SlideShare a Scribd company logo

How does "Self-Defending Data" Work?

Vic Winkler
Vic Winkler

This document discusses self-defending data and ORCON (Originator Control), which allows data to persist access controls as it is shared. Self-defending data does not grant access unless requirements are met, is not affected if the computer or network are hacked, audits every access, and allows the originator to revoke access anytime. ORCON extends classic access controls and draws from models like DRM, MAC, RBAC, and ABAC to provide a flexible framework for persisting controls over data as it is shared within and between domains.

TechnologyBusiness
1 of 9
Download to read offline
© Cocoon Data Holdings Limited 2013. All rights reserved. COVATA SELF-DEFENDING DATA Vic Winkler CTO Covata USA, Inc Reston, Virginia
© Cocoon Data Holdings Limited 2013. All rights reserved. Can You Control Unprotected Data? No. Adding strong security components to an otherwise weak system is usually NOT effective X
© Cocoon Data Holdings Limited 2013. All rights reserved. First, Control The Data Adding strong security components to an otherwise weak system is usually NOT effective Encrypt the data and apply access controls Persisting Access controls Persisting Control X ✔
© Cocoon Data Holdings Limited 2013. All rights reserved. Self-Defending Data •  Doesn’t grant access unless you meet it’s requirements •  Doesn’t care if the computer or network are hacked •  Every access is audited •  Originator can revoke access anytime •  …Every copy behaves the same way
© Cocoon Data Holdings Limited 2013. All rights reserved. Self-Defending Data …It’s Not: •  Disk encryption Each self-defending data object can have its own access control list (versus a single key for the disk) •  Multiple stove-pipes of encryption Each data object is protected consistently (through its life) as a single secure object •  PKI Self-defending data is simpler in concept, it should support agility and sharing (after all, ad-hoc relationships are common)
© Cocoon Data Holdings Limited 2013. All rights reserved. So, What is ORCON? •  History: U.S. Intelligence Community -  Desired “Originator Control” in Closed-Network Information Sharing Examples: Rescind Access; Prevent Forwarding •  Extends classic access controls •  Has elements of: DRM, MAC, RBAC, ABAC, and Capability-Based approaches ORCON Persisting Originator Control over Data Data }
© Cocoon Data Holdings Limited 2013. All rights reserved. ORCON … •  Does it have to be “Originator” control? Not always. The enterprise may require default controls Other systems like DLP might “attach” additional ORCON •  It is a flexible framework for persisting controls …But, but how does it work?
© Cocoon Data Holdings Limited 2013. All rights reserved. Policy Enforcement & Caveats
© Cocoon Data Holdings Limited 2013. All rights reserved. Covata ORCON is Built on Other Access Control Models •  Again, the goal is control over your data -  ORCON extends your control -  It empowers control and sharing (X-domain and ad-hoc) •  In brief, ORCON: -  Extends traditional access controls with “persistent controls” -  These persistent controls can be “shaped” to meet your security needs •  ORCON is more lightweight than DRM | IRM | MAC •  ORCON is more flexible than DRM | IRM | MAC

Recommended

ORCON in 10 Minutes
ORCON in 10 MinutesORCON in 10 Minutes
ORCON in 10 MinutesVic Winkler
 
IT Controls Presentation
IT Controls PresentationIT Controls Presentation
IT Controls PresentationBill Lisse
 
Managing Data Breach Communication on The Social Web
Managing Data Breach Communication on The Social WebManaging Data Breach Communication on The Social Web
Managing Data Breach Communication on The Social Web
Boyd Neil
 
Edge pereira oss304 tech ed australia regulatory compliance and microsoft off...
Edge pereira oss304 tech ed australia regulatory compliance and microsoft off...Edge pereira oss304 tech ed australia regulatory compliance and microsoft off...
Edge pereira oss304 tech ed australia regulatory compliance and microsoft off...
Edge Pereira
 
Data lake protection ft 3119 -ver1.0
Data lake protection ft 3119 -ver1.0Data lake protection ft 3119 -ver1.0
Data lake protection ft 3119 -ver1.0
Finto Thomas , CISSP, TOGAF, CCSP, ITIL. JNCIS
 
Analysis-of-Security-Algorithms-in-Cloud-Computing [Autosaved]
Analysis-of-Security-Algorithms-in-Cloud-Computing [Autosaved]Analysis-of-Security-Algorithms-in-Cloud-Computing [Autosaved]
Analysis-of-Security-Algorithms-in-Cloud-Computing [Autosaved]Mahmuda Rahman
 
How To Plan Successful Encryption Strategy
How To Plan Successful Encryption StrategyHow To Plan Successful Encryption Strategy
How To Plan Successful Encryption Strategy
ClickSSL
 
ATT&CK Updates- Defensive ATT&CK
ATT&CK Updates- Defensive ATT&CKATT&CK Updates- Defensive ATT&CK
ATT&CK Updates- Defensive ATT&CK
MITRE ATT&CK
 

