Technical Field
The present invention relates generally to data security and more particularly, but not by way of limitation, to systems and methods for data loss prevention.
History Of Related Art
Enterprise communications systems such as, for example, email systems (e.g., systems based on MICROSOFT EXCHANGE), sometimes provide administrators with certain tools for setting up automated polices. These policies can help ensure that users comply with standard operating policies or other governance-related requirements. The policies are often specified as rules that define what a user or group of users should or should not do on the system. When the system detects a violation of such policies, the violation can be logged. Each policy, however, is generally platform-specific and is thus typically limited in scope to a particular communications system on which the policy is specified and implemented. For example, an organization may be utilizing different solutions for email, instant messaging, social media, content management, etc. To the extent any native policy support is provided, each enterprise communications system may provide incompatible tools, policy formats, and enforcement actions. Many enterprise communications systems provide no native policy support at all.
In addition, existing policies that are specified can be quite rigid. For example, one policy may be to not send large email attachments. The policy may be specified using an arbitrary maximum attachment size such as, for example, ten megabytes. In practice, however, a given user may send numerous email attachments that are slightly under the maximum attachment size. Although such a user may be literally complying with the policy by not sending email attachments larger than ten megabytes, the user may be violating the spirit of the policy. The user's numerous email attachments of just under ten megabytes may cause the very adverse effects that the policy is designed to prevent. Violations of the spirit of a given policy cannot generally be detected.
Other policies sometimes require interpretation in order to determine a violation. For example, a company policy may be to not email credit-card numbers. An email system, for example, may then implement the policy by searching for a string of numbers that conforms to a credit-card number format (e.g., a string of numbers of a particular length). According to this example, however, benign numbers that are the same length as a credit-card number could trigger a false positive. In general, when reporting a violation, there is not sufficient information available to enable adequate identification of false positives.
Moreover, as the value and use of information continues to increase, individuals and businesses seek additional ways to process and store information. One option available to users is information handling systems. An information handling system generally processes, compiles, stores, and/or communicates information or data for business, personal, or other purposes thereby allowing users to take advantage of the value of the information. Because technology and information handling needs and requirements vary between different users or applications, information handling systems may also vary regarding what information is handled, how the information is handled, how much information is processed, stored, or communicated, and how quickly and efficiently the information may be processed, stored, or communicated. The variations in information handling systems allow for information handling systems to be general or configured for a specific user or specific use such as financial transaction processing, airline reservations, enterprise data storage, or global communications. In addition, information handling systems may include a variety of hardware and software components that may be configured to process, store, and communicate information and may include one or more computer systems, data storage systems, and networking systems.