SlideShare une entreprise Scribd logo

In Cloud We Encrypt #GHC15

Intuit Inc.
Intuit Inc.

Intuit's Vivian Gerritsen presents on what users should know about encryption in the cloud at the 2015 Grace Hopper Celebration of Women in Computing Conference.

Données & analyses
1  sur  18
Télécharger pour lire hors ligne
2015 In Cloud We Encrypt Vivian Gerritsen Intuit Oct 16, 2015 #GHC15 2015
2015 About Me  Graduate of the Ohio State University (MSEE)  Practice broad set of computer technologies from hardware, system-level software, applications to UI  Focus on security and compliance software for the past 5 years  I’m a security ninja who protects against all possible attacks in cyber space
2015 The Need for Encryption Security breaches almost daily!  It’s industry trend to encrypt all sensitive data in the cloud.  Many cloud providers offer encryption solutions.
2015 What is Encryption? Engine Input Data SSN 123-45-6789 Output Data “Cipher Text” QSBwZX24ncyBhI HBlcnNvbiwgbm8g bWF0JzbdGVyIGh vdyBzbWFsbC4= Three major components to any encryption system: 1. Data 2. Encryption engine 3. Key management Encryption Key
2015 What Users Should Know Users should ask two data encryption questions:  Who has the key?  Is my data protected end-to-end?
2015 Encryption in the Cloud User-Oriented Storage Example: File sharing Best Practices:  You own the key, not cloud administrator  Choose a vendor that only you have the entire control of the key access
2015 Encryption in the Cloud SaaS-PaaS-IaaS Intuit example:  SaaS services use a platform with key management APIs to encrypt application data.  The platform uses an Intuit-certified service to store encryption keys.  Amazon AWS is used as building blocks and infrastructure.
2015 Encryption in the Cloud Three-Tiered, End-to-End Web Server Database, File System, Big Data Key Manager Applications Application Server Three-tiered SaaS application – encryption in transit and at rest
2015 SaaS Encryption  Client-side encryption − Encrypts data before sending it to servers • Protect highly sensitive information • You own the key  Server-side encryption − Protects data at rest. Options: • Trust the provider • Use customer-provided keys • Or separate out key management
2015 SaaS Encryption (cont’d)  Cloud encryption gateway − Act as proxy to encrypt or tokenize sensitive SaaS data • Between corporate network and cloud • Single point of security configuration • Encrypt with enterprise controlled keys
2015 PaaS Encryption  Database encryption − Transparent database encryption • Whole database or finer-grained (e.g., column, tablespace) • Keys managed by database • Authorized users such as admin may see data − Alternative: • Encrypt data fields in the application (SaaS) • Volume encryption (IaaS)
2015 IaaS Encryption  Volume encryption − Protect the storage systems of running instances − Build encryption into your instance • Keys in instance – only protects you from anyone without the right access − Separate key from encryption engine • Returns the key when a set of policy-based criteria are met
2015 laaS Encryption (cont’d)  Object storage − Transparent data encryption – protects object(s), bucket(s) via server-side encryption − Client-side encryption – encrypts the objects before sending up Rest API Application
2015 Encryption in Transit: Mechanisms  SSL − Used mostly by HTTPS to secure browser session  IPSec − Host-to-host, network-to-network transport − Network tunneling - VPN
2015 Cloud Encryption Layers
2015 Data Residency International data safety Does your vendor’s vendor protect your data the same way you do?  Data sovereignty: government in other country may look into your data  Data residency: key needs to stay in US
2015 Conclusions  Always try to manage your keys, and guard them like they were … your keys − Enforce strong policy (least privileged) − Enable key rotation − Be aware of jurisdiction!  Devise your security architecture holistically, not just looking at point solutions − Classify your data and apply proper encryption − Encrypt end-to-end in transit and at rest
2015 Got Feedback? Rate and review the session on our mobile app Download at http://ddut.ch/ghc15 or search GHC 2015 in the app store

Recommandé

Building Elastic into security operations
Building Elastic into security operationsBuilding Elastic into security operations
Building Elastic into security operations
Elasticsearch
 
Sam Herath - Six Critical Criteria for Cloud Workload Security
Sam Herath - Six Critical Criteria for Cloud Workload SecuritySam Herath - Six Critical Criteria for Cloud Workload Security
Sam Herath - Six Critical Criteria for Cloud Workload Security
centralohioissa
 
Hotels, Hookups and Video Conferencing: A Top 10 Countdown to 2020's Worst Da...
Hotels, Hookups and Video Conferencing: A Top 10 Countdown to 2020's Worst Da...Hotels, Hookups and Video Conferencing: A Top 10 Countdown to 2020's Worst Da...
Hotels, Hookups and Video Conferencing: A Top 10 Countdown to 2020's Worst Da...
DevOps.com
 
Operationalize with alerting, custom dashboards, and timelines
Operationalize with alerting, custom dashboards, and timelinesOperationalize with alerting, custom dashboards, and timelines
Operationalize with alerting, custom dashboards, and timelines
Elasticsearch
 
Webinar: Adaptive Security
Webinar: Adaptive SecurityWebinar: Adaptive Security
Webinar: Adaptive Security
Blueliv
 
Full time PII data protection: How Randstad uses Elastic Security to keep cli...
Full time PII data protection: How Randstad uses Elastic Security to keep cli...Full time PII data protection: How Randstad uses Elastic Security to keep cli...
Full time PII data protection: How Randstad uses Elastic Security to keep cli...
Elasticsearch
 
SplunkLive! London 2019: University of Exeter
SplunkLive! London 2019: University of Exeter SplunkLive! London 2019: University of Exeter
SplunkLive! London 2019: University of Exeter
Splunk
 
