SlideShare una empresa de Scribd logo

Winkler Cloud, ORCON, and Mobility

Descargar como PPTX, PDF
Vic Winkler
Vic Winkler

This presentation was given to The Research Board (Gartner) in Orlando FL April 2013

Tecnología
1 de 29
Keeping Data Confidential Beyond the Enterprise: “...Would you like some ORCON with your data?" Vic Winkler CTO Covata USA, Inc Reston, Virginia © Cocoon Data Holdings Limited 2013. All rights reserved.
mini-bio • Author “Securing the Cloud: Cloud Computer Security Techniques and Tactics” May 2011 (Elsevier/Syngress) • CTO “Self-Defending Data” www.Covata.Com Reston VA | Sydney Australia • Published Researcher Secure Operating System Design, Network Monitoring, Intrusion Detection, Information Warfare (PRC Inc., Northrup) • Security Design & Engineering Sun Grid Compute Utility, Network.Com, The Sun Public Cloud (Sun Microsystems) Government & Defense Customers (Booz Allen Hamilton, Sun Microsystems, PRC) • Contact: work: Vic.Winkler@Covata.Com personal: Vic@VicWinkler.COM © Cocoon Data Holdings Limited 2013. All rights reserved.
The Point of this Talk • You already know this: - Vulnerabilities and Exploits are Inevitable - The Perimeter is dead. Long live the Perimeter - BYOD and Cloud Undermine Enterprise IT • Unfortunately: - The data itself remains unprotected (inconsistent crypto) - The goal isn’t just security – it’s control over your data - DRM | IRM | ORCON extend your control over data - Persisting Control for X-domain and Ad-hoc Sharing? ORCON © Cocoon Data Holdings Limited 2013. All rights reserved.
What is Hacking? • One definition: Focusing on the “protective” qualities of cardboard and ignoring the door Which is the better defense: A Glass Door …Or a Castle? Answer: It depends on what you seek to protect from whom © Cocoon Data Holdings Limited 2013. All rights reserved.
A “Not-so” Accurate History of Security © Cocoon Data Holdings Limited 2013. All rights reserved.
A “Not-so” Accurate History of Security © Cocoon Data Holdings Limited 2013. All rights reserved.
Cloud Computing: A Newer Model for IT © Cocoon Data Holdings Limited 2013. All rights reserved.
Cloud Computing: A Newer Model for IT © Cocoon Data Holdings Limited 2013. All rights reserved.
Where Responsibility Resides © Cocoon Data Holdings Limited 2013. All rights reserved.
Your Limits as a Tenant © Cocoon Data Holdings Limited 2013. All rights reserved.
…A Closer Look © Cocoon Data Holdings Limited 2013. All rights reserved.
Organizational Control © Cocoon Data Holdings Limited 2013. All rights reserved.
Vendor Transparency © Cocoon Data Holdings Limited 2013. All rights reserved.
Many “Concerns”: Cloud Security • Insecure Interfaces & APIs Assess provider’s security model. Check if strong auth., access controls and crypto are used. • Malicious Cloud Provider Employee Lack of provider transparency as to processes and procedures can raise concern of provider’s insider threat problem. • Concerns about Shared Infrastructure Monitor for changes, follow best practices, conduct scanning and config audits. • Data Loss & Leakage Encrypt. Verify APIs are strong. Verify provider backups are appropriate. • Account or Service Hijacking Use “safe” credentials, 2+-factor, monitor. • …A Public Service isn’t for Everyone And Yet: Compared to most enterprises, Amazon, Rackspace and Google have superior IT security implementations and procedures. © Cocoon Data Holdings Limited 2013. All rights reserved.
Cyber Security? (…Maybe Data Finally Deserves it’s own Protection) • Networks & Infrastructure: Hard to keep safe “Current security efforts focus on individual radios or nodes, rather than the network, so a single misconfigured or compromised radio could debilitate an entire network” (DARPA) …Is it a fantasy to believe you can secure everything? …And keep it so? Is there a “keep it simple stupid” strategy that can work? • IT is always changing BYOD – A new attack vector. Trade-offs against corporate “control” • Rescind -or- retract data you shared or a recipient? • The social phenomenon (OMG) (We are doomed) © Cocoon Data Holdings Limited 2013. All rights reserved.
Motivation for Data-Level Encryption • Protecting the Network & Nodes Perimeter complacency… (oh wait, it’s “dead”) But …what about the data itself? • My Backup is on Your Email Server • Encryption Stovepipes • Full Disk Encryption vs. Data Level © Cocoon Data Holdings Limited 2013. All rights reserved.
“Goldilocks was Here” (“just right”) © Cocoon Data Holdings Limited 2013. All rights reserved.
Access Controls: A Comparison © Cocoon Data Holdings Limited 2013. All rights reserved.
What is ORCON? • U.S. Intelligence Community - Desired “Originator Control” in Closed-Network Information Sharing Examples: Rescind Access; Prevent Forwarding • Does not Exactly Align with Classic Access Controls - MAC – Mandatory Access Controls (User Clearance : Data Classification) - DAC – Discretionary Access Controls (Usually too simple such as “UGO”) - Capability Based – Defines access rights (Akin to a “file descriptor”, process oriented) - Role Based – Aligns well with “pools of users” problems • …ORCON is a big part of what you really want ORCON Control over Data © Cocoon Data Holdings Limited 2013. All rights reserved.
ORCON is Related to: DRM & IRM • DRM or IRM solutions expand on access controls with “rights” • Rights can be anything (download, forward, print,…) • Commercial systems typically use PKI Which is messy; Which has limits; Which gets complicated • Examples: Oracle Entitlement Server; EMC’s Documentum; Microsoft DRM; AD Rights Management Services • These are typically “heavyweight” and entail “services drag” • They require integration with your workflow …unless you are happy using default applications like Sharepoint © Cocoon Data Holdings Limited 2013. All rights reserved.
“Sharing Should Just Work” © Cocoon Data Holdings Limited 2013. All rights reserved.
Use of a Cloud-Based Key Service © Cocoon Data Holdings Limited 2013. All rights reserved.
Encryption in the Workflow © Cocoon Data Holdings Limited 2013. All rights reserved.
How it Works © Cocoon Data Holdings Limited 2013. All rights reserved.
ORCON … • But does it have to be “Originator” control? No. 1) The enterprise might need to specify default controls for: All data that is shared between identified individuals All data that is sent to specific external entities Specific recipient devices 2) Enterprise DLP systems might need to be bypassed (encrypted content) Thus: Encrypted content must meet certain standards Certain content may warrant additional specific controls 3) The enterprise might “attach” additional ORCON (for instance, by a DLP) • ORCON is a flexible framework for persisting controls © Cocoon Data Holdings Limited 2013. All rights reserved.
Options: Enable the Workflow or App © Cocoon Data Holdings Limited 2013. All rights reserved.
The Nature of Risk © Cocoon Data Holdings Limited 2013. All rights reserved.
The Point of this Talk • You already know this: - Vulnerabilities and Exploits are (ABSOLUTELY) inevitable - The perimeter (REALLY) is dead. Long live the perimeter - BYOD and Cloud (IRRESISTABLY) undermine enterprise IT • Unfortunately: - The data itself remains unprotected (inconsistent crypto) - X The goal isn’t just security – it’s control over your data - DRM | IRM | ORCON extends your control - For X-domain and ad-hoc use ORCON Persisting Control over Data © Cocoon Data Holdings Limited 2013. All rights reserved.
Thank You! Work Vic.Winkler@Covata.Com Personal Vic@VicWinkler.com On: Google+ & LinkedIn © Cocoon Data Holdings Limited 2013. All rights reserved.

