SlideShare una empresa de Scribd logo

Control Unprotected Data with Self-Defending Encryption

Vic Winkler
Vic Winkler

This document discusses self-defending data and ORCON (Originator Control), which allows data to persist access controls as it is shared. Self-defending data does not grant access unless requirements are met, is not affected if the computer or network are hacked, audits every access, and allows the originator to revoke access anytime. ORCON extends classic access controls and draws from models like DRM, MAC, RBAC, and ABAC to provide a flexible framework for persisting controls over data as it is shared within and between domains.

TecnologíaEmpresariales
1 de 9
Descargar para leer sin conexión
© Cocoon Data Holdings Limited 2013. All rights reserved. COVATA SELF-DEFENDING DATA Vic Winkler CTO Covata USA, Inc Reston, Virginia
© Cocoon Data Holdings Limited 2013. All rights reserved. Can You Control Unprotected Data? No. Adding strong security components to an otherwise weak system is usually NOT effective X
© Cocoon Data Holdings Limited 2013. All rights reserved. First, Control The Data Adding strong security components to an otherwise weak system is usually NOT effective Encrypt the data and apply access controls Persisting Access controls Persisting Control X ✔
© Cocoon Data Holdings Limited 2013. All rights reserved. Self-Defending Data •  Doesn’t grant access unless you meet it’s requirements •  Doesn’t care if the computer or network are hacked •  Every access is audited •  Originator can revoke access anytime •  …Every copy behaves the same way
© Cocoon Data Holdings Limited 2013. All rights reserved. Self-Defending Data …It’s Not: •  Disk encryption Each self-defending data object can have its own access control list (versus a single key for the disk) •  Multiple stove-pipes of encryption Each data object is protected consistently (through its life) as a single secure object •  PKI Self-defending data is simpler in concept, it should support agility and sharing (after all, ad-hoc relationships are common)
© Cocoon Data Holdings Limited 2013. All rights reserved. So, What is ORCON? •  History: U.S. Intelligence Community -  Desired “Originator Control” in Closed-Network Information Sharing Examples: Rescind Access; Prevent Forwarding •  Extends classic access controls •  Has elements of: DRM, MAC, RBAC, ABAC, and Capability-Based approaches ORCON Persisting Originator Control over Data Data }
© Cocoon Data Holdings Limited 2013. All rights reserved. ORCON … •  Does it have to be “Originator” control? Not always. The enterprise may require default controls Other systems like DLP might “attach” additional ORCON •  It is a flexible framework for persisting controls …But, but how does it work?
© Cocoon Data Holdings Limited 2013. All rights reserved. Policy Enforcement & Caveats
© Cocoon Data Holdings Limited 2013. All rights reserved. Covata ORCON is Built on Other Access Control Models •  Again, the goal is control over your data -  ORCON extends your control -  It empowers control and sharing (X-domain and ad-hoc) •  In brief, ORCON: -  Extends traditional access controls with “persistent controls” -  These persistent controls can be “shaped” to meet your security needs •  ORCON is more lightweight than DRM | IRM | MAC •  ORCON is more flexible than DRM | IRM | MAC

Recomendados

ORCON in 10 Minutes
ORCON in 10 MinutesORCON in 10 Minutes
ORCON in 10 MinutesVic Winkler
 
IT Controls Presentation
IT Controls PresentationIT Controls Presentation
IT Controls PresentationBill Lisse
 
Managing Data Breach Communication on The Social Web
Managing Data Breach Communication on The Social WebManaging Data Breach Communication on The Social Web
Managing Data Breach Communication on The Social WebBoyd Neil
 
Edge pereira oss304 tech ed australia regulatory compliance and microsoft off...
Edge pereira oss304 tech ed australia regulatory compliance and microsoft off...Edge pereira oss304 tech ed australia regulatory compliance and microsoft off...
Edge pereira oss304 tech ed australia regulatory compliance and microsoft off...Edge Pereira
 
Data lake protection ft 3119 -ver1.0
Data lake protection ft 3119 -ver1.0Data lake protection ft 3119 -ver1.0
Data lake protection ft 3119 -ver1.0Finto Thomas , CISSP, TOGAF, CCSP, ITIL. JNCIS
 
