Abstract: Disclosed are embodiments to manage modifications to a document such that the document conforms to requirements of a label. In some aspects, input assigning a label to a document is received. The label indicates requirements for the document. For example, the label marks the document as confidential, and requires the document to be encrypted when leaving a secure environment. The label may include additional requirements, such as particular watermarking or other content modifications to the document based on the confidential label. A device may be capable of modifying the document such that it satisfies only a subset of the label's requirements. The device then generates a message indicating a gap between the label's requirements and the state of the document, and sends the message to a network service. The network service is configured to augment the document as specified by the additional requirements indicated in the message.

Abstract: Disclosed are embodiments to manage modifications to a document such that the document conforms to requirements of a label. In some aspects, input assigning a label to a document is received. The label indicates requirements for the document. For example, the label marks the document as confidential, and requires the document to be encrypted when leaving a secure environment. The label may include additional requirements, such as particular watermarking or other content modifications to the document based on the confidential label. A device may be capable of modifying the document such that it satisfies only a subset of the label's requirements. The device then generates a message indicating a gap between the label's requirements and the state of the document, and sends the message to a network service. The network service is configured to augment the document as specified by the additional requirements indicated in the message.

Abstract: Systems and/or methods for deploying and implementing data loss prevention (DLP) policy definition that may encapsulate the requirements, control objectives and directives, and/or the definitions of sensitive data types as stipulated directly or indirectly by the regulatory policy are disclosed. In one embodiment, DLP policies may be identified by an organization to run on top of a set of electronic file systems (e.g., email systems, file systems, web servers and the like). Organizations and their administrators may implement a set of DLP policy instance which are derived from DLP policy templates. DLP policy templates may comprise both structure and meaning—and may acquire a given DLP policy by the replacement of parameterized expressions with desired parameter values. In another embodiment, the state of the DLP policy instance may change according to the lifecycle of the policy instance deployment.

Abstract: Systems and/or methods for deploying and implementing data loss prevention (DLP) policy definition that may encapsulate the requirements, control objectives and directives, and/or the definitions of sensitive data types as stipulated directly or indirectly by the regulatory policy are disclosed. In one embodiment, DLP policies may be identified by an organization to run on top of a set of electronic file systems (e.g., email systems, file systems, web servers and the like). Organizations and their administrators may implement a set of DLP policy instance which are derived from DLP policy templates. DLP policy templates may comprise both structure and meaning—and may acquire a given DLP policy by the replacement of parameterized expressions with desired parameter values. In another embodiment, the state of the DLP policy instance may change according to the lifecycle of the policy instance deployment.

Abstract: User input mechanisms are displayed for defining a compliance policy update. A unified compliance policy update is generated according to a unified schema that is consistent across different workloads. The unified compliance policy update is sent to a workload where it is deployed.

Abstract: A set of compliance policy updates are received. The compliance policy updates are sent to workloads for application. A status of the application of the compliance policies to the workloads is received from the workloads and output.

Abstract: A set of compliance policy updates are received. The compliance policy updates are sent to workloads for application. A status of the application of the compliance policies to the workloads is received from the workloads and output.

Abstract: User input mechanisms are displayed for defining a compliance policy update. A unified compliance policy update is generated according to a unified schema that is consistent across different workloads. The unified compliance policy update is sent to a workload where it is deployed.

Abstract: System and methods for the implementation and/or enforcement of an email policy for an organization's email system are presented. A Data Loss Prevention (DLP) policy may be implemented on top of the email system. In one embodiment, the DLP policy may comprise modules and/or processing that tests emails for such sensitive data within emails. If an email comprises such sensitive data, then the DLP policy directives may specify processing to be applied as part of each stage of mail processing, from authoring to mail processing on the server and delivery. A single policy may be authored and managed that will apply the policy directives uniformly across all aspects of the message lifecycle. Each of the message policy enforcement systems may evaluate the single policy definition and apply the policy directives in a manner consistent with the contextual evaluation of the policy.

Abstract: A set of compliance policy updates are received. The compliance policy updates are sent to workloads for application. A status of the application of the compliance policies to the workloads is received from the workloads and output.