Recomendados

Trend micro - Your journey to the cloud, where are you
Trend micro - Your journey to the cloud, where are youTrend micro - Your journey to the cloud, where are you
Trend micro - Your journey to the cloud, where are youGlobal Business Events
 
Extending security in the cloud network box - v4
Extending security in the cloud network box - v4Extending security in the cloud network box - v4
Extending security in the cloud network box - v4Valencell, Inc.
 
Identity theft in the Cloud and remedies
Identity theft in the Cloud and remediesIdentity theft in the Cloud and remedies
Identity theft in the Cloud and remediesGiuseppe Paterno'
 
Peering Through the Cloud Forrester EMEA 2010
Peering Through the Cloud Forrester EMEA 2010Peering Through the Cloud Forrester EMEA 2010
Peering Through the Cloud Forrester EMEA 2010graywilliams
 
Protecting Data in the Cloud
Protecting Data in the CloudProtecting Data in the Cloud
Protecting Data in the CloudNeil Readshaw
 
Egress Switch Introduction
Egress Switch IntroductionEgress Switch Introduction
Egress Switch Introductionyonifine
 
Introduction - The Smart Protection Network
Introduction - The Smart Protection NetworkIntroduction - The Smart Protection Network
Introduction - The Smart Protection NetworkAndrew Wong
 
Empowering the business while efficiently mitigating risks - Eva Chen (Trend ...
Empowering the business while efficiently mitigating risks - Eva Chen (Trend ...Empowering the business while efficiently mitigating risks - Eva Chen (Trend ...
Empowering the business while efficiently mitigating risks - Eva Chen (Trend ...Minh Le
 

Recomendados

Trend micro - Your journey to the cloud, where are you
Trend micro - Your journey to the cloud, where are youTrend micro - Your journey to the cloud, where are you
Trend micro - Your journey to the cloud, where are youGlobal Business Events
 
Extending security in the cloud network box - v4
Extending security in the cloud network box - v4Extending security in the cloud network box - v4
Extending security in the cloud network box - v4Valencell, Inc.
 
