SlideShare une entreprise Scribd logo

Cisco Connect Ottawa 2018 cloud and on premises collaboration security explained

Cisco Canada
Cisco Canada

Cisco Connect Ottawa 2018 cloud and on premises collaboration security explained

Technologie
1  sur  50
Télécharger pour lire hors ligne
Cisco Connect Ottawa Canada • 2 October 2018 Cloud and On Premises Collaboration Security Joseph Bassaly Architect
© 2 0 1 6 C is c o a n d /o r its a ffilia te s . A ll rig h ts re s e rv e d . 2 What will we cover today ? • Cisco Collaboration Elements • Managing Identity • Cisco WebEx Teams Security concepts • Cisco WebEx Team compliance and Archival • Cisco Enterprise Content Management (Coming Soon) • Cisco Control Hub Security Capabilities • Cisco WebEx Team Network Security • Cisco WebEx Teams Security Roadmap
© 2 0 1 6 C is c o a n d /o r its a ffilia te s . A ll rig h ts re s e rv e d . 3 Messaging Call ControlMeetings Seamless Collaboration Experience Link on-premises assets to the cloud
© 2 0 1 6 C is c o a n d /o r its a ffilia te s . A ll rig h ts re s e rv e d . 4 WebEx Teams Client Collaboration Elements WebEx Board Video End Points MEDIA NODES Expressway Existing Services Teams Meeting Jabber IM & Presence Communication Manager Unity Connection
5© 2 0 1 6 C is c o a n d /o r its a ffilia te s . A ll rig h ts re s e rv e d . Managing Identity
© 2 0 1 6 C is c o a n d /o r its a ffilia te s . A ll rig h ts re s e rv e d . 6 IdP – Identity Provider: RP – Relying Party Users IndirectAgreem ent Authentication Explicit Initial Trust Agreement Identity Framework 6
© 2 0 1 6 C is c o a n d /o r its a ffilia te s . A ll rig h ts re s e rv e d . 7 Alex Authentication and Authorization (AuthN and AuthZ) Authentication Authorization 7 Authentication verifies that “you are who you say you are” Authorization verifies that “you are permitted to do what you are trying to do”
© 2 0 1 6 C is c o a n d /o r its a ffilia te s . A ll rig h ts re s e rv e d . 8 Authentication and Authorization (SAML and OAuth) Authorization Client Services IdP Authentication
© 2 0 1 6 C is c o a n d /o r its a ffilia te s . A ll rig h ts re s e rv e d . 9 User & Device Management Roles based Access Security & Compliance Analytics & Reports SSO & Directory Sync Manage Services & Integrations 9 Cisco Control Hub
© 2 0 1 6 C is c o a n d /o r its a ffilia te s . A ll rig h ts re s e rv e d . 1 0 10BRKCOL-2080 User Provisioning • Directory Connector (recommended) • Manual creation Add or modify users Bulk CSV import • Convert existing users who already have a Spark account Directory Connector Active Directory Cisco Collaboration Cloud Identity/SSO HTTPS
1 1© 2 0 1 6 C is c o a n d /o r its a ffilia te s . A ll rig h ts re s e rv e d . Cisco WebEx Team Security
© 2 0 1 6 C is c o a n d /o r its a ffilia te s . A ll rig h ts re s e rv e d . 1 2 Webex Cloud Security - Realms of Separation Identity Service Content Server Key Mgmt Service Indexing Service E-Discovery Service Webex logically and physically separates functional components within the cloud Identity Services holding real user Identity (e.g. email addresses) are separated from : Encryption, Indexing and E-Discovery Services, which are in turn separated from : Data Storage Services Data Center A Data Center B Data Center C 12© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public Webex Cloud
© 2 0 1 6 C is c o a n d /o r its a ffilia te s . A ll rig h ts re s e rv e d . 1 3 Realms of Separation – Identity Obfuscation Identity Service Content Server Key Mgmt Service Indexing Service E-Discovery Service Outside of the Identity Service - Real Identity information is obfuscated : For each User ID, Webex Teams generates a random 128-bit Universally Unique Identifier (UUID) = The User’s obfuscated identity No real identity information transits the cloud Data Center A Data Center B Data Center C jsmith@abc.comhtzb2n78jdbc9e 13© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public Webex Cloud
© 2 0 1 6 C is c o a n d /o r its a ffilia te s . A ll rig h ts re s e rv e d . 1 4 Directory Sync Identity Service © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public Webex Cloud Webex Teams – User Identity Sync
© 2 0 1 6 C is c o a n d /o r its a ffilia te s . A ll rig h ts re s e rv e d . 1 5 Directory Sync SAML SSO Identity Service IdP Webex Cloud Webex Teams SAML Authentication
© 2 0 1 6 C is c o a n d /o r its a ffilia te s . A ll rig h ts re s e rv e d . 1 6 Webex Teams App – Cloud connection IdP Identity Service Webex Teams Service Webex Cloud
© 2 0 1 6 C is c o a n d /o r its a ffilia te s . A ll rig h ts re s e rv e d . 1 7 Webex Teams Device – cloud connection Identity Service 1234567890123456 17 Webex Teams Service Webex Cloud
1 8© 2 0 1 6 C is c o a n d /o r its a ffilia te s . A ll rig h ts re s e rv e d . WebEx Teams Secure Messages and Content
© 2 0 1 6 C is c o a n d /o r its a ffilia te s . A ll rig h ts re s e rv e d . 1 9 Content Server Key Mgmt Service ####### #######message ####filemessage Webex Teams- Encrypting Messages and Content Key Management Service AES256-GCM cipher used for Encryption 19 Webex Cloud
© 2 0 1 6 C is c o a n d /o r its a ffilia te s . A ll rig h ts re s e rv e d . 2 0 Key Mgmt Service message#######message Content Server ####### #######message Webex Teams - Decrypting Messages and Content Key Management Service 20 Webex Cloud
2 1© 2 0 1 6 C is c o a n d /o r its a ffilia te s . A ll rig h ts re s e rv e d . WebEx Teams Secure Search and Indexing
© 2 0 1 6 C is c o a n d /o r its a ffilia te s . A ll rig h ts re s e rv e d . 2 2 Indexing Service Webex IS the messageWebexIS themessage Content Server Webex IS the message Key Mgmt Service ################### Searching Webex Teams Spaces: Building a Search Index ################### B957FE48 B9 57 FE 48 Hash Algorithm ################# Indexing Service ################# * A new (SHA-256 HMAC) hashing key (Search Key) is used for each space Search Service Webex Cloud
© 2 0 1 6 C is c o a n d /o r its a ffilia te s . A ll rig h ts re s e rv e d . 2 3 Indexing Service “Webex”Webex Content Server Key Mgmt Service ################### Webex Teams spaces : Querying a Search Index Search for the word “Webex” ################### B957FE48 B9 57 FE 48 Hash Algorithm Indexing Service “Webex” Search for the word “Webex” “B9”###################################### Webex IS the Message B9 *A link to Conversation Encryption Key is sent with encrypted message Search Service Webex Cloud B9 57 FE 48
© 2 0 1 6 C is c o a n d /o r its a ffilia te s . A ll rig h ts re s e rv e d . 2 4 Cisco Webex Control Hub Indexing Service Jo Smith’s ContentJo Smith’s Content Content Server Key Mgmt Service ################## # Webex Teams E-Discovery Service ################## # X1GFT5YY Hash Algorithm Indexing Service Jo Smith’s Content “X1GFT5YY” Jo Smith’s Content ################## # X1GFT5YY E-Discovery Service ################## # Jo Smith’s Content ################## # Jo Smith’s Content ################# Search Service Webex Cloud
© 2 0 1 6 C is c o a n d /o r its a ffilia te s . A ll rig h ts re s e rv e d . 2 5 E-Discov. Storage E-Discovery ServiceContent Server Key Mgmt Service Webex Teams E-Discovery Service E-Discovery Service Cisco Webex Control Hub Jo Smith’s Content################## #Jo Smith’s Content################## # Jo Smith’s Content ################## # Jo Smith’s Messages and Files #################### #################### ################# #################### #################### ################# Jo Smith’s Messages and Files Search Service Webex Cloud E-Discovery Content Ready
© 2 0 1 6 C is c o a n d /o r its a ffilia te s . A ll rig h ts re s e rv e d . 2 6 Secure Data Center Content Server Key Mgmt Service Webex Teams – Hybrid Data Security (HDS) E-Discovery ServiceIndexing Service Hybrid Data Security Hybrid Data Services = On Premise : Key Management Server Indexing Server E-Discovery Service 26© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public Webex Cloud
© 2 0 1 6 C is c o a n d /o r its a ffilia te s . A ll rig h ts re s e rv e d . 2 7 Hybrid Key Management Servers in different Organizations establish an encrypted connection via the Webex Cloud Key Mgmt ServiceKey Mgmt Service Content Server Key Mgmt Service HDS: Key Management Server Federation Hybrid Key Management Servers make outbound connections only : HTTPS, Web Socket Secure (WSS) Organization A Organization B messagemessage Webex Cloud
2 8© 2 0 1 6 C is c o a n d /o r its a ffilia te s . A ll rig h ts re s e rv e d . Compliance and Archival