Analysis-of-Security-Algorithms-in-Cloud-Computing [Autosaved]
Analysis-of-Security-Algorithms-in-Cloud-Computing [Autosaved]Analysis-of-Security-Algorithms-in-Cloud-Computing [Autosaved]
Analysis-of-Security-Algorithms-in-Cloud-Computing [Autosaved]Mahmuda Rahman
 
How To Plan Successful Encryption Strategy
How To Plan Successful Encryption StrategyHow To Plan Successful Encryption Strategy
How To Plan Successful Encryption StrategyClickSSL
 
ATT&CK Updates- Defensive ATT&CK
ATT&CK Updates- Defensive ATT&CKATT&CK Updates- Defensive ATT&CK
ATT&CK Updates- Defensive ATT&CKMITRE ATT&CK
 

Recomendados

ORCON in 10 Minutes
ORCON in 10 MinutesORCON in 10 Minutes
ORCON in 10 MinutesVic Winkler
 
IT Controls Presentation
IT Controls PresentationIT Controls Presentation
IT Controls PresentationBill Lisse
 
Managing Data Breach Communication on The Social Web
Managing Data Breach Communication on The Social WebManaging Data Breach Communication on The Social Web
Managing Data Breach Communication on The Social WebBoyd Neil
 
Edge pereira oss304 tech ed australia regulatory compliance and microsoft off...
Edge pereira oss304 tech ed australia regulatory compliance and microsoft off...Edge pereira oss304 tech ed australia regulatory compliance and microsoft off...
Edge pereira oss304 tech ed australia regulatory compliance and microsoft off...Edge Pereira
 
Data lake protection ft 3119 -ver1.0
Data lake protection ft 3119 -ver1.0Data lake protection ft 3119 -ver1.0
Data lake protection ft 3119 -ver1.0Finto Thomas , CISSP, TOGAF, CCSP, ITIL. JNCIS
 
Analysis-of-Security-Algorithms-in-Cloud-Computing [Autosaved]
Analysis-of-Security-Algorithms-in-Cloud-Computing [Autosaved]Analysis-of-Security-Algorithms-in-Cloud-Computing [Autosaved]
Analysis-of-Security-Algorithms-in-Cloud-Computing [Autosaved]Mahmuda Rahman
 
How To Plan Successful Encryption Strategy
How To Plan Successful Encryption StrategyHow To Plan Successful Encryption Strategy
How To Plan Successful Encryption StrategyClickSSL
 
ATT&CK Updates- Defensive ATT&CK
ATT&CK Updates- Defensive ATT&CKATT&CK Updates- Defensive ATT&CK
ATT&CK Updates- Defensive ATT&CKMITRE ATT&CK
 
Compliance regulations with Data Centric Security | Seclore
Compliance regulations with Data Centric Security | SecloreCompliance regulations with Data Centric Security | Seclore
Compliance regulations with Data Centric Security | SecloreSeclore
 
Sensitive data
Sensitive dataSensitive data
Sensitive dataS.M. Towhidul Islam
 
Mcafee CASB/DLP + Seclore Rights Management Solutions
Mcafee CASB/DLP + Seclore Rights Management Solutions Mcafee CASB/DLP + Seclore Rights Management Solutions
Mcafee CASB/DLP + Seclore Rights Management Solutions Seclore
 
How Privacy in the Cloud Affects End-Users
How Privacy in the Cloud Affects End-UsersHow Privacy in the Cloud Affects End-Users
How Privacy in the Cloud Affects End-UsersWSO2
 
Cross border - off-shoring and outsourcing privacy sensitive data
Cross border - off-shoring and outsourcing privacy sensitive dataCross border - off-shoring and outsourcing privacy sensitive data
Cross border - off-shoring and outsourcing privacy sensitive dataUlf Mattsson
 
Fuel Good 2018: Is your Nonprofit at Risk? Security and Privacy Best Practices
Fuel Good 2018: Is your Nonprofit at Risk? Security and Privacy Best PracticesFuel Good 2018: Is your Nonprofit at Risk? Security and Privacy Best Practices
Fuel Good 2018: Is your Nonprofit at Risk? Security and Privacy Best PracticesSparkrock
 
