1. Technical Field
This disclosure relates generally to identifying and managing user operations with respect to sensitive information (e.g., intellectual property, personally identifiable information, and the like).
2. Background of the Related Art
Data Loss Prevention (DLP) systems are well-known in the prior art and operate generally to identify, monitor use of, and to control user operations on, sensitive information within an enterprise computing environment. DLP systems are designed to prevent data flow from inside the network to the outside world. This data flow may be unintentional or intentional. Unlike event-based notification systems, DLP provides a policy-based approach for managing how data is discovered and classified on a user's workstation or file server, also known as an “endpoint.” In such systems, data of interest (sometimes referred to as an “artifact,” an “item” or an “object”) is classified into various well-defined “content categories,” such as “company confidential” or “personally identifiable information (PII).” Additionally, an artifact may be categorized into none, one, or multiple categories. Understanding of the various categories of documents (or other files of interest) that exist on computer systems within an organization helps to inform authorized personnel having a need to access and manage sensitive data. DLP technologies address the problem of data loss by enforcing policy on artifacts and, in particular, by preventing or auditing actions (such as copying a file to external storage) on artifacts based on content category.
Even with a DLP system in place, users will undoubtedly attempt to subvert the technology, e.g., by attempting to modify a classification for given information. The prior art, however, does not provide any automated techniques for determining (and potentially acting upon) changes in information classification. This subject matter of this disclosure addresses this deficiency.