Conventional security software may identify the presence of sensitive data (such as social security numbers, bank account information, or user login information) in computer files by detecting patterns (also known as digital signatures) that indicate the presence of the sensitive data. If a security software program detects a pattern in a computer file that indicates that the file contains sensitive data, the security software program may prevent the file from being copied or sent to an unauthorized location. For example, the security software may prevent a user from sending a file containing sensitive data in an email, from uploading the file to the Internet, or from using the file in some other way that violates a security policy.
Unfortunately, if a file containing sensitive data is placed in a backup, conventional security software programs may be unable to detect the presence of the sensitive data in the backup. For example, conventional backup software programs typically encrypt and/or compress data in backups using proprietary encryption and/or compression algorithms or heuristics. Because many security software programs are unable to decrypt and/or uncompress data in a backup that has been encrypted or compressed using such proprietary algorithms or heuristics, security software programs may be unable to detect the presence of the sensitive data in the backup. Thus, a user of a computing device may be able to circumvent (either intentionally or unknowingly) a security policy that prevents copying or distributing files containing sensitive data simply by placing a file containing the sensitive data in an encrypted and/or compressed backup.