Keynote: Elastic Security evolution and vision
Keynote: Elastic Security evolution and visionKeynote: Elastic Security evolution and vision
Keynote: Elastic Security evolution and vision
Elasticsearch
 

Recommandé

Building Elastic into security operations
Building Elastic into security operationsBuilding Elastic into security operations
Building Elastic into security operations
Elasticsearch
 
Sam Herath - Six Critical Criteria for Cloud Workload Security
Sam Herath - Six Critical Criteria for Cloud Workload SecuritySam Herath - Six Critical Criteria for Cloud Workload Security
Sam Herath - Six Critical Criteria for Cloud Workload Security
centralohioissa
 
Hotels, Hookups and Video Conferencing: A Top 10 Countdown to 2020's Worst Da...
Hotels, Hookups and Video Conferencing: A Top 10 Countdown to 2020's Worst Da...Hotels, Hookups and Video Conferencing: A Top 10 Countdown to 2020's Worst Da...
Hotels, Hookups and Video Conferencing: A Top 10 Countdown to 2020's Worst Da...
DevOps.com
 
Operationalize with alerting, custom dashboards, and timelines
Operationalize with alerting, custom dashboards, and timelinesOperationalize with alerting, custom dashboards, and timelines
Operationalize with alerting, custom dashboards, and timelines
Elasticsearch
 
Webinar: Adaptive Security
Webinar: Adaptive SecurityWebinar: Adaptive Security
Webinar: Adaptive Security
Blueliv
 
Full time PII data protection: How Randstad uses Elastic Security to keep cli...
Full time PII data protection: How Randstad uses Elastic Security to keep cli...Full time PII data protection: How Randstad uses Elastic Security to keep cli...
Full time PII data protection: How Randstad uses Elastic Security to keep cli...
Elasticsearch
 
SplunkLive! London 2019: University of Exeter
SplunkLive! London 2019: University of Exeter SplunkLive! London 2019: University of Exeter
SplunkLive! London 2019: University of Exeter
Splunk
 
Keynote: Elastic Security evolution and vision
Keynote: Elastic Security evolution and visionKeynote: Elastic Security evolution and vision
Keynote: Elastic Security evolution and vision
Elasticsearch
 
Palestra de abertura: Evolução e visão do Elastic Security
Palestra de abertura: Evolução e visão do Elastic SecurityPalestra de abertura: Evolução e visão do Elastic Security
Palestra de abertura: Evolução e visão do Elastic Security
Elasticsearch
 
Real2Time
Real2TimeReal2Time
Real2Time
porta4k
 
SplunkLive! Customer Presentation – athenahealth
SplunkLive! Customer Presentation – athenahealthSplunkLive! Customer Presentation – athenahealth
SplunkLive! Customer Presentation – athenahealth
Splunk
 
Protecting health and life science organizations from breaches and ransomware
Protecting health and life science organizations from breaches and ransomwareProtecting health and life science organizations from breaches and ransomware
Protecting health and life science organizations from breaches and ransomware
Cloudera, Inc.
 
Webinar - Feel Secure with revolutionary OTM Solution
Webinar - Feel Secure with revolutionary OTM SolutionWebinar - Feel Secure with revolutionary OTM Solution
Webinar - Feel Secure with revolutionary OTM Solution
JK Tech
 
Flight Delay Compensation: How SwissRe is exploring new territories in Busine...
Flight Delay Compensation: How SwissRe is exploring new territories in Busine...Flight Delay Compensation: How SwissRe is exploring new territories in Busine...
Flight Delay Compensation: How SwissRe is exploring new territories in Busine...
Codit
 
Empowering Marketing Solutions Teams
Empowering Marketing Solutions TeamsEmpowering Marketing Solutions Teams
Empowering Marketing Solutions Teams
Zenoss
 
Splunk for ITOA Breakout Session
Splunk for ITOA Breakout SessionSplunk for ITOA Breakout Session
Splunk for ITOA Breakout Session
Splunk
 
Grainger: Our Rookie Year with Zenoss
Grainger: Our Rookie Year with ZenossGrainger: Our Rookie Year with Zenoss
Grainger: Our Rookie Year with Zenoss
Zenoss
 
Splunk for ITOA Breakout Session
Splunk for ITOA Breakout SessionSplunk for ITOA Breakout Session
Splunk for ITOA Breakout Session
Splunk
 
Why Zenoss is Right for You
Why Zenoss is Right for YouWhy Zenoss is Right for You
Why Zenoss is Right for You
Zenoss
 
Análisis de seguridad integral con Elastic
Análisis de seguridad integral con ElasticAnálisis de seguridad integral con Elastic
Análisis de seguridad integral con Elastic
Elasticsearch
 
An Introduction to Neo4j Aura Enterprise and the Key Features Designed to Mee...
An Introduction to Neo4j Aura Enterprise and the Key Features Designed to Mee...An Introduction to Neo4j Aura Enterprise and the Key Features Designed to Mee...
An Introduction to Neo4j Aura Enterprise and the Key Features Designed to Mee...
Neo4j
 
Splunklive! Stockholm 2015 - IKEA
Splunklive! Stockholm 2015 - IKEASplunklive! Stockholm 2015 - IKEA
Splunklive! Stockholm 2015 - IKEA
Splunk
 
Why integration is key in IoT solutions? (Sam Vanhoutte @Integrate2017)
Why integration is key in IoT solutions? (Sam Vanhoutte @Integrate2017)Why integration is key in IoT solutions? (Sam Vanhoutte @Integrate2017)
Why integration is key in IoT solutions? (Sam Vanhoutte @Integrate2017)
Codit
 
Maximize Software Investments with ePlus and Cisco ONE
Maximize Software Investments with ePlus and Cisco ONEMaximize Software Investments with ePlus and Cisco ONE
Maximize Software Investments with ePlus and Cisco ONE
ePlus
 
