Data loss prevention using an ephemeral key

With the advent of cloud storage, smartphones, MP3 music players, and removable flash devices, data is more mobile than ever before. However, with this newfound mobility come the issues of how to determine whether data may be too sensitive to leave a user´s device, and, if it is appropriate to save the data to remote storage, how best to secure it for the long term. Data loss prevention applications per form this job, typically by redirecting potentially sensitive saved files to a secure local storage quarantine, scanning them, and then doing a final copy to remote storage if the scan passes policy. The problem with local storage quarantine is the additional overhead required to essentially serially write the file twice-once to local storage and finally once to the remote storage destination. This paper presents an alternate method for doing data loss prevention using an ephemeral cryptographic key. By using an ephemeral key, encrypted data can be safely scanned in situ on the remote storage destination and securely removed if inappropriate. This direct technique results in better efficiency and lower latency than a circuitous local storage quarantine. An added benefit of using an ephemeral key for data loss prevention is that the encrypted file can be secured afterward to the persistent keys of multiple recipients with a minimum of additional post-processing.