This article introduces DefiniSec components, resources, and terminology for SSProtect and KODiAC.
This article clarifies common use of certain terms, and how they fit into the solution we provide to manage, secure, and maintain sensitive host application data.
This article does not provide detailed insight into common components, rather seeks to provide enough context to assist in further investigation on relevant topics. Additional overview information can be found on our website in the product pages here.
SSProtect started from the idea of creating a Super Simple Security Solution, though SSSS didn't seem like a very good name for a product. When we started development, we used the SSProtect moniker to remind ourselves of the primary focus - combine effectiveness and ease of use. While prototyping, and for lack of a better name, SSProtect made its' way into early presentations. When we revisited the idea with those involved, many were surprised we hadn't planned to use the name long-term, and noted the consistent similarities with other security technologies, such as SSL and SSH. When we looked at the idea of, "Super Simple" vs., "Simple Security", we realized it didn't much matter - most accepted one or the other as suitable, so we kept the name.
Today, this moniker represents the complete set of combined components and cloud services that we use to deliver scalable data protection and management capabilities - scalable for both data handling and functionality. SSProtect is also often used in direct reference to the host application software you install and run to manage Account details and work with managed content, though it is formally known as the :Foundation Client. See below for additional clarity.
KODiAC is derived from Key-Oriented Distributed Automatic Cryptosystem, and it is the unique set of cloud services and patented methods that provide core protection and management capabilities. Functional sets are offered as components that can be dynamically assigned to Users/ Accounts, masking unused functionality to simplify use. Though many critical security, "features" stem from KODiAC Cloud Services, there are numerous host-based innovations that stand on their own. Combined together and enabled in total, they instantiate SSProtect in entirety.
Our data security and management capabilities are delivered as a hybrid cloud service architecture, which employs both cloud service components (KODiAC) and host application software. The host component - the :Foundation Client - is very small (around 10 MB installed, more w/ help and tutorial images), and provides a set of User Interface components where others would employ the use of a Web Browser. We avoid this approach to retain a tiny cloud footprint, reducing our attack surface and overall risk.
The :Foundation Client is your visual entrypoint for working with managed content and Account/ Organization configuration. As previously noted, we often use the more general term SSProtect, since it is the primary method for working with the system.
To review, SSProtect is delivered as a set of component services exposed by and executed in the cloud (KODiAC). These work in concert with host application software - the :Foundation Client - to expose configuration, management, and protective capabilities.
Accounts are dynamically configured to include or preclude protective service components to best reflect the needs for each User. The following section lists all components, categorized by their place in the PROTECT | MANAGE | RESPOND lifecycle of secure data management.
NOTE: Components available to every installation are marked with an asterisk *. Links refer to Topics or an introductory article on the associated component.
Protect - :Access*
:Access adds 2-factor Authentication to protected actions. This includes both access to managed content and :Foundation Client configuration capabilities.
Protect - :Confidential*
:Confidential manages host data encryption, integrity protection, and all related resources that go into execution of Cryptographic Offloading that delivers the unique multi-party trust value proposition.
Protect - :Email
:Email is a Microsoft Outlook Add-In that extends the :Foundation Client's protective capability to email message content. This component executes as an Outlook Add-In and relies on :Expand capabilities for all protective measures, removing critical operation from Outlook itself.
:Assess provides both secure access auditing and reporting, with fine-grained host detail and cloud-sourced data that remains out of reach of host-based attackers.
Manage - :Collaborate*
:Collaborate provides zero-configuration peer data sharing for members of an Organization, and offers configurable Third-Party Trust associations that can be enabled/ disabled on the fly by Privileged Users (Administrators and Delegates).
Manage - :Expand
:Expand is a command line interface to the :Foundation Client for third-party product implementation. Outlook email protection - :Email components - uses :Expand for all protective capabilities.
:Expand is available with every :Foundation Client installation for development and production integration.
Manage - :Recover
:Recover provides version-specific, secure cloud backup and restore with almost no impact to end-user workflows. :Recover is required for :xRecovery and :Respond. See below for details.
Respond - :Honeypots
:Honeypots allow you to manage and monitor files designed to attract attacker interest, generating notifications and :Assess secure events in response to access events. This can cast a wide net to help detect intruder activity, for example integrated with SIEM solutions.
Respond - :Respond
:Respond provides both objective data disclosure risk insight and also automatic sabotage remediation, supporting business continuity while maximizing Security Incident Response insight with data specifically suited for prioritizing response and recovery activities.
Respond - :xRecovery
:xRecovery is a Disaster Recovery service that makes User Archives securely available for offline access, mitigating the risk of internal saboteurs and also providing complete restoration of all Enterprise Data in a single set of focused operations. Operation requires human authorization using pre-identified personnel, as set for in related Service Agreement(s).
You can search this site for more information on various topics, or use this link to submit a specific request. You can also send email directly to firstname.lastname@example.org, and our staff will respond to your needs as soon as possible.
In the meantime, don't forget to check out our primary website and Insights columns for information on current trends, security topics, and how our technologies relate.
This article was updated w/ v8.5.1 of the :Foundation Client