Securing MS SharePoint with IRM
Securing MS SharePoint with IRMSecuring MS SharePoint with IRM
Securing MS SharePoint with IRMSeclore
 
Insider Threat Protection | Seclore
Insider Threat Protection | SecloreInsider Threat Protection | Seclore
Insider Threat Protection | SecloreSeclore
 
Seclore Advantage Channel Program
Seclore Advantage Channel ProgramSeclore Advantage Channel Program
Seclore Advantage Channel ProgramSeclore
 
Customer Data Privacy & Protection | Seclore
Customer Data Privacy & Protection | SecloreCustomer Data Privacy & Protection | Seclore
Customer Data Privacy & Protection | SecloreSeclore
 
Cyber security privacy-and-blockchain-perspective-14 nov2018-v01-public
Cyber security privacy-and-blockchain-perspective-14 nov2018-v01-publicCyber security privacy-and-blockchain-perspective-14 nov2018-v01-public
Cyber security privacy-and-blockchain-perspective-14 nov2018-v01-publicSecunoid Systems Inc
 
One click protection in microsoft office
One click protection in microsoft officeOne click protection in microsoft office
One click protection in microsoft officeSeclore
 
Cloud security
Cloud securityCloud security
Cloud securityJhanvi Dattani
 
IRDAI Compliance & Data-Centric Security | Seclore
IRDAI Compliance & Data-Centric Security | SecloreIRDAI Compliance & Data-Centric Security | Seclore
IRDAI Compliance & Data-Centric Security | SecloreSeclore
 
Is your distributed system secure?
Is your distributed system secure?Is your distributed system secure?
Is your distributed system secure?Lacey Trebaol
 
Bring Your Own Encryption | Seclore
Bring Your Own Encryption | SecloreBring Your Own Encryption | Seclore
Bring Your Own Encryption | SecloreSeclore
 
Data Classification Protection | Seclore
Data Classification Protection | SecloreData Classification Protection | Seclore
Data Classification Protection | SecloreSeclore
 
Securing data in the cloud
Securing data in the cloudSecuring data in the cloud
Securing data in the cloudEyal Estrin
 
GDPR Compliance & Data-Centric Security | Seclore
GDPR Compliance & Data-Centric Security | SecloreGDPR Compliance & Data-Centric Security | Seclore
GDPR Compliance & Data-Centric Security | SecloreSeclore
 
What is blockchain?
What is blockchain?What is blockchain?
What is blockchain?learndac
 
Stronger Together: Public Library as Community Partner
Stronger Together: Public Library as Community PartnerStronger Together: Public Library as Community Partner
Stronger Together: Public Library as Community PartnerSara Wedell
 
Philadelphia Naval Complex case study
Philadelphia Naval Complex case studyPhiladelphia Naval Complex case study
Philadelphia Naval Complex case studyldscdr
 

Más contenido relacionado

La actualidad más candente

Compliance regulations with Data Centric Security | Seclore
Compliance regulations with Data Centric Security | SecloreCompliance regulations with Data Centric Security | Seclore
Compliance regulations with Data Centric Security | SecloreSeclore
 
Mcafee CASB/DLP + Seclore Rights Management Solutions
Mcafee CASB/DLP + Seclore Rights Management Solutions Mcafee CASB/DLP + Seclore Rights Management Solutions
Mcafee CASB/DLP + Seclore Rights Management Solutions Seclore
 
How Privacy in the Cloud Affects End-Users
How Privacy in the Cloud Affects End-UsersHow Privacy in the Cloud Affects End-Users
How Privacy in the Cloud Affects End-UsersWSO2
 
Cross border - off-shoring and outsourcing privacy sensitive data
Cross border - off-shoring and outsourcing privacy sensitive dataCross border - off-shoring and outsourcing privacy sensitive data
Cross border - off-shoring and outsourcing privacy sensitive dataUlf Mattsson
 
Fuel Good 2018: Is your Nonprofit at Risk? Security and Privacy Best Practices
Fuel Good 2018: Is your Nonprofit at Risk? Security and Privacy Best PracticesFuel Good 2018: Is your Nonprofit at Risk? Security and Privacy Best Practices
Fuel Good 2018: Is your Nonprofit at Risk? Security and Privacy Best PracticesSparkrock
 