© 2 0 1 6 C is c o a n d /o r its a ffilia te s . A ll rig h ts re s e rv e d . 2 9 Security & Compliance Program Compliance Content Ownership, Retention, Archival, E-Discovery, Legal Hold, Events APIs Device and User Management Mobile App Management, Identity, Integration & Ent Admin Management Data Security End to End Encryption, On-Premises Key Management System (KMS), Cloud KMS Network Connectivity Proxy & Firewall rules for Webex Apps and Endpoints. TLS 1.2, 802.1X Certifications & Regulations Certifications (ISO27K, SOC-2/3, HIPAA, PCI), Regulatory compliance (GDPR, MIFID, BCR) Webex Teams Security and Compliance Initiative Enterprise Content Management Support for External 3rd Party File Systems, Transcoding 29
© 2 0 1 6 C is c o a n d /o r its a ffilia te s . A ll rig h ts re s e rv e d . 3 0 Compliance Officer : Advanced filters for search The Compliance Data Search function is restricted to compliance officer(s) only Search for content in messages and file names Search by e-mail addresses, or Space IDs Search by date range https://admin.webex.com/ediscovery/search
© 2 0 1 6 C is c o a n d /o r its a ffilia te s . A ll rig h ts re s e rv e d . 3 1 Compliance Officer : Search Results Report Summary 31
© 2 0 1 6 C is c o a n d /o r its a ffilia te s . A ll rig h ts re s e rv e d . 3 2 Webex Teams Control Hub : Administrator defined Retention Policy • Default Retention Period : Indefinite • Subject to storage limits • Configurable Retention Period : 1 to 120 months Webex Teams Message and File Retention https://admin.webex.com/settings
© 2 0 1 6 C is c o a n d /o r its a ffilia te s . A ll rig h ts re s e rv e d . 3 3 How can you archive Webex Teams data? Use Cases • Sophisticated eDiscovery • Legal Hold • Retention policies based on groups Options • Out-of-the-box Solution : Integrations with Archival partners e.g. Actiance • Custom Solution : Cisco Advanced Services software & services e.g. Global Relay • DIY : Use Systems Integrator or self integrate Events API with Archival software Archival System Events API Enterprise E-Discovery Application Webex Cloud 33
© 2 0 1 6 C is c o a n d /o r its a ffilia te s . A ll rig h ts re s e rv e d . 3 4 Archival Vendors : Feature support (June 2018) Actiance Global Relay Verint Verba Archive Messages Yes Yes Yes Archive Files Yes Yes Yes Integrate with eVaults Veritas, HP, IBM N/A Yes On-premise vs Cloud On-Prem, Cloud, Hybrid Yes On-premise Native-integration vs Services engagement Native-integration Cisco AS engagement Native-integration
© 2 0 1 6 C is c o a n d /o r its a ffilia te s . A ll rig h ts re s e rv e d . 3 5 Webex Teams Events API enables polling for Events and Content generated by users Allows organizations to monitor and correct user behavior (e.g. Delete Content, Alert User, Alert Administrator), preventing the loss of sensitive data Webex Cloud Events API Content Property Membership Events DLP or CASB Policies Corrective Actions Delete content/ Alert user/ Alert admin Data Loss Prevention (DLP) : Monitor and React Webex Teams Integrations Cisco Cloudlock Third Party Vendors Skyhigh, Global Relay etc. CASB : Cloud Access Security Broker
© 2 0 1 6 C is c o a n d /o r its a ffilia te s . A ll rig h ts re s e rv e d . 3 6 Webex Teams Integrations Compliance: Data Loss Prevention & Archival (Cisco Advanced Services offering) 36
© 2 0 1 6 C is c o a n d /o r its a ffilia te s . A ll rig h ts re s e rv e d . 3 7 Data Loss Prevention : Feature support (June 2018) Cisco Cloudlock Symantec SkyHigh Netskope Bitglass Verint Verba Monitor Messages Yes Future Yes Yes Yes Yes Monitor Files Yes Yes Yes Yes Yes No Alerts on violations Yes Yes Yes Yes Yes Yes Deletion of offending Messages Yes Future Yes Yes Yes Yes Deletion of offending Files Yes Future Yes Yes Yes No Malware detection/removal No Yes (Detection) Future Future Yes No Configure policy per space or group Yes (User, Space) Yes (User, Space, Team) Yes (AD groups) Yes Yes Yes
3 8© 2 0 1 6 C is c o a n d /o r its a ffilia te s . A ll rig h ts re s e rv e d . WebEx Teams Control Hub Security Settings
© 2 0 1 6 C is c o a n d /o r its a ffilia te s . A ll rig h ts re s e rv e d . 3 9 Controlling User Generated Content Fine grained controls : DLP/CASB policy enforcement • Block Social Security Numbers, Credit Card Details • Block High Risk Users • Block Highly Confidential Content Coarse grained controls: Organization wide settings in Webex Teams Control Hub • Block External Communication • Block File download • Block File upload Finer controls enable IT Departments to enable external communications while still being secure Block All Block Highly Confidential Block Social Security Numbers Allow But Warn Users Warn me about communications with competitors Block High Risk User Groups Block File Types based on AD Group Block content from being sent to users in China 39
© 2 0 1 6 C is c o a n d /o r its a ffilia te s . A ll rig h ts re s e rv e d . 4 0 File Sharing Control • Allows Webex Teams customers to control file downloads and uploads on specific client types : Desktop/ Web/ Mobile/ Bots • Administrator Controlled • Files and Whiteboard icons greyed • User warning if file share attempted Addresses : Data Loss concerns Malware concerns Provides : Mobile Application Management controls on Bring Your Own Devices
© 2 0 1 6 C is c o a n d /o r its a ffilia te s . A ll rig h ts re s e rv e d . 4 1 Webex Teams : Blocking External Communication What: Provide administrator with controls to prevent external communication § Users within the org cannot add users outside the org in spaces owned by the org § Users within the org will not be able to join external spaces § Meetings are still allowed Why: Need to control Webex Teams usage § Mitigate data loss (accidental or intentional) § Regulatory implications of external comms
© 2 0 1 6 C is c o a n d /o r its a ffilia te s . A ll rig h ts re s e rv e d . 4 2 Webex Teams : Blocking consumer account use on Corporate networks What: • Allow enterprise customers to block users from accessing Cisco Webex with non-corporate/personal accounts. • Users can log in only to whitelisted domains. • Why: • Enterprise customers require control in a lockdown environment • Reduces risk of data exfiltration from corporate network • Compliance with company policies
© 2 0 1 6 C is c o a n d /o r its a ffilia te s . A ll rig h ts re s e rv e d . 4 3 • Ensures the Webex Teams application can only accessed on Passcode protected mobile devices • Helps protects company data when accessing Webex Teams from a mobile device • Mobile phone message will warn user and point to passcode settings Client Security: PIN Lock on mobile devices
© 2 0 1 6 C is c o a n d /o r its a ffilia te s . A ll rig h ts re s e rv e d . 4 4 Webex Teams Control Hub – User Devices : Token Revocation and Remote Wipe • Administrator can revoke Access Tokens for a User’s Devices • Reset Access force the User to login the next time they access Webex Teams. • Reset Access also wipes the cached content on mobile devices. • Ensures Secure User access to Webex Teams after a device is compromised.
4 5© 2 0 1 6 C is c o a n d /o r its a ffilia te s . A ll rig h ts re s e rv e d . WebEx Teams Network Security
© 2 0 1 6 C is c o a n d /o r its a ffilia te s . A ll rig h ts re s e rv e d . 4 6 Connecting to Webex through Enterprise Firewalls : Webex Teams Apps and Devices Firewalls : Whitelisting Ports and Destinations You will need to allow Webex Teams media and signaling traffic to pass through your Enterprise Firewall – For white listing details refer to : Media Port Ranges : Source UDP Ports : Voice 52000 - 52099, Video 52100- 52299 Source TCP/ HTTP Ports : Ephemeral (=> No DSCP re-marking) Destination UDP/ TCP/ HTTP Port : 5004 Destination IP Addresses : Global IP subnets listed in doc above Webex Teams Network Requirements doc : https://collaborationhelp.cisco.com/article/en-us/WBX000028782 Webex Cloud Signalling UDP Media
© 2 0 1 6 C is c o a n d /o r its a ffilia te s . A ll rig h ts re s e rv e d . 4 7 • Basic Authentication Common Proxy Authentication Methods • NTLMv2 Authentication • Negotiate Authentication • Kerberos • Digest Authentication 47© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public Webex Cloud Signalling UDP Media
© 2 0 1 6 C is c o a n d /o r its a ffilia te s . A ll rig h ts re s e rv e d . 4 8 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public Room OS Webex Board Windows Mac iOS Androi d No Authenticatio n Basic Digest TBD TBD NTLM Planning Planning TLS Inspection Planning Q3CY18 Q3CY18 Kerberos Investigating Investigating Q3CY18 Q3CY18 TBD TBD Webex Teams : Proxy Authentication Support Refer to https://collaborationhelp.cisco.com/article/en-us/WBX000028782 for up to date details of feature support
© 2 0 1 6 C is c o a n d /o r its a ffilia te s . A ll rig h ts re s e rv e d . 4 9 Connecting to Webex from the Enterprise – 802.1X 802.1X Operation ??? • Switch port network access restricted • Client presents credentials to Authentication Server • After successful Authentication – switch port configured for the Device e.g. VLAN(s), ACLs Authentication Server 49© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public Webex Cloud
Thank you.

