How does "Self-Defending Data" Work?

316 views

Published on

Published in: Technology, Business
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total views
316
On SlideShare
0
From Embeds
0
Number of Embeds
3
Actions
Shares
0
Downloads
2
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

How does "Self-Defending Data" Work?

  1. 1. © Cocoon Data Holdings Limited 2013. All rights reserved.COVATASELF-DEFENDING DATAVic WinklerCTOCovata USA, IncReston, Virginia
  2. 2. © Cocoon Data Holdings Limited 2013. All rights reserved.Can You Control Unprotected Data?No.Adding strong security components to an otherwiseweak system is usually NOT effectiveX
  3. 3. © Cocoon Data Holdings Limited 2013. All rights reserved.First, Control The DataAdding strong security components to an otherwiseweak system is usually NOT effectiveEncrypt the data and apply access controlsPersistingAccesscontrolsPersistingControlX✔
  4. 4. © Cocoon Data Holdings Limited 2013. All rights reserved.Self-Defending Data•  Doesn’t grant access unless you meet it’s requirements•  Doesn’t care if the computer or network are hacked•  Every access is audited•  Originator can revoke access anytime•  …Every copy behaves the same way
  5. 5. © Cocoon Data Holdings Limited 2013. All rights reserved.Self-Defending Data…It’s Not:•  Disk encryptionEach self-defending data object can have its own access control list (versus asingle key for the disk)•  Multiple stove-pipes of encryptionEach data object is protected consistently (through its life) as a single secureobject•  PKISelf-defending data is simpler in concept, it should support agility and sharing(after all, ad-hoc relationships are common)
  6. 6. © Cocoon Data Holdings Limited 2013. All rights reserved.So, What is ORCON?•  History: U.S. Intelligence Community-  Desired “Originator Control” in Closed-Network Information SharingExamples: Rescind Access; Prevent Forwarding•  Extends classic access controls•  Has elements of:DRM, MAC, RBAC, ABAC, andCapability-Based approachesORCONPersistingOriginator Controlover DataData}
  7. 7. © Cocoon Data Holdings Limited 2013. All rights reserved.ORCON …•  Does it have to be “Originator” control? Not always.The enterprise may require default controlsOther systems like DLP might “attach” additional ORCON•  It is a flexible framework for persisting controls…But, but how does it work?
  8. 8. © Cocoon Data Holdings Limited 2013. All rights reserved.Policy Enforcement & Caveats
  9. 9. © Cocoon Data Holdings Limited 2013. All rights reserved.Covata ORCON is Built on Other AccessControl Models•  Again, the goal is control over your data-  ORCON extends your control-  It empowers control and sharing (X-domain and ad-hoc)•  In brief, ORCON:-  Extends traditional access controls with “persistent controls”-  These persistent controls can be “shaped” to meet your security needs•  ORCON is more lightweight than DRM | IRM | MAC•  ORCON is more flexible than DRM | IRM | MAC

×