Embodiments are illustrated by way of example and not limitation in the figures of the accompanying drawings, in which like reference numerals indicate corresponding, analogous or similar elements, and in which:
It will be appreciated that for simplicity and clarity of illustration, elements shown in the figures have not necessarily been drawn to scale. For example, the dimensions of some of the elements may be exaggerated relative to other elements for clarity.
In the following detailed description, numerous specific details are set forth in order to provide a thorough understanding of embodiments of the described technology. However it will be understood by those of ordinary skill in the art that the embodiments may be practiced without these specific details. In other instances, well-known methods, procedures and components have not been described in detail so as not to obscure the embodiments of the described technology include computer-readable media for carrying or having computer-executable instructions or data structures stored thereon. Such computer-readable media can be any available media that can be accessed by a general-purpose or special-purpose computer. By way of example, and not limitation, such computer-readable media may comprise physical computer-readable media such as RAM, ROM, EEPROM, flash memory or other memory technology, CD-ROM, DVD or other optical disk storage, magnetic disk storage or other magnetic storage devices, or any other medium which can be used to carry or stored desired program code means in the form of computer-executable instructions or data structures and which can be accessed by a general-purpose or special purpose computer.
When information is transferred or provided over a network or another communications connection (hardwired, wireless, optical or any combination thereof) to a computer system, the computer system properly views the connection as a computer-readable medium. Thus, any such connection is properly termed a computer-readable medium. Combinations of the above should also be included within the scope of computer-readable media. Computer-executable instructions comprise, for example, any instructions and data which cause a general-purpose computer system, special-purpose computer system, or special-purpose processing device to perform a certain function or group of functions. The computer-executable instructions may be, for example, binaries, intermediate format instructions such as assembly language, or even source code.
In this document, a “logical communication link” is defined as any communication path that can enable the transport of electronic data between two entities such as computer systems or modules. The actual physical representation of a communication path between two entities may not be important and can change over time. A logical communication link can include portions of a system bus, a local area network (e.g., an Ethernet network), a wide area network, the Internet, combinations thereof, or portions of any other path that may facilitate the transport of electronic data. Logical communication links can include hardwired links, wireless links, or a combination of hardwired links and wireless links. Logical communication links can also include software or hardware modules that condition or format portions of electronic data so as to make them accessible to components that implement the principles of the described technology. Such modules include, for example, proxies, routers, firewalls, switches, or gateways. Logical communication links may also include portions of a virtual network, such as, for example, Virtual Private Network (“VPN”) or a Virtual Local Area Network (“VLAN”).
With reference to
The computer 120 may also comprise a magnetic hard disk drive 127 for reading from and writing to a magnetic hard disk 139, a magnetic disk drive 128 for reading from or writing to a removable magnetic disk 129, and an optical disk drive 130 for reading from or writing to removable optical disk 131 such as a CD-ROM or other optical media. The magnetic hard disk drive 127, magnetic disk drive 128, and optical disk drive 130 are connected to the system bus 123 by a hard disk drive interface 132, a magnetic disk drive interface 133, and an optical drive interface 134, respectively. The drives and their associated computer-readable media provide nonvolatile storage of computer-executable instructions, data structures, program modules, and other data for the computer 120. Although the exemplary environment described herein employs a magnetic hard disk 139, a removable magnetic disk 129, and a removable optical disk 131, other types of computer readable media for storing data can be used, including magnetic cassettes, flash memory cards, digital video disks, Bernoulli cartridges, RAMs, ROMs, and the like.
Program code means having one or more program modules that may be stored on the hard disk 139, magnetic disk 129, optical disk 131, ROM 124 or RAM 125, comprising an operating system 135, one or more application programs 136, other program modules 137, and program data 138. A user may enter commands and information into the computer 120 through keyboard 140, pointing device 142, or other input devices (not shown), such as a microphone, joy stick, game pad, satellite dish, scanner, or the like. These and other input devices are often connected to the processing unit 121 through a serial port interface 146 coupled to system bus 123. Alternatively, the input devices may be connected by other interfaces, such as a parallel port, a game port, or a universal serial bus (USB). A monitor 147 or another display device is also connected to system bus 123 via an interface, such as video adapter 148. In addition to the monitor, personal computers typically comprise other peripheral output devices (not shown), such as speakers and printers.
