Resource/Asset Inventory: Maintain a detailed and accurate inventory of all hardware, software, and data assets in the organization. This information is essential for policy enforcement and risk management.
Cocoon Data’s cloud and asset management is done for all devices based on the standards and requirements of NIST 800-53 and FedRAMP. The Cocoon Data platform has undergone the federal review process and has received a Readiness Assessment Report by FedRAMP 3PAO to attest to our processes and procedures in adhering to this process. (FedRAMP: Federal Risk and Authorization Management Program) is a US government program that provides a standardized approach for assessing, authorizing, and monitoring the security of cloud computing products and services used by federal agencies.
Identity, Credential, and Access Management (ICAM): Implement strong authentication, authorization, and access controls for users, devices, and systems. Use multi-factor authentication (MFA) and limit the use of privileged accounts.
Identity, credential management, and access management are controlled by Cocoon Data's patented technology called Secure Objects. This ties together policy, key management, and identity management to form a security triad that can be applied to each individual secure document at a granular level or for the entirety of the system. Secure Objects adheres to the standards set forth by NIST for identity, credential management, and access control, as detailed in NIST SP 800-63 (Digital Identity Guidelines).
Continuous Monitoring and Analytics: Monitor network traffic, user behavior, and system logs for potential threats or policy violations. Apply advanced analytics to identify anomalies or potential attacks and respond accordingly.
Cocoon Data's system has continuous monitoring with FedRAMP-approved SIEM utilities and can be configured to adapt and respond to specific events such as policy violations. Secure Objects is core to this functionality. Kill the key functionality, which revokes access tokens to one, many, or all secured objects inside of a system, provides additional advanced SOAR capability.
Micro-segmentation and Network Isolation: Divide the network into smaller, isolated segments to limit the potential impact of a breach. Enforce access controls at the granular level, limiting lateral movement of threats within the network.
SafeShare's advanced architecture, based on Kubernetes containerization and cluster management, provides high availability, network isolation, micro-segmentation of processes, and robust disaster recovery capability. Additionally, Secure Objects cryptographically segments each secure object with its own unique AES-256 key, which has been FIPS-validated under the NIST standard by a FIPS Validation Laboratory.
Data Protection: Encrypt sensitive data both at rest and in transit. Implement data classification and labeling to ensure proper handling of sensitive information. Apply data loss prevention (DLP) measures to monitor and prevent unauthorized data exfiltration.
Cocoon Data's Secure Objects uses FIPS-validated cryptographic algorithms to encrypt each individual document or data segment with its own unique AES-256 encryption key.
Security Policies and Governance: Develop and enforce comprehensive security policies that align with the Zero Trust principles. Regularly review and update these policies to adapt to the evolving threat landscape.
Cocoon Data's security policies and governance are defined by the NIST SP 800-53 publication and have been assessed by a FedRAMP 3PAO. We have received a FedRAMP Readiness Assessment Report with recommendations to the Program Management Office for FedRAMP.
In conclusion, Cocoon Data is a comprehensive Zero Trust solution that provides robust security measures for data sharing. It adheres to the Zero Trust principles by implementing strong authentication, authorization, and access controls, maintaining a detailed inventory of all assets, and continuously monitoring and analyzing network traffic and user behavior. Cocoon Data provides micro-segmentation and network isolation to limit the potential impact of a breach and encrypts sensitive data both at rest and in transit. By adopting Cocoon Data, businesses can ensure the security of their sensitive data and maintain a strong security posture in the face of evolving threats.