Recommended

ORCON in 10 Minutes
ORCON in 10 MinutesORCON in 10 Minutes
ORCON in 10 MinutesVic Winkler
 
IT Controls Presentation
IT Controls PresentationIT Controls Presentation
IT Controls PresentationBill Lisse
 
Managing Data Breach Communication on The Social Web
Managing Data Breach Communication on The Social WebManaging Data Breach Communication on The Social Web
Managing Data Breach Communication on The Social Web
Boyd Neil
 
Edge pereira oss304 tech ed australia regulatory compliance and microsoft off...
Edge pereira oss304 tech ed australia regulatory compliance and microsoft off...Edge pereira oss304 tech ed australia regulatory compliance and microsoft off...
Edge pereira oss304 tech ed australia regulatory compliance and microsoft off...
Edge Pereira
 
Data lake protection ft 3119 -ver1.0
Data lake protection ft 3119 -ver1.0Data lake protection ft 3119 -ver1.0
Data lake protection ft 3119 -ver1.0
Finto Thomas , CISSP, TOGAF, CCSP, ITIL. JNCIS
 
Analysis-of-Security-Algorithms-in-Cloud-Computing [Autosaved]
Analysis-of-Security-Algorithms-in-Cloud-Computing [Autosaved]Analysis-of-Security-Algorithms-in-Cloud-Computing [Autosaved]
Analysis-of-Security-Algorithms-in-Cloud-Computing [Autosaved]Mahmuda Rahman
 
How To Plan Successful Encryption Strategy
How To Plan Successful Encryption StrategyHow To Plan Successful Encryption Strategy
How To Plan Successful Encryption Strategy
ClickSSL
 
ATT&CK Updates- Defensive ATT&CK
ATT&CK Updates- Defensive ATT&CKATT&CK Updates- Defensive ATT&CK
ATT&CK Updates- Defensive ATT&CK
MITRE ATT&CK
 
Compliance regulations with Data Centric Security | Seclore
Compliance regulations with Data Centric Security | SecloreCompliance regulations with Data Centric Security | Seclore
Compliance regulations with Data Centric Security | Seclore
Seclore
 
Sensitive data
Sensitive dataSensitive data
Sensitive data
S.M. Towhidul Islam
 
Mcafee CASB/DLP + Seclore Rights Management Solutions
Mcafee CASB/DLP + Seclore Rights Management Solutions Mcafee CASB/DLP + Seclore Rights Management Solutions
Mcafee CASB/DLP + Seclore Rights Management Solutions
Seclore
 
How Privacy in the Cloud Affects End-Users
How Privacy in the Cloud Affects End-UsersHow Privacy in the Cloud Affects End-Users
How Privacy in the Cloud Affects End-Users
WSO2
 
Cross border - off-shoring and outsourcing privacy sensitive data
Cross border - off-shoring and outsourcing privacy sensitive dataCross border - off-shoring and outsourcing privacy sensitive data
Cross border - off-shoring and outsourcing privacy sensitive data
Ulf Mattsson
 
Fuel Good 2018: Is your Nonprofit at Risk? Security and Privacy Best Practices
Fuel Good 2018: Is your Nonprofit at Risk? Security and Privacy Best PracticesFuel Good 2018: Is your Nonprofit at Risk? Security and Privacy Best Practices
Fuel Good 2018: Is your Nonprofit at Risk? Security and Privacy Best Practices
Sparkrock
 
Securing MS SharePoint with IRM
Securing MS SharePoint with IRMSecuring MS SharePoint with IRM
Securing MS SharePoint with IRM
Seclore
 
Insider Threat Protection | Seclore
Insider Threat Protection | SecloreInsider Threat Protection | Seclore
Insider Threat Protection | Seclore
Seclore
 
Seclore Advantage Channel Program
Seclore Advantage Channel ProgramSeclore Advantage Channel Program
Seclore Advantage Channel Program
Seclore
 
Customer Data Privacy & Protection | Seclore
Customer Data Privacy & Protection | SecloreCustomer Data Privacy & Protection | Seclore
Customer Data Privacy & Protection | Seclore
Seclore
 
Cyber security privacy-and-blockchain-perspective-14 nov2018-v01-public
Cyber security privacy-and-blockchain-perspective-14 nov2018-v01-publicCyber security privacy-and-blockchain-perspective-14 nov2018-v01-public
Cyber security privacy-and-blockchain-perspective-14 nov2018-v01-public
Secunoid Systems Inc
 
One click protection in microsoft office
One click protection in microsoft officeOne click protection in microsoft office
One click protection in microsoft office
Seclore
 
Cloud security
Cloud securityCloud security
Cloud security
Jhanvi Dattani
 
IRDAI Compliance & Data-Centric Security | Seclore
IRDAI Compliance & Data-Centric Security | SecloreIRDAI Compliance & Data-Centric Security | Seclore
IRDAI Compliance & Data-Centric Security | Seclore
Seclore
 