The computer 120 may operate in a networked environment using logical communication links to one or more remote computers, such as remote computers 149a and 149b. Remote computers 149a and 149b may each be another personal computer, a client, a server, a router, a switch, a network PC, a peer device or other common network node, and can comprise many or all of the elements described above relative to the computer 120. The logical communication links depicted in
When used in a LAN networking environment (e.g. an Ethernet network), the computer 120 is connected to LAN 151 through a network interface or adapter 153, which can be a wired or wireless interface. When used in a WAN networking environment, the computer 120 may comprise a wired link, such as, for example, modem 154, a wireless link, or other means for establishing communications over WAN 152. The modem 154, which may be internal or external, is connected to the system bus 123 via the serial port interface 146. In a networked environment, program modules depicted relative to the computer 120, or portions thereof, may be stored in at a remote memory storage device. It will be appreciated that the network connections shown are exemplary and other means of establishing communications over wide area network 152 may be used.
While
Those skilled in the art will also appreciate that embodiments may be practiced in network computing environments using virtually any computer system configuration. Embodiments may also be practiced in distributed system environments where local and remote computer systems, which are linked (either by hardwired links, wireless links, or by a combination of hardwired and wireless links) through a network, both perform tasks. In a distributed system environment, program modules may be located in both local and remote memory storage devices.
An organization may have a data usage policy that involves the application of data usage attributes to files that are stored in folders of a file repository. Magnetic hard disks, removable magnetic disks, and removable optical disks are all examples of media where a file repository can exist. A file repository may be remote and accessed through a communication link. A file repository may be a collaborative portal application, such as “Microsoft Office SharePoint Server®”, Documentum eRoom from EMC Corporation of Hopkinton, Mass., or WebOffice from WebEx Communications Inc. of Burlington, Mass. Other types of file repositories are also contemplated.
If the onus is on a user to apply the attributes to a file, implementation of the policy may suffer. To reduce the onus on the user to implement the policy, a folder may be classified with a data classification, and a new file is automatically classified when saved to the folder. The data classification has previously been associated with default settings for the data usage attributes by an information technology (IT) administrator of the organization.
For example, the following data classifications may be used: Public Use, Internal Use Only, Company Confidential, and Department Confidential, listed in order of increasing restrictiveness. This is just an example, and other data classifications are also contemplated.
The data classification Public Use may be applicable to information in the public domain. A non-exhaustive list of examples of files that may be classified as Public Use includes annual reports, press statements, and other information belonging to the organization that has been approved for public use.
The data classification Internal Use Only may be applicable to information that is not approved for general circulation outside the organization, but disclosure of which is unlikely to be seriously damaging to the organization. A non-exhaustive list of examples of files that may be classified as Internal Use Only includes internal memos, minutes of meetings, and internal project reports.
The data classification Company Confidential may be applicable to information that is proprietary to the organization and other confidential information. A non-exhaustive list of examples of files that may be classified as Company Confidential includes customer lists, procedures, project plans, designs and specifications.
The data classification Department Confidential may be applicable to highly sensitive information access to which should be restricted to a single department in the organization. A non-exhaustive list of examples of files that may be classified as Department Confidential includes human resources files, accounting information, and business development plans.
The data usage attributes related to the data classification may include, for example, who can read the data, who can modify the data, who can print the data, who can cut-and-paste the data, whether the data can be forwarded, when the data expires, and whether the data must be encrypted. This is just an example, and other data usage attributes are also contemplated.
The possible values of a data usage attribute may be ordered according to restrictiveness. For example, the data usage attribute “who can read the data” may have the following values (listed from least restrictive to most restrictive): “anyone”, “all internal users”, “all full-time employees”, “file owner's department”, and “file owner”.
An exemplary configuration of data classifications and default settings for the data usage attributes is shown in the following table. This is just an example, and other default settings are also contemplated.
In a computing environment where a digital rights management system is available, the IT administrator of the organization may have established rights policy templates. Rather than specifying individual settings for the various data usage attributes for a particular data classification, the IT administrator may associate one or more rights policy templates with the particular data classification.
