SlideShare une entreprise Scribd logo

How does "Self-Defending Data" Work?

Vic Winkler
Vic Winkler

This document discusses self-defending data and ORCON (Originator Control), which allows data to persist access controls as it is shared. Self-defending data does not grant access unless requirements are met, is not affected if the computer or network are hacked, audits every access, and allows the originator to revoke access anytime. ORCON extends classic access controls and draws from models like DRM, MAC, RBAC, and ABAC to provide a flexible framework for persisting controls over data as it is shared within and between domains.

TechnologieBusiness
1  sur  9
Télécharger pour lire hors ligne
© Cocoon Data Holdings Limited 2013. All rights reserved. COVATA SELF-DEFENDING DATA Vic Winkler CTO Covata USA, Inc Reston, Virginia
© Cocoon Data Holdings Limited 2013. All rights reserved. Can You Control Unprotected Data? No. Adding strong security components to an otherwise weak system is usually NOT effective X
© Cocoon Data Holdings Limited 2013. All rights reserved. First, Control The Data Adding strong security components to an otherwise weak system is usually NOT effective Encrypt the data and apply access controls Persisting Access controls Persisting Control X ✔
© Cocoon Data Holdings Limited 2013. All rights reserved. Self-Defending Data •  Doesn’t grant access unless you meet it’s requirements •  Doesn’t care if the computer or network are hacked •  Every access is audited •  Originator can revoke access anytime •  …Every copy behaves the same way
© Cocoon Data Holdings Limited 2013. All rights reserved. Self-Defending Data …It’s Not: •  Disk encryption Each self-defending data object can have its own access control list (versus a single key for the disk) •  Multiple stove-pipes of encryption Each data object is protected consistently (through its life) as a single secure object •  PKI Self-defending data is simpler in concept, it should support agility and sharing (after all, ad-hoc relationships are common)
© Cocoon Data Holdings Limited 2013. All rights reserved. So, What is ORCON? •  History: U.S. Intelligence Community -  Desired “Originator Control” in Closed-Network Information Sharing Examples: Rescind Access; Prevent Forwarding •  Extends classic access controls •  Has elements of: DRM, MAC, RBAC, ABAC, and Capability-Based approaches ORCON Persisting Originator Control over Data Data }
© Cocoon Data Holdings Limited 2013. All rights reserved. ORCON … •  Does it have to be “Originator” control? Not always. The enterprise may require default controls Other systems like DLP might “attach” additional ORCON •  It is a flexible framework for persisting controls …But, but how does it work?
© Cocoon Data Holdings Limited 2013. All rights reserved. Policy Enforcement & Caveats
© Cocoon Data Holdings Limited 2013. All rights reserved. Covata ORCON is Built on Other Access Control Models •  Again, the goal is control over your data -  ORCON extends your control -  It empowers control and sharing (X-domain and ad-hoc) •  In brief, ORCON: -  Extends traditional access controls with “persistent controls” -  These persistent controls can be “shaped” to meet your security needs •  ORCON is more lightweight than DRM | IRM | MAC •  ORCON is more flexible than DRM | IRM | MAC

Recommandé

ORCON in 10 Minutes
ORCON in 10 MinutesORCON in 10 Minutes
ORCON in 10 Minutes
Vic Winkler
 
IT Controls Presentation
IT Controls PresentationIT Controls Presentation
IT Controls Presentation
Bill Lisse
 
Managing Data Breach Communication on The Social Web
Managing Data Breach Communication on The Social WebManaging Data Breach Communication on The Social Web
Managing Data Breach Communication on The Social Web
Boyd Neil
 
Edge pereira oss304 tech ed australia regulatory compliance and microsoft off...
Edge pereira oss304 tech ed australia regulatory compliance and microsoft off...Edge pereira oss304 tech ed australia regulatory compliance and microsoft off...
Edge pereira oss304 tech ed australia regulatory compliance and microsoft off...
Edge Pereira
 
Data lake protection ft 3119 -ver1.0
Data lake protection ft 3119 -ver1.0Data lake protection ft 3119 -ver1.0
Data lake protection ft 3119 -ver1.0
Finto Thomas , CISSP, TOGAF, CCSP, ITIL. JNCIS
 
Analysis-of-Security-Algorithms-in-Cloud-Computing [Autosaved]
Analysis-of-Security-Algorithms-in-Cloud-Computing [Autosaved]Analysis-of-Security-Algorithms-in-Cloud-Computing [Autosaved]
Analysis-of-Security-Algorithms-in-Cloud-Computing [Autosaved]
Mahmuda Rahman
 