Is your distributed system secure?
Is your distributed system secure?Is your distributed system secure?
Is your distributed system secure?
Lacey Trebaol
 
Bring Your Own Encryption | Seclore
Bring Your Own Encryption | SecloreBring Your Own Encryption | Seclore
Bring Your Own Encryption | Seclore
Seclore
 
Data Classification Protection | Seclore
Data Classification Protection | SecloreData Classification Protection | Seclore
Data Classification Protection | Seclore
Seclore
 
Securing data in the cloud
Securing data in the cloudSecuring data in the cloud
Securing data in the cloud
Eyal Estrin
 
GDPR Compliance & Data-Centric Security | Seclore
GDPR Compliance & Data-Centric Security | SecloreGDPR Compliance & Data-Centric Security | Seclore
GDPR Compliance & Data-Centric Security | Seclore
Seclore
 
What is blockchain?
What is blockchain?What is blockchain?
What is blockchain?
learndac
 
Stronger Together: Public Library as Community Partner
Stronger Together: Public Library as Community PartnerStronger Together: Public Library as Community Partner
Stronger Together: Public Library as Community Partner
Sara Wedell
 
Philadelphia Naval Complex case study
Philadelphia Naval Complex case studyPhiladelphia Naval Complex case study
Philadelphia Naval Complex case study
ldscdr
 

More Related Content

What's hot

Compliance regulations with Data Centric Security | Seclore
Compliance regulations with Data Centric Security | SecloreCompliance regulations with Data Centric Security | Seclore
Compliance regulations with Data Centric Security | Seclore
Seclore
 
Sensitive data
Sensitive dataSensitive data
Sensitive data
S.M. Towhidul Islam
 
Mcafee CASB/DLP + Seclore Rights Management Solutions
Mcafee CASB/DLP + Seclore Rights Management Solutions Mcafee CASB/DLP + Seclore Rights Management Solutions
Mcafee CASB/DLP + Seclore Rights Management Solutions
Seclore
 
How Privacy in the Cloud Affects End-Users
How Privacy in the Cloud Affects End-UsersHow Privacy in the Cloud Affects End-Users
How Privacy in the Cloud Affects End-Users
WSO2
 
Cross border - off-shoring and outsourcing privacy sensitive data
Cross border - off-shoring and outsourcing privacy sensitive dataCross border - off-shoring and outsourcing privacy sensitive data
Cross border - off-shoring and outsourcing privacy sensitive data
Ulf Mattsson
 
Fuel Good 2018: Is your Nonprofit at Risk? Security and Privacy Best Practices
Fuel Good 2018: Is your Nonprofit at Risk? Security and Privacy Best PracticesFuel Good 2018: Is your Nonprofit at Risk? Security and Privacy Best Practices
Fuel Good 2018: Is your Nonprofit at Risk? Security and Privacy Best Practices
Sparkrock
 
Securing MS SharePoint with IRM
Securing MS SharePoint with IRMSecuring MS SharePoint with IRM
Securing MS SharePoint with IRM
Seclore
 
Insider Threat Protection | Seclore
Insider Threat Protection | SecloreInsider Threat Protection | Seclore
Insider Threat Protection | Seclore
Seclore
 
Seclore Advantage Channel Program
Seclore Advantage Channel ProgramSeclore Advantage Channel Program
Seclore Advantage Channel Program
Seclore
 
Customer Data Privacy & Protection | Seclore
Customer Data Privacy & Protection | SecloreCustomer Data Privacy & Protection | Seclore
Customer Data Privacy & Protection | Seclore
Seclore
 
Cyber security privacy-and-blockchain-perspective-14 nov2018-v01-public
Cyber security privacy-and-blockchain-perspective-14 nov2018-v01-publicCyber security privacy-and-blockchain-perspective-14 nov2018-v01-public
Cyber security privacy-and-blockchain-perspective-14 nov2018-v01-public
Secunoid Systems Inc
 
One click protection in microsoft office
One click protection in microsoft officeOne click protection in microsoft office
One click protection in microsoft office
Seclore
 
Cloud security
Cloud securityCloud security
Cloud security
Jhanvi Dattani
 
IRDAI Compliance & Data-Centric Security | Seclore
IRDAI Compliance & Data-Centric Security | SecloreIRDAI Compliance & Data-Centric Security | Seclore
IRDAI Compliance & Data-Centric Security | Seclore
Seclore
 
Is your distributed system secure?
Is your distributed system secure?Is your distributed system secure?
Is your distributed system secure?
Lacey Trebaol
 
Bring Your Own Encryption | Seclore
Bring Your Own Encryption | SecloreBring Your Own Encryption | Seclore
Bring Your Own Encryption | Seclore
Seclore
 
Data Classification Protection | Seclore
Data Classification Protection | SecloreData Classification Protection | Seclore
Data Classification Protection | Seclore
Seclore
 
Securing data in the cloud
Securing data in the cloudSecuring data in the cloud
Securing data in the cloud
Eyal Estrin
 
