	US 12,216,778 B2
	Distributing data amongst storage components using data sensitivity classifications
Yossef Saad, Ganei Tivka (IL); and Itay Glick, Ramat Hasharon (IL)
Assigned to EMC IP Holding Company LLC, Hopkinton, MA (US)
Filed by EMC IP Holding Company LLC, Hopkinton, MA (US)
Filed on Jan. 15, 2020, as Appl. No. 16/743,863.
Prior Publication US 2021/0216657 A1, Jul. 15, 2021
Int. Cl. G06F 21/62 (2013.01); G06F 3/06 (2006.01); G06F 11/14 (2006.01); G06F 16/13 (2019.01); G06N 20/00 (2019.01)

CPC G06F 21/6218 (2013.01) [G06F 3/0623 (2013.01); G06F 3/065 (2013.01); G06F 3/0659 (2013.01); G06F 3/067 (2013.01); G06F 11/1451 (2013.01); G06F 16/13 (2019.01); G06N 20/00 (2019.01); G06F 2201/805 (2013.01)]

20 Claims

1. A system comprising:

one or more processors; and

a non-transitory computer readable medium storing a plurality of instructions, which when executed, cause the one or more processors to:

initialize a data distribution policy for a first client of a storage system including defining categories for classifying data files stored within one or more storage components of the storage system by analyzing attributes of the data stored within the one or more storage components, and assigning a data security rating to each of the defined categories, each of the categories describing a group of the data files based on a shared attribute of the data files, wherein defining the categories for classifying the data files associated with the first client is based on at least one of an industry associated with the first client, or categories used for a different set of data files associated with a second client of the storage system;

determine, for each of the storage components, a security capability based on at least one or more network attributes or device attributes associated with the storage component, the security capability being associated with accessibility of the storage component and being proportional to a degree of security provided to the data files stored by the storage component, wherein security is associated with unauthorized access;

scan the storage components to identify a stored first data file for reevaluation of whether the first data file is stored in an appropriate storage component having a security capability that corresponds to a data security rating of the first data file, the data security rating being proportional to a degree of protection from unauthorized access for the first data file;

classify the first data file to a first category having an assigned data security rating from amongst the defined categories based on one or more attributes associated with the first data file;

determine whether the data security rating which is assigned to the first category and which specifies a degree of protection required for the first data file against unauthorized access is satisfied by a degree of protection provided against unauthorized access as specified by the security capability for a first storage component that stores the first data file; and

initiate an operation to secure the first data file, in response to determining the degree of protection required for the first data file against unauthorized access is not satisfied by the degree of protection provided against unauthorized access as specified by the security capability for the first storage component.