How To Plan Successful Encryption Strategy
How To Plan Successful Encryption StrategyHow To Plan Successful Encryption Strategy
How To Plan Successful Encryption Strategy
ClickSSL
 
ATT&CK Updates- Defensive ATT&CK
ATT&CK Updates- Defensive ATT&CKATT&CK Updates- Defensive ATT&CK
ATT&CK Updates- Defensive ATT&CK
MITRE ATT&CK
 

Recommandé

ORCON in 10 Minutes
ORCON in 10 MinutesORCON in 10 Minutes
ORCON in 10 Minutes
Vic Winkler
 
IT Controls Presentation
IT Controls PresentationIT Controls Presentation
IT Controls Presentation
Bill Lisse
 
Managing Data Breach Communication on The Social Web
Managing Data Breach Communication on The Social WebManaging Data Breach Communication on The Social Web
Managing Data Breach Communication on The Social Web
Boyd Neil
 
Edge pereira oss304 tech ed australia regulatory compliance and microsoft off...
Edge pereira oss304 tech ed australia regulatory compliance and microsoft off...Edge pereira oss304 tech ed australia regulatory compliance and microsoft off...
Edge pereira oss304 tech ed australia regulatory compliance and microsoft off...
Edge Pereira
 
Data lake protection ft 3119 -ver1.0
Data lake protection ft 3119 -ver1.0Data lake protection ft 3119 -ver1.0
Data lake protection ft 3119 -ver1.0
Finto Thomas , CISSP, TOGAF, CCSP, ITIL. JNCIS
 
Analysis-of-Security-Algorithms-in-Cloud-Computing [Autosaved]
Analysis-of-Security-Algorithms-in-Cloud-Computing [Autosaved]Analysis-of-Security-Algorithms-in-Cloud-Computing [Autosaved]
Analysis-of-Security-Algorithms-in-Cloud-Computing [Autosaved]
Mahmuda Rahman
 
How To Plan Successful Encryption Strategy
How To Plan Successful Encryption StrategyHow To Plan Successful Encryption Strategy
How To Plan Successful Encryption Strategy
ClickSSL
 
ATT&CK Updates- Defensive ATT&CK
ATT&CK Updates- Defensive ATT&CKATT&CK Updates- Defensive ATT&CK
ATT&CK Updates- Defensive ATT&CK
MITRE ATT&CK
 
Compliance regulations with Data Centric Security | Seclore
Compliance regulations with Data Centric Security | SecloreCompliance regulations with Data Centric Security | Seclore
Compliance regulations with Data Centric Security | Seclore
Seclore
 
Sensitive data
Sensitive dataSensitive data
Sensitive data
S.M. Towhidul Islam
 
Mcafee CASB/DLP + Seclore Rights Management Solutions
Mcafee CASB/DLP + Seclore Rights Management Solutions Mcafee CASB/DLP + Seclore Rights Management Solutions
Mcafee CASB/DLP + Seclore Rights Management Solutions
Seclore
 
How Privacy in the Cloud Affects End-Users
How Privacy in the Cloud Affects End-UsersHow Privacy in the Cloud Affects End-Users
How Privacy in the Cloud Affects End-Users
WSO2
 
Cross border - off-shoring and outsourcing privacy sensitive data
Cross border - off-shoring and outsourcing privacy sensitive dataCross border - off-shoring and outsourcing privacy sensitive data
Cross border - off-shoring and outsourcing privacy sensitive data
Ulf Mattsson
 
Fuel Good 2018: Is your Nonprofit at Risk? Security and Privacy Best Practices
Fuel Good 2018: Is your Nonprofit at Risk? Security and Privacy Best PracticesFuel Good 2018: Is your Nonprofit at Risk? Security and Privacy Best Practices
Fuel Good 2018: Is your Nonprofit at Risk? Security and Privacy Best Practices
Sparkrock
 
Securing MS SharePoint with IRM
Securing MS SharePoint with IRMSecuring MS SharePoint with IRM
Securing MS SharePoint with IRM
Seclore
 
Insider Threat Protection | Seclore
Insider Threat Protection | SecloreInsider Threat Protection | Seclore
Insider Threat Protection | Seclore
Seclore
 
