| In Plain Sight |
This multi-part series is designed to provide a deeper understanding of the threats that your organization and its data face. As we speak to customers and partners, we see gaps in understanding when it comes to data security. Our goal is to educate our readers to understand the broad threat to your organization derived from your data and drill down to show the interdependencies and connections to help you take a holistic view of protecting your data.
In February of 2018, in a San Francisco courtroom, two tech heavyweights faced-off in a widely followed trial as Alphabet’s autonomous vehicle spinoff Waymo sued Uber. The case stemmed from Uber’s hiring of Anthony Levandowski, a former Waymo engineer who, according to Waymo, stole confidential files to secure his new job and advance Uber’s efforts in autonomous vehicles. Waymo was suing for one billion dollars.
The case was widely followed for a number of reasons, but before we could get answers to the most pressing questions, the trial came to an abrupt end when the two sides announced a surprise settlement. Many of those pressing questions were left behind. Perhaps the most intriguing of all being – how does a billion dollars’ worth of intellectual property walk out the front door of one of the biggest technology companies in the world? And how does it take nearly two years and millions of dollars in legal fees to do anything about it?
The case exposes one of the most glaring and hard to solve issues in data security – the trusted user as the bad actor. It is a difficult problem to solve for a number of obvious reasons, but it is a necessary problem to solve because it is one of the largest vulnerabilities for organizational data security.
Covax Polymer’s data molecule structure offers a powerful solution to this problem. With data molecules, data is encapsulated in a virtual shell. In order to pierce those shells and gain access, not only does the user have to have access rights, but the molecule must reside in your ecosystem or an approved outside location. The data resides on your storage platforms in the same locations it previously did and moves through your ecosystem the same way as before, only it is now “molecularlized.” Molecules cannot be accessed without a specifically permissioned Covax driver at the access point. In addition, Polymer introduces a multi-file molecule protocol that randomly breaks the molecule into smaller pieces instead of storing one large, encrypted file. Each piece has its own encryption key, further strengthening the security of data at rest. All this means that if “data” is copied or moved to an external location it is not the usable data at all, it is the molecule, actually, it is pieces of the data molecule, not the codified data set.
If Polymer were in place in the case of Waymo versus Uber, Mr. Levandowski could have taken all the intellectual property he wanted in the form of data molecules – it would have been useless outside of Waymo’s systems. Beyond that, the unauthorized copies would have been immediately tracked in Polymer’s immutable chain of custody, providing indisputable evidence of the illicit action, and pinpointing the exact data that was stolen.
The issue of intellectual property theft is just one example of critical data that needs to be protected. Far too often organizations fail to realize the full scope of data that is truly critical to their organization – focusing almost solely on data that is deemed sensitive or important by compliance regulations. Covax Data takes a holistic approach to data security – from the way we protect your data to the data we protect. In next week’s post, we will drill deeper into the hard to solve problem of trusted user access, and what happens when credentials are stolen (or given).
Originally Posted On: October 6, 2020