Identity theft in the Cloud and remedies
Identity theft in the Cloud and remediesIdentity theft in the Cloud and remedies
Identity theft in the Cloud and remediesGiuseppe Paterno'
 
Peering Through the Cloud Forrester EMEA 2010
Peering Through the Cloud Forrester EMEA 2010Peering Through the Cloud Forrester EMEA 2010
Peering Through the Cloud Forrester EMEA 2010graywilliams
 
Protecting Data in the Cloud
Protecting Data in the CloudProtecting Data in the Cloud
Protecting Data in the CloudNeil Readshaw
 
Egress Switch Introduction
Egress Switch IntroductionEgress Switch Introduction
Egress Switch Introductionyonifine
 
Introduction - The Smart Protection Network
Introduction - The Smart Protection NetworkIntroduction - The Smart Protection Network
Introduction - The Smart Protection NetworkAndrew Wong
 
Empowering the business while efficiently mitigating risks - Eva Chen (Trend ...
Empowering the business while efficiently mitigating risks - Eva Chen (Trend ...Empowering the business while efficiently mitigating risks - Eva Chen (Trend ...
Empowering the business while efficiently mitigating risks - Eva Chen (Trend ...Minh Le
 
Trend micro real time threat management press presentation
Trend micro real time threat management press presentationTrend micro real time threat management press presentation
Trend micro real time threat management press presentationAndrew Wong
 
Trend micro data protection
Trend micro data protectionTrend micro data protection
Trend micro data protectionAndrew Wong
 
Trend Micro - Targeted attacks: Have you found yours?
Trend Micro - Targeted attacks: Have you found yours?Trend Micro - Targeted attacks: Have you found yours?
Trend Micro - Targeted attacks: Have you found yours?Global Business Events
 
Internet Security Threat Report (ISTR) Vol. 16
Internet Security Threat Report (ISTR) Vol. 16Internet Security Threat Report (ISTR) Vol. 16
Internet Security Threat Report (ISTR) Vol. 16Symantec APJ
 
OMG DDS Security. 4th Revised Submission
OMG DDS Security. 4th Revised SubmissionOMG DDS Security. 4th Revised Submission
OMG DDS Security. 4th Revised SubmissionGerardo Pardo-Castellote
 
Security Intelligence
Security IntelligenceSecurity Intelligence
Security IntelligenceIBMGovernmentCA
 
Trend Micro - Virtualization and Security Compliance
Trend Micro - Virtualization and Security Compliance Trend Micro - Virtualization and Security Compliance
Trend Micro - Virtualization and Security Compliance 1CloudRoad.com
 
Cloud Security: Perception Vs. Reality
Cloud Security: Perception Vs. RealityCloud Security: Perception Vs. Reality
Cloud Security: Perception Vs. RealityInternap
 
Sådan undgår du misbrug af kundedata og fortrolig information
Sådan undgår du misbrug af kundedata og fortrolig informationSådan undgår du misbrug af kundedata og fortrolig information
Sådan undgår du misbrug af kundedata og fortrolig informationIBM Danmark
 
Trend Micro Dec 6 Toronto VMUG
Trend Micro Dec 6 Toronto VMUGTrend Micro Dec 6 Toronto VMUG
Trend Micro Dec 6 Toronto VMUGtovmug
 
AWS Summit 2011: Cloud Compliance 101: No PhD required - SafeNet
AWS Summit 2011: Cloud Compliance 101: No PhD required - SafeNetAWS Summit 2011: Cloud Compliance 101: No PhD required - SafeNet
AWS Summit 2011: Cloud Compliance 101: No PhD required - SafeNetAmazon Web Services
 
On Demand Cloud Services Coury
On Demand Cloud Services CouryOn Demand Cloud Services Coury
On Demand Cloud Services CouryArman Sadat Hossain
 
Beware the Firewall My Son: The Workshop
Beware the Firewall My Son: The WorkshopBeware the Firewall My Son: The Workshop
Beware the Firewall My Son: The WorkshopMichele Chubirka
 
Bapinger Network Security
Bapinger Network SecurityBapinger Network Security
Bapinger Network SecurityDjadja Sardjana
 
Cloud computing: opportunities and risks
Cloud computing: opportunities and risksCloud computing: opportunities and risks
Cloud computing: opportunities and risksCloud Legal Project
 
Cyber Threats & Cybersecurity - Are You Ready? - Jared Carstensen
Cyber Threats & Cybersecurity - Are You Ready? - Jared CarstensenCyber Threats & Cybersecurity - Are You Ready? - Jared Carstensen
Cyber Threats & Cybersecurity - Are You Ready? - Jared Carstensenjaredcarst
 
Hakin9 interview w Prof Sood
Hakin9 interview w Prof SoodHakin9 interview w Prof Sood
Hakin9 interview w Prof SoodZsolt Nemeth
 
The Complexities of Cloud Computing - The Rules are New, But is the Game
The Complexities of Cloud Computing - The Rules are New, But is the GameThe Complexities of Cloud Computing - The Rules are New, But is the Game
The Complexities of Cloud Computing - The Rules are New, But is the GameJanine Anthony Bowen, Esq.
 
