Charles Archer: The ability to revoke access with one touch
Covata enables organizations to conduct business with confidence in an untrusted world. Covata delivers data-centric security solutions that protect data wherever it may travel – inside the enterprise network, beyond the domain, on mobile devices and in the cloud. Businesses, vendor partners and service providers utilize the Covata Platform to incorporate data-level security into applications, products, and services, enabling them to maintain constant control over its security. With Covata, you Own Your Data and can trust that it is protected and secure, however it may be shared and used by customers, partners and other parties.
Info Security PG: Explain why encryption alone is not enough?
Charles Archer: The nature of digital documents means the act of sharing content effectively surrenders control over it. The original file still exists, but now there are identical copies of that file in locations that are outside of the organization’s control, subjecting the content to an expanding set of risks. Not only is any copy of the file likely to be duplicated due to backup regimes, but other programs can also make copies. The data is at risk to any compromise on any system in which any copy is stored. Encryption trades one secret (plaintext) for another secret (the decryption key). Later, if the data is shared, the recipient effectively co-owns the data.
Encryption must be combined with granular and persistent controls, enabling the Originator to share data without ceding control. If the Originator determines that business conditions dictate a change in who can access the file or the access controls that dictate the conditions under which the file can be accessed, the challenge is painfully obvious: copies of the file exist in places the Originator does not know and certainly has no access or the authority to exert control.
With Covata, this is where the term “persistent” becomes so critical in describing access controls. The Originator retains the capability to change the access controls at any time. These changes are instantly applied to all copies of the data, wherever they reside. Since the copies may be unknown or inaccessible, physical access cannot be a requirement to implement these changes.
About Charles Archer
Charles Archer, CEO and Executive Chairman of Covata USA culminated his 28 years of Federal Government service as Assistant Director of the FBI in charge of the FBI’s Criminal Justice Information Services Division (CJIS). Chuck is one of the few FBI “alumni” to have held a broad range of positions in the FBI throughout his career, giving him a unique perspective on the real-world challenges of law enforcement and national security. Chuck’s experiences in law enforcement, intelligence and business strategy have made him a highly valued contributor and provide him with valuable insights into the needs of Federal customers.
Info Security PG: Why should a business look toward a broader solution like Covata rather than functional protections?
Charles Archer: Point and functional encryption solutions have emerged, but they suffer from inherent protection gaps. Data is protected, but only when it is within the silos of the individual solution. Even if the business erects multiple silos, the data will still fall into the gaps. These gaps are where outside adversaries and malicious insiders live, and they will exploit the gaps to steal data. The business is also burdened with the costs and operational burden of purchasing and deploying multiple encryption solutions. As gap solutions, the business should also be concerned if they are built to operate at the speed and scale required for enterprise class operations. Performance, reliability and recovery are all key factors, as the user experience cannot be impaired or operations interrupted.
Info Security PG: In repeated surveys and studies, security is repeatedly the number one concern of people looking to move data into the cloud. Why are they so concerned, and how can Covata address those concerns?
Charles Archer: The answer is control, or the lack of it. Moving data from behind your perimeter to the cloud forces you to surrender control. The questions are numerous. How can you be certain the right people – and only the right people – will have access to sensitive company information? How do you protect your data and guard against the potential impact to your brand or revenue from public exposure or a data breach? How do you know the cloud provider is not providing third parties with access to your data without your permission or knowledge?
Covata provides data-centric security secures data in the cloud. It is also secures data on untrusted networks or devices, or anywhere else it may go. Think of Covata as an insurance policy for the cloud. Data is encrypted at the point of origin so it is protected wherever it travels and resides. Covata is independent of cloud provider, so it protects the data wherever you put it. You retain persistent control of your data, and the ability to change the access controls or completely revoke access instantly, at any time. You have visibility into who accesses the data, when, and how many times. Finally, you retain total control of the encryption keys behind your firewall on your premises, regardless of where the data is stored. The cloud provider cannot access to your data and cannot provide access to third parties without your knowledge and consent.
Info Security PG: The ability to revoke access with one touch sounds like an important capability. Can you explain how that works and why it is so critical?
Charles Archer: The Covata architecture uses a server-based, symmetric encryption approach> Each request for a key comes through the Covata Platform and a key is provided if the user is properly authenticated, and the access control conditions are satisfied. With Covata, the access controls are persistent, meaning that the Originator may modify those controls at any time. All subsequent requests for access (a key) are then subject to the modified controls. The Originator can revoke all access to a file, or revoke one or more authorized administrators with a simple one-click operation. The revocation is immediate, and does not require that the Originator be aware of copies of the file or require access to those copies. This is critical, as data often goes places you do not know and certainly cannot control. This also is important with the high incidents of lost or stolen mobile devices. There is no need to access the device to revoke a file, unlike tools that require that a partition be wiped.
11190 Sunrise Valley Drive, Suite 140, Reston, VA 20191 USA
Founded in: 2007 CEO: Charles Archer Public or Private: Private Head Office in Country: United States Products and Services: Data-centric security solutions. Key Words Related to your Company: Data-centric Security, Enterprise Data Protection
JOIN NOW THE CYBER SECURITY WORLDWIDE COMMUNITY ON LINKEDIN