Recommandé

[Cluj] Turn SSL ON
[Cluj] Turn SSL ON[Cluj] Turn SSL ON
[Cluj] Turn SSL ON
OWASP EEE
 
The Best Practice with Code Signing Certificates - CodeSignCert.com
The Best Practice with Code Signing Certificates - CodeSignCert.comThe Best Practice with Code Signing Certificates - CodeSignCert.com
The Best Practice with Code Signing Certificates - CodeSignCert.com
Kayra Obrain
 
Implementing MITREid - CIS 2014 Presentation
Implementing MITREid - CIS 2014 PresentationImplementing MITREid - CIS 2014 Presentation
Implementing MITREid - CIS 2014 Presentation
Justin Richer
 
Troubleshooting Novell Access Manager 3.1
Troubleshooting Novell Access Manager 3.1Troubleshooting Novell Access Manager 3.1
Troubleshooting Novell Access Manager 3.1
Novell
 
Exploring Advanced Authentication Methods in Novell Access Manager
Exploring Advanced Authentication Methods in Novell Access ManagerExploring Advanced Authentication Methods in Novell Access Manager
Exploring Advanced Authentication Methods in Novell Access Manager
Novell
 
Cisco connect winnipeg 2018 cloud and on premises collaboration security ex...
Cisco connect winnipeg 2018 cloud and on premises collaboration security ex...Cisco connect winnipeg 2018 cloud and on premises collaboration security ex...
Cisco connect winnipeg 2018 cloud and on premises collaboration security ex...
Cisco Canada
 
Microservices Security Patterns & Protocols with Spring & PCF
Microservices Security Patterns & Protocols with Spring & PCFMicroservices Security Patterns & Protocols with Spring & PCF
Microservices Security Patterns & Protocols with Spring & PCF
VMware Tanzu
 
Jan 2008 Allup
Jan 2008 AllupJan 2008 Allup
Jan 2008 Allup
llangit
 

Recommandé

[Cluj] Turn SSL ON
[Cluj] Turn SSL ON[Cluj] Turn SSL ON
[Cluj] Turn SSL ON
OWASP EEE
 
The Best Practice with Code Signing Certificates - CodeSignCert.com
The Best Practice with Code Signing Certificates - CodeSignCert.comThe Best Practice with Code Signing Certificates - CodeSignCert.com
The Best Practice with Code Signing Certificates - CodeSignCert.com
Kayra Obrain
 
Implementing MITREid - CIS 2014 Presentation
Implementing MITREid - CIS 2014 PresentationImplementing MITREid - CIS 2014 Presentation
Implementing MITREid - CIS 2014 Presentation
Justin Richer
 
Troubleshooting Novell Access Manager 3.1
Troubleshooting Novell Access Manager 3.1Troubleshooting Novell Access Manager 3.1
Troubleshooting Novell Access Manager 3.1
Novell
 
Exploring Advanced Authentication Methods in Novell Access Manager
Exploring Advanced Authentication Methods in Novell Access ManagerExploring Advanced Authentication Methods in Novell Access Manager
Exploring Advanced Authentication Methods in Novell Access Manager
Novell
 
Cisco connect winnipeg 2018 cloud and on premises collaboration security ex...
Cisco connect winnipeg 2018 cloud and on premises collaboration security ex...Cisco connect winnipeg 2018 cloud and on premises collaboration security ex...
Cisco connect winnipeg 2018 cloud and on premises collaboration security ex...
Cisco Canada
 
Microservices Security Patterns & Protocols with Spring & PCF
Microservices Security Patterns & Protocols with Spring & PCFMicroservices Security Patterns & Protocols with Spring & PCF
Microservices Security Patterns & Protocols with Spring & PCF
VMware Tanzu
 
Jan 2008 Allup
Jan 2008 AllupJan 2008 Allup
Jan 2008 Allup
llangit
 
Microsoft Code Signing Certificate Best Practice - CodeSignCert.com
Microsoft Code Signing Certificate Best Practice - CodeSignCert.comMicrosoft Code Signing Certificate Best Practice - CodeSignCert.com
Microsoft Code Signing Certificate Best Practice - CodeSignCert.com
Kayra Obrain
 
Mit 2014 introduction to open id connect and o-auth 2
Mit 2014 introduction to open id connect and o-auth 2Mit 2014 introduction to open id connect and o-auth 2
Mit 2014 introduction to open id connect and o-auth 2
Justin Richer
 
International Journal of Engineering and Science Invention (IJESI)
International Journal of Engineering and Science Invention (IJESI)International Journal of Engineering and Science Invention (IJESI)
International Journal of Engineering and Science Invention (IJESI)
inventionjournals
 
A New Pairing Free ID Based Certificate Less Digital Signature (CL-DS) Scheme...
A New Pairing Free ID Based Certificate Less Digital Signature (CL-DS) Scheme...A New Pairing Free ID Based Certificate Less Digital Signature (CL-DS) Scheme...
A New Pairing Free ID Based Certificate Less Digital Signature (CL-DS) Scheme...
IJCSIS Research Publications
 
White paper - Full SSL automation with OneClickSSL
White paper - Full SSL automation with OneClickSSLWhite paper - Full SSL automation with OneClickSSL
White paper - Full SSL automation with OneClickSSL
GlobalSign
 
The Best Practices of Symantec Code Signing - RapidSSLonline
The Best Practices of Symantec Code Signing - RapidSSLonlineThe Best Practices of Symantec Code Signing - RapidSSLonline
The Best Practices of Symantec Code Signing - RapidSSLonline
RapidSSLOnline.com
 
Scott Rea - IoT: Taking PKI Where No PKI Has Gone Before
Scott Rea - IoT: Taking PKI Where No PKI Has Gone BeforeScott Rea - IoT: Taking PKI Where No PKI Has Gone Before
Scott Rea - IoT: Taking PKI Where No PKI Has Gone Before
DigiCert, Inc.
 