GDPR Compliance & Data-Centric Security | Seclore
GDPR Compliance & Data-Centric Security | SecloreGDPR Compliance & Data-Centric Security | Seclore
GDPR Compliance & Data-Centric Security | Seclore
Seclore
 
What is blockchain?
What is blockchain?What is blockchain?
What is blockchain?
learndac
 

What's hot (20)

Compliance regulations with Data Centric Security | Seclore
Compliance regulations with Data Centric Security | SecloreCompliance regulations with Data Centric Security | Seclore
Compliance regulations with Data Centric Security | Seclore
 
Sensitive data
Sensitive dataSensitive data
Sensitive data
 
Mcafee CASB/DLP + Seclore Rights Management Solutions
Mcafee CASB/DLP + Seclore Rights Management Solutions Mcafee CASB/DLP + Seclore Rights Management Solutions
Mcafee CASB/DLP + Seclore Rights Management Solutions
 
How Privacy in the Cloud Affects End-Users
How Privacy in the Cloud Affects End-UsersHow Privacy in the Cloud Affects End-Users
How Privacy in the Cloud Affects End-Users
 
Cross border - off-shoring and outsourcing privacy sensitive data
Cross border - off-shoring and outsourcing privacy sensitive dataCross border - off-shoring and outsourcing privacy sensitive data
Cross border - off-shoring and outsourcing privacy sensitive data
 
Fuel Good 2018: Is your Nonprofit at Risk? Security and Privacy Best Practices
Fuel Good 2018: Is your Nonprofit at Risk? Security and Privacy Best PracticesFuel Good 2018: Is your Nonprofit at Risk? Security and Privacy Best Practices
Fuel Good 2018: Is your Nonprofit at Risk? Security and Privacy Best Practices
 
Securing MS SharePoint with IRM
Securing MS SharePoint with IRMSecuring MS SharePoint with IRM
Securing MS SharePoint with IRM
 
Insider Threat Protection | Seclore
Insider Threat Protection | SecloreInsider Threat Protection | Seclore
Insider Threat Protection | Seclore
 
Seclore Advantage Channel Program
Seclore Advantage Channel ProgramSeclore Advantage Channel Program
Seclore Advantage Channel Program
 
Customer Data Privacy & Protection | Seclore
Customer Data Privacy & Protection | SecloreCustomer Data Privacy & Protection | Seclore
Customer Data Privacy & Protection | Seclore
 
Cyber security privacy-and-blockchain-perspective-14 nov2018-v01-public
Cyber security privacy-and-blockchain-perspective-14 nov2018-v01-publicCyber security privacy-and-blockchain-perspective-14 nov2018-v01-public
Cyber security privacy-and-blockchain-perspective-14 nov2018-v01-public
 
One click protection in microsoft office
One click protection in microsoft officeOne click protection in microsoft office
One click protection in microsoft office
 
Cloud security
Cloud securityCloud security
Cloud security
 
IRDAI Compliance & Data-Centric Security | Seclore
IRDAI Compliance & Data-Centric Security | SecloreIRDAI Compliance & Data-Centric Security | Seclore
IRDAI Compliance & Data-Centric Security | Seclore
 
Is your distributed system secure?
Is your distributed system secure?Is your distributed system secure?
Is your distributed system secure?
 
Bring Your Own Encryption | Seclore
Bring Your Own Encryption | SecloreBring Your Own Encryption | Seclore
Bring Your Own Encryption | Seclore
 
Data Classification Protection | Seclore
Data Classification Protection | SecloreData Classification Protection | Seclore
Data Classification Protection | Seclore
 
Securing data in the cloud
Securing data in the cloudSecuring data in the cloud
Securing data in the cloud
 
GDPR Compliance & Data-Centric Security | Seclore
GDPR Compliance & Data-Centric Security | SecloreGDPR Compliance & Data-Centric Security | Seclore
GDPR Compliance & Data-Centric Security | Seclore
 
What is blockchain?
What is blockchain?What is blockchain?
What is blockchain?
 

Viewers also liked

Stronger Together: Public Library as Community Partner
Stronger Together: Public Library as Community PartnerStronger Together: Public Library as Community Partner
Stronger Together: Public Library as Community Partner
Sara Wedell
 
Philadelphia Naval Complex case study
Philadelphia Naval Complex case studyPhiladelphia Naval Complex case study
Philadelphia Naval Complex case study
ldscdr
 
Security in an Interconnected and Complex World of Software
Security in an Interconnected and Complex World of SoftwareSecurity in an Interconnected and Complex World of Software
Security in an Interconnected and Complex World of Software
Michael Coates
 
Libraries promoting economic development through collaboration
Libraries promoting economic development through collaborationLibraries promoting economic development through collaboration
Libraries promoting economic development through collaboration
Sara Wedell
 
Mm overview
Mm overviewMm overview
Mm overviewspalroay
 
Pilot Study Project
Pilot Study ProjectPilot Study Project
Pilot Study Project
ldscdr
 

Viewers also liked (6)