Securing MS SharePoint with IRM
Securing MS SharePoint with IRMSecuring MS SharePoint with IRM
Securing MS SharePoint with IRMSeclore
 
Insider Threat Protection | Seclore
Insider Threat Protection | SecloreInsider Threat Protection | Seclore
Insider Threat Protection | SecloreSeclore
 
Seclore Advantage Channel Program
Seclore Advantage Channel ProgramSeclore Advantage Channel Program
Seclore Advantage Channel ProgramSeclore
 
Customer Data Privacy & Protection | Seclore
Customer Data Privacy & Protection | SecloreCustomer Data Privacy & Protection | Seclore
Customer Data Privacy & Protection | SecloreSeclore
 
Cyber security privacy-and-blockchain-perspective-14 nov2018-v01-public
Cyber security privacy-and-blockchain-perspective-14 nov2018-v01-publicCyber security privacy-and-blockchain-perspective-14 nov2018-v01-public
Cyber security privacy-and-blockchain-perspective-14 nov2018-v01-publicSecunoid Systems Inc
 
One click protection in microsoft office
One click protection in microsoft officeOne click protection in microsoft office
One click protection in microsoft officeSeclore
 
IRDAI Compliance & Data-Centric Security | Seclore
IRDAI Compliance & Data-Centric Security | SecloreIRDAI Compliance & Data-Centric Security | Seclore
IRDAI Compliance & Data-Centric Security | SecloreSeclore
 
Is your distributed system secure?
Is your distributed system secure?Is your distributed system secure?
Is your distributed system secure?Lacey Trebaol
 
Bring Your Own Encryption | Seclore
Bring Your Own Encryption | SecloreBring Your Own Encryption | Seclore
Bring Your Own Encryption | SecloreSeclore
 
Data Classification Protection | Seclore
Data Classification Protection | SecloreData Classification Protection | Seclore
Data Classification Protection | SecloreSeclore
 
Securing data in the cloud
Securing data in the cloudSecuring data in the cloud
Securing data in the cloudEyal Estrin
 
GDPR Compliance & Data-Centric Security | Seclore
GDPR Compliance & Data-Centric Security | SecloreGDPR Compliance & Data-Centric Security | Seclore
GDPR Compliance & Data-Centric Security | SecloreSeclore
 
What is blockchain?
What is blockchain?What is blockchain?
What is blockchain?learndac
 

La actualidad más candente (20)

Compliance regulations with Data Centric Security | Seclore
Compliance regulations with Data Centric Security | SecloreCompliance regulations with Data Centric Security | Seclore
Compliance regulations with Data Centric Security | Seclore
 
Sensitive data
Sensitive dataSensitive data
Sensitive data
 
Mcafee CASB/DLP + Seclore Rights Management Solutions
Mcafee CASB/DLP + Seclore Rights Management Solutions Mcafee CASB/DLP + Seclore Rights Management Solutions
Mcafee CASB/DLP + Seclore Rights Management Solutions
 
How Privacy in the Cloud Affects End-Users
How Privacy in the Cloud Affects End-UsersHow Privacy in the Cloud Affects End-Users
How Privacy in the Cloud Affects End-Users
 
Cross border - off-shoring and outsourcing privacy sensitive data
Cross border - off-shoring and outsourcing privacy sensitive dataCross border - off-shoring and outsourcing privacy sensitive data
Cross border - off-shoring and outsourcing privacy sensitive data
 
Fuel Good 2018: Is your Nonprofit at Risk? Security and Privacy Best Practices
Fuel Good 2018: Is your Nonprofit at Risk? Security and Privacy Best PracticesFuel Good 2018: Is your Nonprofit at Risk? Security and Privacy Best Practices
Fuel Good 2018: Is your Nonprofit at Risk? Security and Privacy Best Practices
 
Securing MS SharePoint with IRM
Securing MS SharePoint with IRMSecuring MS SharePoint with IRM
Securing MS SharePoint with IRM
 
Insider Threat Protection | Seclore
Insider Threat Protection | SecloreInsider Threat Protection | Seclore
Insider Threat Protection | Seclore
 