Delivering Business Value from Operational Inisights at ING Bank
Delivering Business Value from Operational Inisights at ING BankDelivering Business Value from Operational Inisights at ING Bank
Delivering Business Value from Operational Inisights at ING Bank
Splunk
 
When to Move Your Practice to the Cloud
When to Move Your Practice to the CloudWhen to Move Your Practice to the Cloud
When to Move Your Practice to the Cloud
MyCase Legal Case and Practice Management Software
 
Hoe het Azure ecosysteem een cruciale rol speelt in uw IoT-oplossing (Glenn C...
Hoe het Azure ecosysteem een cruciale rol speelt in uw IoT-oplossing (Glenn C...Hoe het Azure ecosysteem een cruciale rol speelt in uw IoT-oplossing (Glenn C...
Hoe het Azure ecosysteem een cruciale rol speelt in uw IoT-oplossing (Glenn C...
Codit
 
The role of integration in your cloud-native transformation (Richard Seroter ...
The role of integration in your cloud-native transformation (Richard Seroter ...The role of integration in your cloud-native transformation (Richard Seroter ...
The role of integration in your cloud-native transformation (Richard Seroter ...
Codit
 
Velocity Conference: Building a Scalable, Global SaaS Offering: Lessons from ...
Velocity Conference: Building a Scalable, Global SaaS Offering: Lessons from ...Velocity Conference: Building a Scalable, Global SaaS Offering: Lessons from ...
Velocity Conference: Building a Scalable, Global SaaS Offering: Lessons from ...
Intuit Inc.
 
Intuit Profile
Intuit ProfileIntuit Profile
Intuit Profile
Intuit Management Consultancy
 

Contenu connexe

Tendances

Protecting health and life science organizations from breaches and ransomware
Protecting health and life science organizations from breaches and ransomwareProtecting health and life science organizations from breaches and ransomware
Protecting health and life science organizations from breaches and ransomware
Cloudera, Inc.
 
Flight Delay Compensation: How SwissRe is exploring new territories in Busine...
Flight Delay Compensation: How SwissRe is exploring new territories in Busine...Flight Delay Compensation: How SwissRe is exploring new territories in Busine...
Flight Delay Compensation: How SwissRe is exploring new territories in Busine...
Codit
 
Why integration is key in IoT solutions? (Sam Vanhoutte @Integrate2017)
Why integration is key in IoT solutions? (Sam Vanhoutte @Integrate2017)Why integration is key in IoT solutions? (Sam Vanhoutte @Integrate2017)
Why integration is key in IoT solutions? (Sam Vanhoutte @Integrate2017)
Codit
 

Tendances (20)

Palestra de abertura: Evolução e visão do Elastic Security
Palestra de abertura: Evolução e visão do Elastic SecurityPalestra de abertura: Evolução e visão do Elastic Security
Palestra de abertura: Evolução e visão do Elastic Security
 
Real2Time
Real2TimeReal2Time
Real2Time
 
SplunkLive! Customer Presentation – athenahealth
SplunkLive! Customer Presentation – athenahealthSplunkLive! Customer Presentation – athenahealth
SplunkLive! Customer Presentation – athenahealth
 
Protecting health and life science organizations from breaches and ransomware
Protecting health and life science organizations from breaches and ransomwareProtecting health and life science organizations from breaches and ransomware
Protecting health and life science organizations from breaches and ransomware
 
Webinar - Feel Secure with revolutionary OTM Solution
Webinar - Feel Secure with revolutionary OTM SolutionWebinar - Feel Secure with revolutionary OTM Solution
Webinar - Feel Secure with revolutionary OTM Solution
 
Flight Delay Compensation: How SwissRe is exploring new territories in Busine...
Flight Delay Compensation: How SwissRe is exploring new territories in Busine...Flight Delay Compensation: How SwissRe is exploring new territories in Busine...
Flight Delay Compensation: How SwissRe is exploring new territories in Busine...
 
Empowering Marketing Solutions Teams
Empowering Marketing Solutions TeamsEmpowering Marketing Solutions Teams
Empowering Marketing Solutions Teams
 
Splunk for ITOA Breakout Session
Splunk for ITOA Breakout SessionSplunk for ITOA Breakout Session
Splunk for ITOA Breakout Session
 
Grainger: Our Rookie Year with Zenoss
Grainger: Our Rookie Year with ZenossGrainger: Our Rookie Year with Zenoss
Grainger: Our Rookie Year with Zenoss
 
Splunk for ITOA Breakout Session
Splunk for ITOA Breakout SessionSplunk for ITOA Breakout Session
Splunk for ITOA Breakout Session
 
Why Zenoss is Right for You
Why Zenoss is Right for YouWhy Zenoss is Right for You
Why Zenoss is Right for You
 
Análisis de seguridad integral con Elastic
Análisis de seguridad integral con ElasticAnálisis de seguridad integral con Elastic
Análisis de seguridad integral con Elastic
 
An Introduction to Neo4j Aura Enterprise and the Key Features Designed to Mee...
An Introduction to Neo4j Aura Enterprise and the Key Features Designed to Mee...An Introduction to Neo4j Aura Enterprise and the Key Features Designed to Mee...
An Introduction to Neo4j Aura Enterprise and the Key Features Designed to Mee...
 
