Abstract: The disclosed computer-implemented method for aggregating information-asset classifications may include (1) identifying a data collection that includes two or more information assets, (2) identifying a classification for each of the information assets, (3) deriving, based at least in part on the classifications of the information assets, an aggregate classification for the data collection, and (4) associating the aggregate classification with the data collection to enable a data management system to enforce a data management policy based on the aggregate classification. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: A computer system receives, from a user device, a request to access a resource within a network of an organization and receives access credentials associated with an application, a user and the user device. The computer system identifies an application identifier, a user identifier and a device identifier and determines whether the combination of these identifiers satisfies an access policy. If the combination of application identifier, user identifier and device identifier satisfies the access policy, then the computer system grants the application access to the resource within the network of the organization.

Abstract: The disclosed computer-implemented method for aggregating information-asset metadata from multiple disparate data-management systems may include (1) receiving a first instance of metadata of an information asset from a first data-management system that manages information assets of an entity in a first domain, (2) receiving a second instance of metadata of the information asset from a second data-management system that manages the information assets of the entity in a second domain that is separate and distinct from the first domain, (3) storing the first and second instances of metadata in a global metadata repository that is separate and distinct from the first and second data-management systems, and (4) providing access to the first and second instances of metadata stored in the global metadata repository to the first data-management system, the second data-management system, and/or the entity. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: A computing system assigns an anonymous cloud account to a user in response to a determination that identity information of the user is validated for a request to access a cloud. The anonymous cloud account does not reveal an identity of the user to the cloud. The computing system creates mapping data that associates the user with the anonymous cloud account. The cloud does not have access to the mapping data. The computing system facilitates user access to the cloud based on the anonymous cloud account. The cloud generates cloud access pattern data for the anonymous cloud account without determining the identity of the user.

Abstract: An authentication sequencing and normalization module may receive a first authentication associated with a user and assign a level of assurance value to the user based on the first authentication from a first identity service of a specific type. If the user is associated with a second authentication, based on a second identity service of an alternate type, then the level of assurance value assigned to the user may be incremented. Furthermore, access to an application by the user may be allowed if the incremented level of assurance value assigned to the user meets or exceeds a second level of assurance value of a policy assigned to the application. Different users may be authenticated in the authentication sequencing and normalization module by disparate identity services.

Abstract: A virtual identity and context module may generate a virtual identity for a user. Virtual identities for different categories of users may be sourced from disparate identity services. For example, a first authentication of the user provided by a first identity service may be identified. A first virtual attribute field of the virtual identity may be populated or filled based on a first attribute field associated with the first identity service. A second identity service associated with the user may also be identified. A second virtual attribute field of the virtual identity may be populated or filled based on a second attribute field associated with the second identity service. Access to an application may be provided to a user based on the virtual attribute fields of the virtual identity that has been generated for the user.

Abstract: A cloud service access and information gateway receives, from a user device, a request to access a cloud service. The cloud service access and information gateway compares a security status of the user device to a network access control policy for the cloud service. If the security status satisfies a condition of the network access control policy, the cloud service access and information gateway grants the user device access to the cloud service. If the security status does not satisfy the condition of the network access control policy, the cloud service access and information gateway requests an update to the security status of the user device to satisfy the condition.

Abstract: An E-DRM remote caching system enables a user without a client side E-DRM access component to view E-DRM governed content on a variety of client devices. The user transmits inaccessible E-DRM governed content to be viewed to a the remote caching system. The remote system receives the content, temporarily stores it in a cache, and determines whether the user has sufficient rights to view the content. If the user does have sufficient access rights, the remote system transforms the content into a secure, viewable format and securely transmits it to the user. The user can view the E-DRM governed content without an E-DRM client side access component. The E-DRM remote caching system can add a unique digital marker to received content. The marker can be subsequently used to identify the origin of compromised content.

Abstract: Techniques for providing access to data in dynamic shared accounts are disclosed. In one particular exemplary embodiment, the techniques may be realized as a system for providing data in dynamic shared accounts. The system may comprise one or more processors communicatively coupled to a network. The one or more processors may be configured to identify a first user associated with an account, identify a second user to have access to the account associated with the first user in the event the first user is unavailable to access data or perform functions associated with the account, map the second user to the account, and provide the second user access to the account based on the mapping and with access privileges associated with the first user.

Abstract: Techniques for providing role-based access control using dynamic shared accounts are disclosed. In one particular exemplary embodiment, the techniques may be realized as a system and method for providing role-based access using dynamic shared accounts. For example, the system may comprise one or more processors communicatively coupled to a network. The one or more processors may be configured to: receive a request for access to an account, wherein the request comprises an identifier associated with a user; authenticate the user for access to the account; identify one or more predetermined roles associated with the account for the user; identify one or more pseudo accounts corresponding to the one or more predetermined roles; map the user to the one or more pseudo accounts; and provide user access to the account based on the mapping and with access privileges associated with the one or more predetermined roles associated with the user.