Seclore Advantage Channel Program
Seclore Advantage Channel ProgramSeclore Advantage Channel Program
Seclore Advantage Channel Program
 
Customer Data Privacy & Protection | Seclore
Customer Data Privacy & Protection | SecloreCustomer Data Privacy & Protection | Seclore
Customer Data Privacy & Protection | Seclore
 
Cyber security privacy-and-blockchain-perspective-14 nov2018-v01-public
Cyber security privacy-and-blockchain-perspective-14 nov2018-v01-publicCyber security privacy-and-blockchain-perspective-14 nov2018-v01-public
Cyber security privacy-and-blockchain-perspective-14 nov2018-v01-public
 
One click protection in microsoft office
One click protection in microsoft officeOne click protection in microsoft office
One click protection in microsoft office
 
Cloud security
Cloud securityCloud security
Cloud security
 
IRDAI Compliance & Data-Centric Security | Seclore
IRDAI Compliance & Data-Centric Security | SecloreIRDAI Compliance & Data-Centric Security | Seclore
IRDAI Compliance & Data-Centric Security | Seclore
 
Is your distributed system secure?
Is your distributed system secure?Is your distributed system secure?
Is your distributed system secure?
 
Bring Your Own Encryption | Seclore
Bring Your Own Encryption | SecloreBring Your Own Encryption | Seclore
Bring Your Own Encryption | Seclore
 
Data Classification Protection | Seclore
Data Classification Protection | SecloreData Classification Protection | Seclore
Data Classification Protection | Seclore
 
Securing data in the cloud
Securing data in the cloudSecuring data in the cloud
Securing data in the cloud
 
GDPR Compliance & Data-Centric Security | Seclore
GDPR Compliance & Data-Centric Security | SecloreGDPR Compliance & Data-Centric Security | Seclore
GDPR Compliance & Data-Centric Security | Seclore
 
What is blockchain?
What is blockchain?What is blockchain?
What is blockchain?
 

Destacado

Stronger Together: Public Library as Community Partner
Stronger Together: Public Library as Community PartnerStronger Together: Public Library as Community Partner
Stronger Together: Public Library as Community PartnerSara Wedell
 
Philadelphia Naval Complex case study
Philadelphia Naval Complex case studyPhiladelphia Naval Complex case study
Philadelphia Naval Complex case studyldscdr
 
Security in an Interconnected and Complex World of Software
Security in an Interconnected and Complex World of SoftwareSecurity in an Interconnected and Complex World of Software
Security in an Interconnected and Complex World of SoftwareMichael Coates
 
Libraries promoting economic development through collaboration
Libraries promoting economic development through collaborationLibraries promoting economic development through collaboration
Libraries promoting economic development through collaborationSara Wedell
 
Mm overview
Mm overviewMm overview
Mm overviewspalroay
 
Pilot Study Project
Pilot Study ProjectPilot Study Project
Pilot Study Projectldscdr
 

Destacado (6)

Stronger Together: Public Library as Community Partner
Stronger Together: Public Library as Community PartnerStronger Together: Public Library as Community Partner
Stronger Together: Public Library as Community Partner
 
Philadelphia Naval Complex case study
Philadelphia Naval Complex case studyPhiladelphia Naval Complex case study
Philadelphia Naval Complex case study
 
Security in an Interconnected and Complex World of Software
Security in an Interconnected and Complex World of SoftwareSecurity in an Interconnected and Complex World of Software
Security in an Interconnected and Complex World of Software
 
Libraries promoting economic development through collaboration
Libraries promoting economic development through collaborationLibraries promoting economic development through collaboration
Libraries promoting economic development through collaboration
 
Mm overview
Mm overviewMm overview
Mm overview
 
Pilot Study Project
Pilot Study ProjectPilot Study Project
Pilot Study Project
 

Similar a Control Unprotected Data with Self-Defending Encryption

Winkler Cloud, ORCON, and Mobility
Winkler Cloud, ORCON, and MobilityWinkler Cloud, ORCON, and Mobility
Winkler Cloud, ORCON, and MobilityVic Winkler
 