When a new folder is created, it may inherit its data classification from the folder in which it is created. For example, if a new folder is created in a folder classified as Internal Use Only, then the new folder is automatically classified as Internal Use Only by the operating system when it is created. Alternatively, the new folder may be created with a default data classification or with no data classification at all. Alternatively, a graphical user interface to classify the folder may appear automatically as part of the process of creating a new folder.
In some embodiments, in order to prevent security risks, a folder that is not empty (i.e. the folder contains files) may not be reclassified.
The data classification may be stored as metadata connected to the folder. It may be helpful for users to be informed of the data classification of a folder. For example, in “WINDOWS®” Explorer, a user may choose which details of a selected item are viewable, and the data classification of the selected folder may also be viewable. In another example, the data classification of a folder may be indicated to the user by a special icon, or by color-coding, or any other suitable indication.
The data to be protected according to;the data classification policy is not in the folders, but rather in the files. Hence, the settings of the data usage attributes need to be applied to the files. The embodiments described below enable a new file to be classified automatically prior to being saved in a folder of a file repository.
In a simple embodiment, when a user saves a new file generated by an application to a folder, the file is automatically classified according to the data classification of the folder in which it is saved. No particular input is required on the part of the user. This automatic classification comprises instructing the application to modify the file prior to saving the file to the folder. The modification of the file comprises applying to the file the default settings associated with the data classification of the folder.
Precisely how the application applies the settings to the file will depend upon the data usage attributes, the settings and the application. For example, if the application is RMS-enabled and the computing environment is one where “MICROSOFT®” “WINDOWS®” Rights Management is available, the application may perform the appropriate Information Rights Management (IRM) activities on the file. Any encryption required according to the settings, if not handled as part of the IRM activities, will be done to the file after the IRM activities have been performed and before the file is saved to the folder.
In another embodiment, a user may be able to select a different data classification for a file than the data classification of the folder in which the file is to being saved. In some implementations, any data classification may be selected for the file. In other implementations, only a more restrictive data classification than that of the folder in which the file is to be saved may be selected. For example, a user may classify a file as Department Confidential and save it in a folder classified as Company Confidential, but may not save a file classified as Public Use in a folder classified as Company Confidential. In yet other implementations, only a less restrictive data classification than that of the folder in which the file is to be saved may be selected.
In the example shown in
In yet another embodiment, non-default settings for the data usage attributes may be assigned by the user to a folder and/or to a file.
Dialog box 700 includes an “Advanced . . . ” button 704 which, if activated by the user, enables the user to assign non-default settings for the data usage attributes to the folder. In alternative implementations, the graphical user interface to classify or reclassify a folder includes an “Advanced . . . ” tab (not shown) or any other suitable interface to enable the user to assign non-default settings for the data usage attributes to the folder.
In some implementations, any non-default setting for the folder is permissible. In other implementations, any non-default setting assigned by the user must be more restrictive than the corresponding default setting of the data classification of the folder.
If a folder is assigned non-default settings of data usage attributes other than the default settings of the data classification of the folder, then the non-default settings or an indication thereof, may be stored as metadata connected to the folder. If a new folder, when created, inherits the data classification of the folder in which it is created, and the folder in which it is created has non-default settings, then the new folder may inherit the settings of the folder in which it is created, including any non-default settings. Alternatively, the new folder may inherit only the data classification of the folder in which it is created (and the default settings associated with the data classification).
Dialog box 1000 includes an “Advanced . . . ” button 1004 which, if activated by the user, enables the user to assign non-default settings for the data usage attributes to the file. In alternative implementations, the graphical user interface to classify a file includes an “Advanced . . . ” tab (not shown) or any other suitable interface to enable the user to assign non-default settings for the data usage attributes to the file.
In some implementations, any non-default setting for the file is permissible. In other implementations, any non-default setting assigned by the user to the file must be more restrictive than the corresponding setting (default or otherwise) of the folder.
As before, precisely how the application applies the settings to the file will depend upon the data usage attributes, the settings and the application.
The automatic classification of files and folders as described above may be complemented by the use of access control lists implemented in the operating system and/or file repository as is known in the art.
Although the subject matter has been described in language specific to structural features and/or methodological acts, it is to be understood that the subject matter defined in the appended claims is not necessarily limited to the specific features or acts described above. Rather, the specific features and acts described above are disclosed as example forms of implementing the claims.