Splunklive! Stockholm 2015 - IKEA
Splunklive! Stockholm 2015 - IKEASplunklive! Stockholm 2015 - IKEA
Splunklive! Stockholm 2015 - IKEA
 
Why integration is key in IoT solutions? (Sam Vanhoutte @Integrate2017)
Why integration is key in IoT solutions? (Sam Vanhoutte @Integrate2017)Why integration is key in IoT solutions? (Sam Vanhoutte @Integrate2017)
Why integration is key in IoT solutions? (Sam Vanhoutte @Integrate2017)
 
Maximize Software Investments with ePlus and Cisco ONE
Maximize Software Investments with ePlus and Cisco ONEMaximize Software Investments with ePlus and Cisco ONE
Maximize Software Investments with ePlus and Cisco ONE
 
Delivering Business Value from Operational Inisights at ING Bank
Delivering Business Value from Operational Inisights at ING BankDelivering Business Value from Operational Inisights at ING Bank
Delivering Business Value from Operational Inisights at ING Bank
 
When to Move Your Practice to the Cloud
When to Move Your Practice to the CloudWhen to Move Your Practice to the Cloud
When to Move Your Practice to the Cloud
 
Hoe het Azure ecosysteem een cruciale rol speelt in uw IoT-oplossing (Glenn C...
Hoe het Azure ecosysteem een cruciale rol speelt in uw IoT-oplossing (Glenn C...Hoe het Azure ecosysteem een cruciale rol speelt in uw IoT-oplossing (Glenn C...
Hoe het Azure ecosysteem een cruciale rol speelt in uw IoT-oplossing (Glenn C...
 
The role of integration in your cloud-native transformation (Richard Seroter ...
The role of integration in your cloud-native transformation (Richard Seroter ...The role of integration in your cloud-native transformation (Richard Seroter ...
The role of integration in your cloud-native transformation (Richard Seroter ...
 

En vedette

Financing Small Business Success: The Rise of Online Lending
Financing Small Business Success: The Rise of Online LendingFinancing Small Business Success: The Rise of Online Lending
Financing Small Business Success: The Rise of Online Lending
Intuit Inc.
 

En vedette (10)

Velocity Conference: Building a Scalable, Global SaaS Offering: Lessons from ...
Velocity Conference: Building a Scalable, Global SaaS Offering: Lessons from ...Velocity Conference: Building a Scalable, Global SaaS Offering: Lessons from ...
Velocity Conference: Building a Scalable, Global SaaS Offering: Lessons from ...
 
Intuit Profile
Intuit ProfileIntuit Profile
Intuit Profile
 
Facebook Audience Comparison: H&R Block vs. TurboTax
Facebook Audience Comparison: H&R Block vs. TurboTaxFacebook Audience Comparison: H&R Block vs. TurboTax
Facebook Audience Comparison: H&R Block vs. TurboTax
 
Fy16 annual shareholder meeting final for print
Fy16 annual shareholder meeting final for printFy16 annual shareholder meeting final for print
Fy16 annual shareholder meeting final for print
 
Financing Small Business Success: The Rise of Online Lending
Financing Small Business Success: The Rise of Online LendingFinancing Small Business Success: The Rise of Online Lending
Financing Small Business Success: The Rise of Online Lending
 
Intuit's - Investor Day 2015 Presentation
Intuit's - Investor Day 2015 PresentationIntuit's - Investor Day 2015 Presentation
Intuit's - Investor Day 2015 Presentation
 
Intuit Overview January 2017
Intuit Overview January 2017Intuit Overview January 2017
Intuit Overview January 2017
 
Intuit Investor Presentation November 2016
Intuit Investor Presentation November 2016Intuit Investor Presentation November 2016
Intuit Investor Presentation November 2016
 
Intuit Annual Shareholder Meeting 2017
Intuit Annual Shareholder Meeting 2017Intuit Annual Shareholder Meeting 2017
Intuit Annual Shareholder Meeting 2017
 
Intuit’s Annual Investor Day Presentation 2017
Intuit’s Annual Investor Day Presentation 2017Intuit’s Annual Investor Day Presentation 2017
Intuit’s Annual Investor Day Presentation 2017
 

Similaire à In Cloud We Encrypt #GHC15

Cloud data governance, risk management and compliance ny metro joint cyber...
Cloud data governance, risk management and compliance ny metro joint cyber...Cloud data governance, risk management and compliance ny metro joint cyber...
Cloud data governance, risk management and compliance ny metro joint cyber...
Ulf Mattsson
 
Securing Sensitive Data in Your Hybrid Cloud
Securing Sensitive Data in Your Hybrid CloudSecuring Sensitive Data in Your Hybrid Cloud
Securing Sensitive Data in Your Hybrid Cloud
RightScale
 
Tips to Remediate your Vulnerability Management Program
Tips to Remediate your Vulnerability Management ProgramTips to Remediate your Vulnerability Management Program
Tips to Remediate your Vulnerability Management Program
BeyondTrust
 
(SEC320) Leveraging the Power of AWS to Automate Security & Compliance
(SEC320) Leveraging the Power of AWS to Automate Security & Compliance(SEC320) Leveraging the Power of AWS to Automate Security & Compliance
(SEC320) Leveraging the Power of AWS to Automate Security & Compliance
Amazon Web Services
 
Automating your AWS Security Operations
Automating your AWS Security OperationsAutomating your AWS Security Operations
Automating your AWS Security Operations
Amazon Web Services
 
Automating your AWS Security Operations
Automating your AWS Security OperationsAutomating your AWS Security Operations
Automating your AWS Security Operations
Evident.io
 

Similaire à In Cloud We Encrypt #GHC15 (20)

Jak využít cloudu pro zvýšení bezpečnosti vašeho IT
Jak využít cloudu pro zvýšení bezpečnosti vašeho ITJak využít cloudu pro zvýšení bezpečnosti vašeho IT
Jak využít cloudu pro zvýšení bezpečnosti vašeho IT
 
Cloud data governance, risk management and compliance ny metro joint cyber...
Cloud data governance, risk management and compliance ny metro joint cyber...Cloud data governance, risk management and compliance ny metro joint cyber...
Cloud data governance, risk management and compliance ny metro joint cyber...
 