Oracle Database 11g Security and Compliance Solutions - By Tom Kyte
Oracle Database 11g Security and Compliance Solutions - By Tom KyteOracle Database 11g Security and Compliance Solutions - By Tom Kyte
Oracle Database 11g Security and Compliance Solutions - By Tom KyteEdgar Alejandro Villegas
 
Database security and privacy
Database security and privacyDatabase security and privacy
Database security and privacyMd. Ahasan Hasib
 
Do you Know Where Your Data Is? - Accellion InfoSec World 2013 Conference pre...
Do you Know Where Your Data Is? - Accellion InfoSec World 2013 Conference pre...Do you Know Where Your Data Is? - Accellion InfoSec World 2013 Conference pre...
Do you Know Where Your Data Is? - Accellion InfoSec World 2013 Conference pre...Proofpoint
 
MobileDBSecurity.pptx
MobileDBSecurity.pptxMobileDBSecurity.pptx
MobileDBSecurity.pptxmissionsk81
 
Tsc2021 cyber-issues
Tsc2021 cyber-issuesTsc2021 cyber-issues
Tsc2021 cyber-issuesErnest Staats
 
Centrifuge Systems Overview 2 14
Centrifuge Systems Overview 2 14Centrifuge Systems Overview 2 14
Centrifuge Systems Overview 2 14Russ Holmes
 
Self defending data webinar (feb13)
Self defending data webinar (feb13)Self defending data webinar (feb13)
Self defending data webinar (feb13)Vic Winkler
 
Lock it or Lose It: Why Every Company Should be Concerned About Data Security
Lock it or Lose It: Why Every Company Should be Concerned About Data SecurityLock it or Lose It: Why Every Company Should be Concerned About Data Security
Lock it or Lose It: Why Every Company Should be Concerned About Data SecuritySmartCompliance
 
CISSP Chapter 7 - Security Operations
CISSP Chapter 7 - Security OperationsCISSP Chapter 7 - Security Operations
CISSP Chapter 7 - Security OperationsKarthikeyan Dhayalan
 
Understanding Database Encryption & Protecting Against the Insider Threat wit...
Understanding Database Encryption & Protecting Against the Insider Threat wit...Understanding Database Encryption & Protecting Against the Insider Threat wit...
Understanding Database Encryption & Protecting Against the Insider Threat wit...MongoDB
 
Computer security concepts
Computer security conceptsComputer security concepts
Computer security conceptsG Prachi
 
Lecture Data Classification And Data Loss Prevention
Lecture Data Classification And Data Loss PreventionLecture Data Classification And Data Loss Prevention
Lecture Data Classification And Data Loss PreventionNicholas Davis
 
Data Classification And Loss Prevention
Data Classification And Loss PreventionData Classification And Loss Prevention
Data Classification And Loss PreventionNicholas Davis
 
Lecture data classification_and_data_loss_prevention
Lecture data classification_and_data_loss_preventionLecture data classification_and_data_loss_prevention
Lecture data classification_and_data_loss_preventionNicholas Davis
 
Seqrite Data Loss Prevention- Complete Protection from Data Theft and Data Loss
Seqrite Data Loss Prevention- Complete Protection from Data Theft and Data LossSeqrite Data Loss Prevention- Complete Protection from Data Theft and Data Loss
Seqrite Data Loss Prevention- Complete Protection from Data Theft and Data LossQuick Heal Technologies Ltd.
 
Top 10 Things Logs Can Do for You, Today
Top 10 Things Logs Can Do for You, TodayTop 10 Things Logs Can Do for You, Today
Top 10 Things Logs Can Do for You, TodaySolarWinds
 
UTSpeaks Public Lecture: Clearing up the Cloud -19th July 2011 - Rob Living...
UTSpeaks Public Lecture: Clearing up the Cloud -19th July 2011 - Rob Living...UTSpeaks Public Lecture: Clearing up the Cloud -19th July 2011 - Rob Living...
UTSpeaks Public Lecture: Clearing up the Cloud -19th July 2011 - Rob Living...Livingstone Advisory
 
Data security and Integrity
Data security and IntegrityData security and Integrity
Data security and IntegrityZaid Shabbir
 

Similar a Control Unprotected Data with Self-Defending Encryption (20)