Cloud security ely kahn
Cloud security ely kahnCloud security ely kahn
Cloud security ely kahnEly Kahn
 
Introduction - Trend Micro Deep Security
Introduction - Trend Micro Deep SecurityIntroduction - Trend Micro Deep Security
Introduction - Trend Micro Deep SecurityAndrew Wong
 
ORCON in 10 Minutes
ORCON in 10 MinutesORCON in 10 Minutes
ORCON in 10 MinutesVic Winkler
 
How does "Self-Defending Data" Work?
How does "Self-Defending Data" Work?How does "Self-Defending Data" Work?
How does "Self-Defending Data" Work?Vic Winkler
 

Más contenido relacionado

La actualidad más candente

Trend micro real time threat management press presentation
Trend micro real time threat management press presentationTrend micro real time threat management press presentation
Trend micro real time threat management press presentationAndrew Wong
 
Trend micro data protection
Trend micro data protectionTrend micro data protection
Trend micro data protectionAndrew Wong
 
Trend Micro - Targeted attacks: Have you found yours?
Trend Micro - Targeted attacks: Have you found yours?Trend Micro - Targeted attacks: Have you found yours?
Trend Micro - Targeted attacks: Have you found yours?Global Business Events
 
Internet Security Threat Report (ISTR) Vol. 16
Internet Security Threat Report (ISTR) Vol. 16Internet Security Threat Report (ISTR) Vol. 16
Internet Security Threat Report (ISTR) Vol. 16Symantec APJ
 
Trend Micro - Virtualization and Security Compliance
Trend Micro - Virtualization and Security Compliance Trend Micro - Virtualization and Security Compliance
Trend Micro - Virtualization and Security Compliance 1CloudRoad.com
 
Cloud Security: Perception Vs. Reality
Cloud Security: Perception Vs. RealityCloud Security: Perception Vs. Reality
Cloud Security: Perception Vs. RealityInternap
 
Sådan undgår du misbrug af kundedata og fortrolig information
Sådan undgår du misbrug af kundedata og fortrolig informationSådan undgår du misbrug af kundedata og fortrolig information
Sådan undgår du misbrug af kundedata og fortrolig informationIBM Danmark
 
Trend Micro Dec 6 Toronto VMUG
Trend Micro Dec 6 Toronto VMUGTrend Micro Dec 6 Toronto VMUG
Trend Micro Dec 6 Toronto VMUGtovmug
 
AWS Summit 2011: Cloud Compliance 101: No PhD required - SafeNet
AWS Summit 2011: Cloud Compliance 101: No PhD required - SafeNetAWS Summit 2011: Cloud Compliance 101: No PhD required - SafeNet
AWS Summit 2011: Cloud Compliance 101: No PhD required - SafeNetAmazon Web Services
 
Beware the Firewall My Son: The Workshop
Beware the Firewall My Son: The WorkshopBeware the Firewall My Son: The Workshop
Beware the Firewall My Son: The WorkshopMichele Chubirka
 
Bapinger Network Security
Bapinger Network SecurityBapinger Network Security
Bapinger Network SecurityDjadja Sardjana
 
Cloud computing: opportunities and risks
Cloud computing: opportunities and risksCloud computing: opportunities and risks
Cloud computing: opportunities and risksCloud Legal Project
 
Cyber Threats & Cybersecurity - Are You Ready? - Jared Carstensen
Cyber Threats & Cybersecurity - Are You Ready? - Jared CarstensenCyber Threats & Cybersecurity - Are You Ready? - Jared Carstensen
Cyber Threats & Cybersecurity - Are You Ready? - Jared Carstensenjaredcarst
 
Hakin9 interview w Prof Sood
Hakin9 interview w Prof SoodHakin9 interview w Prof Sood
Hakin9 interview w Prof SoodZsolt Nemeth
 
The Complexities of Cloud Computing - The Rules are New, But is the Game
The Complexities of Cloud Computing - The Rules are New, But is the GameThe Complexities of Cloud Computing - The Rules are New, But is the Game
The Complexities of Cloud Computing - The Rules are New, But is the GameJanine Anthony Bowen, Esq.
 
Cloud security ely kahn
Cloud security ely kahnCloud security ely kahn
Cloud security ely kahnEly Kahn
 
Introduction - Trend Micro Deep Security
Introduction - Trend Micro Deep SecurityIntroduction - Trend Micro Deep Security
Introduction - Trend Micro Deep SecurityAndrew Wong
 

La actualidad más candente (20)

Trend micro real time threat management press presentation
Trend micro real time threat management press presentationTrend micro real time threat management press presentation
Trend micro real time threat management press presentation
 
Trend micro data protection
Trend micro data protectionTrend micro data protection
Trend micro data protection
 
Trend Micro - Targeted attacks: Have you found yours?
Trend Micro - Targeted attacks: Have you found yours?Trend Micro - Targeted attacks: Have you found yours?
Trend Micro - Targeted attacks: Have you found yours?
 