How EverTrust Horizon PKI Automation can help your business?
How EverTrust Horizon PKI Automation can help your business?How EverTrust Horizon PKI Automation can help your business?
How EverTrust Horizon PKI Automation can help your business?
mirmaisam
 
iot hacking, smartlockpick
iot hacking, smartlockpick iot hacking, smartlockpick
iot hacking, smartlockpick
idsecconf
 
Stateless authentication with OAuth 2 and JWT - JavaZone 2015
Stateless authentication with OAuth 2 and JWT - JavaZone 2015Stateless authentication with OAuth 2 and JWT - JavaZone 2015
Stateless authentication with OAuth 2 and JWT - JavaZone 2015
Alvaro Sanchez-Mariscal
 
DexGuard
DexGuardDexGuard
DexGuard
Topher Jordan
 
OpenID Connect Federation
OpenID Connect FederationOpenID Connect Federation
OpenID Connect Federation
Andreas Åkre Solberg
 
Lecture #22 : Web Privacy & Security Breach
Lecture #22 : Web Privacy & Security BreachLecture #22 : Web Privacy & Security Breach
Lecture #22 : Web Privacy & Security Breach
Dr. Ramchandra Mangrulkar
 
1400 ping madsen-nordicapis-connect-01
1400 ping madsen-nordicapis-connect-011400 ping madsen-nordicapis-connect-01
1400 ping madsen-nordicapis-connect-01
Nordic APIs
 
iaetsd Robots in oil and gas refineries
iaetsd Robots in oil and gas refineriesiaetsd Robots in oil and gas refineries
iaetsd Robots in oil and gas refineries
Iaetsd Iaetsd
 
LASCON 2017: SAML v. OpenID v. Oauth
LASCON 2017: SAML v. OpenID v. OauthLASCON 2017: SAML v. OpenID v. Oauth
LASCON 2017: SAML v. OpenID v. Oauth
Mike Schwartz
 
Configuring kerberos based sso in weblogic
Configuring kerberos based sso in weblogicConfiguring kerberos based sso in weblogic
Configuring kerberos based sso in weblogic
Harihara sarma
 
How Does Code Signing Works?
How Does Code Signing Works?How Does Code Signing Works?
How Does Code Signing Works?
AboutSSL
 
Create Your Own Serverless PKI with .NET & Azure Key Vault
Create Your Own Serverless PKI with .NET & Azure Key VaultCreate Your Own Serverless PKI with .NET & Azure Key Vault
Create Your Own Serverless PKI with .NET & Azure Key Vault
Eran Stiller
 
Lecture #21: HTTPS , SSL & TLS
Lecture #21: HTTPS , SSL & TLSLecture #21: HTTPS , SSL & TLS
Lecture #21: HTTPS , SSL & TLS
Dr. Ramchandra Mangrulkar
 
Cisco Connect Toronto 2018 cloud and on premises collaboration security exp...
Cisco Connect Toronto 2018 cloud and on premises collaboration security exp...Cisco Connect Toronto 2018 cloud and on premises collaboration security exp...
Cisco Connect Toronto 2018 cloud and on premises collaboration security exp...
Cisco Canada
 
Soa And Web Services Security
Soa And Web Services SecuritySoa And Web Services Security
Soa And Web Services Security
ConSanFrancisco123
 

Contenu connexe

Tendances

International Journal of Engineering and Science Invention (IJESI)
International Journal of Engineering and Science Invention (IJESI)International Journal of Engineering and Science Invention (IJESI)
International Journal of Engineering and Science Invention (IJESI)
inventionjournals
 
A New Pairing Free ID Based Certificate Less Digital Signature (CL-DS) Scheme...
A New Pairing Free ID Based Certificate Less Digital Signature (CL-DS) Scheme...A New Pairing Free ID Based Certificate Less Digital Signature (CL-DS) Scheme...
A New Pairing Free ID Based Certificate Less Digital Signature (CL-DS) Scheme...
IJCSIS Research Publications
 
Scott Rea - IoT: Taking PKI Where No PKI Has Gone Before
Scott Rea - IoT: Taking PKI Where No PKI Has Gone BeforeScott Rea - IoT: Taking PKI Where No PKI Has Gone Before
Scott Rea - IoT: Taking PKI Where No PKI Has Gone Before
DigiCert, Inc.
 
How EverTrust Horizon PKI Automation can help your business?
How EverTrust Horizon PKI Automation can help your business?How EverTrust Horizon PKI Automation can help your business?
How EverTrust Horizon PKI Automation can help your business?
mirmaisam
 
Stateless authentication with OAuth 2 and JWT - JavaZone 2015
Stateless authentication with OAuth 2 and JWT - JavaZone 2015Stateless authentication with OAuth 2 and JWT - JavaZone 2015
Stateless authentication with OAuth 2 and JWT - JavaZone 2015
Alvaro Sanchez-Mariscal
 
1400 ping madsen-nordicapis-connect-01
1400 ping madsen-nordicapis-connect-011400 ping madsen-nordicapis-connect-01
1400 ping madsen-nordicapis-connect-01
Nordic APIs
 
iaetsd Robots in oil and gas refineries
iaetsd Robots in oil and gas refineriesiaetsd Robots in oil and gas refineries
iaetsd Robots in oil and gas refineries
Iaetsd Iaetsd
 
Create Your Own Serverless PKI with .NET & Azure Key Vault
Create Your Own Serverless PKI with .NET & Azure Key VaultCreate Your Own Serverless PKI with .NET & Azure Key Vault
Create Your Own Serverless PKI with .NET & Azure Key Vault
Eran Stiller
 

Tendances (20)

Microsoft Code Signing Certificate Best Practice - CodeSignCert.com
Microsoft Code Signing Certificate Best Practice - CodeSignCert.comMicrosoft Code Signing Certificate Best Practice - CodeSignCert.com
Microsoft Code Signing Certificate Best Practice - CodeSignCert.com
 
Mit 2014 introduction to open id connect and o-auth 2
Mit 2014 introduction to open id connect and o-auth 2Mit 2014 introduction to open id connect and o-auth 2
Mit 2014 introduction to open id connect and o-auth 2
 
International Journal of Engineering and Science Invention (IJESI)
International Journal of Engineering and Science Invention (IJESI)International Journal of Engineering and Science Invention (IJESI)
International Journal of Engineering and Science Invention (IJESI)
 
A New Pairing Free ID Based Certificate Less Digital Signature (CL-DS) Scheme...
A New Pairing Free ID Based Certificate Less Digital Signature (CL-DS) Scheme...A New Pairing Free ID Based Certificate Less Digital Signature (CL-DS) Scheme...
A New Pairing Free ID Based Certificate Less Digital Signature (CL-DS) Scheme...
 