Seclore Advantage Channel Program
Seclore Advantage Channel ProgramSeclore Advantage Channel Program
Seclore Advantage Channel Program
Seclore
 
Customer Data Privacy & Protection | Seclore
Customer Data Privacy & Protection | SecloreCustomer Data Privacy & Protection | Seclore
Customer Data Privacy & Protection | Seclore
Seclore
 
Cyber security privacy-and-blockchain-perspective-14 nov2018-v01-public
Cyber security privacy-and-blockchain-perspective-14 nov2018-v01-publicCyber security privacy-and-blockchain-perspective-14 nov2018-v01-public
Cyber security privacy-and-blockchain-perspective-14 nov2018-v01-public
Secunoid Systems Inc
 
One click protection in microsoft office
One click protection in microsoft officeOne click protection in microsoft office
One click protection in microsoft office
Seclore
 
Cloud security
Cloud securityCloud security
Cloud security
Jhanvi Dattani
 
IRDAI Compliance & Data-Centric Security | Seclore
IRDAI Compliance & Data-Centric Security | SecloreIRDAI Compliance & Data-Centric Security | Seclore
IRDAI Compliance & Data-Centric Security | Seclore
Seclore
 
Is your distributed system secure?
Is your distributed system secure?Is your distributed system secure?
Is your distributed system secure?
Lacey Trebaol
 
Bring Your Own Encryption | Seclore
Bring Your Own Encryption | SecloreBring Your Own Encryption | Seclore
Bring Your Own Encryption | Seclore
Seclore
 
Data Classification Protection | Seclore
Data Classification Protection | SecloreData Classification Protection | Seclore
Data Classification Protection | Seclore
Seclore
 
Securing data in the cloud
Securing data in the cloudSecuring data in the cloud
Securing data in the cloud
Eyal Estrin
 
GDPR Compliance & Data-Centric Security | Seclore
GDPR Compliance & Data-Centric Security | SecloreGDPR Compliance & Data-Centric Security | Seclore
GDPR Compliance & Data-Centric Security | Seclore
Seclore
 
What is blockchain?
What is blockchain?What is blockchain?
What is blockchain?
learndac
 
Stronger Together: Public Library as Community Partner
Stronger Together: Public Library as Community PartnerStronger Together: Public Library as Community Partner
Stronger Together: Public Library as Community Partner
Sara Wedell
 
Philadelphia Naval Complex case study
Philadelphia Naval Complex case studyPhiladelphia Naval Complex case study
Philadelphia Naval Complex case study
ldscdr
 

Contenu connexe

Tendances

Tendances (20)

Compliance regulations with Data Centric Security | Seclore
Compliance regulations with Data Centric Security | SecloreCompliance regulations with Data Centric Security | Seclore
Compliance regulations with Data Centric Security | Seclore
 
Sensitive data
Sensitive dataSensitive data
Sensitive data
 
Mcafee CASB/DLP + Seclore Rights Management Solutions
Mcafee CASB/DLP + Seclore Rights Management Solutions Mcafee CASB/DLP + Seclore Rights Management Solutions
Mcafee CASB/DLP + Seclore Rights Management Solutions
 
How Privacy in the Cloud Affects End-Users
How Privacy in the Cloud Affects End-UsersHow Privacy in the Cloud Affects End-Users
How Privacy in the Cloud Affects End-Users
 
Cross border - off-shoring and outsourcing privacy sensitive data
Cross border - off-shoring and outsourcing privacy sensitive dataCross border - off-shoring and outsourcing privacy sensitive data
Cross border - off-shoring and outsourcing privacy sensitive data
 
Fuel Good 2018: Is your Nonprofit at Risk? Security and Privacy Best Practices
Fuel Good 2018: Is your Nonprofit at Risk? Security and Privacy Best PracticesFuel Good 2018: Is your Nonprofit at Risk? Security and Privacy Best Practices
Fuel Good 2018: Is your Nonprofit at Risk? Security and Privacy Best Practices
 
Securing MS SharePoint with IRM
Securing MS SharePoint with IRMSecuring MS SharePoint with IRM
Securing MS SharePoint with IRM
 
Insider Threat Protection | Seclore
Insider Threat Protection | SecloreInsider Threat Protection | Seclore
Insider Threat Protection | Seclore
 
Seclore Advantage Channel Program
Seclore Advantage Channel ProgramSeclore Advantage Channel Program
Seclore Advantage Channel Program
 