Winkler Cloud, ORCON, and Mobility
Winkler Cloud, ORCON, and MobilityWinkler Cloud, ORCON, and Mobility
Winkler Cloud, ORCON, and Mobility
 
Oracle Database 11g Security and Compliance Solutions - By Tom Kyte
Oracle Database 11g Security and Compliance Solutions - By Tom KyteOracle Database 11g Security and Compliance Solutions - By Tom Kyte
Oracle Database 11g Security and Compliance Solutions - By Tom Kyte
 
Database security and privacy
Database security and privacyDatabase security and privacy
Database security and privacy
 
Do you Know Where Your Data Is? - Accellion InfoSec World 2013 Conference pre...
Do you Know Where Your Data Is? - Accellion InfoSec World 2013 Conference pre...Do you Know Where Your Data Is? - Accellion InfoSec World 2013 Conference pre...
Do you Know Where Your Data Is? - Accellion InfoSec World 2013 Conference pre...
 
MobileDBSecurity.pptx
MobileDBSecurity.pptxMobileDBSecurity.pptx
MobileDBSecurity.pptx
 
Tsc2021 cyber-issues
Tsc2021 cyber-issuesTsc2021 cyber-issues
Tsc2021 cyber-issues
 
Centrifuge Systems Overview 2 14
Centrifuge Systems Overview 2 14Centrifuge Systems Overview 2 14
Centrifuge Systems Overview 2 14
 
Self defending data webinar (feb13)
Self defending data webinar (feb13)Self defending data webinar (feb13)
Self defending data webinar (feb13)
 
Lock it or Lose It: Why Every Company Should be Concerned About Data Security
Lock it or Lose It: Why Every Company Should be Concerned About Data SecurityLock it or Lose It: Why Every Company Should be Concerned About Data Security
Lock it or Lose It: Why Every Company Should be Concerned About Data Security
 
CISSP Chapter 7 - Security Operations
CISSP Chapter 7 - Security OperationsCISSP Chapter 7 - Security Operations
CISSP Chapter 7 - Security Operations
 
Understanding Database Encryption & Protecting Against the Insider Threat wit...
Understanding Database Encryption & Protecting Against the Insider Threat wit...Understanding Database Encryption & Protecting Against the Insider Threat wit...
Understanding Database Encryption & Protecting Against the Insider Threat wit...
 
Computer security concepts
Computer security conceptsComputer security concepts
Computer security concepts
 
Lecture Data Classification And Data Loss Prevention
Lecture Data Classification And Data Loss PreventionLecture Data Classification And Data Loss Prevention
Lecture Data Classification And Data Loss Prevention
 
Data Classification And Loss Prevention
Data Classification And Loss PreventionData Classification And Loss Prevention
Data Classification And Loss Prevention
 
Lecture data classification_and_data_loss_prevention
Lecture data classification_and_data_loss_preventionLecture data classification_and_data_loss_prevention
Lecture data classification_and_data_loss_prevention
 
Seqrite Data Loss Prevention- Complete Protection from Data Theft and Data Loss
Seqrite Data Loss Prevention- Complete Protection from Data Theft and Data LossSeqrite Data Loss Prevention- Complete Protection from Data Theft and Data Loss
Seqrite Data Loss Prevention- Complete Protection from Data Theft and Data Loss
 
Top 10 Things Logs Can Do for You, Today
Top 10 Things Logs Can Do for You, TodayTop 10 Things Logs Can Do for You, Today
Top 10 Things Logs Can Do for You, Today
 
security in is.pptx
security in is.pptxsecurity in is.pptx
security in is.pptx
 
UTSpeaks Public Lecture: Clearing up the Cloud -19th July 2011 - Rob Living...
UTSpeaks Public Lecture: Clearing up the Cloud -19th July 2011 - Rob Living...UTSpeaks Public Lecture: Clearing up the Cloud -19th July 2011 - Rob Living...
UTSpeaks Public Lecture: Clearing up the Cloud -19th July 2011 - Rob Living...
 
