winkler cloud, orcon, and mobility

© Cocoon Data Holdings Limited 2013. All rights reserved.

Keeping Data Confidential Beyond the Enterprise:

“...Would you like some ORCON with your data?"

Vic WinklerCTO

Covata USA, Inc

Reston, Virginia


mini-bio

• Author“Securing the Cloud: Cloud Computer Security Techniques and Tactics”

May 2011 (Elsevier/Syngress)

• CTO“Self-Defending Data” www.Covata.Com Reston VA | Sydney Australia

• Published ResearcherSecure Operating System Design, Network Monitoring, Intrusion Detection, Information Warfare (PRC Inc., Northrup)

• Security Design & EngineeringSun Grid Compute Utility, Network.Com, The Sun Public Cloud (Sun Microsystems)

Government & Defense Customers (Booz Allen Hamilton, Sun Microsystems, PRC)

• Contact: work: [email protected] personal: [email protected]

http://www.Covata.com/

mailto:[email protected]



The Point of this Talk

• You already know this:- Vulnerabilities and Exploits are Inevitable

- The Perimeter is dead. Long live the Perimeter

- BYOD and Cloud Undermine Enterprise IT

• Unfortunately:- The data itself remains unprotected (inconsistent crypto)

- The goal isn’t just security – it’s control over your data

- DRM | IRM | ORCON extend your control over data

- Persisting Control for X-domain and Ad-hoc Sharing? ORCON


What is Hacking?

• One definition: Focusing on the “protective” qualities of cardboard and ignoring the door

Which is the better defense:A Glass Door …Or a Castle?

Answer: It depends on what you seek to protect from whom


A “Not-so” Accurate History of Security


A “Not-so” Accurate History of Security

(The Dumb Terminal Has Value)


Cloud Computing:A Newer Model for IT


Cloud Computing:A Newer Model for IT

We are trading control

for agility and cost

savings


Where Responsibility Resides


Your Limits as a Tenant


…A Closer Look


Organizational Control


Vendor Transparency


Many “Concerns”:Cloud Security

• Insecure Interfaces & APIsAssess provider’s security model. Check if strong auth., access controls and crypto are used.

• Malicious Cloud Provider EmployeeLack of provider transparency as to processes and procedures can raise concern of provider’s insider threat problem.

• Concerns about Shared InfrastructureMonitor for changes, follow best practices, conduct scanning and config audits.

• Data Loss & LeakageEncrypt. Verify APIs are strong. Verify provider backups are appropriate.

• Account or Service HijackingUse “safe” credentials, 2+-factor, monitor.

• …A Public Service isn’t for EveryoneAnd Yet: Compared to most enterprises, Amazon, Rackspace and Google

have superior IT security implementations and procedures.


Cyber Security?(…Maybe Data Finally Deserves it’s own Protection)

• Networks & Infrastructure: Hard to keep safe“Current security efforts focus on individual radios or nodes, rather than the network, so a single misconfigured or compromised radio could debilitate an entire network” (DARPA)

…Is it a fantasy to believe you can secure everything? …And keep it so?

Is there a “keep it simple stupid” strategy that can work?

• IT is always changingBYOD – A new attack vector. Trade-offs against corporate “control”

• Rescind -or- retract data you shared or a recipient?• The social phenomenon (OMG) (We are doomed)


Motivation for Data-Level Encryption

• Protecting the Network & Nodes

Perimeter complacency… (oh wait, it’s “dead”)

But …what about the data itself?

• My Backup is on Your Email Server

• Encryption Stovepipes

• Full Disk Encryption vs. Data Level


“Goldilocks was Here”

(“just right”)


Access Controls:A Comparison


What is ORCON?

• U.S. Intelligence Community- Desired “Originator Control” in Closed-Network Information Sharing

Examples: Rescind Access; Prevent Forwarding

• Does not Exactly Align with Classic Access Controls- MAC – Mandatory Access Controls (User Clearance : Data Classification)

- DAC – Discretionary Access Controls (Usually too simple such as “UGO”)

- Capability Based – Defines access rights (Akin to a “file descriptor”, process oriented)

- Role Based – Aligns well with “pools of users” problems

• …ORCON is a big part of what you really want

ORCON Control over Data


ORCON is Related to:DRM & IRM

• DRM or IRM solutions expand on access controls with “rights”

• Rights can be anything (download, forward, print,…)• Commercial systems typically use PKI

Which is messy; Which has limits; Which gets complicated

• Examples: Oracle Entitlement Server; EMC’s Documentum; Microsoft DRM; AD Rights Management Services

• These are typically “heavyweight” and entail “services drag”

• They require integration with your workflow …unless you are happy using default applications like Sharepoint


“Sharing Should Just Work”


Use of a Cloud-Based Key Service


Encryption in the Workflow


How it Works


ORCON …

• But does it have to be “Originator” control?No.

1) The enterprise might need to specify default controls for:

All data that is shared between identified individuals

All data that is sent to specific external entities

Specific recipient devices

2) Enterprise DLP systems might need to be bypassed (encrypted content)

Thus:

Encrypted content must meet certain standards

Certain content may warrant additional specific controls

3) The enterprise might “attach” additional ORCON (for instance, by a DLP)

• ORCON is a flexible framework for persisting controls


Options:Enable the Workflow or App


The Nature of Risk


The Point of this Talk

• You already know this:- Vulnerabilities and Exploits are (ABSOLUTELY) inevitable

- The perimeter (REALLY) is dead. Long live the perimeter

- BYOD and Cloud (IRRESISTABLY) undermine enterprise IT

• Unfortunately:- The data itself remains unprotected (inconsistent crypto)

- The goal isn’t just security – it’s control over your data

- DRM | IRM | ORCON extends your control

- For X-domain and ad-hoc use

ORCON Persisting Control over Data

X


Thank You!

Work [email protected]

Personal [email protected]

On: Google+ & LinkedIn



winkler cloud, orcon, and mobility

Technology

sun microsystems

goal isnt

rights reserved

remains unprotected

access controls

encrypted content

newer model

accurate history