Customer Data Privacy & Protection | Seclore
Customer Data Privacy & Protection | SecloreCustomer Data Privacy & Protection | Seclore
Customer Data Privacy & Protection | Seclore
 
Cyber security privacy-and-blockchain-perspective-14 nov2018-v01-public
Cyber security privacy-and-blockchain-perspective-14 nov2018-v01-publicCyber security privacy-and-blockchain-perspective-14 nov2018-v01-public
Cyber security privacy-and-blockchain-perspective-14 nov2018-v01-public
 
One click protection in microsoft office
One click protection in microsoft officeOne click protection in microsoft office
One click protection in microsoft office
 
Cloud security
Cloud securityCloud security
Cloud security
 
IRDAI Compliance & Data-Centric Security | Seclore
IRDAI Compliance & Data-Centric Security | SecloreIRDAI Compliance & Data-Centric Security | Seclore
IRDAI Compliance & Data-Centric Security | Seclore
 
Is your distributed system secure?
Is your distributed system secure?Is your distributed system secure?
Is your distributed system secure?
 
Bring Your Own Encryption | Seclore
Bring Your Own Encryption | SecloreBring Your Own Encryption | Seclore
Bring Your Own Encryption | Seclore
 
Data Classification Protection | Seclore
Data Classification Protection | SecloreData Classification Protection | Seclore
Data Classification Protection | Seclore
 
Securing data in the cloud
Securing data in the cloudSecuring data in the cloud
Securing data in the cloud
 
GDPR Compliance & Data-Centric Security | Seclore
GDPR Compliance & Data-Centric Security | SecloreGDPR Compliance & Data-Centric Security | Seclore
GDPR Compliance & Data-Centric Security | Seclore
 
What is blockchain?
What is blockchain?What is blockchain?
What is blockchain?
 

En vedette

Security in an Interconnected and Complex World of Software
Security in an Interconnected and Complex World of SoftwareSecurity in an Interconnected and Complex World of Software
Security in an Interconnected and Complex World of Software
Michael Coates
 
Mm overview
Mm overviewMm overview
Mm overview
spalroay
 

En vedette (6)

Stronger Together: Public Library as Community Partner
Stronger Together: Public Library as Community PartnerStronger Together: Public Library as Community Partner
Stronger Together: Public Library as Community Partner
 
Philadelphia Naval Complex case study
Philadelphia Naval Complex case studyPhiladelphia Naval Complex case study
Philadelphia Naval Complex case study
 
Security in an Interconnected and Complex World of Software
Security in an Interconnected and Complex World of SoftwareSecurity in an Interconnected and Complex World of Software
Security in an Interconnected and Complex World of Software
 
Libraries promoting economic development through collaboration
Libraries promoting economic development through collaborationLibraries promoting economic development through collaboration
Libraries promoting economic development through collaboration
 
Mm overview
Mm overviewMm overview
Mm overview
 
Pilot Study Project
Pilot Study ProjectPilot Study Project
Pilot Study Project
 

Similaire à How does "Self-Defending Data" Work?

MobileDBSecurity.pptx
MobileDBSecurity.pptxMobileDBSecurity.pptx
MobileDBSecurity.pptx
missionsk81
 
Understanding Database Encryption & Protecting Against the Insider Threat wit...
Understanding Database Encryption & Protecting Against the Insider Threat wit...Understanding Database Encryption & Protecting Against the Insider Threat wit...
Understanding Database Encryption & Protecting Against the Insider Threat wit...
MongoDB
 
Lecture Data Classification And Data Loss Prevention
Lecture Data Classification And Data Loss PreventionLecture Data Classification And Data Loss Prevention
Lecture Data Classification And Data Loss Prevention
Nicholas Davis
 
Data Classification And Loss Prevention
Data Classification And Loss PreventionData Classification And Loss Prevention
Data Classification And Loss Prevention
Nicholas Davis
 
Lecture data classification_and_data_loss_prevention
Lecture data classification_and_data_loss_preventionLecture data classification_and_data_loss_prevention
Lecture data classification_and_data_loss_prevention
Nicholas Davis
 
UTSpeaks Public Lecture: Clearing up the Cloud -19th July 2011 - Rob Living...
UTSpeaks Public Lecture: Clearing up the Cloud -19th July 2011 - Rob Living...UTSpeaks Public Lecture: Clearing up the Cloud -19th July 2011 - Rob Living...
UTSpeaks Public Lecture: Clearing up the Cloud -19th July 2011 - Rob Living...
Livingstone Advisory
 

