Abstract: Methods, systems, and computer-readable media for managing enterprise data movement using a heuristic data movement detection engine are presented. In some embodiments, a computer system may receive one or more data packets associated with a movement of enterprise data intercepted by a filtering engine. Subsequently, the computer system may evaluate the one or more data packets associated with the movement of enterprise data intercepted by the filtering engine based on at least one predefined data movement pattern. Then, the computer system may detect at least one variation from the at least one predefined data movement pattern based on the evaluating of the one or more data packets associated with the movement of enterprise data intercepted by the filtering engine. Thereafter, the computer system may send at least one alert message based on the detecting of the at least one variation from the at least one predefined data movement pattern.

Abstract: A computing system may receive physical-storage-media identifiers stored on physical storage media approved for use by an organization. The computing system may generate, for each of the physical storage media, a log entry comprising a physical-storage-media identifier, of the physical-storage-media identifiers, stored on the physical storage medium. The computing system may receive, from a computing device, a request to write secure data to a physical storage medium.

Abstract: A centralized controller may include at least one processor, a memory and a communication interface. The centralized controller may configure a computing system in a single deployment of an executable process. The executable process may include multiple executable instances associated with one of multiple different templates for the executable process. Each template may include multiple user-configurable parameters. A user may request a template associated with a first executable instance and update the template using the user-configurable parameters. The centralized controller may generate a second executable instance of the executable process and a second template associated with the second executable instance based on the updated template. The centralized controller may reconfigure the computing system based on the second executable instance of the executable process while maintaining the configuration of the computing system based on the first executable instance.

Abstract: Embodiments for preventing data loss in a business environment are provided. In some embodiments, a secure endpoint file export application assigns users to different classes having different permissions for accessing and writing data. In an embodiment, the system and method are configured to identify a plurality of users in a business environment; classify the plurality of users according to business needs; assign the users to one of at least two classes based on the classification; determine that the first user is permitted to access the data; transmit the secure file to a second user who is permitted to write the data in the secure file to removable media; write the data in the secure file to the removable media; and track a location of the removable media.

Abstract: Embodiments for providing secure data containers and allowing selective access to files stored in the containers include systems and methods that receive a request to create a container, wherein the container is a file system comprising access parameters that define one or more permitted actions and one or more permitted users for the container; determine duration parameters for the container, wherein the duration parameter comprise a time duration during which the container may be accessed; determine a fingerprint of the container, the fingerprint being a record of the container for comparison to the container at a later time; generate the container with the access parameters, duration parameters, and fingerprint; monitor the container for compliance with the access parameters, duration parameters, and fingerprint; and apply a consequence when the container is not in compliance with the access parameters, duration parameters, or fingerprint.

Abstract: Embodiments for preventing data loss and allowing selective access data include systems and methods that determine that a file has been created or received; determine a fingerprint of the file, wherein the fingerprint is a record of the file for comparison to the file at a later time; determine at least one permitted use related to the file, wherein the permitted uses comprises a permitted user and a permitted action; determine that the file is being accessed by a user; determine whether the user is a permitted user of the file based on an identity of the user; compare the file to the associated fingerprint of the file when the user is a permitted user; determine the action being taken by the user when the file matches the associated fingerprint; and permit the action to occur when the action is a permitted action of the file.

Abstract: An enterprise-wide centralized dashboard/user-interface for managing data transfer/movement provided by a technology-agnostic and protocol-agnostic data transfer/movement module. Such management includes controlling the initiation and disablement of data transfers and configuring routing, timing and protocol(s) for data transfers. In addition, the dashboard/user-interface may be configured to provide (i) centralized control over user entitlements at a highly granular level, such as server-level, route-level or the like, (ii) the ability to track data transmission progress, such as by providing users a real-time view of the status/location of enterprise-wide data transmission (iii) centralized management over data transmission records and set logs, such that a user can analyze data transmissions across the enterprise and view full tracking data including transmission errors and (iv) centralized control over security and governance of data transmissions, including approval/denial of data transmissions.

Abstract: A technology/operating system-agnostic and protocol-agnostic modular-based service delivery system that includes a management of enterprise-wide deployment of services and updates to services delivered by the modules of the system. Management includes determination and automatic implementation of an optimal schedule for service deployment, service version updates and service version roll-backs based on (i) predetermined lifecycle levels assigned to networked devices in the enterprise executing the service delivery application, and/or (ii) segments within the enterprise.

Abstract: A technology/operating system-agnostic and protocol-agnostic modular-based service delivery system that includes a management of enterprise-wide deployment of services and updates to services delivered by the modules of the system. Management includes determination and automatic implementation of an optimal schedule for service deployment, service version updates and service version roll-backs based on (i) predetermined lifecycle levels assigned to networked devices in the enterprise executing the service delivery application, and/or (ii) segments within the enterprise.

Abstract: Management over data movement/transfer is accomplished by employing a data transmission rating system that assigns a data transmission rating to each server in the enterprise-wide communication network and subsequently makes determinations as to whether a data connection can be established between two or more servers based on the assigned data transmission rating. The enterprise-wide servers may be assigned a primary data transmission rating based on the type of data that the server is authorized to exchange and, optionally, the servers are assigned a secondary data transmission rating, (or a tertiary rating and so on) based on the geographic/physical location of the server. In this regard, in order for a data connection to be established between the two or more servers, the primary rating, and in those embodiments that implement a secondary rating, a tertiary rating and so on, must be determined to be authorized for establishing a data connection.

