Rational Security: Profiling Data At the Network-Layer and Controlling It's Movement Is a Bad Thing?
Well I'm gong to try and answer Hoffs question on standards I think need to exist before ADAPT or any other data classification and security programme will work... But first thing a question of my own.. Where does he get all those cool graphics!
Anyway so we're tagging all our data. For that to happen I'm thinking that the tags need to be attached to each "document" that flows over the network. Now we've got a wide variety of documents in place we've got all our MS office docs. we've got XML files we've got binary blobs from proprietary programs, we've got encrypted files. Many of these have no native facility to insert any sort of metadata tag. So without that how do we attach a meaningful tag to the data? If we modify the document in infrastructure after it's been constructed our device which does this will need to understand every data/file format that we want to tag, and I think that's a very tricky thing to do.
So I think that in order to do this effectively you need a standard which all programs which construct documents will use to tag their data, so that all the infrastructure devices can read those tags and act on them...
Now the question I've got for Hoff is ... transparent to users.. how will that happen and the tags will still be meaningful to the business? To do that it seems to me that the device/network will need to make assumptions about the appropriate tags for all of a users data? From my experience users will create and process documents at a variety of sensitivities and classifications in a given day, and the only person who understands the significance of their documents is the user themselves.


raesene

Security Geek, Penetration Testing, Docker, Ruby, Hillwalking