Internet Security Threat Report (ISTR) Vol. 16
Internet Security Threat Report (ISTR) Vol. 16Internet Security Threat Report (ISTR) Vol. 16
Internet Security Threat Report (ISTR) Vol. 16
 
OMG DDS Security. 4th Revised Submission
OMG DDS Security. 4th Revised SubmissionOMG DDS Security. 4th Revised Submission
OMG DDS Security. 4th Revised Submission
 
Security Intelligence
Security IntelligenceSecurity Intelligence
Security Intelligence
 
Trend Micro - Virtualization and Security Compliance
Trend Micro - Virtualization and Security Compliance Trend Micro - Virtualization and Security Compliance
Trend Micro - Virtualization and Security Compliance
 
Cloud Security: Perception Vs. Reality
Cloud Security: Perception Vs. RealityCloud Security: Perception Vs. Reality
Cloud Security: Perception Vs. Reality
 
Sådan undgår du misbrug af kundedata og fortrolig information
Sådan undgår du misbrug af kundedata og fortrolig informationSådan undgår du misbrug af kundedata og fortrolig information
Sådan undgår du misbrug af kundedata og fortrolig information
 
Trend Micro Dec 6 Toronto VMUG
Trend Micro Dec 6 Toronto VMUGTrend Micro Dec 6 Toronto VMUG
Trend Micro Dec 6 Toronto VMUG
 
AWS Summit 2011: Cloud Compliance 101: No PhD required - SafeNet
AWS Summit 2011: Cloud Compliance 101: No PhD required - SafeNetAWS Summit 2011: Cloud Compliance 101: No PhD required - SafeNet
AWS Summit 2011: Cloud Compliance 101: No PhD required - SafeNet
 
On Demand Cloud Services Coury
On Demand Cloud Services CouryOn Demand Cloud Services Coury
On Demand Cloud Services Coury
 
Beware the Firewall My Son: The Workshop
Beware the Firewall My Son: The WorkshopBeware the Firewall My Son: The Workshop
Beware the Firewall My Son: The Workshop
 
Bapinger Network Security
Bapinger Network SecurityBapinger Network Security
Bapinger Network Security
 
Cloud computing: opportunities and risks
Cloud computing: opportunities and risksCloud computing: opportunities and risks
Cloud computing: opportunities and risks
 
Cyber Threats & Cybersecurity - Are You Ready? - Jared Carstensen
Cyber Threats & Cybersecurity - Are You Ready? - Jared CarstensenCyber Threats & Cybersecurity - Are You Ready? - Jared Carstensen
Cyber Threats & Cybersecurity - Are You Ready? - Jared Carstensen
 
Hakin9 interview w Prof Sood
Hakin9 interview w Prof SoodHakin9 interview w Prof Sood
Hakin9 interview w Prof Sood
 
The Complexities of Cloud Computing - The Rules are New, But is the Game
The Complexities of Cloud Computing - The Rules are New, But is the GameThe Complexities of Cloud Computing - The Rules are New, But is the Game
The Complexities of Cloud Computing - The Rules are New, But is the Game
 
Cloud security ely kahn
Cloud security ely kahnCloud security ely kahn
Cloud security ely kahn
 
Introduction - Trend Micro Deep Security
Introduction - Trend Micro Deep SecurityIntroduction - Trend Micro Deep Security
Introduction - Trend Micro Deep Security
 

Similar a Winkler Cloud, ORCON, and Mobility

ORCON in 10 Minutes
ORCON in 10 MinutesORCON in 10 Minutes
ORCON in 10 MinutesVic Winkler
 
How does "Self-Defending Data" Work?
How does "Self-Defending Data" Work?How does "Self-Defending Data" Work?
How does "Self-Defending Data" Work?Vic Winkler
 
Self defending data webinar (feb13)
Self defending data webinar (feb13)Self defending data webinar (feb13)
Self defending data webinar (feb13)Vic Winkler
 
Navigating through the Cloud - 7 feb 2012 at Institute for Information Manage...
Navigating through the Cloud - 7 feb 2012 at Institute for Information Manage...Navigating through the Cloud - 7 feb 2012 at Institute for Information Manage...
Navigating through the Cloud - 7 feb 2012 at Institute for Information Manage...Livingstone Advisory
 
110307 cloud security requirements gourley
110307 cloud security requirements gourley110307 cloud security requirements gourley
110307 cloud security requirements gourleyGovCloud Network
 
Building a Strong Foundation for Your Cloud with Identity Management
Building a Strong Foundation for Your Cloud with Identity ManagementBuilding a Strong Foundation for Your Cloud with Identity Management
Building a Strong Foundation for Your Cloud with Identity ManagementNishant Kaushik
 
Cryptographie avancée et Logical Data Fabric : Accélérez le partage et la mig...
Cryptographie avancée et Logical Data Fabric : Accélérez le partage et la mig...Cryptographie avancée et Logical Data Fabric : Accélérez le partage et la mig...
Cryptographie avancée et Logical Data Fabric : Accélérez le partage et la mig...Denodo
 