White paper - Full SSL automation with OneClickSSL
White paper - Full SSL automation with OneClickSSLWhite paper - Full SSL automation with OneClickSSL
White paper - Full SSL automation with OneClickSSL
 
The Best Practices of Symantec Code Signing - RapidSSLonline
The Best Practices of Symantec Code Signing - RapidSSLonlineThe Best Practices of Symantec Code Signing - RapidSSLonline
The Best Practices of Symantec Code Signing - RapidSSLonline
 
Scott Rea - IoT: Taking PKI Where No PKI Has Gone Before
Scott Rea - IoT: Taking PKI Where No PKI Has Gone BeforeScott Rea - IoT: Taking PKI Where No PKI Has Gone Before
Scott Rea - IoT: Taking PKI Where No PKI Has Gone Before
 
How EverTrust Horizon PKI Automation can help your business?
How EverTrust Horizon PKI Automation can help your business?How EverTrust Horizon PKI Automation can help your business?
How EverTrust Horizon PKI Automation can help your business?
 
iot hacking, smartlockpick
iot hacking, smartlockpick iot hacking, smartlockpick
iot hacking, smartlockpick
 
Stateless authentication with OAuth 2 and JWT - JavaZone 2015
Stateless authentication with OAuth 2 and JWT - JavaZone 2015Stateless authentication with OAuth 2 and JWT - JavaZone 2015
Stateless authentication with OAuth 2 and JWT - JavaZone 2015
 
DexGuard
DexGuardDexGuard
DexGuard
 
OpenID Connect Federation
OpenID Connect FederationOpenID Connect Federation
OpenID Connect Federation
 
Lecture #22 : Web Privacy & Security Breach
Lecture #22 : Web Privacy & Security BreachLecture #22 : Web Privacy & Security Breach
Lecture #22 : Web Privacy & Security Breach
 
1400 ping madsen-nordicapis-connect-01
1400 ping madsen-nordicapis-connect-011400 ping madsen-nordicapis-connect-01
1400 ping madsen-nordicapis-connect-01
 
iaetsd Robots in oil and gas refineries
iaetsd Robots in oil and gas refineriesiaetsd Robots in oil and gas refineries
iaetsd Robots in oil and gas refineries
 
LASCON 2017: SAML v. OpenID v. Oauth
LASCON 2017: SAML v. OpenID v. OauthLASCON 2017: SAML v. OpenID v. Oauth
LASCON 2017: SAML v. OpenID v. Oauth
 
Configuring kerberos based sso in weblogic
Configuring kerberos based sso in weblogicConfiguring kerberos based sso in weblogic
Configuring kerberos based sso in weblogic
 
How Does Code Signing Works?
How Does Code Signing Works?How Does Code Signing Works?
How Does Code Signing Works?
 
Create Your Own Serverless PKI with .NET & Azure Key Vault
Create Your Own Serverless PKI with .NET & Azure Key VaultCreate Your Own Serverless PKI with .NET & Azure Key Vault
Create Your Own Serverless PKI with .NET & Azure Key Vault
 
Lecture #21: HTTPS , SSL & TLS
Lecture #21: HTTPS , SSL & TLSLecture #21: HTTPS , SSL & TLS
Lecture #21: HTTPS , SSL & TLS
 

Similaire à Cisco Connect Ottawa 2018 cloud and on premises collaboration security explained

Maintaining Trust & Control of your Data in the Cloud
Maintaining Trust & Control of your Data in the CloudMaintaining Trust & Control of your Data in the Cloud
Maintaining Trust & Control of your Data in the Cloud
Amazon Web Services
 
Maintaining Trust & Control of your Data in the Cloud
Maintaining Trust & Control of your Data in the CloudMaintaining Trust & Control of your Data in the Cloud
Maintaining Trust & Control of your Data in the Cloud
Amazon Web Services
 
Azure Key Vault with a PaaS Architecture and ARM Template Deployment
Azure Key Vault with a PaaS Architecture and ARM Template DeploymentAzure Key Vault with a PaaS Architecture and ARM Template Deployment
Azure Key Vault with a PaaS Architecture and ARM Template Deployment
Roy Kim
 
Mark_Koehler_Resume_JUN2015_v1.1
Mark_Koehler_Resume_JUN2015_v1.1Mark_Koehler_Resume_JUN2015_v1.1
Mark_Koehler_Resume_JUN2015_v1.1
Mark Koehler
 

Similaire à Cisco Connect Ottawa 2018 cloud and on premises collaboration security explained (20)

Cisco Connect Toronto 2018 cloud and on premises collaboration security exp...
Cisco Connect Toronto 2018 cloud and on premises collaboration security exp...Cisco Connect Toronto 2018 cloud and on premises collaboration security exp...
Cisco Connect Toronto 2018 cloud and on premises collaboration security exp...
 
Soa And Web Services Security
Soa And Web Services SecuritySoa And Web Services Security
Soa And Web Services Security
 
Maintaining Trust & Control of your Data in the Cloud
Maintaining Trust & Control of your Data in the CloudMaintaining Trust & Control of your Data in the Cloud
Maintaining Trust & Control of your Data in the Cloud
 
Maintaining Trust & Control of your Data in the Cloud
Maintaining Trust & Control of your Data in the CloudMaintaining Trust & Control of your Data in the Cloud
Maintaining Trust & Control of your Data in the Cloud
 
Kerberos Security in Distributed Systems
Kerberos Security in Distributed SystemsKerberos Security in Distributed Systems
Kerberos Security in Distributed Systems
 
Codemash-2017
Codemash-2017Codemash-2017
Codemash-2017
 
1205 bhat pdf-ssl
1205 bhat pdf-ssl1205 bhat pdf-ssl
1205 bhat pdf-ssl
 
The Sysdig Secure DevOps Platform
The Sysdig Secure DevOps PlatformThe Sysdig Secure DevOps Platform
The Sysdig Secure DevOps Platform
 
Microservices Architecture - Cloud Native Apps
Microservices Architecture - Cloud Native AppsMicroservices Architecture - Cloud Native Apps
Microservices Architecture - Cloud Native Apps
 
Istio Service Mesh
Istio Service MeshIstio Service Mesh
Istio Service Mesh
 
Meetup DotNetCode Owasp
Meetup DotNetCode Owasp Meetup DotNetCode Owasp
Meetup DotNetCode Owasp
 
Azure Key Vault with a PaaS Architecture and ARM Template Deployment
Azure Key Vault with a PaaS Architecture and ARM Template DeploymentAzure Key Vault with a PaaS Architecture and ARM Template Deployment
Azure Key Vault with a PaaS Architecture and ARM Template Deployment
 
Anil Info
Anil InfoAnil Info
Anil Info
 
Cisco + AWS Stronger Security & Greater AWS Adoption
Cisco + AWS Stronger Security & Greater AWS Adoption Cisco + AWS Stronger Security & Greater AWS Adoption
Cisco + AWS Stronger Security & Greater AWS Adoption
 
Ad cs-step-by-step-guide
Ad cs-step-by-step-guideAd cs-step-by-step-guide
Ad cs-step-by-step-guide
 
Azure Community Tour 2019 - AZUGDK
Azure Community Tour 2019 - AZUGDKAzure Community Tour 2019 - AZUGDK
Azure Community Tour 2019 - AZUGDK
 
IRJET- A Key-Policy Attribute based Temporary Keyword Search Scheme for S...
IRJET- A Key-Policy Attribute based Temporary Keyword Search Scheme for S...IRJET- A Key-Policy Attribute based Temporary Keyword Search Scheme for S...
IRJET- A Key-Policy Attribute based Temporary Keyword Search Scheme for S...
 
Office 365-single-sign-on-with-adfs
Office 365-single-sign-on-with-adfsOffice 365-single-sign-on-with-adfs
Office 365-single-sign-on-with-adfs
 
Mark_Koehler_Resume_JUN2015_v1.1
Mark_Koehler_Resume_JUN2015_v1.1Mark_Koehler_Resume_JUN2015_v1.1
Mark_Koehler_Resume_JUN2015_v1.1
 
Securing Your Containers is Not Enough: How to Encrypt Container Data
Securing Your Containers is Not Enough: How to Encrypt Container DataSecuring Your Containers is Not Enough: How to Encrypt Container Data
Securing Your Containers is Not Enough: How to Encrypt Container Data
 

Plus de Cisco Canada

Plus de Cisco Canada (20)

Cisco connect montreal 2018 net devops
Cisco connect montreal 2018 net devopsCisco connect montreal 2018 net devops
Cisco connect montreal 2018 net devops
 
Cisco connect montreal 2018 iot demo kinetic fr
Cisco connect montreal 2018 iot demo kinetic frCisco connect montreal 2018 iot demo kinetic fr
Cisco connect montreal 2018 iot demo kinetic fr
 
Cisco connect montreal 2018 - Network Slicing: Horizontal Virtualization
Cisco connect montreal 2018 - Network Slicing: Horizontal VirtualizationCisco connect montreal 2018 - Network Slicing: Horizontal Virtualization
Cisco connect montreal 2018 - Network Slicing: Horizontal Virtualization
 