Stronger Together: Public Library as Community Partner
Stronger Together: Public Library as Community PartnerStronger Together: Public Library as Community Partner
Stronger Together: Public Library as Community Partner
 
Philadelphia Naval Complex case study
Philadelphia Naval Complex case studyPhiladelphia Naval Complex case study
Philadelphia Naval Complex case study
 
Security in an Interconnected and Complex World of Software
Security in an Interconnected and Complex World of SoftwareSecurity in an Interconnected and Complex World of Software
Security in an Interconnected and Complex World of Software
 
Libraries promoting economic development through collaboration
Libraries promoting economic development through collaborationLibraries promoting economic development through collaboration
Libraries promoting economic development through collaboration
 
Mm overview
Mm overviewMm overview
Mm overview
 
Pilot Study Project
Pilot Study ProjectPilot Study Project
Pilot Study Project
 

Similar to How does "Self-Defending Data" Work?

Winkler Cloud, ORCON, and Mobility
Winkler Cloud, ORCON, and MobilityWinkler Cloud, ORCON, and Mobility
Winkler Cloud, ORCON, and Mobility
Vic Winkler
 
Oracle Database 11g Security and Compliance Solutions - By Tom Kyte
Oracle Database 11g Security and Compliance Solutions - By Tom KyteOracle Database 11g Security and Compliance Solutions - By Tom Kyte
Oracle Database 11g Security and Compliance Solutions - By Tom Kyte
Edgar Alejandro Villegas
 
Database security and privacy
Database security and privacyDatabase security and privacy
Database security and privacy
Md. Ahasan Hasib
 
Do you Know Where Your Data Is? - Accellion InfoSec World 2013 Conference pre...
Do you Know Where Your Data Is? - Accellion InfoSec World 2013 Conference pre...Do you Know Where Your Data Is? - Accellion InfoSec World 2013 Conference pre...
Do you Know Where Your Data Is? - Accellion InfoSec World 2013 Conference pre...
Proofpoint
 
MobileDBSecurity.pptx
MobileDBSecurity.pptxMobileDBSecurity.pptx
MobileDBSecurity.pptx
missionsk81
 
Tsc2021 cyber-issues
Tsc2021 cyber-issuesTsc2021 cyber-issues
Tsc2021 cyber-issues
Ernest Staats
 
Centrifuge Systems Overview 2 14
Centrifuge Systems Overview 2 14Centrifuge Systems Overview 2 14
Centrifuge Systems Overview 2 14
Russ Holmes
 
Self defending data webinar (feb13)
Self defending data webinar (feb13)Self defending data webinar (feb13)
Self defending data webinar (feb13)
Vic Winkler
 
Lock it or Lose It: Why Every Company Should be Concerned About Data Security
Lock it or Lose It: Why Every Company Should be Concerned About Data SecurityLock it or Lose It: Why Every Company Should be Concerned About Data Security
Lock it or Lose It: Why Every Company Should be Concerned About Data Security
SmartCompliance
 
CISSP Chapter 7 - Security Operations
CISSP Chapter 7 - Security OperationsCISSP Chapter 7 - Security Operations
CISSP Chapter 7 - Security Operations
Karthikeyan Dhayalan
 
Understanding Database Encryption & Protecting Against the Insider Threat wit...
Understanding Database Encryption & Protecting Against the Insider Threat wit...Understanding Database Encryption & Protecting Against the Insider Threat wit...
Understanding Database Encryption & Protecting Against the Insider Threat wit...MongoDB
 
Computer security concepts
Computer security conceptsComputer security concepts
Computer security concepts
G Prachi
 
Lecture Data Classification And Data Loss Prevention
Lecture Data Classification And Data Loss PreventionLecture Data Classification And Data Loss Prevention
Lecture Data Classification And Data Loss PreventionNicholas Davis
 
Data Classification And Loss Prevention
Data Classification And Loss PreventionData Classification And Loss Prevention
Data Classification And Loss PreventionNicholas Davis
 
Lecture data classification_and_data_loss_prevention
Lecture data classification_and_data_loss_preventionLecture data classification_and_data_loss_prevention
Lecture data classification_and_data_loss_preventionNicholas Davis
 
Seqrite Data Loss Prevention- Complete Protection from Data Theft and Data Loss
Seqrite Data Loss Prevention- Complete Protection from Data Theft and Data LossSeqrite Data Loss Prevention- Complete Protection from Data Theft and Data Loss
Seqrite Data Loss Prevention- Complete Protection from Data Theft and Data Loss
Quick Heal Technologies Ltd.
 