Abstract: A platform for providing authorization of electronic communication of secure data to external entities, e.g., vendors, third parties or the like based on an assessment of the data risk associated with communicating the data to the external entity. The secure data that is to be communicated, in the form of specific data items, are identified as well as the associated security standards. The external identity is assessed to ensure their capabilities to properly meet the enterprise/sender's information security, business privacy and continuity standards, along with applicable industry standards. Based on the results of the assessment, remediation action may be required to address critical vulnerabilities or recommendations may be presented to a decision-making entity to grant authorization to electronically communicate the data in question to the external entity. In response to granting authorization, secure communication channels are allocated and established to allow for communication of the data.

Abstract: A technology/operating system-agnostic and protocol-agnostic service delivery system that includes a unified means data movement/transfer. By unifying the delivery of such services the need to deploy numerous different technology/OS-specific and/or protocol-specific applications/services conventionally used to provide such services is obviated. The unified nature of the system, not only provides for comprehensive delivery of services, such as data movement amongst all the servers in the enterprise's network but also provides for unified management of the services delivered, such as governance control over the services, unified tracking of services delivered, unified provisioning of updates/revisions to modules, and auditing processes for services delivered.

Abstract: A technology-agnostic and protocol-agnostic system for transferring data between an enterprise, such as a financial institution or the like and external entities, such as commercial banking customers and the like. The embodiments described provide the user with a data transfer solution that is compatible with all major operating systems, supports mobile platforms and allows for local data transfer, as well as, data transfer from cloud services and cloud connection services. The comprehensive nature of the application provides for applicable data transfer amongst all of the different services provided by the enterprise and provides the user/external entity with a streamlined means for transferring data to and from the enterprise. The application minimizes external entity involvement from an Information Technology (IT) standpoint, such that any user can efficiently, effectively and reliably transfer data to and from an enterprise with minimal risk and high confidence.

Abstract: Embodiments for preventing data loss in a business environment are provided. In some embodiments, a secure endpoint file export application assigns users to different classes having different permissions for accessing and writing data. In an embodiment, the system and method are configured to identify a plurality of users in a business environment; classify the plurality of users according to business needs; assign the users to one of at least two classes based on the classification; determine that the first user is permitted to access the data; transmit the secure file to a second user who is permitted to write the data in the secure file to removable media; write the data in the secure file to the removable media; and track a location of the removable media.

Abstract: Embodiments for preventing data loss in a business environment are provided. In some embodiments, a secure endpoint file export application assigns users to different classes having different permissions for accessing and writing data. In an embodiment, the system and method are configured to identify a plurality of users in a business environment; classify the plurality of users according to business needs; assign the users to one of at least two classes based on the classification; determine that the first user is permitted to access the data; transmit the secure file to a second user who is permitted to write the data in the secure file to removable media; write the data in the secure file to the removable media; and track a location of the removable media.

Abstract: A technology/operating system-agnostic and protocol-agnostic modular-based service delivery system that includes a management of enterprise-wide deployment of services and updates to services delivered by the modules of the system. Management includes determination and automatic implementation of an optimal schedule for service deployment, service version updates and service version roll-backs based on (i) predetermined lifecycle levels assigned to networked devices in the enterprise executing the service delivery application, and/or (ii) segments within the enterprise.

Abstract: Disclosed is a system for onboarding a new customer. The system for onboarding a new customer typically includes a processor, a memory, and a customer onboarding module stored in the memory.

Abstract: Embodiments disclosed herein relate to systems, methods, and computer program products for providing an extensible input database and associated reference database. In some embodiments, the system and method provide an extensible input database and a graphical user interface for inputting data into the extensible input database; receive data from a user via the graphical user interface, the data comprising content for the extensible input database; generate a key for a reference database based on the content received from the user; populate the extensible input database with the content; and associate the content in the extensible input database with the key in the reference database. The extensible input database is flexible in receiving different types of data and reduces the number of databases needed in order to store different types of data.

Abstract: Embodiments for preventing data loss in a business environment are provided. In some embodiments, a secure endpoint file export application assigns users to different classes having different permissions for accessing and writing data. In an embodiment, the system and method are configured to identify a plurality of users in a business environment; classify the plurality of users according to business needs; assign the users to one of at least two classes based on the classification; determine that the first user is permitted to access the data; transmit the secure file to a second user who is permitted to write the data in the secure file to removable media; write the data in the secure file to the removable media; and track a location of the removable media.

Abstract: Embodiments for preventing data loss and allowing selective data access are provided. In some embodiments, the system and method are configured to receive task protocols and registration requests; determine an allowed list based on the protocols or requests, the list comprising registered data and codes needed to execute a task; allow a user to establish a connection to a device to execute the task on the device; identify data being transferred to and from the device; compare the data being transferred and the allowable list; and determine that at least some of the data being transferred is allowable.