Cisco connect montreal 2018 secure dc
Cisco connect montreal 2018 secure dcCisco connect montreal 2018 secure dc
Cisco connect montreal 2018 secure dc
 
Cisco connect montreal 2018 enterprise networks - say goodbye to vla ns
Cisco connect montreal 2018 enterprise networks - say goodbye to vla nsCisco connect montreal 2018 enterprise networks - say goodbye to vla ns
Cisco connect montreal 2018 enterprise networks - say goodbye to vla ns
 
Cisco connect montreal 2018 vision mondiale analyse locale
Cisco connect montreal 2018 vision mondiale analyse localeCisco connect montreal 2018 vision mondiale analyse locale
Cisco connect montreal 2018 vision mondiale analyse locale
 
Cisco Connect Montreal 2018 Securité : Sécuriser votre mobilité avec Cisco
Cisco Connect Montreal 2018 Securité : Sécuriser votre mobilité avec CiscoCisco Connect Montreal 2018 Securité : Sécuriser votre mobilité avec Cisco
Cisco Connect Montreal 2018 Securité : Sécuriser votre mobilité avec Cisco
 
Cisco connect montreal 2018 collaboration les services webex hybrides
Cisco connect montreal 2018 collaboration les services webex hybridesCisco connect montreal 2018 collaboration les services webex hybrides
Cisco connect montreal 2018 collaboration les services webex hybrides
 
Integration cisco et microsoft connect montreal 2018
Integration cisco et microsoft connect montreal 2018Integration cisco et microsoft connect montreal 2018
Integration cisco et microsoft connect montreal 2018
 
Cisco connect montreal 2018 compute v final
Cisco connect montreal 2018 compute v finalCisco connect montreal 2018 compute v final
Cisco connect montreal 2018 compute v final
 
Cisco connect montreal 2018 saalvare md-program-xr-v2
Cisco connect montreal 2018 saalvare md-program-xr-v2Cisco connect montreal 2018 saalvare md-program-xr-v2
Cisco connect montreal 2018 saalvare md-program-xr-v2
 
Cisco connect montreal 2018 sd wan - delivering intent-based networking to th...
Cisco connect montreal 2018 sd wan - delivering intent-based networking to th...Cisco connect montreal 2018 sd wan - delivering intent-based networking to th...
Cisco connect montreal 2018 sd wan - delivering intent-based networking to th...
 
Cisco Connect Toronto 2018 DNA automation-the evolution to intent-based net...
Cisco Connect Toronto 2018 DNA automation-the evolution to intent-based net...Cisco Connect Toronto 2018 DNA automation-the evolution to intent-based net...
Cisco Connect Toronto 2018 DNA automation-the evolution to intent-based net...
 
Cisco Connect Toronto 2018 an introduction to Cisco kinetic
Cisco Connect Toronto 2018 an introduction to Cisco kineticCisco Connect Toronto 2018 an introduction to Cisco kinetic
Cisco Connect Toronto 2018 an introduction to Cisco kinetic
 
Cisco Connect Toronto 2018 IOT - unlock the power of data - securing the in...
Cisco Connect Toronto 2018 IOT - unlock the power of data - securing the in...Cisco Connect Toronto 2018 IOT - unlock the power of data - securing the in...
Cisco Connect Toronto 2018 IOT - unlock the power of data - securing the in...
 
Cisco Connect Toronto 2018 DevNet Overview
Cisco Connect Toronto 2018 DevNet OverviewCisco Connect Toronto 2018 DevNet Overview
Cisco Connect Toronto 2018 DevNet Overview
 
Cisco Connect Toronto 2018 DNA assurance
Cisco Connect Toronto 2018 DNA assuranceCisco Connect Toronto 2018 DNA assurance
Cisco Connect Toronto 2018 DNA assurance
 
Cisco Connect Toronto 2018 network-slicing
Cisco Connect Toronto 2018 network-slicingCisco Connect Toronto 2018 network-slicing
Cisco Connect Toronto 2018 network-slicing
 
Cisco Connect Toronto 2018 the intelligent network with cisco meraki
Cisco Connect Toronto 2018 the intelligent network with cisco merakiCisco Connect Toronto 2018 the intelligent network with cisco meraki
Cisco Connect Toronto 2018 the intelligent network with cisco meraki
 
Cisco Connect Toronto 2018 sixty to zero
Cisco Connect Toronto 2018 sixty to zeroCisco Connect Toronto 2018 sixty to zero
Cisco Connect Toronto 2018 sixty to zero
 

Dernier

The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
Enterprise Knowledge
 
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
Earley Information Science
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Igalia
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
Delhi Call girls
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men
Delhi Call girls
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
Safe Software
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
UK Journal
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and Myths
Joaquim Jorge
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Miguel Araújo
 

Dernier (20)

04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonets
 
Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
 
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
 
Evaluating the top large language models.pdf
Evaluating the top large language models.pdfEvaluating the top large language models.pdf
Evaluating the top large language models.pdf
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreter
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
 
What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and Myths
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
 

