Copy of Copy of Untitled.png
iown-in-light

Data Breach Collab

The Data Breach Collab is an iOWN Council Proof of Concept (POC) project that will assess the impact of data ownership on the sharing of data breach information for the purpose of collaborating on new solutions in the fight against cyber crime.

THE THESIS

A 'Zero-Copy' data management environment that supports owner-defined and universally-enforced access controls PLUS anonymization PLUS precision auditing is sufficient to create the conditions for organizations to contribute sensitive breach information and collaborate on building solutions in the fight against cyber criminals.

THE CONTROLS

7.png
VIEW / ADD / EDIT
Granular to the cell
3.png
ANONYMITY
Identifiers anonymized at source
1.png
DELETION
Right to be forgotten
2.png
QUERY
Control operational use
Untitled design (3).png
CUSTODIANSHIP
Assign temporary owners

ZERO-COPY ECOSYSTEM

Connected Systems

data browser_2x.png
Network Sphere.png

Dataware Platform

Connected People

Customers.png
Data Owners
(compliance, security)
Employees.png
Solution Builders
Partners.png
Data Auditors
Spreadsheets.png
Artboard 69_2x.png
Incident Data Sources
AIML.png
Privacy-Enabling Technologies
Artboard 27_2x.png

Supports Data Linking, Universal Access Controls, Data Collaboration, and

No Code solutions. Hosted on-prem or private cloud.

Data Viz + Data Audit Tools

PROPOSED DATA GOVERNANCE

The POC operationalizes a Privacy by Design approach

  1. Breach data is never copied

  2. Breach data cannot be downloaded

  3. Breach data can be fulsomely deleted (right to be forgotten)

  4. Access to identifying data is fully-controlled by data owners

  5. All incident reporters and reports are verified

  6. Only data owners can grant (or withdraw) access to breach data

  7. Only certified builders and auditors can request access to breach data

  8. All data engagement (views, changes, queries) are visualized for owners

 POTENTIAL COLLABORATIONS

Data enrichments enabled by Universal Access Controls set by data owners

Person to Person
person to person_2x.png
Person to System
person to system_2x.png
System to System
system to system_2x.png

POTENTIAL SOLUTIONS

The iOWN environment supports no code and lo code solution delivery which is powered by the Zero-Copy Integration framework that preserves Universal Access Controls.

Alert Systems
desktop.png
Pattern Analysis
data browser_2x.png
Consumer Tools
apps.png
chatbot.png

Note: having access or log-in to a solution powered by the system does not give the user access to any data to which an owner has not granted them access.

Project milestones

  • Data Model approval (iOWN Council)
  • Public demonstration / webinar
  • Stakeholder survey

GETTING INVOLVED

The iOWN Council welcomes data privacy, data protection, data law, data compliance, and IT professionals with a passion for data ownership and data collaboration to join us on this and other projects in support of meaningful data ownership.

FAQs

CONTROLS

What makes the controls "universal"?


In short, the elimination of copies within the Dataware platform are what make the controls universal.

This is especially important when putting the data to use (aka "operationalizing" the data) by building new solutions to fight cyber crime such as dashboards, alerting systems, and consumer-facing apps.

This approach to data protection is sometimes referred to as "data minimization" and it is becoming increasingly common among modern data management systems. In principal, it is not unlike controlling the value of currency via anti-counterfeiting design features.

The universality of the access controls refers to the fact that it is the data owner and the data itself (not some external piece of code in an app) that manages access.

When an owner defines access to their data, it is enforced everywhere.




What types of data controls are available to data owners?


The controls offered by the Dataware platform used in the POC are set at the data level so they’ll be the same on any of the solutions powered by that data.

This stands in contrast to managing access controls across thousands of apps and the tens of thousands of copies that apps create as part of tradtional data integration.