IBM Share Conference 2010, Boston, Ulf Mattsson
IBM Share Conference 2010, Boston, Ulf MattssonIBM Share Conference 2010, Boston, Ulf Mattsson
IBM Share Conference 2010, Boston, Ulf Mattsson
 
PTC Cloud Services Datasheet: Security Primer
PTC Cloud Services Datasheet: Security PrimerPTC Cloud Services Datasheet: Security Primer
PTC Cloud Services Datasheet: Security Primer
 
Cloud Security and some preferred practices
Cloud Security and some preferred practicesCloud Security and some preferred practices
Cloud Security and some preferred practices
 
Aws training in bangalore
Aws training in bangalore Aws training in bangalore
Aws training in bangalore
 
Subscribed 2015: Architecture, Security, Scalability
Subscribed 2015: Architecture, Security, ScalabilitySubscribed 2015: Architecture, Security, Scalability
Subscribed 2015: Architecture, Security, Scalability
 
Securing Sensitive Data in Your Hybrid Cloud
Securing Sensitive Data in Your Hybrid CloudSecuring Sensitive Data in Your Hybrid Cloud
Securing Sensitive Data in Your Hybrid Cloud
 
Tips to Remediate your Vulnerability Management Program
Tips to Remediate your Vulnerability Management ProgramTips to Remediate your Vulnerability Management Program
Tips to Remediate your Vulnerability Management Program
 
Logicalis Security Conference
Logicalis Security ConferenceLogicalis Security Conference
Logicalis Security Conference
 
(SEC320) Leveraging the Power of AWS to Automate Security & Compliance
(SEC320) Leveraging the Power of AWS to Automate Security & Compliance(SEC320) Leveraging the Power of AWS to Automate Security & Compliance
(SEC320) Leveraging the Power of AWS to Automate Security & Compliance
 
Rik Ferguson
Rik FergusonRik Ferguson
Rik Ferguson
 
Automating your AWS Security Operations
Automating your AWS Security OperationsAutomating your AWS Security Operations
Automating your AWS Security Operations
 
Automating your AWS Security Operations
Automating your AWS Security OperationsAutomating your AWS Security Operations
Automating your AWS Security Operations
 
Daniel Grabski | Microsofts cybersecurity story
Daniel Grabski | Microsofts cybersecurity storyDaniel Grabski | Microsofts cybersecurity story
Daniel Grabski | Microsofts cybersecurity story
 
Security in the cloud Workshop HSTC 2014
Security in the cloud Workshop HSTC 2014Security in the cloud Workshop HSTC 2014
Security in the cloud Workshop HSTC 2014
 
Alex Hanway - Securing the Breach: Using a Holistic Data Protection Framework
Alex Hanway - Securing the Breach: Using a Holistic Data Protection FrameworkAlex Hanway - Securing the Breach: Using a Holistic Data Protection Framework
Alex Hanway - Securing the Breach: Using a Holistic Data Protection Framework
 
Zerotrusting serverless applications protecting microservices using secure d...
Zerotrusting serverless applications protecting microservices using secure d...Zerotrusting serverless applications protecting microservices using secure d...
Zerotrusting serverless applications protecting microservices using secure d...
 
Security and privacy of cloud data: what you need to know (Interop)
Security and privacy of cloud data: what you need to know (Interop)Security and privacy of cloud data: what you need to know (Interop)
Security and privacy of cloud data: what you need to know (Interop)
 
Justin Fox_NuData Security_A Master_Card_Company_June 9 2017_presentation
Justin Fox_NuData Security_A Master_Card_Company_June 9 2017_presentationJustin Fox_NuData Security_A Master_Card_Company_June 9 2017_presentation
Justin Fox_NuData Security_A Master_Card_Company_June 9 2017_presentation
 

Plus de Intuit Inc.

What Accounting Will Look Like in 2030
What Accounting Will Look Like in 2030What Accounting Will Look Like in 2030
What Accounting Will Look Like in 2030
Intuit Inc.
 

Plus de Intuit Inc. (20)

State of Small Business – Growth and Success Report
State of Small Business – Growth and Success ReportState of Small Business – Growth and Success Report
State of Small Business – Growth and Success Report
 
The State of Small Business Cash Flow
The State of Small Business Cash FlowThe State of Small Business Cash Flow
The State of Small Business Cash Flow
 
Small Business in the Age of AI
Small Business in the Age of AI Small Business in the Age of AI
Small Business in the Age of AI
 
Get financially Fit: Tips for Using QuickBooks
Get financially Fit: Tips for Using QuickBooksGet financially Fit: Tips for Using QuickBooks
Get financially Fit: Tips for Using QuickBooks
 
SEO, Social, and More: Digital Marketing for your Business
SEO, Social, and More: Digital Marketing for your BusinessSEO, Social, and More: Digital Marketing for your Business
SEO, Social, and More: Digital Marketing for your Business
 
Why Building Your Brand is Key to Getting Customers
Why Building Your Brand is Key to Getting CustomersWhy Building Your Brand is Key to Getting Customers
Why Building Your Brand is Key to Getting Customers
 
Get Found Fast: Google AdWords Strategies for Growth
Get Found Fast: Google AdWords Strategies for GrowthGet Found Fast: Google AdWords Strategies for Growth
Get Found Fast: Google AdWords Strategies for Growth
 
Giving Clients What They Want
Giving Clients What They WantGiving Clients What They Want
Giving Clients What They Want
 
What Accounting Will Look Like in 2030
What Accounting Will Look Like in 2030What Accounting Will Look Like in 2030
What Accounting Will Look Like in 2030
 
Pricing in the Digital Age
Pricing in the Digital Age Pricing in the Digital Age
Pricing in the Digital Age
 
Handbook: Power Panel on Apps you need to give you more time to serve your cl...
Handbook: Power Panel on Apps you need to give you more time to serve your cl...Handbook: Power Panel on Apps you need to give you more time to serve your cl...
Handbook: Power Panel on Apps you need to give you more time to serve your cl...
 
