© Cocoon Data Holdings Limited 2013. All rights reserved.

COVATA SELF-DEFENDING DATA

Vic Winkler CTO

Covata USA, Inc Reston, Virginia

© Cocoon Data Holdings Limited 2013. All rights reserved.

Can You Control Unprotected Data?

No.

Adding strong security components to an otherwise weak system is usually NOT effective

X

© Cocoon Data Holdings Limited 2013. All rights reserved.

First, Control The Data

Adding strong security components to an otherwise weak system is usually NOT effective

Encrypt the data and apply access controls

PersistingAccess controls

Persisting Control

X ✔

© Cocoon Data Holdings Limited 2013. All rights reserved.

Self-Defending Data

•  Doesn’t grant access unless you meet it’s requirements •  Doesn’t care if the computer or network are hacked •  Every access is audited •  Originator can revoke access anytime •  …Every copy behaves the same way

© Cocoon Data Holdings Limited 2013. All rights reserved.

Self-Defending Data …It’s Not:

•  Disk encryption Each self-defending data object can have its own access control list (versus a single key for the disk)

•  Multiple stove-pipes of encryption Each data object is protected consistently (through its life) as a single secure object

•  PKI Self-defending data is simpler in concept, it should support agility and sharing (after all, ad-hoc relationships are common)

© Cocoon Data Holdings Limited 2013. All rights reserved.

So, What is ORCON?

•  History: U.S. Intelligence Community -  Desired “Originator Control” in Closed-Network Information Sharing

Examples: Rescind Access; Prevent Forwarding

•  Extends classic access controls

•  Has elements of: DRM, MAC, RBAC, ABAC, and

Capability-Based approaches

ORCON Persisting

Originator Control over Data

Data }

© Cocoon Data Holdings Limited 2013. All rights reserved.

ORCON …

•  Does it have to be “Originator” control? Not always.

The enterprise may require default controls

Other systems like DLP might “attach” additional ORCON

•  It is a flexible framework for persisting controls

…But, but how does it work?

© Cocoon Data Holdings Limited 2013. All rights reserved.

Policy Enforcement & Caveats

© Cocoon Data Holdings Limited 2013. All rights reserved.

Covata ORCON is Built on Other Access Control Models

•  Again, the goal is control over your data -  ORCON extends your control

-  It empowers control and sharing (X-domain and ad-hoc)

•  In brief, ORCON: -  Extends traditional access controls with “persistent controls”

-  These persistent controls can be “shaped” to meet your security needs

•  ORCON is more lightweight than DRM | IRM | MAC •  ORCON is more flexible than DRM | IRM | MAC