Abstract: In one or more embodiments, one or more systems, one or more methods, and/or one or more methods may: execute a first information handling system (IHS) initialization executable via an environment associated with IHS firmware; register, by the first IHS initialization executable, a process configured to store multiple IHS initialization executable/OS executable pairs via a volatile memory medium of the IHS; for each IHS initialization executable/OS executable pair of the multiple IHS initialization executable/OS executable pairs: call, by an IHS initialization executable of the IHS initialization executable/OS executable pair, the process; and copy, by the process, an OS executable of the IHS initialization executable/OS executable pair from the first non-volatile memory medium to the volatile memory medium; retrieve a driver via a network; execute the driver; and copy, by the driver, each OS executable, which was copied to the volatile memory medium, to a non-volatile memory medium of the IHS.

Abstract: In one or more embodiments, one or more systems, one or more methods, and/or one or more methods may: execute a first information handling system (IHS) initialization executable via an environment associated with IHS firmware; register, by the first IHS initialization executable, a process configured to store multiple IHS initialization executable/OS executable pairs via a volatile memory medium of the IHS; for each IHS initialization executable/OS executable pair of the multiple IHS initialization executable/OS executable pairs: call, by an IHS initialization executable of the IHS initialization executable/OS executable pair, the process; and copy, by the process, an OS executable of the IHS initialization executable/OS executable pair from the first non-volatile memory medium to the volatile memory medium; retrieve a driver via a network; execute the driver; and copy, by the driver, each OS executable, which was copied to the volatile memory medium, to a non-volatile memory medium of the IHS.

Abstract: A system that implements a software tool for data leak prevention whenever a protected document containing sensitive or encrypted content is opened by a document-management application having capability to directly access an Internet Protocol (IP) network, such as the Internet, without using the HyperText Transfer Protocol (HTTP). The application is selectively blocked from accessing the Internet whenever a protected document is opened by the application. The application may be, for example, the Microsoft® Word or the Adobe® Acrobat® Reader. The software tool restores the network access for the application once the protected document is no longer open in the application. Even though one application is blocked from accessing the IP network, the software tool allows another application to access the network so long as a non-protected document is opened by the other application. Thus, application-specific, selective blocking of network access is accomplished by the software tool based on document content.

Abstract: Systems and methods for preventing leakage of protected data to unsecured applications and documents may include determining that a first document is a protected document in a managed application, detecting a request to copy protected data from the first document to a system clipboard accessible by unprotected documents, redirecting the protected data to a secure clipboard, determining that a second document is an unprotected document, detecting a request to paste the protected data into the second document, and refraining from pasting the protected data into the second document. The secure clipboard may be implemented by a data leakage prevention (DLP) client. It may be separate from the system clipboard and inaccessible by unprotected documents. Dynamic-link library injection and API hooking may allow the DLP client to intercept clipboard related function calls made by managed applications into the operating system and to transparently change the behavior of the managed application.

Abstract: In one or more embodiments, one or more systems, methods, and/or processes may redirect a request to open a document to a background process that controls access to the document; may determine policy information associated with the document and a user of an application; may provide the document to the application; may determine an area of a user interface of the application that displays information of the document; may determine watermark information based at least on the policy information; may generate one or more watermarks based at least on the watermark information; and may display the one or more watermarks, based at least on the watermark information, on the area of the user interface of the application that displays the information of the document.

Abstract: A system that implements a software tool for data leak prevention whenever a protected document containing sensitive or encrypted content is opened by a document-management application having capability to directly access an Internet Protocol (IP) network, such as the Internet, without using the HyperText Transfer Protocol (HTTP). The application is selectively blocked from accessing the Internet whenever a protected document is opened by the application. The application may be, for example, the Microsoft® Word or the Adobe® Acrobat® Reader. The software tool restores the network access for the application once the protected document is no longer open in the application. Even though one application is blocked from accessing the IP network, the software tool allows another application to access the network so long as a non-protected document is opened by the other application. Thus, application-specific, selective blocking of network access is accomplished by the software tool based on document content.