Similaire à How does "Self-Defending Data" Work? (20)

Winkler Cloud, ORCON, and Mobility
Winkler Cloud, ORCON, and MobilityWinkler Cloud, ORCON, and Mobility
Winkler Cloud, ORCON, and Mobility
 
Oracle Database 11g Security and Compliance Solutions - By Tom Kyte
Oracle Database 11g Security and Compliance Solutions - By Tom KyteOracle Database 11g Security and Compliance Solutions - By Tom Kyte
Oracle Database 11g Security and Compliance Solutions - By Tom Kyte
 
Database security and privacy
Database security and privacyDatabase security and privacy
Database security and privacy
 
Do you Know Where Your Data Is? - Accellion InfoSec World 2013 Conference pre...
Do you Know Where Your Data Is? - Accellion InfoSec World 2013 Conference pre...Do you Know Where Your Data Is? - Accellion InfoSec World 2013 Conference pre...
Do you Know Where Your Data Is? - Accellion InfoSec World 2013 Conference pre...
 
MobileDBSecurity.pptx
MobileDBSecurity.pptxMobileDBSecurity.pptx
MobileDBSecurity.pptx
 
Tsc2021 cyber-issues
Tsc2021 cyber-issuesTsc2021 cyber-issues
Tsc2021 cyber-issues
 
Centrifuge Systems Overview 2 14
Centrifuge Systems Overview 2 14Centrifuge Systems Overview 2 14
Centrifuge Systems Overview 2 14
 
Self defending data webinar (feb13)
Self defending data webinar (feb13)Self defending data webinar (feb13)
Self defending data webinar (feb13)
 
Lock it or Lose It: Why Every Company Should be Concerned About Data Security
Lock it or Lose It: Why Every Company Should be Concerned About Data SecurityLock it or Lose It: Why Every Company Should be Concerned About Data Security
Lock it or Lose It: Why Every Company Should be Concerned About Data Security
 
CISSP Chapter 7 - Security Operations
CISSP Chapter 7 - Security OperationsCISSP Chapter 7 - Security Operations
CISSP Chapter 7 - Security Operations
 
Understanding Database Encryption & Protecting Against the Insider Threat wit...
Understanding Database Encryption & Protecting Against the Insider Threat wit...Understanding Database Encryption & Protecting Against the Insider Threat wit...
Understanding Database Encryption & Protecting Against the Insider Threat wit...
 
Computer security concepts
Computer security conceptsComputer security concepts
Computer security concepts
 
Lecture Data Classification And Data Loss Prevention
Lecture Data Classification And Data Loss PreventionLecture Data Classification And Data Loss Prevention
Lecture Data Classification And Data Loss Prevention
 
Data Classification And Loss Prevention
Data Classification And Loss PreventionData Classification And Loss Prevention
Data Classification And Loss Prevention
 
Lecture data classification_and_data_loss_prevention
Lecture data classification_and_data_loss_preventionLecture data classification_and_data_loss_prevention
Lecture data classification_and_data_loss_prevention
 
Seqrite Data Loss Prevention- Complete Protection from Data Theft and Data Loss
Seqrite Data Loss Prevention- Complete Protection from Data Theft and Data LossSeqrite Data Loss Prevention- Complete Protection from Data Theft and Data Loss
Seqrite Data Loss Prevention- Complete Protection from Data Theft and Data Loss
 
Top 10 Things Logs Can Do for You, Today
Top 10 Things Logs Can Do for You, TodayTop 10 Things Logs Can Do for You, Today
Top 10 Things Logs Can Do for You, Today
 
security in is.pptx
security in is.pptxsecurity in is.pptx
security in is.pptx
 
UTSpeaks Public Lecture: Clearing up the Cloud -19th July 2011 - Rob Living...
UTSpeaks Public Lecture: Clearing up the Cloud -19th July 2011 - Rob Living...UTSpeaks Public Lecture: Clearing up the Cloud -19th July 2011 - Rob Living...
UTSpeaks Public Lecture: Clearing up the Cloud -19th July 2011 - Rob Living...
 