Handbook: Advanced QuickBooks Online - Handling Tricky Transactions
Handbook: Advanced QuickBooks Online - Handling Tricky TransactionsHandbook: Advanced QuickBooks Online - Handling Tricky Transactions
Handbook: Advanced QuickBooks Online - Handling Tricky Transactions
 
Advanced QuickBooks Online - Handling Tricky Transactions
Advanced QuickBooks Online - Handling Tricky TransactionsAdvanced QuickBooks Online - Handling Tricky Transactions
Advanced QuickBooks Online - Handling Tricky Transactions
 
Handling tricky transactions in QuickBooks Online
Handling tricky transactions in QuickBooks OnlineHandling tricky transactions in QuickBooks Online
Handling tricky transactions in QuickBooks Online
 
Social media is social business
Social media is social business Social media is social business
Social media is social business
 
Conversation guide: Forming deep relationships with your clients
Conversation guide: Forming deep relationships with your clientsConversation guide: Forming deep relationships with your clients
Conversation guide: Forming deep relationships with your clients
 
Making tax digital
Making tax digital Making tax digital
Making tax digital
 
Giving clients what they want
Giving clients what they want Giving clients what they want
Giving clients what they want
 
100 percent cloud your action plan for success
100 percent cloud your action plan for success 100 percent cloud your action plan for success
100 percent cloud your action plan for success
 
Attracting and retaining top talent
Attracting and retaining top talent Attracting and retaining top talent
Attracting and retaining top talent
 

Dernier

Jual Obat Aborsi Bandung (Asli No.1) Wa 082134680322 Klinik Obat Penggugur Ka...
Jual Obat Aborsi Bandung (Asli No.1) Wa 082134680322 Klinik Obat Penggugur Ka...Jual Obat Aborsi Bandung (Asli No.1) Wa 082134680322 Klinik Obat Penggugur Ka...
Jual Obat Aborsi Bandung (Asli No.1) Wa 082134680322 Klinik Obat Penggugur Ka...
Klinik Aborsi
 
edited gordis ebook sixth edition david d.pdf
edited gordis ebook sixth edition david d.pdfedited gordis ebook sixth edition david d.pdf
edited gordis ebook sixth edition david d.pdf
great91
 
NO1 Best Kala Jadu Expert Specialist In Germany Kala Jadu Expert Specialist I...
NO1 Best Kala Jadu Expert Specialist In Germany Kala Jadu Expert Specialist I...NO1 Best Kala Jadu Expert Specialist In Germany Kala Jadu Expert Specialist I...
NO1 Best Kala Jadu Expert Specialist In Germany Kala Jadu Expert Specialist I...
Amil baba
 
1:1原版定制伦敦政治经济学院毕业证(LSE毕业证)成绩单学位证书留信学历认证
1:1原版定制伦敦政治经济学院毕业证(LSE毕业证)成绩单学位证书留信学历认证1:1原版定制伦敦政治经济学院毕业证(LSE毕业证)成绩单学位证书留信学历认证
1:1原版定制伦敦政治经济学院毕业证(LSE毕业证)成绩单学位证书留信学历认证
dq9vz1isj
 
obat aborsi Tarakan wa 081336238223 jual obat aborsi cytotec asli di Tarakan9...
obat aborsi Tarakan wa 081336238223 jual obat aborsi cytotec asli di Tarakan9...obat aborsi Tarakan wa 081336238223 jual obat aborsi cytotec asli di Tarakan9...
obat aborsi Tarakan wa 081336238223 jual obat aborsi cytotec asli di Tarakan9...
yulianti213969
 
如何办理(UPenn毕业证书)宾夕法尼亚大学毕业证成绩单本科硕士学位证留信学历认证
如何办理(UPenn毕业证书)宾夕法尼亚大学毕业证成绩单本科硕士学位证留信学历认证如何办理(UPenn毕业证书)宾夕法尼亚大学毕业证成绩单本科硕士学位证留信学历认证
如何办理(UPenn毕业证书)宾夕法尼亚大学毕业证成绩单本科硕士学位证留信学历认证
acoha1
 
Audience Researchndfhcvnfgvgbhujhgfv.pptx
Audience Researchndfhcvnfgvgbhujhgfv.pptxAudience Researchndfhcvnfgvgbhujhgfv.pptx
Audience Researchndfhcvnfgvgbhujhgfv.pptx
Stephen266013
 
如何办理(WashU毕业证书)圣路易斯华盛顿大学毕业证成绩单本科硕士学位证留信学历认证
如何办理(WashU毕业证书)圣路易斯华盛顿大学毕业证成绩单本科硕士学位证留信学历认证如何办理(WashU毕业证书)圣路易斯华盛顿大学毕业证成绩单本科硕士学位证留信学历认证
如何办理(WashU毕业证书)圣路易斯华盛顿大学毕业证成绩单本科硕士学位证留信学历认证
acoha1
 
如何办理(UCLA毕业证书)加州大学洛杉矶分校毕业证成绩单学位证留信学历认证原件一样
如何办理(UCLA毕业证书)加州大学洛杉矶分校毕业证成绩单学位证留信学历认证原件一样如何办理(UCLA毕业证书)加州大学洛杉矶分校毕业证成绩单学位证留信学历认证原件一样
如何办理(UCLA毕业证书)加州大学洛杉矶分校毕业证成绩单学位证留信学历认证原件一样
jk0tkvfv
 