Cisco Connect Ottawa 2018 cloud and on premises collaboration security explained

  • 1. Cisco Connect Ottawa Canada • 2 October 2018 Cloud and On Premises Collaboration Security Joseph Bassaly Architect
  • 2. © 2 0 1 6 C is c o a n d /o r its a ffilia te s . A ll rig h ts re s e rv e d . 2 What will we cover today ? • Cisco Collaboration Elements • Managing Identity • Cisco WebEx Teams Security concepts • Cisco WebEx Team compliance and Archival • Cisco Enterprise Content Management (Coming Soon) • Cisco Control Hub Security Capabilities • Cisco WebEx Team Network Security • Cisco WebEx Teams Security Roadmap
  • 3. © 2 0 1 6 C is c o a n d /o r its a ffilia te s . A ll rig h ts re s e rv e d . 3 Messaging Call ControlMeetings Seamless Collaboration Experience Link on-premises assets to the cloud
  • 4. © 2 0 1 6 C is c o a n d /o r its a ffilia te s . A ll rig h ts re s e rv e d . 4 WebEx Teams Client Collaboration Elements WebEx Board Video End Points MEDIA NODES Expressway Existing Services Teams Meeting Jabber IM & Presence Communication Manager Unity Connection
  • 5. 5© 2 0 1 6 C is c o a n d /o r its a ffilia te s . A ll rig h ts re s e rv e d . Managing Identity
  • 6. © 2 0 1 6 C is c o a n d /o r its a ffilia te s . A ll rig h ts re s e rv e d . 6 IdP – Identity Provider: RP – Relying Party Users IndirectAgreem ent Authentication Explicit Initial Trust Agreement Identity Framework 6
  • 7. © 2 0 1 6 C is c o a n d /o r its a ffilia te s . A ll rig h ts re s e rv e d . 7 Alex Authentication and Authorization (AuthN and AuthZ) Authentication Authorization 7 Authentication verifies that “you are who you say you are” Authorization verifies that “you are permitted to do what you are trying to do”
  • 8. © 2 0 1 6 C is c o a n d /o r its a ffilia te s . A ll rig h ts re s e rv e d . 8 Authentication and Authorization (SAML and OAuth) Authorization Client Services IdP Authentication
  • 9. © 2 0 1 6 C is c o a n d /o r its a ffilia te s . A ll rig h ts re s e rv e d . 9 User & Device Management Roles based Access Security & Compliance Analytics & Reports SSO & Directory Sync Manage Services & Integrations 9 Cisco Control Hub
  • 10. © 2 0 1 6 C is c o a n d /o r its a ffilia te s . A ll rig h ts re s e rv e d . 1 0 10BRKCOL-2080 User Provisioning • Directory Connector (recommended) • Manual creation Add or modify users Bulk CSV import • Convert existing users who already have a Spark account Directory Connector Active Directory Cisco Collaboration Cloud Identity/SSO HTTPS
  • 11. 1 1© 2 0 1 6 C is c o a n d /o r its a ffilia te s . A ll rig h ts re s e rv e d . Cisco WebEx Team Security
  • 12. © 2 0 1 6 C is c o a n d /o r its a ffilia te s . A ll rig h ts re s e rv e d . 1 2 Webex Cloud Security - Realms of Separation Identity Service Content Server Key Mgmt Service Indexing Service E-Discovery Service Webex logically and physically separates functional components within the cloud Identity Services holding real user Identity (e.g. email addresses) are separated from : Encryption, Indexing and E-Discovery Services, which are in turn separated from : Data Storage Services Data Center A Data Center B Data Center C 12© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public Webex Cloud
  • 13. © 2 0 1 6 C is c o a n d /o r its a ffilia te s . A ll rig h ts re s e rv e d . 1 3 Realms of Separation – Identity Obfuscation Identity Service Content Server Key Mgmt Service Indexing Service E-Discovery Service Outside of the Identity Service - Real Identity information is obfuscated : For each User ID, Webex Teams generates a random 128-bit Universally Unique Identifier (UUID) = The User’s obfuscated identity No real identity information transits the cloud Data Center A Data Center B Data Center C jsmith@abc.comhtzb2n78jdbc9e 13© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public Webex Cloud
  • 14. © 2 0 1 6 C is c o a n d /o r its a ffilia te s . A ll rig h ts re s e rv e d . 1 4 Directory Sync Identity Service © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public Webex Cloud Webex Teams – User Identity Sync
  • 15. © 2 0 1 6 C is c o a n d /o r its a ffilia te s . A ll rig h ts re s e rv e d . 1 5 Directory Sync SAML SSO Identity Service IdP Webex Cloud Webex Teams SAML Authentication
  • 16. © 2 0 1 6 C is c o a n d /o r its a ffilia te s . A ll rig h ts re s e rv e d . 1 6 Webex Teams App – Cloud connection IdP Identity Service Webex Teams Service Webex Cloud
  • 17. © 2 0 1 6 C is c o a n d /o r its a ffilia te s . A ll rig h ts re s e rv e d . 1 7 Webex Teams Device – cloud connection Identity Service 1234567890123456 17 Webex Teams Service Webex Cloud
  • 18. 1 8© 2 0 1 6 C is c o a n d /o r its a ffilia te s . A ll rig h ts re s e rv e d . WebEx Teams Secure Messages and Content
  • 19. © 2 0 1 6 C is c o a n d /o r its a ffilia te s . A ll rig h ts re s e rv e d . 1 9 Content Server Key Mgmt Service ####### #######message ####filemessage Webex Teams- Encrypting Messages and Content Key Management Service AES256-GCM cipher used for Encryption 19 Webex Cloud
  • 20. © 2 0 1 6 C is c o a n d /o r its a ffilia te s . A ll rig h ts re s e rv e d . 2 0 Key Mgmt Service message#######message Content Server ####### #######message Webex Teams - Decrypting Messages and Content Key Management Service 20 Webex Cloud
  • 21. 2 1© 2 0 1 6 C is c o a n d /o r its a ffilia te s . A ll rig h ts re s e rv e d . WebEx Teams Secure Search and Indexing
  • 22. © 2 0 1 6 C is c o a n d /o r its a ffilia te s . A ll rig h ts re s e rv e d . 2 2 Indexing Service Webex IS the messageWebexIS themessage Content Server Webex IS the message Key Mgmt Service ################### Searching Webex Teams Spaces: Building a Search Index ################### B957FE48 B9 57 FE 48 Hash Algorithm ################# Indexing Service ################# * A new (SHA-256 HMAC) hashing key (Search Key) is used for each space Search Service Webex Cloud
  • 23. © 2 0 1 6 C is c o a n d /o r its a ffilia te s . A ll rig h ts re s e rv e d . 2 3 Indexing Service “Webex”Webex Content Server Key Mgmt Service ################### Webex Teams spaces : Querying a Search Index Search for the word “Webex” ################### B957FE48 B9 57 FE 48 Hash Algorithm Indexing Service “Webex” Search for the word “Webex” “B9”###################################### Webex IS the Message B9 *A link to Conversation Encryption Key is sent with encrypted message Search Service Webex Cloud B9 57 FE 48
  • 24. © 2 0 1 6 C is c o a n d /o r its a ffilia te s . A ll rig h ts re s e rv e d . 2 4 Cisco Webex Control Hub Indexing Service Jo Smith’s ContentJo Smith’s Content Content Server Key Mgmt Service ################## # Webex Teams E-Discovery Service ################## # X1GFT5YY Hash Algorithm Indexing Service Jo Smith’s Content “X1GFT5YY” Jo Smith’s Content ################## # X1GFT5YY E-Discovery Service ################## # Jo Smith’s Content ################## # Jo Smith’s Content ################# Search Service Webex Cloud
  • 25. © 2 0 1 6 C is c o a n d /o r its a ffilia te s . A ll rig h ts re s e rv e d . 2 5 E-Discov. Storage E-Discovery ServiceContent Server Key Mgmt Service Webex Teams E-Discovery Service E-Discovery Service Cisco Webex Control Hub Jo Smith’s Content################## #Jo Smith’s Content################## # Jo Smith’s Content ################## # Jo Smith’s Messages and Files #################### #################### ################# #################### #################### ################# Jo Smith’s Messages and Files Search Service Webex Cloud E-Discovery Content Ready
  • 26. © 2 0 1 6 C is c o a n d /o r its a ffilia te s . A ll rig h ts re s e rv e d . 2 6 Secure Data Center Content Server Key Mgmt Service Webex Teams – Hybrid Data Security (HDS) E-Discovery ServiceIndexing Service Hybrid Data Security Hybrid Data Services = On Premise : Key Management Server Indexing Server E-Discovery Service 26© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public Webex Cloud
  • 27. © 2 0 1 6 C is c o a n d /o r its a ffilia te s . A ll rig h ts re s e rv e d . 2 7 Hybrid Key Management Servers in different Organizations establish an encrypted connection via the Webex Cloud Key Mgmt ServiceKey Mgmt Service Content Server Key Mgmt Service HDS: Key Management Server Federation Hybrid Key Management Servers make outbound connections only : HTTPS, Web Socket Secure (WSS) Organization A Organization B messagemessage Webex Cloud
  • 28. 2 8© 2 0 1 6 C is c o a n d /o r its a ffilia te s . A ll rig h ts re s e rv e d . Compliance and Archival
  • 29. © 2 0 1 6 C is c o a n d /o r its a ffilia te s . A ll rig h ts re s e rv e d . 2 9 Security & Compliance Program Compliance Content Ownership, Retention, Archival, E-Discovery, Legal Hold, Events APIs Device and User Management Mobile App Management, Identity, Integration & Ent Admin Management Data Security End to End Encryption, On-Premises Key Management System (KMS), Cloud KMS Network Connectivity Proxy & Firewall rules for Webex Apps and Endpoints. TLS 1.2, 802.1X Certifications & Regulations Certifications (ISO27K, SOC-2/3, HIPAA, PCI), Regulatory compliance (GDPR, MIFID, BCR) Webex Teams Security and Compliance Initiative Enterprise Content Management Support for External 3rd Party File Systems, Transcoding 29