Top 10 Things Logs Can Do for You, Today
Top 10 Things Logs Can Do for You, TodayTop 10 Things Logs Can Do for You, Today
Top 10 Things Logs Can Do for You, Today
SolarWinds
 
security in is.pptx
security in is.pptxsecurity in is.pptx
security in is.pptx
selvapriyabiher
 
UTSpeaks Public Lecture: Clearing up the Cloud -19th July 2011 - Rob Living...
UTSpeaks Public Lecture: Clearing up the Cloud -19th July 2011 - Rob Living...UTSpeaks Public Lecture: Clearing up the Cloud -19th July 2011 - Rob Living...
UTSpeaks Public Lecture: Clearing up the Cloud -19th July 2011 - Rob Living...
Livingstone Advisory
 
Data security and Integrity
Data security and IntegrityData security and Integrity
Data security and Integrity
Zaid Shabbir
 

Similar to How does "Self-Defending Data" Work? (20)

Winkler Cloud, ORCON, and Mobility
Winkler Cloud, ORCON, and MobilityWinkler Cloud, ORCON, and Mobility
Winkler Cloud, ORCON, and Mobility
 
Oracle Database 11g Security and Compliance Solutions - By Tom Kyte
Oracle Database 11g Security and Compliance Solutions - By Tom KyteOracle Database 11g Security and Compliance Solutions - By Tom Kyte
Oracle Database 11g Security and Compliance Solutions - By Tom Kyte
 
Database security and privacy
Database security and privacyDatabase security and privacy
Database security and privacy
 
Do you Know Where Your Data Is? - Accellion InfoSec World 2013 Conference pre...
Do you Know Where Your Data Is? - Accellion InfoSec World 2013 Conference pre...Do you Know Where Your Data Is? - Accellion InfoSec World 2013 Conference pre...
Do you Know Where Your Data Is? - Accellion InfoSec World 2013 Conference pre...
 
MobileDBSecurity.pptx
MobileDBSecurity.pptxMobileDBSecurity.pptx
MobileDBSecurity.pptx
 
Tsc2021 cyber-issues
Tsc2021 cyber-issuesTsc2021 cyber-issues
Tsc2021 cyber-issues
 
Centrifuge Systems Overview 2 14
Centrifuge Systems Overview 2 14Centrifuge Systems Overview 2 14
Centrifuge Systems Overview 2 14
 
Self defending data webinar (feb13)
Self defending data webinar (feb13)Self defending data webinar (feb13)
Self defending data webinar (feb13)
 
Lock it or Lose It: Why Every Company Should be Concerned About Data Security
Lock it or Lose It: Why Every Company Should be Concerned About Data SecurityLock it or Lose It: Why Every Company Should be Concerned About Data Security
Lock it or Lose It: Why Every Company Should be Concerned About Data Security
 
CISSP Chapter 7 - Security Operations
CISSP Chapter 7 - Security OperationsCISSP Chapter 7 - Security Operations
CISSP Chapter 7 - Security Operations
 
Understanding Database Encryption & Protecting Against the Insider Threat wit...
Understanding Database Encryption & Protecting Against the Insider Threat wit...Understanding Database Encryption & Protecting Against the Insider Threat wit...
Understanding Database Encryption & Protecting Against the Insider Threat wit...
 
Computer security concepts
Computer security conceptsComputer security concepts
Computer security concepts
 
Lecture Data Classification And Data Loss Prevention
Lecture Data Classification And Data Loss PreventionLecture Data Classification And Data Loss Prevention
Lecture Data Classification And Data Loss Prevention
 
Data Classification And Loss Prevention
Data Classification And Loss PreventionData Classification And Loss Prevention
Data Classification And Loss Prevention
 
Lecture data classification_and_data_loss_prevention
Lecture data classification_and_data_loss_preventionLecture data classification_and_data_loss_prevention
Lecture data classification_and_data_loss_prevention
 
Seqrite Data Loss Prevention- Complete Protection from Data Theft and Data Loss
Seqrite Data Loss Prevention- Complete Protection from Data Theft and Data LossSeqrite Data Loss Prevention- Complete Protection from Data Theft and Data Loss
Seqrite Data Loss Prevention- Complete Protection from Data Theft and Data Loss
 
Top 10 Things Logs Can Do for You, Today
Top 10 Things Logs Can Do for You, TodayTop 10 Things Logs Can Do for You, Today
Top 10 Things Logs Can Do for You, Today
 
security in is.pptx
security in is.pptxsecurity in is.pptx
security in is.pptx
 
UTSpeaks Public Lecture: Clearing up the Cloud -19th July 2011 - Rob Living...
UTSpeaks Public Lecture: Clearing up the Cloud -19th July 2011 - Rob Living...UTSpeaks Public Lecture: Clearing up the Cloud -19th July 2011 - Rob Living...
UTSpeaks Public Lecture: Clearing up the Cloud -19th July 2011 - Rob Living...
 