Abstract: Systems and methods for preventing leakage of protected data to unsecured applications and documents may include determining that a first document is a protected document in a managed application, detecting a request to copy protected data from the first document to a system clipboard accessible by unprotected documents, redirecting the protected data to a secure clipboard, determining that a second document is an unprotected document, detecting a request to paste the protected data into the second document, and refraining from pasting the protected data into the second document. The secure clipboard may be implemented by a data leakage prevention (DLP) client. It may be separate from the system clipboard and inaccessible by unprotected documents. Dynamic-link library injection and API hooking may allow the DLP client to intercept clipboard related function calls made by managed applications into the operating system and to transparently change the behavior of the managed application.

Abstract: In one or more embodiments, one or more systems, methods, and/or processes may redirect a request to open a document to a background process that controls access to the document; may determine policy information associated with the document and a user of an application; may provide the document to the application; may determine an area of a user interface of the application that displays information of the document; may determine watermark information based at least on the policy information; may generate one or more watermarks based at least on the watermark information; and may display the one or more watermarks, based at least on the watermark information, on the area of the user interface of the application that displays the information of the document.

Abstract: A secure access client can be employed to enforce limitations on a user's access to a file while also allowing the user to access the file using an application of choice. To provide this functionality, the secure access client can implement an RDP client that is configured to create an RDP session with an RDP service executing on the same computing device. The RDP service can allow the secure access client to display the user interface of an application employed to open a file. The secure access client can be configured to selectively apply access limitations on a per file basis. This selective enforcement can be accomplished by only implementing a virtual channel extension to provide a particular type of access to the file when the file's access limitations would allow such access.

Abstract: Systems and methods for secure third-party document editing are described. In some embodiments, a method may include tokenizing a file retrieved from a cloud storage provider (CSP); transmitting the tokenized file to a cloud editing provider (CEP); receiving a modified, tokenized file from the CEP; de-tokenizing the modified file; and enabling rendering of the de-tokenized, modified file. In other embodiments, a memory device may have program instructions stored thereon that, upon execution by a processor of an Information Handling System (IHS), cause the IHS to: provide a portal to a user executing a browser on a client device, wherein the portal includes an interface to a CSP and to a cloud editing provider (CDEP); and allow the user to access a document stored in the CSP and to edit the document using the CDEP via the browser.

Abstract: A secure access client can be employed to enforce limitations on a user's access to a file while also allowing the user to access the file using an application of choice. To provide this functionality, the secure access client can implement an RDP client that is configured to create an RDP session with an RDP service executing on the same computing device. The RDP service can allow the secure access client to display the user interface of an application employed to open a file. The secure access client can be configured to selectively apply access limitations on a per file basis. This selective enforcement can be accomplished by only implementing a virtual channel extension to provide a particular type of access to the file when the file's access limitations would allow such access.

Abstract: Systems and methods for secure third-party document editing are described. In some embodiments, a method may include tokenizing a file retrieved from a cloud storage provider (CSP); transmitting the tokenized file to a cloud editing provider (CEP); receiving a modified, tokenized file from the CEP; de-tokenizing the modified file; and enabling rendering of the de-tokenized, modified file. In other embodiments, a memory device may have program instructions stored thereon that, upon execution by a processor of an Information Handling System (IHS), cause the IHS to: provide a portal to a user executing a browser on a client device, wherein the portal includes an interface to a CSP and to a cloud editing provider (CDEP); and allow the user to access a document stored in the CSP and to edit the document using the CDEP via the browser.

Abstract: Embodiments of methods, systems, and services for transparent adaptive file transform are described. In one embodiment a method for transparent adaptive file transform is performed by a data processing device. The method may include automatically detecting a data transfer addressed to an external data storage. The method may also include redirecting data associated with the data transfer to a data transformer. Additionally, the method may include applying one or more data transforms to the data associated with the data transfer to generate a transformed data set. In an embodiment, the method may also include transferring the transformed data set to the external data storage. In one embodiment, the external data storage is a cloud storage facility.

Abstract: Embodiments of methods, systems, and services for transparent adaptive file transform are described. In one embodiment a method for transparent adaptive file transform is performed by a data processing device. The method may include automatically detecting a data transfer addressed to an external data storage. The method may also include redirecting data associated with the data transfer to a data transformer. Additionally, the method may include applying one or more data transforms to the data associated with the data transfer to generate a transformed data set. In an embodiment, the method may also include transferring the transformed data set to the external data storage. In one embodiment, the external data storage is a cloud storage facility.