The day when 3rd party security providers disappear into cloud bright talk se...
The day when 3rd party security providers disappear into cloud bright talk se...The day when 3rd party security providers disappear into cloud bright talk se...
The day when 3rd party security providers disappear into cloud bright talk se...Ulf Mattsson
 
Nfp Seminar Series Danny November 18 Emerging Technology Challenges And...
Nfp Seminar Series Danny November 18 Emerging Technology Challenges And...Nfp Seminar Series Danny November 18 Emerging Technology Challenges And...
Nfp Seminar Series Danny November 18 Emerging Technology Challenges And...Danny Miller
 
Security and privacy of cloud data: what you need to know (Interop)
Security and privacy of cloud data: what you need to know (Interop)Security and privacy of cloud data: what you need to know (Interop)
Security and privacy of cloud data: what you need to know (Interop)Druva
 
Iia 2012 Spring Conference Philly V Final
Iia 2012 Spring Conference Philly V FinalIia 2012 Spring Conference Philly V Final
Iia 2012 Spring Conference Philly V FinalDanny Miller
 
Data protection in cloud computing - Data Protection Conference 2011
Data protection in cloud computing - Data Protection Conference 2011Data protection in cloud computing - Data Protection Conference 2011
Data protection in cloud computing - Data Protection Conference 2011Cloud Legal Project
 
Zenith Infotech Mirror Cloud Presentation. 112211
Zenith Infotech Mirror Cloud Presentation. 112211Zenith Infotech Mirror Cloud Presentation. 112211
Zenith Infotech Mirror Cloud Presentation. 112211hdmchughgmailcom
 
4.1 Introduction to cloud storage.pptx
4.1 Introduction to cloud storage.pptx4.1 Introduction to cloud storage.pptx
4.1 Introduction to cloud storage.pptxyasothamohankumar
 
26-170918023441.pptx
26-170918023441.pptx26-170918023441.pptx
26-170918023441.pptxaravind Guru
 
26-170918023441 (1).pptx
26-170918023441 (1).pptx26-170918023441 (1).pptx
26-170918023441 (1).pptxAnSHiKa187943
 

Similar a Winkler Cloud, ORCON, and Mobility (20)

ORCON in 10 Minutes
ORCON in 10 MinutesORCON in 10 Minutes
ORCON in 10 Minutes
 
How does "Self-Defending Data" Work?
How does "Self-Defending Data" Work?How does "Self-Defending Data" Work?
How does "Self-Defending Data" Work?
 
Self defending data webinar (feb13)
Self defending data webinar (feb13)Self defending data webinar (feb13)
Self defending data webinar (feb13)
 
Navigating through the Cloud - 7 feb 2012 at Institute for Information Manage...
Navigating through the Cloud - 7 feb 2012 at Institute for Information Manage...Navigating through the Cloud - 7 feb 2012 at Institute for Information Manage...
Navigating through the Cloud - 7 feb 2012 at Institute for Information Manage...
 
110307 cloud security requirements gourley
110307 cloud security requirements gourley110307 cloud security requirements gourley
110307 cloud security requirements gourley
 
Bird&Bird
Bird&BirdBird&Bird
Bird&Bird
 
somee.pptx
somee.pptxsomee.pptx
somee.pptx
 
Building a Strong Foundation for Your Cloud with Identity Management
Building a Strong Foundation for Your Cloud with Identity ManagementBuilding a Strong Foundation for Your Cloud with Identity Management
Building a Strong Foundation for Your Cloud with Identity Management
 
Cryptographie avancée et Logical Data Fabric : Accélérez le partage et la mig...
Cryptographie avancée et Logical Data Fabric : Accélérez le partage et la mig...Cryptographie avancée et Logical Data Fabric : Accélérez le partage et la mig...
Cryptographie avancée et Logical Data Fabric : Accélérez le partage et la mig...
 
The day when 3rd party security providers disappear into cloud bright talk se...
The day when 3rd party security providers disappear into cloud bright talk se...The day when 3rd party security providers disappear into cloud bright talk se...
The day when 3rd party security providers disappear into cloud bright talk se...
 
Nfp Seminar Series Danny November 18 Emerging Technology Challenges And...
Nfp Seminar Series Danny November 18 Emerging Technology Challenges And...Nfp Seminar Series Danny November 18 Emerging Technology Challenges And...
Nfp Seminar Series Danny November 18 Emerging Technology Challenges And...
 