  • 30. © 2 0 1 6 C is c o a n d /o r its a ffilia te s . A ll rig h ts re s e rv e d . 3 0 Compliance Officer : Advanced filters for search The Compliance Data Search function is restricted to compliance officer(s) only Search for content in messages and file names Search by e-mail addresses, or Space IDs Search by date range https://admin.webex.com/ediscovery/search
  • 31. © 2 0 1 6 C is c o a n d /o r its a ffilia te s . A ll rig h ts re s e rv e d . 3 1 Compliance Officer : Search Results Report Summary 31
  • 32. © 2 0 1 6 C is c o a n d /o r its a ffilia te s . A ll rig h ts re s e rv e d . 3 2 Webex Teams Control Hub : Administrator defined Retention Policy • Default Retention Period : Indefinite • Subject to storage limits • Configurable Retention Period : 1 to 120 months Webex Teams Message and File Retention https://admin.webex.com/settings
  • 33. © 2 0 1 6 C is c o a n d /o r its a ffilia te s . A ll rig h ts re s e rv e d . 3 3 How can you archive Webex Teams data? Use Cases • Sophisticated eDiscovery • Legal Hold • Retention policies based on groups Options • Out-of-the-box Solution : Integrations with Archival partners e.g. Actiance • Custom Solution : Cisco Advanced Services software & services e.g. Global Relay • DIY : Use Systems Integrator or self integrate Events API with Archival software Archival System Events API Enterprise E-Discovery Application Webex Cloud 33
  • 34. © 2 0 1 6 C is c o a n d /o r its a ffilia te s . A ll rig h ts re s e rv e d . 3 4 Archival Vendors : Feature support (June 2018) Actiance Global Relay Verint Verba Archive Messages Yes Yes Yes Archive Files Yes Yes Yes Integrate with eVaults Veritas, HP, IBM N/A Yes On-premise vs Cloud On-Prem, Cloud, Hybrid Yes On-premise Native-integration vs Services engagement Native-integration Cisco AS engagement Native-integration
  • 35. © 2 0 1 6 C is c o a n d /o r its a ffilia te s . A ll rig h ts re s e rv e d . 3 5 Webex Teams Events API enables polling for Events and Content generated by users Allows organizations to monitor and correct user behavior (e.g. Delete Content, Alert User, Alert Administrator), preventing the loss of sensitive data Webex Cloud Events API Content Property Membership Events DLP or CASB Policies Corrective Actions Delete content/ Alert user/ Alert admin Data Loss Prevention (DLP) : Monitor and React Webex Teams Integrations Cisco Cloudlock Third Party Vendors Skyhigh, Global Relay etc. CASB : Cloud Access Security Broker
  • 36. © 2 0 1 6 C is c o a n d /o r its a ffilia te s . A ll rig h ts re s e rv e d . 3 6 Webex Teams Integrations Compliance: Data Loss Prevention & Archival (Cisco Advanced Services offering) 36
  • 37. © 2 0 1 6 C is c o a n d /o r its a ffilia te s . A ll rig h ts re s e rv e d . 3 7 Data Loss Prevention : Feature support (June 2018) Cisco Cloudlock Symantec SkyHigh Netskope Bitglass Verint Verba Monitor Messages Yes Future Yes Yes Yes Yes Monitor Files Yes Yes Yes Yes Yes No Alerts on violations Yes Yes Yes Yes Yes Yes Deletion of offending Messages Yes Future Yes Yes Yes Yes Deletion of offending Files Yes Future Yes Yes Yes No Malware detection/removal No Yes (Detection) Future Future Yes No Configure policy per space or group Yes (User, Space) Yes (User, Space, Team) Yes (AD groups) Yes Yes Yes
  • 38. 3 8© 2 0 1 6 C is c o a n d /o r its a ffilia te s . A ll rig h ts re s e rv e d . WebEx Teams Control Hub Security Settings
  • 39. © 2 0 1 6 C is c o a n d /o r its a ffilia te s . A ll rig h ts re s e rv e d . 3 9 Controlling User Generated Content Fine grained controls : DLP/CASB policy enforcement • Block Social Security Numbers, Credit Card Details • Block High Risk Users • Block Highly Confidential Content Coarse grained controls: Organization wide settings in Webex Teams Control Hub • Block External Communication • Block File download • Block File upload Finer controls enable IT Departments to enable external communications while still being secure Block All Block Highly Confidential Block Social Security Numbers Allow But Warn Users Warn me about communications with competitors Block High Risk User Groups Block File Types based on AD Group Block content from being sent to users in China 39
  • 40. © 2 0 1 6 C is c o a n d /o r its a ffilia te s . A ll rig h ts re s e rv e d . 4 0 File Sharing Control • Allows Webex Teams customers to control file downloads and uploads on specific client types : Desktop/ Web/ Mobile/ Bots • Administrator Controlled • Files and Whiteboard icons greyed • User warning if file share attempted Addresses : Data Loss concerns Malware concerns Provides : Mobile Application Management controls on Bring Your Own Devices
  • 41. © 2 0 1 6 C is c o a n d /o r its a ffilia te s . A ll rig h ts re s e rv e d . 4 1 Webex Teams : Blocking External Communication What: Provide administrator with controls to prevent external communication § Users within the org cannot add users outside the org in spaces owned by the org § Users within the org will not be able to join external spaces § Meetings are still allowed Why: Need to control Webex Teams usage § Mitigate data loss (accidental or intentional) § Regulatory implications of external comms
  • 42. © 2 0 1 6 C is c o a n d /o r its a ffilia te s . A ll rig h ts re s e rv e d . 4 2 Webex Teams : Blocking consumer account use on Corporate networks What: • Allow enterprise customers to block users from accessing Cisco Webex with non-corporate/personal accounts. • Users can log in only to whitelisted domains. • Why: • Enterprise customers require control in a lockdown environment • Reduces risk of data exfiltration from corporate network • Compliance with company policies
  • 43. © 2 0 1 6 C is c o a n d /o r its a ffilia te s . A ll rig h ts re s e rv e d . 4 3 • Ensures the Webex Teams application can only accessed on Passcode protected mobile devices • Helps protects company data when accessing Webex Teams from a mobile device • Mobile phone message will warn user and point to passcode settings Client Security: PIN Lock on mobile devices
  • 44. © 2 0 1 6 C is c o a n d /o r its a ffilia te s . A ll rig h ts re s e rv e d . 4 4 Webex Teams Control Hub – User Devices : Token Revocation and Remote Wipe • Administrator can revoke Access Tokens for a User’s Devices • Reset Access force the User to login the next time they access Webex Teams. • Reset Access also wipes the cached content on mobile devices. • Ensures Secure User access to Webex Teams after a device is compromised.
  • 45. 4 5© 2 0 1 6 C is c o a n d /o r its a ffilia te s . A ll rig h ts re s e rv e d . WebEx Teams Network Security
  • 46. © 2 0 1 6 C is c o a n d /o r its a ffilia te s . A ll rig h ts re s e rv e d . 4 6 Connecting to Webex through Enterprise Firewalls : Webex Teams Apps and Devices Firewalls : Whitelisting Ports and Destinations You will need to allow Webex Teams media and signaling traffic to pass through your Enterprise Firewall – For white listing details refer to : Media Port Ranges : Source UDP Ports : Voice 52000 - 52099, Video 52100- 52299 Source TCP/ HTTP Ports : Ephemeral (=> No DSCP re-marking) Destination UDP/ TCP/ HTTP Port : 5004 Destination IP Addresses : Global IP subnets listed in doc above Webex Teams Network Requirements doc : https://collaborationhelp.cisco.com/article/en-us/WBX000028782 Webex Cloud Signalling UDP Media
  • 47. © 2 0 1 6 C is c o a n d /o r its a ffilia te s . A ll rig h ts re s e rv e d . 4 7 • Basic Authentication Common Proxy Authentication Methods • NTLMv2 Authentication • Negotiate Authentication • Kerberos • Digest Authentication 47© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public Webex Cloud Signalling UDP Media
  • 48. © 2 0 1 6 C is c o a n d /o r its a ffilia te s . A ll rig h ts re s e rv e d . 4 8 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public Room OS Webex Board Windows Mac iOS Androi d No Authenticatio n Basic Digest TBD TBD NTLM Planning Planning TLS Inspection Planning Q3CY18 Q3CY18 Kerberos Investigating Investigating Q3CY18 Q3CY18 TBD TBD Webex Teams : Proxy Authentication Support Refer to https://collaborationhelp.cisco.com/article/en-us/WBX000028782 for up to date details of feature support
  • 49. © 2 0 1 6 C is c o a n d /o r its a ffilia te s . A ll rig h ts re s e rv e d . 4 9 Connecting to Webex from the Enterprise – 802.1X 802.1X Operation ??? • Switch port network access restricted • Client presents credentials to Authentication Server • After successful Authentication – switch port configured for the Device e.g. VLAN(s), ACLs Authentication Server 49© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public Webex Cloud