Abstract: Systems and techniques for an automatic graph-based detection of unlikely file possession are described herein. In an example, a system for detecting unauthorized file possession is adapted to generate a networked computing environment graph for files and the devices which store the files. The detection system may be further adapted to identify a file in question and a device in question that is in possession of the file in question. The detection system may be further adapted to generate a set of connection paths from the device in question to the file in question based upon the edges of the graph. The detection system may be further adapted to determine the device in question should not have possession of the file in question based on a set of metrics derived from the connection paths. The detection system may be further adapted to generate an alert based on the determination.

Abstract: Systems and techniques for sensitive data movement detection are described herein. An attempt to relocate a file that is a member of a monitored data set may be identified. A user account associated with the attempt to relocate the file may be determined. A safe user group may be identified for the user account associated with the attempt to relocate the file. A destination may be obtained for the attempt to relocate the file. A safe zone may be determined for the monitored data set using the user account and the identification of the monitored data set. A notification may be provided based on the destination for the attempt to relocate the file and the safe user group and the safe zone.

Abstract: Systems and techniques for three-dimensional file event representation are described herein. File event data may be obtained for a file for a time segment. The file event data may include a file system hierarchy for the file. A spatial file operation map may be generated for the file system hierarchy including a file operation map for the file for the time segment. The file operation map for the file may include a plurality of layers with each layer of the plurality of layers representing a file operation class available for the file. It may be determined that a file operation was performed on the file during the time segment based on the file event data. An indication may be generated on a layer of the plurality layers of the file operation map that the file operation was performed. The layer corresponds to a file operation class of the file operation.

Abstract: Systems and techniques for an automatic graph-based detection of unlikely file possession are described herein. In an example, a system for detecting unauthorized file possession is adapted to generate a networked computing environment graph for files and the devices which store the files. The detection system may be further adapted to identify a file in question and a device in question that is in possession of the file in question. The detection system may be further adapted to generate a set of connection paths from the device in question to the file in question based upon the edges of the graph. The detection system may be further adapted to determine the device in question should not have possession of the file in question based on a set of metrics derived from the connection paths. The detection system may be further adapted to generate an alert based on the determination.

Abstract: Disclosed in some examples are methods, systems, and machine readable mediums which provide for encrypted file system element containers which secure sensitive file system elements. The encrypted file system element containers are sent from a network based file storage system upon selection of file system elements for a network based file download and stored in a user's computing device in an encrypted state while the data is at rest. An application on the user's computing device may provide access to the file system elements (e.g., files, directories, and the like) inside the encrypted file system element containers according to a set of one or more access rules. Example access rules include a time-to-live (TTL) rule that deletes or causes the encrypted file system element containers to be inaccessible after a predetermined amount of time.

Abstract: Disclosed in some examples are methods, systems, and machine readable mediums which monitor, archive, and version file system elements stored in one or more different network based file storage systems for one or more different users. Any changes to file system elements stored in the network based file storage systems are recorded and versioned. The system may allow users to revert to a previous version of a file system element, recover a deleted file system element, and the system allows for audits to determine which users placed a file system element in which network based file storage systems and determine which users had access to the file system element in the network based file storage systems. As a result, the disclosed system improves the end-user experience by providing versioning and auditing capabilities as well as allowing organizations to monitor and control their digital property in network based file storage systems.

Abstract: In connection with a data distribution architecture, client-side “deduplication” techniques may be utilized for data transfers occurring among various file system nodes. In some examples, these deduplication techniques involve fingerprinting file system elements that are being shared and transferred, and dividing each file into separate units referred to as “blocks” or “chunks.” These separate units may be used for independently rebuilding a file from local and remote collections, storage locations, or sources. The deduplication techniques may be applied to data transfers to prevent unnecessary data transfers, and to reduce the amount of bandwidth, processing power, and memory used to synchronize and transfer data among the file system nodes. The described deduplication concepts may also be applied for purposes of efficient file replication, data transfers, and file system events occurring within and among networks and file system nodes.

Abstract: In connection with a data distribution architecture, client-side “deduplication” techniques may be utilized for data transfers occurring among various file system nodes. In some examples, these deduplication techniques involve fingerprinting file system elements that are being shared and transferred, and dividing each file into separate units referred to as “blocks” or “chunks.” These separate units may be used for independently rebuilding a file from local and remote collections, storage locations, or sources. The deduplication techniques may be applied to data transfers to prevent unnecessary data transfers, and to reduce the amount of bandwidth, processing power, and memory used to synchronize and transfer data among the file system nodes. The described deduplication concepts may also be applied for purposes of efficient file replication, data transfers, and file system events occurring within and among networks and file system nodes.

Abstract: Systems and techniques for a distributed file system element collection are described herein. A node may identify a state of a file system element, which is identified in a file system element definition, from a local data store. The state corresponds to a distribution action. The file system element definition is one of a plurality of file system element definitions in a collection schema of a collection to which the node is a member. The node may, in response to identifying the state of the file system element, issue a communication to some members of the collection in furtherance of completion of the distribution action. A response may be received by the node from a participant node in the list of participant nodes. The node may complete the distribution action using content from the response.

Abstract: Disclosed in some examples are predictive storage techniques for use in a distributed data system. The predictive storage techniques may be used to manage locally stored elements of a shared data collection, such as the storage of files on nodes of the distributed data system that are limited in local storage space. The predictive storage techniques may achieve a balance between consumption of local resources and timely access of important elements in the shared data collection. For example, the predictive storage techniques may be used for keeping or pre-caching certain items of a collection that are determined as likely to be used in local storage for convenient access, and allowing access the remaining items on request over a network.

Abstract: In connection with a data distribution architecture, client-side “deduplication” techniques may be utilized for data transfers occurring among various file system nodes. In some examples, these deduplication techniques involve fingerprinting file system elements that are being shared and transferred, and dividing each file into separate units referred to as “blocks” or “chunks.” These separate units may be used for independently rebuilding a file from local and remote collections, storage locations, or sources. The deduplication techniques may be applied to data transfers to prevent unnecessary data transfers, and to reduce the amount of bandwidth, processing power, and memory used to synchronize and transfer data among the file system nodes. The described deduplication concepts may also be applied for purposes of efficient file replication, data transfers, and file system events occurring within and among networks and file system nodes.

Abstract: Disclosed in some examples is a data distribution mechanism for distributing a collection of file system elements across one or more computing devices. The system can include a plurality of nodes implemented on a machine. The data distribution mechanism may be used in connection with data synchronization, sharing, backup, archiving, and versioning operations for a plurality of connected machines on behalf of one or a plurality of users.