Data security and Integrity
Data security and IntegrityData security and Integrity
Data security and Integrity
 

Recently uploaded

Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdfSmart TV Buyer Insights Survey 2024 by 91mobiles.pdf
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf
91mobiles
 
Epistemic Interaction - tuning interfaces to provide information for AI support
Epistemic Interaction - tuning interfaces to provide information for AI supportEpistemic Interaction - tuning interfaces to provide information for AI support
Epistemic Interaction - tuning interfaces to provide information for AI support
Alan Dix
 
Elevating Tactical DDD Patterns Through Object Calisthenics
Elevating Tactical DDD Patterns Through Object CalisthenicsElevating Tactical DDD Patterns Through Object Calisthenics
Elevating Tactical DDD Patterns Through Object Calisthenics
Dorra BARTAGUIZ
 
Introduction to CHERI technology - Cybersecurity
Introduction to CHERI technology - CybersecurityIntroduction to CHERI technology - Cybersecurity
Introduction to CHERI technology - Cybersecurity
mikeeftimakis1
 
Monitoring Java Application Security with JDK Tools and JFR Events
Monitoring Java Application Security with JDK Tools and JFR EventsMonitoring Java Application Security with JDK Tools and JFR Events
Monitoring Java Application Security with JDK Tools and JFR Events
Ana-Maria Mihalceanu
 
GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...
GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...
GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...
Sri Ambati
 
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...
James Anderson
 
How world-class product teams are winning in the AI era by CEO and Founder, P...
How world-class product teams are winning in the AI era by CEO and Founder, P...How world-class product teams are winning in the AI era by CEO and Founder, P...
How world-class product teams are winning in the AI era by CEO and Founder, P...
Product School
 
Transcript: Selling digital books in 2024: Insights from industry leaders - T...
Transcript: Selling digital books in 2024: Insights from industry leaders - T...Transcript: Selling digital books in 2024: Insights from industry leaders - T...
Transcript: Selling digital books in 2024: Insights from industry leaders - T...
BookNet Canada
 
GraphRAG is All You need? LLM & Knowledge Graph
GraphRAG is All You need? LLM & Knowledge GraphGraphRAG is All You need? LLM & Knowledge Graph
GraphRAG is All You need? LLM & Knowledge Graph
Guy Korland
 
Assure Contact Center Experiences for Your Customers With ThousandEyes
Assure Contact Center Experiences for Your Customers With ThousandEyesAssure Contact Center Experiences for Your Customers With ThousandEyes
Assure Contact Center Experiences for Your Customers With ThousandEyes
ThousandEyes
 
Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...
Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...
Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...
Thierry Lestable
 
The Art of the Pitch: WordPress Relationships and Sales
The Art of the Pitch: WordPress Relationships and SalesThe Art of the Pitch: WordPress Relationships and Sales
The Art of the Pitch: WordPress Relationships and Sales
Laura Byrne
 
Securing your Kubernetes cluster_ a step-by-step guide to success !
Securing your Kubernetes cluster_ a step-by-step guide to success !Securing your Kubernetes cluster_ a step-by-step guide to success !
Securing your Kubernetes cluster_ a step-by-step guide to success !
KatiaHIMEUR1
 
Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...
Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...
Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...
Ramesh Iyer
 
The Future of Platform Engineering
The Future of Platform EngineeringThe Future of Platform Engineering
The Future of Platform Engineering
Jemma Hussein Allen
 
FIDO Alliance Osaka Seminar: Overview.pdf
FIDO Alliance Osaka Seminar: Overview.pdfFIDO Alliance Osaka Seminar: Overview.pdf
FIDO Alliance Osaka Seminar: Overview.pdf
FIDO Alliance
 
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024Encryption in Microsoft 365 - ExpertsLive Netherlands 2024
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024
Albert Hoitingh
 
Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdf
Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdfObservability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdf
Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdf
Paige Cruz
 
Generative AI Deep Dive: Advancing from Proof of Concept to Production
Generative AI Deep Dive: Advancing from Proof of Concept to ProductionGenerative AI Deep Dive: Advancing from Proof of Concept to Production
Generative AI Deep Dive: Advancing from Proof of Concept to Production
Aggregage
 

Recently uploaded (20)

Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdfSmart TV Buyer Insights Survey 2024 by 91mobiles.pdf
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf
 
Epistemic Interaction - tuning interfaces to provide information for AI support
Epistemic Interaction - tuning interfaces to provide information for AI supportEpistemic Interaction - tuning interfaces to provide information for AI support
Epistemic Interaction - tuning interfaces to provide information for AI support
 
Elevating Tactical DDD Patterns Through Object Calisthenics
Elevating Tactical DDD Patterns Through Object CalisthenicsElevating Tactical DDD Patterns Through Object Calisthenics
Elevating Tactical DDD Patterns Through Object Calisthenics
 
Introduction to CHERI technology - Cybersecurity
Introduction to CHERI technology - CybersecurityIntroduction to CHERI technology - Cybersecurity
Introduction to CHERI technology - Cybersecurity
 
Monitoring Java Application Security with JDK Tools and JFR Events
Monitoring Java Application Security with JDK Tools and JFR EventsMonitoring Java Application Security with JDK Tools and JFR Events
Monitoring Java Application Security with JDK Tools and JFR Events
 
GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...
GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...
GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...
 
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...
 
