate and malicious, but often it is accidental too.
Organizations use shared servers as data repositories. Organizational policies enforce users to work from these shared servers to securely save their data. Oftentimes, the organization has rules in place to restrict users from copying confidential data from these shared servers on to their endpoint. The conventional DLP system prevents copying from network shares through application integration within a file explorer (e.g., Windows Explorer). However, this does not prevent a user from copying confidential data from these shared servers to a local machine using another application like a command prompt, or by opening a file from the shared server and performing a “save as” operation and saving the document to the local machine. Additionally, an application may read from one network-shared file and write to another file. Currently, there is no method for correlating the two file operations.