The subject matter discussed in this section should not be assumed to be prior art merely as a result of its mention in this section. Similarly, a problem mentioned in this section or associated with the subject matter provided as background should not be assumed to have been previously recognized in the prior art. The subject matter in this section merely represents different approaches, which in and of themselves can also correspond to implementations of the claimed technology.
Sharing content from the cloud has never been easier. The challenge is that without visibility and control over what is being shared and with whom is the content being shared with, there is risk that sensitive data could get in the wrong hands. For example, when an Office 365™ user shares sensitive content with a user outside of the organization, it has potential to be a risky situation. To help mitigate this risk, the technology disclosed allows setting of fine-grained access restrictions so as to enforce granular and precise policies on sensitive content.
The use of cloud services for a number of corporate functions is now common. Thus, instead of installing servers within a corporate network to run a customer relationship management (CRM) software product, a software as a service (SaaS) solution such as Salesforce.com's offerings can be used. The information technology (IT) and network architecture approaches that could log and protect access to a classic solution provide limited control. The sprawl of “bring your own devices” (BYODs) and the need to haul that traffic back to the enterprise make it less attractive. For example, VPN solutions are used to control access to the protected corporate network. Proxies (both transparent and explicit) may be used to filter, or limit access to undesirable web sites when the client is accessing the web sites from within the corporate network. Similar filtering software can be installed on client computers, e.g. safe browsing software, to enforce limits on access. A viable solution should provide consistent, centrally administered control, e.g. enforce the same policy across multiple devices, network services, and networks—including corporate networks.
Data is often the lifeblood of any business and it is critical that it is effectively managed, protected, and meets compliance needs. Protecting data in the past was focused primarily on on-premise scenarios, but now with the increased adoption of cloud services, companies of all sizes are now relying on the cloud to create, edit, and store data. This presents new challenges. Despite its benefits, the cloud also makes it easy for people to lose sensitive corporate data. For one thing, people can access cloud services from multiple devices more easily. Another is that the cloud services make it easy to share data, including with people outside of an organization. For these reasons, it is easy for data to get out of an organization's control.
Also, as the number of cloud services increases exponentially, there are hundreds of ways data can leak. Employees might be attach a wrong file while sending e-mails, hit the send button too early, not be careful when rushing to a deadline, or share data and collaborate with people outside of their organization. The native cloud storage sync clients also pose a significant risk to organizations. A continuous sync takes place between the end point and the cloud service without employees realizing they are leaking confidential company information. In the case of disgruntled workers, the cloud services are making it super easy for them to steal intellectual property.
Accordingly, it is imperative to facilitate the use of cloud services so people can continue to be productive and use the best tools for the job without compromising sensitive information such as intellectual property, non-public financials, strategic plans, customer lists, personally identifiable information belonging to customers or employees, and the like.