How world-class product teams are winning in the AI era by CEO and Founder, P...
How world-class product teams are winning in the AI era by CEO and Founder, P...How world-class product teams are winning in the AI era by CEO and Founder, P...
How world-class product teams are winning in the AI era by CEO and Founder, P...
 
Transcript: Selling digital books in 2024: Insights from industry leaders - T...
Transcript: Selling digital books in 2024: Insights from industry leaders - T...Transcript: Selling digital books in 2024: Insights from industry leaders - T...
Transcript: Selling digital books in 2024: Insights from industry leaders - T...
 
GraphRAG is All You need? LLM & Knowledge Graph
GraphRAG is All You need? LLM & Knowledge GraphGraphRAG is All You need? LLM & Knowledge Graph
GraphRAG is All You need? LLM & Knowledge Graph
 
Assure Contact Center Experiences for Your Customers With ThousandEyes
Assure Contact Center Experiences for Your Customers With ThousandEyesAssure Contact Center Experiences for Your Customers With ThousandEyes
Assure Contact Center Experiences for Your Customers With ThousandEyes
 
Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...
Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...
Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...
 
The Art of the Pitch: WordPress Relationships and Sales
The Art of the Pitch: WordPress Relationships and SalesThe Art of the Pitch: WordPress Relationships and Sales
The Art of the Pitch: WordPress Relationships and Sales
 
Securing your Kubernetes cluster_ a step-by-step guide to success !
Securing your Kubernetes cluster_ a step-by-step guide to success !Securing your Kubernetes cluster_ a step-by-step guide to success !
Securing your Kubernetes cluster_ a step-by-step guide to success !
 
Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...
Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...
Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...
 
The Future of Platform Engineering
The Future of Platform EngineeringThe Future of Platform Engineering
The Future of Platform Engineering
 
FIDO Alliance Osaka Seminar: Overview.pdf
FIDO Alliance Osaka Seminar: Overview.pdfFIDO Alliance Osaka Seminar: Overview.pdf
FIDO Alliance Osaka Seminar: Overview.pdf
 
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024Encryption in Microsoft 365 - ExpertsLive Netherlands 2024
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024
 
Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdf
Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdfObservability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdf
Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdf
 
Generative AI Deep Dive: Advancing from Proof of Concept to Production
Generative AI Deep Dive: Advancing from Proof of Concept to ProductionGenerative AI Deep Dive: Advancing from Proof of Concept to Production
Generative AI Deep Dive: Advancing from Proof of Concept to Production
 

How does "Self-Defending Data" Work?

  • 1. © Cocoon Data Holdings Limited 2013. All rights reserved. COVATA SELF-DEFENDING DATA Vic Winkler CTO Covata USA, Inc Reston, Virginia
  • 2. © Cocoon Data Holdings Limited 2013. All rights reserved. Can You Control Unprotected Data? No. Adding strong security components to an otherwise weak system is usually NOT effective X
  • 3. © Cocoon Data Holdings Limited 2013. All rights reserved. First, Control The Data Adding strong security components to an otherwise weak system is usually NOT effective Encrypt the data and apply access controls Persisting Access controls Persisting Control X ✔
  • 4. © Cocoon Data Holdings Limited 2013. All rights reserved. Self-Defending Data •  Doesn’t grant access unless you meet it’s requirements •  Doesn’t care if the computer or network are hacked •  Every access is audited •  Originator can revoke access anytime •  …Every copy behaves the same way
  • 5. © Cocoon Data Holdings Limited 2013. All rights reserved. Self-Defending Data …It’s Not: •  Disk encryption Each self-defending data object can have its own access control list (versus a single key for the disk) •  Multiple stove-pipes of encryption Each data object is protected consistently (through its life) as a single secure object •  PKI Self-defending data is simpler in concept, it should support agility and sharing (after all, ad-hoc relationships are common)
  • 6. © Cocoon Data Holdings Limited 2013. All rights reserved. So, What is ORCON? •  History: U.S. Intelligence Community -  Desired “Originator Control” in Closed-Network Information Sharing Examples: Rescind Access; Prevent Forwarding •  Extends classic access controls •  Has elements of: DRM, MAC, RBAC, ABAC, and Capability-Based approaches ORCON Persisting Originator Control over Data Data }
  • 7. © Cocoon Data Holdings Limited 2013. All rights reserved. ORCON … •  Does it have to be “Originator” control? Not always. The enterprise may require default controls Other systems like DLP might “attach” additional ORCON •  It is a flexible framework for persisting controls …But, but how does it work?
  • 8. © Cocoon Data Holdings Limited 2013. All rights reserved. Policy Enforcement & Caveats
  • 9. © Cocoon Data Holdings Limited 2013. All rights reserved. Covata ORCON is Built on Other Access Control Models •  Again, the goal is control over your data -  ORCON extends your control -  It empowers control and sharing (X-domain and ad-hoc) •  In brief, ORCON: -  Extends traditional access controls with “persistent controls” -  These persistent controls can be “shaped” to meet your security needs •  ORCON is more lightweight than DRM | IRM | MAC •  ORCON is more flexible than DRM | IRM | MAC