Data security and Integrity
Data security and IntegrityData security and Integrity
Data security and Integrity
 

Último

New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024BookNet Canada
 
WordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your BrandWordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your Brandgvaughan
 
Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupStreamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupFlorian Wilhelm
 
"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr BaganFwdays
 
Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Commit University
 
Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 3652toLead Limited
 
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsMemoori
 
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks..."LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...Fwdays
 
Commit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyCommit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyAlfredo García Lavilla
 
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek SchlawackFwdays
 
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsSergiu Bodiu
 
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024BookNet Canada
 
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationBeyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationSafe Software
 
Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!Manik S Magar
 
Training state-of-the-art general text embedding
Training state-of-the-art general text embeddingTraining state-of-the-art general text embedding
Training state-of-the-art general text embeddingZilliz
 
"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii SoldatenkoFwdays
 
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Mark Simos
 
Gen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfGen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfAddepto
 
Install Stable Diffusion in windows machine
Install Stable Diffusion in windows machineInstall Stable Diffusion in windows machine
Install Stable Diffusion in windows machinePadma Pradeep
 
Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Enterprise Knowledge
 

Último (20)

New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
 
WordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your BrandWordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your Brand
 
Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupStreamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project Setup
 
"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan
 
Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!
 
Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365
 
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial Buildings
 
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks..."LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
 
Commit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyCommit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easy
 
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
 
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platforms
 
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
 
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationBeyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
 
Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!
 
Training state-of-the-art general text embedding
Training state-of-the-art general text embeddingTraining state-of-the-art general text embedding
Training state-of-the-art general text embedding
 
"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko
 
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
 
Gen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfGen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdf
 
Install Stable Diffusion in windows machine
Install Stable Diffusion in windows machineInstall Stable Diffusion in windows machine
Install Stable Diffusion in windows machine
 
Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024
 

Control Unprotected Data with Self-Defending Encryption

  • 1. © Cocoon Data Holdings Limited 2013. All rights reserved. COVATA SELF-DEFENDING DATA Vic Winkler CTO Covata USA, Inc Reston, Virginia
  • 2. © Cocoon Data Holdings Limited 2013. All rights reserved. Can You Control Unprotected Data? No. Adding strong security components to an otherwise weak system is usually NOT effective X
  • 3. © Cocoon Data Holdings Limited 2013. All rights reserved. First, Control The Data Adding strong security components to an otherwise weak system is usually NOT effective Encrypt the data and apply access controls Persisting Access controls Persisting Control X ✔
  • 4. © Cocoon Data Holdings Limited 2013. All rights reserved. Self-Defending Data •  Doesn’t grant access unless you meet it’s requirements •  Doesn’t care if the computer or network are hacked •  Every access is audited •  Originator can revoke access anytime •  …Every copy behaves the same way
  • 5. © Cocoon Data Holdings Limited 2013. All rights reserved. Self-Defending Data …It’s Not: •  Disk encryption Each self-defending data object can have its own access control list (versus a single key for the disk) •  Multiple stove-pipes of encryption Each data object is protected consistently (through its life) as a single secure object •  PKI Self-defending data is simpler in concept, it should support agility and sharing (after all, ad-hoc relationships are common)
  • 6. © Cocoon Data Holdings Limited 2013. All rights reserved. So, What is ORCON? •  History: U.S. Intelligence Community -  Desired “Originator Control” in Closed-Network Information Sharing Examples: Rescind Access; Prevent Forwarding •  Extends classic access controls •  Has elements of: DRM, MAC, RBAC, ABAC, and Capability-Based approaches ORCON Persisting Originator Control over Data Data }
  • 7. © Cocoon Data Holdings Limited 2013. All rights reserved. ORCON … •  Does it have to be “Originator” control? Not always. The enterprise may require default controls Other systems like DLP might “attach” additional ORCON •  It is a flexible framework for persisting controls …But, but how does it work?
  • 8. © Cocoon Data Holdings Limited 2013. All rights reserved. Policy Enforcement & Caveats
  • 9. © Cocoon Data Holdings Limited 2013. All rights reserved. Covata ORCON is Built on Other Access Control Models •  Again, the goal is control over your data -  ORCON extends your control -  It empowers control and sharing (X-domain and ad-hoc) •  In brief, ORCON: -  Extends traditional access controls with “persistent controls” -  These persistent controls can be “shaped” to meet your security needs •  ORCON is more lightweight than DRM | IRM | MAC •  ORCON is more flexible than DRM | IRM | MAC