Data security and Integrity
Data security and IntegrityData security and Integrity
Data security and Integrity
 

Dernier

Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Orbitshub
 
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdfRising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Orbitshub
 
Architecting Cloud Native Applications
Architecting Cloud Native ApplicationsArchitecting Cloud Native Applications
Architecting Cloud Native Applications
WSO2
 
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Angeliki Cooney
 
DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 AmsterdamDEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
UiPathCommunity
 

Dernier (20)

Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a Fresher
 
Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...
 
Exploring Multimodal Embeddings with Milvus
Exploring Multimodal Embeddings with MilvusExploring Multimodal Embeddings with Milvus
Exploring Multimodal Embeddings with Milvus
 
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ..."I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century education
 
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
 
Corporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptxCorporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptx
 
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdfRising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
 
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of Terraform
 
Understanding the FAA Part 107 License ..
Understanding the FAA Part 107 License ..Understanding the FAA Part 107 License ..
Understanding the FAA Part 107 License ..
 
WSO2's API Vision: Unifying Control, Empowering Developers
WSO2's API Vision: Unifying Control, Empowering DevelopersWSO2's API Vision: Unifying Control, Empowering Developers
WSO2's API Vision: Unifying Control, Empowering Developers
 
Architecting Cloud Native Applications
Architecting Cloud Native ApplicationsArchitecting Cloud Native Applications
Architecting Cloud Native Applications
 
Platformless Horizons for Digital Adaptability
Platformless Horizons for Digital AdaptabilityPlatformless Horizons for Digital Adaptability
Platformless Horizons for Digital Adaptability
 
[BuildWithAI] Introduction to Gemini.pdf
[BuildWithAI] Introduction to Gemini.pdf[BuildWithAI] Introduction to Gemini.pdf
[BuildWithAI] Introduction to Gemini.pdf
 
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 AmsterdamDEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
 
MS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectorsMS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectors
 
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
 
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWEREMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
 

How does "Self-Defending Data" Work?

  • 1. © Cocoon Data Holdings Limited 2013. All rights reserved. COVATA SELF-DEFENDING DATA Vic Winkler CTO Covata USA, Inc Reston, Virginia
  • 2. © Cocoon Data Holdings Limited 2013. All rights reserved. Can You Control Unprotected Data? No. Adding strong security components to an otherwise weak system is usually NOT effective X
  • 3. © Cocoon Data Holdings Limited 2013. All rights reserved. First, Control The Data Adding strong security components to an otherwise weak system is usually NOT effective Encrypt the data and apply access controls Persisting Access controls Persisting Control X ✔
  • 4. © Cocoon Data Holdings Limited 2013. All rights reserved. Self-Defending Data •  Doesn’t grant access unless you meet it’s requirements •  Doesn’t care if the computer or network are hacked •  Every access is audited •  Originator can revoke access anytime •  …Every copy behaves the same way
  • 5. © Cocoon Data Holdings Limited 2013. All rights reserved. Self-Defending Data …It’s Not: •  Disk encryption Each self-defending data object can have its own access control list (versus a single key for the disk) •  Multiple stove-pipes of encryption Each data object is protected consistently (through its life) as a single secure object •  PKI Self-defending data is simpler in concept, it should support agility and sharing (after all, ad-hoc relationships are common)
  • 6. © Cocoon Data Holdings Limited 2013. All rights reserved. So, What is ORCON? •  History: U.S. Intelligence Community -  Desired “Originator Control” in Closed-Network Information Sharing Examples: Rescind Access; Prevent Forwarding •  Extends classic access controls •  Has elements of: DRM, MAC, RBAC, ABAC, and Capability-Based approaches ORCON Persisting Originator Control over Data Data }
  • 7. © Cocoon Data Holdings Limited 2013. All rights reserved. ORCON … •  Does it have to be “Originator” control? Not always. The enterprise may require default controls Other systems like DLP might “attach” additional ORCON •  It is a flexible framework for persisting controls …But, but how does it work?
  • 8. © Cocoon Data Holdings Limited 2013. All rights reserved. Policy Enforcement & Caveats
  • 9. © Cocoon Data Holdings Limited 2013. All rights reserved. Covata ORCON is Built on Other Access Control Models •  Again, the goal is control over your data -  ORCON extends your control -  It empowers control and sharing (X-domain and ad-hoc) •  In brief, ORCON: -  Extends traditional access controls with “persistent controls” -  These persistent controls can be “shaped” to meet your security needs •  ORCON is more lightweight than DRM | IRM | MAC •  ORCON is more flexible than DRM | IRM | MAC