Here's a breakdown of the controls:
By User Owners of a table can grant access to a particular user. They simply go to that user’s profile and set what data you’d like them to have control over. Unlike traditional user access controls, data access set with Cinchy will be applied across any solution (customer experience, automation, workflow, data viz) created with that data. By Team The "Zero-Copy" environment makes it possible to give data control to an entire team; no sharing logins and passwords, no making copies of data. All you need to do is set the team controls when you create a new table. By Action Security isn’t just about who can access data, but what they can do with it. This includes view-only access, editing permissions, and more. If, for example, there’s a set of data that should be read-only for everyone in the world but you, all you have to do is set the permission; the data will remain read-only wherever it appears. By Table For broad control of data, owners can adjust controls for an entire data table. This is useful for granting higher-level access, quickly and easily. The permissions will persist wherever that data is used. By Column or Row Need to be a little more specific? The platform allows user controls to be set not just by table, but by column or row. This provides an incredible amount of flexibility, while still being far faster, easier, and more secure than other methods of data access control. By Cell For the most granular control, set data access by the individual data cell. You’ll have precise management over exactly who and what can access the data cell, and what they can do with it. This is the sort of precision that used to take huge amounts of time to manage, but with data-level security you’ll only have to set the controls once, and they’ll be the same wherever that data is found. By Dynamic Function In some cases, owners may wish to set up dynamic permissions for complex use cases. As an example, take a huge company with thousands of sales leads. You wouldn’t want each salesperson to see every lead, because that just invites confusion and mistakes. Instead, you could easily show someone only leads assigned to them, or you could show them the leads assigned to their team. This is different from team permissions, because leads are assigned to individuals. Fully Customizable All of these controls can be mixed and matched as needed to provide full customization. Give Group A read-only access to a single column within a data table, while the Group B has full control over the entire table, and a specific Group C member has editing access to a single cell within that table.




Can the controls be handed to a steward or custodian?


Yes. Once of the many access controls available to data owners is the ability to give a user or group "control of the controls" and grant them temporary ownership (aka custodianship or stweardship) of their access controls. This stutus can be easily revoked by data owners at any time. A typical custodian would be a colllague working at the same organization and this process can be further bolstered by owner-defined rules.




How will hackers be kept out of the system?


The system can be hosted on premise or private cloud and the choice of hosting envirnments and related security regimes will go a long way towards improving cyber security. That said, no IT environment is 100% secure, but privacy-by-design features including owner-defined and highly-granular access controls, auto-anonymization, and the defaul elimination of download capabilities will place this system at the leading edge of data security.





ANONYMITY

Do system users have anonymity?


Yes. The plan is to work with one or more PET vendors to connect to the core Dataware platform in order to offer automated PII detection and anonymization capabilities.




Do organizations have anonymity?


Yes. The plan is to work with one or more PET vendors to connect to the core Dataware platform in order to offer automated organization, brand, and product name detection and anonymization capabilities.




Can any user or group work with non-anonymized data?


No. However, part of the proof of concept will be exploring whether any person or group should be granted clearance to access non-anonymized data.





VALIDATION

Who has access to the system?


The prototype will be designed as an open system open to anyone (globally) to enter data breach incident information. However, all users and reports will be verified through a combination of automated features and human fact-checkers.

Typical users will include data security, data compliance, data governance, and risk management reosurces working for private and public organizations.




How are breach reports validated?


More details coming soon.




How are system users validated?


More details coming soon.





CAPABILITIES

Can databases be connected to the system?


Yes. The Dataware platform being used for the POC supports a variety of connectors to synch data from existing databases, data warehouses/marts, data lakes, and even spreasheets. Once connected, the owner can set universal access controls that same as data tables that are created directly on the platform.




Can spreadsheets be connected to the system?


Yes. See the answer about "Databases" for more details.




How is Data Governance managed?


The Dataware platform being used for the POC supports the creation of data domains. That said, we have not yet determined the exact nature of the schema / architecture for the POC and so this one of the many challenges that will be addressed during the course of the project. That said, the universal access controls are owner-defeined and immutable by anyone but the data owner themselves, and so this is very much a privacy-by-design environment.




How is Data Mastering managed?


Description coming soon.




What is "Zero-Copy Integration"?


Zero-Copy Integration refers to the ability of the Dataware paltform used for this POC project to generate a new data model based on a saved query. Multiple such models can be created all pulling from the same physical data. The only requirement for this process is for the query builder (aka "Builder") to have query access to the data and this can only be grantedf by the data owners.

This stands in contrast to the traditonal approach of IT delivery which would require each new operational / transactional solution (app) to be supported by a new database silo which itself would need to be populated with copies of data exchanged from other apps and systems. This is how access controls are eroded and end with data ultimtely being copied to spreadhseet or othe rnon-sanctioned environment (at which point control over data access is lost completey.)





SOLUTIONS

What types of solutions can be created to fight cyber crime?


The project will be able to demonstrate working prototypes of data-centric solutions, including, but not restricted to the following:

  • Dashboards
  • Alert Systems
  • Pattern detection Systems
  • Consumer-fascing systems
The decision on which solutions will be delivered as part of the POC will be taken collectively and follow discussion within our project Slack channel.




Can this system be used to train AI/ML tools?


Yes, the Dataware platform can be used to train and operationalize data from connected ML engines.