Automatically creating data protection roles using anonymized analytics

What is claimed is: 1 . A computer-implemented method of selecting data protection policies for a new system, comprising: collecting user, role, permission, and resource metadata for a plurality for a plurality of other users accessing data in the respective systems under corresponding access rules, wherein the collected metadata is anonymized with respect to personal identifying information; storing the collected metadata in an anonymized analytics database; receiving user, role, permission and resource metadata for the new system from a specific user; and matching the received specific user metadata to the collected metadata to facilitate selection of an optimum access policy of the one or more access policies based on the assets and access restrictions of the new system. 2 . The method of claim 1 further comprising configuring the new system with the identified optimum access policy as an initial configuration of the new system. 3 . The method of claim 2 wherein the new system is a newly deployed computer network installed at day zero of a deployment period. 4 . The method of claim 1 wherein the collected metadata comprises at least one of: a company type based on common industry classification, geolocation information of a user of the other users, role names and access permissions of each user of the other users; and resource signatures for the access permissions of the other users to resources within a respective system. 5 . The method of claim 4 wherein the resources comprise at least one of data stored within a system, or storage, interface, and processing devices within the system. 6 . The method of claim 5 wherein the access permissions allow restrictive by a user to a resource comprising at least one of: credential exchange, multi-factor authentication requirements, or use of an identity provider (IdP) service to gain access to the resource. 7 . The method of claim 1 wherein the metadata is derived using a cluster analysis process. 8 . The method of claim 7 further comprising, for each user: defining a set of metrics characterizing each user in the system; extracting metadata of the set of metrics from a user to be allowed access to the resource; comparing each metric of the user with corresponding metadata of a plurality of clusters each containing one or more other users, wherein a unique access policy is assigned to each cluster of the plurality of clusters to be applied to each user within a respective cluster; determining an overall affinity score of the user relative to each cluster; and automatically grouping the user into a cluster with the highest overall affinity score. 9 . A computer-implemented method of assigning users of a new system to corresponding access restrictions, comprising: extracting metadata for a plurality of metrics for each user for a plurality of other users; comparing the metadata for each user to corresponding metadata for each other user; calculating an affinity percentage for each metric of the user with the metrics of each other user; determining an overall affinity percentage for the user based on the calculated affinity percentage for each metric; and automatically grouping the users of the new system with clusters of other assets when the overall affinity percentage exceeds a defined threshold value. 10 . The method of claim 9 wherein the plurality of metrics each comprise an attribute that defines certain features of each user relevant to the access restrictions restricting access to one or more resources including data, devices, and interfaces of the new system. 11 . The method of claim 10 wherein the grouping determines a access policy to be applied to the grouped users, and wherein a different access policy is applied to each cluster of assets. 12 . The method of claim 9 wherein the metadata extracted for the plurality of other users comprises anonymized data having no personally identifying or identifiable information. 13 . The method of claim 12 further comprising storing the extracted metadata in an anonymized analytics database. 14 . The method of claim 12 wherein the collected metadata comprises at least one of: a company type based on common industry classification, geolocation information of a user of the other users, role names and access permissions of each user of the other users; and resource signatures for the access permissions of the other users to resources within a respective system. 15 . The method of claim 14 wherein the access permissions allow restrictive by a user to a resource comprising at least one of: credential exchange, multi-factor authentication requirements, or use of an identity provider (IdP) service to gain access to the resource. 16 . A computer-implemented method of grouping users for access restriction assignment based on user metadata in a data protection system, comprising: grouping the users into respective clusters based on a sufficiently high similarity of characteristics defined by metadata elements of the users; assigning a unique access policy to each cluster of grouped users; storing resource metadata signatures for each user in an anonymized analytics database; using the user metadata signatures to identify one or more access policies to apply to a specific user of a new computer system; and configuring the new system with the identified policy or policies as an initial configuration of the new system. 17 . The method of claim 16 wherein metadata elements encapsulate a plurality of metrics each comprising an attribute that defines certain features of each user relevant to accessing resources comprising data, devices or interfaces in the system. 18 . The method of claim 17 wherein the collected metadata comprises at least one of: a company type based on common industry classification, geolocation information of a user of the other users, role names and access permissions of each user of the other users; and resource signatures for the access permissions of the other users to resources within a respective system. 19 . The method of claim 18 wherein the access permissions allow restrictive by a user to a resource comprising at least one of: credential exchange, multi-factor authentication requirements, or use of an identity provider (IdP) service to gain access to the resource. 20 . The method of claim 19 wherein the metadata elements comprise metadata extracted for the plurality of other users comprises anonymized data having no personally identifying or identifiable information.