如何办理英国卡迪夫大学毕业证(Cardiff毕业证书)成绩单留信学历认证
如何办理英国卡迪夫大学毕业证(Cardiff毕业证书)成绩单留信学历认证如何办理英国卡迪夫大学毕业证(Cardiff毕业证书)成绩单留信学历认证
如何办理英国卡迪夫大学毕业证(Cardiff毕业证书)成绩单留信学历认证
ju0dztxtn
 
Displacement, Velocity, Acceleration, and Second Derivatives
Displacement, Velocity, Acceleration, and Second DerivativesDisplacement, Velocity, Acceleration, and Second Derivatives
Displacement, Velocity, Acceleration, and Second Derivatives
23050636
 
Abortion pills in Riyadh Saudi Arabia (+966572737505 buy cytotec
Abortion pills in Riyadh Saudi Arabia (+966572737505 buy cytotecAbortion pills in Riyadh Saudi Arabia (+966572737505 buy cytotec
Abortion pills in Riyadh Saudi Arabia (+966572737505 buy cytotec
Abortion pills in Riyadh +966572737505 get cytotec
 

Dernier (20)

Seven tools of quality control.slideshare
Seven tools of quality control.slideshareSeven tools of quality control.slideshare
Seven tools of quality control.slideshare
 
Northern New England Tableau User Group (TUG) May 2024
Northern New England Tableau User Group (TUG) May 2024Northern New England Tableau User Group (TUG) May 2024
Northern New England Tableau User Group (TUG) May 2024
 
Jual Obat Aborsi Bandung (Asli No.1) Wa 082134680322 Klinik Obat Penggugur Ka...
Jual Obat Aborsi Bandung (Asli No.1) Wa 082134680322 Klinik Obat Penggugur Ka...Jual Obat Aborsi Bandung (Asli No.1) Wa 082134680322 Klinik Obat Penggugur Ka...
Jual Obat Aborsi Bandung (Asli No.1) Wa 082134680322 Klinik Obat Penggugur Ka...
 
edited gordis ebook sixth edition david d.pdf
edited gordis ebook sixth edition david d.pdfedited gordis ebook sixth edition david d.pdf
edited gordis ebook sixth edition david d.pdf
 
NO1 Best Kala Jadu Expert Specialist In Germany Kala Jadu Expert Specialist I...
NO1 Best Kala Jadu Expert Specialist In Germany Kala Jadu Expert Specialist I...NO1 Best Kala Jadu Expert Specialist In Germany Kala Jadu Expert Specialist I...
NO1 Best Kala Jadu Expert Specialist In Germany Kala Jadu Expert Specialist I...
 
1:1原版定制伦敦政治经济学院毕业证(LSE毕业证)成绩单学位证书留信学历认证
1:1原版定制伦敦政治经济学院毕业证(LSE毕业证)成绩单学位证书留信学历认证1:1原版定制伦敦政治经济学院毕业证(LSE毕业证)成绩单学位证书留信学历认证
1:1原版定制伦敦政治经济学院毕业证(LSE毕业证)成绩单学位证书留信学历认证
 
Formulas dax para power bI de microsoft.pdf
Formulas dax para power bI de microsoft.pdfFormulas dax para power bI de microsoft.pdf
Formulas dax para power bI de microsoft.pdf
 
obat aborsi Tarakan wa 081336238223 jual obat aborsi cytotec asli di Tarakan9...
obat aborsi Tarakan wa 081336238223 jual obat aborsi cytotec asli di Tarakan9...obat aborsi Tarakan wa 081336238223 jual obat aborsi cytotec asli di Tarakan9...
obat aborsi Tarakan wa 081336238223 jual obat aborsi cytotec asli di Tarakan9...
 
MATERI MANAJEMEN OF PENYAKIT TETANUS.ppt
MATERI MANAJEMEN OF PENYAKIT TETANUS.pptMATERI MANAJEMEN OF PENYAKIT TETANUS.ppt
MATERI MANAJEMEN OF PENYAKIT TETANUS.ppt
 
Identify Customer Segments to Create Customer Offers for Each Segment - Appli...
Identify Customer Segments to Create Customer Offers for Each Segment - Appli...Identify Customer Segments to Create Customer Offers for Each Segment - Appli...
Identify Customer Segments to Create Customer Offers for Each Segment - Appli...
 
社内勉強会資料_Object Recognition as Next Token Prediction
社内勉強会資料_Object Recognition as Next Token Prediction社内勉強会資料_Object Recognition as Next Token Prediction
社内勉強会資料_Object Recognition as Next Token Prediction
 
如何办理(UPenn毕业证书)宾夕法尼亚大学毕业证成绩单本科硕士学位证留信学历认证
如何办理(UPenn毕业证书)宾夕法尼亚大学毕业证成绩单本科硕士学位证留信学历认证如何办理(UPenn毕业证书)宾夕法尼亚大学毕业证成绩单本科硕士学位证留信学历认证
如何办理(UPenn毕业证书)宾夕法尼亚大学毕业证成绩单本科硕士学位证留信学历认证
 
Audience Researchndfhcvnfgvgbhujhgfv.pptx
Audience Researchndfhcvnfgvgbhujhgfv.pptxAudience Researchndfhcvnfgvgbhujhgfv.pptx
Audience Researchndfhcvnfgvgbhujhgfv.pptx
 
如何办理(WashU毕业证书)圣路易斯华盛顿大学毕业证成绩单本科硕士学位证留信学历认证
如何办理(WashU毕业证书)圣路易斯华盛顿大学毕业证成绩单本科硕士学位证留信学历认证如何办理(WashU毕业证书)圣路易斯华盛顿大学毕业证成绩单本科硕士学位证留信学历认证
如何办理(WashU毕业证书)圣路易斯华盛顿大学毕业证成绩单本科硕士学位证留信学历认证
 
