Abstract: Techniques are described herein that are capable of using a requestor identity to enforce a security policy on a network connection that conforms to a shared-access communication protocol. A request to create the network connection to a network resource is received. The network connection is associated with the requestor identity, which identifies a requesting entity associated with the request, by associating the request with the requestor identity and further by associating the network connection with the request. A determination is made whether the requesting entity is authorized to access the network resource based at least in part on a permission that is indicated by the security policy. Based at least in part on the permission indicating that the requesting entity is authorized to access the network resource, the network connection to the network resource is created.

Abstract: Methods for network aware endpoint data loss prevention (DLP) in web transactions are performed by systems and devices, which includes implementing DLP on endpoint devices and focuses on web traffic events from web browsers, while also associating the events to the network source entity. File download and upload events are intercepted from the operating system by a file system filter that determines the process creating events is a web browser based on process identifiers and comparing process names and process executable signatures. A uniform resource locator (URL) from a current tab or session is retrieved for the web browser. Policies for events are evaluated via a policy server or via cache, and additional data from the file is provided for policy decisions when necessary. DLP actions taken via the file system filter to block or allow events, including encrypting file data, are based on the policy decisions.