Security and privacy of cloud data: what you need to know (Interop)
Security and privacy of cloud data: what you need to know (Interop)Security and privacy of cloud data: what you need to know (Interop)
Security and privacy of cloud data: what you need to know (Interop)
 
Iia 2012 Spring Conference Philly V Final
Iia 2012 Spring Conference Philly V FinalIia 2012 Spring Conference Philly V Final
Iia 2012 Spring Conference Philly V Final
 
Presd1 10
Presd1 10Presd1 10
Presd1 10
 
Data protection in cloud computing - Data Protection Conference 2011
Data protection in cloud computing - Data Protection Conference 2011Data protection in cloud computing - Data Protection Conference 2011
Data protection in cloud computing - Data Protection Conference 2011
 
Zenith Infotech Mirror Cloud Presentation. 112211
Zenith Infotech Mirror Cloud Presentation. 112211Zenith Infotech Mirror Cloud Presentation. 112211
Zenith Infotech Mirror Cloud Presentation. 112211
 
4.1 Introduction to cloud storage.pptx
4.1 Introduction to cloud storage.pptx4.1 Introduction to cloud storage.pptx
4.1 Introduction to cloud storage.pptx
 
ChodonKumar.pptx
ChodonKumar.pptxChodonKumar.pptx
ChodonKumar.pptx
 
26-170918023441.pptx
26-170918023441.pptx26-170918023441.pptx
26-170918023441.pptx
 
26-170918023441 (1).pptx
26-170918023441 (1).pptx26-170918023441 (1).pptx
26-170918023441 (1).pptx
 

Último

Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountPuma Security, LLC
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsEnterprise Knowledge
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Servicegiselly40
 
Maximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxMaximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxOnBoard
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking MenDelhi Call girls
 
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitecturePixlogix Infotech
 
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024BookNet Canada
 
Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Paola De la Torre
 
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | DelhiFULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhisoniya singh
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)Gabriella Davis
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfEnterprise Knowledge
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonetsnaman860154
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slidevu2urc
 
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...shyamraj55
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking MenDelhi Call girls
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxMalak Abu Hammad
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationSafe Software
 
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 3652toLead Limited
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesSinan KOZAK
 
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure serviceWhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure servicePooja Nehwal
 

Último (20)

Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path Mount
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI Solutions
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Service
 
Maximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxMaximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptx
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men
 
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC Architecture
 
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
 
Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101
 
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | DelhiFULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonets
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slide
 
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptx
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
 
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen Frames
 
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure serviceWhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
 