如何办理(UCLA毕业证书)加州大学洛杉矶分校毕业证成绩单学位证留信学历认证原件一样
如何办理(UCLA毕业证书)加州大学洛杉矶分校毕业证成绩单学位证留信学历认证原件一样如何办理(UCLA毕业证书)加州大学洛杉矶分校毕业证成绩单学位证留信学历认证原件一样
如何办理(UCLA毕业证书)加州大学洛杉矶分校毕业证成绩单学位证留信学历认证原件一样
 
如何办理英国卡迪夫大学毕业证(Cardiff毕业证书)成绩单留信学历认证
如何办理英国卡迪夫大学毕业证(Cardiff毕业证书)成绩单留信学历认证如何办理英国卡迪夫大学毕业证(Cardiff毕业证书)成绩单留信学历认证
如何办理英国卡迪夫大学毕业证(Cardiff毕业证书)成绩单留信学历认证
 
Statistics Informed Decisions Using Data 5th edition by Michael Sullivan solu...
Statistics Informed Decisions Using Data 5th edition by Michael Sullivan solu...Statistics Informed Decisions Using Data 5th edition by Michael Sullivan solu...
Statistics Informed Decisions Using Data 5th edition by Michael Sullivan solu...
 
Displacement, Velocity, Acceleration, and Second Derivatives
Displacement, Velocity, Acceleration, and Second DerivativesDisplacement, Velocity, Acceleration, and Second Derivatives
Displacement, Velocity, Acceleration, and Second Derivatives
 
The Significance of Transliteration Enhancing
The Significance of Transliteration EnhancingThe Significance of Transliteration Enhancing
The Significance of Transliteration Enhancing
 
Abortion pills in Riyadh Saudi Arabia (+966572737505 buy cytotec
Abortion pills in Riyadh Saudi Arabia (+966572737505 buy cytotecAbortion pills in Riyadh Saudi Arabia (+966572737505 buy cytotec
Abortion pills in Riyadh Saudi Arabia (+966572737505 buy cytotec
 

In Cloud We Encrypt #GHC15

  • 1. 2015 In Cloud We Encrypt Vivian Gerritsen Intuit Oct 16, 2015 #GHC15 2015
  • 2. 2015 About Me  Graduate of the Ohio State University (MSEE)  Practice broad set of computer technologies from hardware, system-level software, applications to UI  Focus on security and compliance software for the past 5 years  I’m a security ninja who protects against all possible attacks in cyber space
  • 3. 2015 The Need for Encryption Security breaches almost daily!  It’s industry trend to encrypt all sensitive data in the cloud.  Many cloud providers offer encryption solutions.
  • 4. 2015 What is Encryption? Engine Input Data SSN 123-45-6789 Output Data “Cipher Text” QSBwZX24ncyBhI HBlcnNvbiwgbm8g bWF0JzbdGVyIGh vdyBzbWFsbC4= Three major components to any encryption system: 1. Data 2. Encryption engine 3. Key management Encryption Key
  • 5. 2015 What Users Should Know Users should ask two data encryption questions:  Who has the key?  Is my data protected end-to-end?
  • 6. 2015 Encryption in the Cloud User-Oriented Storage Example: File sharing Best Practices:  You own the key, not cloud administrator  Choose a vendor that only you have the entire control of the key access
  • 7. 2015 Encryption in the Cloud SaaS-PaaS-IaaS Intuit example:  SaaS services use a platform with key management APIs to encrypt application data.  The platform uses an Intuit-certified service to store encryption keys.  Amazon AWS is used as building blocks and infrastructure.
  • 8. 2015 Encryption in the Cloud Three-Tiered, End-to-End Web Server Database, File System, Big Data Key Manager Applications Application Server Three-tiered SaaS application – encryption in transit and at rest
  • 9. 2015 SaaS Encryption  Client-side encryption − Encrypts data before sending it to servers • Protect highly sensitive information • You own the key  Server-side encryption − Protects data at rest. Options: • Trust the provider • Use customer-provided keys • Or separate out key management
  • 10. 2015 SaaS Encryption (cont’d)  Cloud encryption gateway − Act as proxy to encrypt or tokenize sensitive SaaS data • Between corporate network and cloud • Single point of security configuration • Encrypt with enterprise controlled keys
  • 11. 2015 PaaS Encryption  Database encryption − Transparent database encryption • Whole database or finer-grained (e.g., column, tablespace) • Keys managed by database • Authorized users such as admin may see data − Alternative: • Encrypt data fields in the application (SaaS) • Volume encryption (IaaS)
  • 12. 2015 IaaS Encryption  Volume encryption − Protect the storage systems of running instances − Build encryption into your instance • Keys in instance – only protects you from anyone without the right access − Separate key from encryption engine • Returns the key when a set of policy-based criteria are met
  • 13. 2015 laaS Encryption (cont’d)  Object storage − Transparent data encryption – protects object(s), bucket(s) via server-side encryption − Client-side encryption – encrypts the objects before sending up Rest API Application
  • 14. 2015 Encryption in Transit: Mechanisms  SSL − Used mostly by HTTPS to secure browser session  IPSec − Host-to-host, network-to-network transport − Network tunneling - VPN
  • 16. 2015 Data Residency International data safety Does your vendor’s vendor protect your data the same way you do?  Data sovereignty: government in other country may look into your data  Data residency: key needs to stay in US
  • 17. 2015 Conclusions  Always try to manage your keys, and guard them like they were … your keys − Enforce strong policy (least privileged) − Enable key rotation − Be aware of jurisdiction!  Devise your security architecture holistically, not just looking at point solutions − Classify your data and apply proper encryption − Encrypt end-to-end in transit and at rest
  • 18. 2015 Got Feedback? Rate and review the session on our mobile app Download at http://ddut.ch/ghc15 or search GHC 2015 in the app store