Abstract: A computer system receives, from a user device, a request to access a resource within a network of an organization and receives access credentials associated with an application, a user and the user device. The computer system identifies an application identifier, a user identifier and a device identifier and determines whether the combination of these identifiers satisfies an access policy. If the combination of application identifier, user identifier and device identifier satisfies the access policy, then the computer system grants the application access to the resource within the network of the organization.

Abstract: A cloud service access and information gateway receives, from a user device, a request to access a cloud service. The cloud service access and information gateway determines an identity of a user making the request to access the cloud service and compares the identity of the user to a password vault control policy. The cloud service access and information gateway determines, based on the comparing, one or more sections of a split password vault to which the user has access. The split password vault comprises a first section storing a first set of log-in credentials and a second section storing a second set of log-in credentials.

Abstract: A policy manager generates a uniform cloud service and information security policy based on a plurality of access contexts. The policy manager distributes the uniform cloud service and information security policy to a plurality of security blades, the security blades located within a plurality of cloud services and configured to control access for a user device to the cloud services and the information contained therein based on the uniform cloud service and information security policy.

Abstract: A method for inserting a validated time-image on a primary CDP subsystem in a continuous data protection and replication (CDP/R) subsystem. In one embodiment, the method includes processing data of RI1 at a secondary system in accordance with a recovery process, wherein RI1 is a first image of a replication of a data object. First data is generated in response to processing the data of RI1 in accordance with the recovery process, wherein the first data relates to processing the data of RI1 in accordance with the recovery process. Once the first data is generated, a copy of the first data is transmitted to a primary system that stores the data object.

Abstract: A computing system identifies shared cloud accounts of a cloud that are created for an entity. The computing system resides outside of the cloud. The number of shared cloud accounts is less than a number of entity users that use the cloud. The computing system determines that one of the users is authorized to use any of the shared cloud accounts in response to a determination that identity information of the user is valid. The computing system receives a request from the user to access the cloud and determines whether one of the shared cloud accounts is available to be assigned to the user. The computing system adds the request to a queue based on a determination that none of the shared cloud accounts is available and assigns one of the cloud accounts to the user based on a determination that one of the shared cloud accounts is available.

Abstract: Various embodiments of a system and method for restoring a file are described herein. A previous version of the file may be split into segments and backed up to a server computer system. In response to a subsequent request to restore the file to the previous version, the current segments of the file may be compared to the backup segments stored on the server computer system. The segments that have changed may be retrieved from the server computer system and used to restore the corresponding segments of the current version of the file to their previous states. Segments that have not changed do not need to be transferred across the network from the server computer system. In further embodiments, one or more of the segments that have changed may be obtained locally from other files, thus further reducing the amount of data transferred across the network.

Abstract: Techniques for providing access to data in dynamic shared accounts are disclosed. In one particular exemplary embodiment, the techniques may be realized as a system for providing data in dynamic shared accounts. The system may comprise one or more processors communicatively coupled to a network. The one or more processors may be configured to identify a first user associated with an account, identify a second user to have access to the account associated with the first user in the event the first user is unavailable to access data or perform functions associated with the account, map the second user to the account, and provide the second user access to the account based on the mapping and with access privileges associated with the first user.

Abstract: Various embodiments of a system and method for restoring a file are described herein. A previous version of the file may be split into segments and backed up to a server computer system. In response to a subsequent request to restore the file to the previous version, the current segments of the file may be compared to the backup segments stored on the server computer system. The segments that have changed may be retrieved from the server computer system and used to restore the corresponding segments of the current version of the file to their previous states. Segments that have not changed do not need to be transferred across the network from the server computer system. In further embodiments, one or more of the segments that have changed may be obtained locally from other files, thus further reducing the amount of data transferred across the network.

Abstract: A method for inserting a validated time-image on a primary CDP subsystem in a continuous data protection and replication (CDP/R) subsystem. In one embodiment, the method includes processing data of RI1 at a secondary system in accordance with a recovery process, wherein RI1 is a first image of a replication of a data object. First data is generated in response to processing the data of RI1 in accordance with the recovery process, wherein the first data relates to processing the data of RI1 in accordance with the recovery process. Once the first data is generated, a copy of the first data is transmitted to a primary system that stores the data object.

Abstract: An E-DRM remote caching system enables a user without a client side E-DRM access component to view E-DRM governed content on a variety of client devices. The user transmits inaccessible E-DRM governed content to be viewed to a the remote caching system. The remote system receives the content, temporarily stores it in a cache, and determines whether the user has sufficient rights to view the content. If the user does have sufficient access rights, the remote system transforms the content into a secure, viewable format and securely transmits it to the user. The user can view the E-DRM governed content without an E-DRM client side access component. The E-DRM remote caching system can add a unique digital marker to received content. The marker can be subsequently used to identify the origin of compromised content.