Winkler Cloud, ORCON, and Mobility

  • 1. Keeping Data Confidential Beyond the Enterprise: “...Would you like some ORCON with your data?" Vic Winkler CTO Covata USA, Inc Reston, Virginia © Cocoon Data Holdings Limited 2013. All rights reserved.
  • 2. mini-bio • Author “Securing the Cloud: Cloud Computer Security Techniques and Tactics” May 2011 (Elsevier/Syngress) • CTO “Self-Defending Data” www.Covata.Com Reston VA | Sydney Australia • Published Researcher Secure Operating System Design, Network Monitoring, Intrusion Detection, Information Warfare (PRC Inc., Northrup) • Security Design & Engineering Sun Grid Compute Utility, Network.Com, The Sun Public Cloud (Sun Microsystems) Government & Defense Customers (Booz Allen Hamilton, Sun Microsystems, PRC) • Contact: work: Vic.Winkler@Covata.Com personal: Vic@VicWinkler.COM © Cocoon Data Holdings Limited 2013. All rights reserved.
  • 3. The Point of this Talk • You already know this: - Vulnerabilities and Exploits are Inevitable - The Perimeter is dead. Long live the Perimeter - BYOD and Cloud Undermine Enterprise IT • Unfortunately: - The data itself remains unprotected (inconsistent crypto) - The goal isn’t just security – it’s control over your data - DRM | IRM | ORCON extend your control over data - Persisting Control for X-domain and Ad-hoc Sharing? ORCON © Cocoon Data Holdings Limited 2013. All rights reserved.
  • 4. What is Hacking? • One definition: Focusing on the “protective” qualities of cardboard and ignoring the door Which is the better defense: A Glass Door …Or a Castle? Answer: It depends on what you seek to protect from whom © Cocoon Data Holdings Limited 2013. All rights reserved.
  • 5. A “Not-so” Accurate History of Security © Cocoon Data Holdings Limited 2013. All rights reserved.
  • 6. A “Not-so” Accurate History of Security © Cocoon Data Holdings Limited 2013. All rights reserved.
  • 7. Cloud Computing: A Newer Model for IT © Cocoon Data Holdings Limited 2013. All rights reserved.
  • 8. Cloud Computing: A Newer Model for IT © Cocoon Data Holdings Limited 2013. All rights reserved.
  • 9. Where Responsibility Resides © Cocoon Data Holdings Limited 2013. All rights reserved.
  • 10. Your Limits as a Tenant © Cocoon Data Holdings Limited 2013. All rights reserved.
  • 11. …A Closer Look © Cocoon Data Holdings Limited 2013. All rights reserved.
  • 12. Organizational Control © Cocoon Data Holdings Limited 2013. All rights reserved.
  • 13. Vendor Transparency © Cocoon Data Holdings Limited 2013. All rights reserved.
  • 14. Many “Concerns”: Cloud Security • Insecure Interfaces & APIs Assess provider’s security model. Check if strong auth., access controls and crypto are used. • Malicious Cloud Provider Employee Lack of provider transparency as to processes and procedures can raise concern of provider’s insider threat problem. • Concerns about Shared Infrastructure Monitor for changes, follow best practices, conduct scanning and config audits. • Data Loss & Leakage Encrypt. Verify APIs are strong. Verify provider backups are appropriate. • Account or Service Hijacking Use “safe” credentials, 2+-factor, monitor. • …A Public Service isn’t for Everyone And Yet: Compared to most enterprises, Amazon, Rackspace and Google have superior IT security implementations and procedures. © Cocoon Data Holdings Limited 2013. All rights reserved.
  • 15. Cyber Security? (…Maybe Data Finally Deserves it’s own Protection) • Networks & Infrastructure: Hard to keep safe “Current security efforts focus on individual radios or nodes, rather than the network, so a single misconfigured or compromised radio could debilitate an entire network” (DARPA) …Is it a fantasy to believe you can secure everything? …And keep it so? Is there a “keep it simple stupid” strategy that can work? • IT is always changing BYOD – A new attack vector. Trade-offs against corporate “control” • Rescind -or- retract data you shared or a recipient? • The social phenomenon (OMG) (We are doomed) © Cocoon Data Holdings Limited 2013. All rights reserved.
  • 16. Motivation for Data-Level Encryption • Protecting the Network & Nodes Perimeter complacency… (oh wait, it’s “dead”) But …what about the data itself? • My Backup is on Your Email Server • Encryption Stovepipes • Full Disk Encryption vs. Data Level © Cocoon Data Holdings Limited 2013. All rights reserved.
  • 17. “Goldilocks was Here” (“just right”) © Cocoon Data Holdings Limited 2013. All rights reserved.
  • 18. Access Controls: A Comparison © Cocoon Data Holdings Limited 2013. All rights reserved.
  • 19. What is ORCON? • U.S. Intelligence Community - Desired “Originator Control” in Closed-Network Information Sharing Examples: Rescind Access; Prevent Forwarding • Does not Exactly Align with Classic Access Controls - MAC – Mandatory Access Controls (User Clearance : Data Classification) - DAC – Discretionary Access Controls (Usually too simple such as “UGO”) - Capability Based – Defines access rights (Akin to a “file descriptor”, process oriented) - Role Based – Aligns well with “pools of users” problems • …ORCON is a big part of what you really want ORCON Control over Data © Cocoon Data Holdings Limited 2013. All rights reserved.
  • 20. ORCON is Related to: DRM & IRM • DRM or IRM solutions expand on access controls with “rights” • Rights can be anything (download, forward, print,…) • Commercial systems typically use PKI Which is messy; Which has limits; Which gets complicated • Examples: Oracle Entitlement Server; EMC’s Documentum; Microsoft DRM; AD Rights Management Services • These are typically “heavyweight” and entail “services drag” • They require integration with your workflow …unless you are happy using default applications like Sharepoint © Cocoon Data Holdings Limited 2013. All rights reserved.
  • 21. “Sharing Should Just Work” © Cocoon Data Holdings Limited 2013. All rights reserved.
  • 22. Use of a Cloud-Based Key Service © Cocoon Data Holdings Limited 2013. All rights reserved.
  • 23. Encryption in the Workflow © Cocoon Data Holdings Limited 2013. All rights reserved.
  • 24. How it Works © Cocoon Data Holdings Limited 2013. All rights reserved.
  • 25. ORCON … • But does it have to be “Originator” control? No. 1) The enterprise might need to specify default controls for: All data that is shared between identified individuals All data that is sent to specific external entities Specific recipient devices 2) Enterprise DLP systems might need to be bypassed (encrypted content) Thus: Encrypted content must meet certain standards Certain content may warrant additional specific controls 3) The enterprise might “attach” additional ORCON (for instance, by a DLP) • ORCON is a flexible framework for persisting controls © Cocoon Data Holdings Limited 2013. All rights reserved.
  • 26. Options: Enable the Workflow or App © Cocoon Data Holdings Limited 2013. All rights reserved.
  • 27. The Nature of Risk © Cocoon Data Holdings Limited 2013. All rights reserved.
  • 28. The Point of this Talk • You already know this: - Vulnerabilities and Exploits are (ABSOLUTELY) inevitable - The perimeter (REALLY) is dead. Long live the perimeter - BYOD and Cloud (IRRESISTABLY) undermine enterprise IT • Unfortunately: - The data itself remains unprotected (inconsistent crypto) - X The goal isn’t just security – it’s control over your data - DRM | IRM | ORCON extends your control - For X-domain and ad-hoc use ORCON Persisting Control over Data © Cocoon Data Holdings Limited 2013. All rights reserved.
  • 29. Thank You! Work Vic.Winkler@Covata.Com Personal Vic@VicWinkler.com On: Google+ & LinkedIn © Cocoon Data Holdings Limited 2013. All rights reserved.