Abstract: Systems and/or methods for deploying and implementing data loss prevention (DLP) policy definition that may encapsulate the requirements, control objectives and directives, and/or the definitions of sensitive data types as stipulated directly or indirectly by the regulatory policy are disclosed. In one embodiment, DLP policies may be identified by an organization to run on top of a set of electronic file systems (e.g., email systems, file systems, web servers and the like). Organizations and their administrators may implement a set of DLP policy instance which are derived from DLP policy templates. DLP policy templates may comprise both structure and meaning—and may acquire a given DLP policy by the replacement of parameterized expressions with desired parameter values. In another embodiment, the state of the DLP policy instance may change according to the lifecycle of the policy instance deployment.

Abstract: User input mechanisms are displayed for defining a compliance policy update. A unified compliance policy update is generated according to a unified schema that is consistent across different workloads. The unified compliance policy update is sent to a workload where it is deployed.

Abstract: Systems and/or methods for deploying and implementing data loss prevention (DLP) policy definition that may encapsulate the requirements, control objectives and directives, and/or the definitions of sensitive data types as stipulated directly or indirectly by the regulatory policy are disclosed. In one embodiment, DLP policies may be identified by an organization to run on top of a set of electronic file systems (e.g., email systems, file systems, web servers and the like). Organizations and their administrators may implement a set of DLP policy instance which are derived from DLP policy templates. DLP policy templates may comprise both structure and meaning—and may acquire a given DLP policy by the replacement of parameterized expressions with desired parameter values. In another embodiment, the state of the DLP policy instance may change according to the lifecycle of the policy instance deployment.

Abstract: A set of compliance policy updates are received. The compliance policy updates are sent to workloads for application. A status of the application of the compliance policies to the workloads is received from the workloads and output.

Abstract: User input mechanisms are displayed for defining a compliance policy update. A unified compliance policy update is generated according to a unified schema that is consistent across different workloads. The unified compliance policy update is sent to a workload where it is deployed.

Abstract: Systems, methods, and/or techniques (“tools”) that relate to an automated service for blocking malware hosts are described herein. In different implementations, the tools receive network addresses identifying hosts that are discovered to contain malware. The tools also provide the network addresses to a collection and storage service. Other components provided by the tools receive the network addresses from, for example, a plurality of reporting clients. These components may aggregate the network addresses across the reporting clients, and store instances of the malware and associated malware addresses.

Abstract: Systems and/or methods for deploying and implementing data loss prevention (DLP) policy definition that may encapsulate the requirements, control objectives and directives, and/or the definitions of sensitive data types as stipulated directly or indirectly by the regulatory policy are disclosed. In one embodiment, DLP policies may be identified by an organization to run on top of a set of electronic file systems (e.g., email systems, file systems, web servers and the like). Organizations and their administrators may implement a set of DLP policy instance which are derived from DLP policy templates. DLP policy templates may comprise both structure and meaning—and may acquire a given DLP policy by the replacement of parameterized expressions with desired parameter values. In another embodiment, the state of the DLP policy instance may change according to the lifecycle of the policy instance deployment.

Abstract: System and methods for the implementation and/or enforcement of an email policy for an organization's email system are presented. A Data Loss Prevention (DLP) policy may be implemented on top of the email system. In one embodiment, the DLP policy may comprise modules and/or processing that tests emails for such sensitive data within emails. If an email comprises such sensitive data, then the DLP policy directives may specify processing to be applied as part of each stage of mail processing, from authoring to mail processing on the server and delivery. A single policy may be authored and managed that will apply the policy directives uniformly across all aspects of the message lifecycle. Each of the message policy enforcement systems may evaluate the single policy definition and apply the policy directives in a manner consistent with the contextual evaluation of the policy.

Abstract: Systems, methods, and/or techniques (“tools”) that relate to an automated service for blocking malware hosts are described herein. In different implementations, the tools receive network addresses identifying hosts that are discovered to contain malware. The tools also provide the network addresses to a collection and storage service. Other components provided by the tools receive the network addresses from, for example, a plurality of reporting clients. These components may aggregate the network addresses across the reporting clients, and store instances of the malware and associated malware addresses.