SlideShare une entreprise Scribd logo

Six steps for securing offshore development

Télécharger en tant que PPTX, PDF
G
gmaran23

Six steps for securing offshore development

Technologie
1  sur  33
6 Steps for Securing Offshore Development Agile Outsourcing Conference 2014 @ Delft, Netherlands
Marudhamaran Gunasekaran • Security Expert @ Prowareness, Bangalore • Information Security • Secure Programming Practices • Compliance (ISO 27001) • Ec-Council Certified Security Analyst (Ethical hacker), Professional Scrum Master • Open source enthusiast - Writes a lot of code, hacks applications • OWASP Zed Attack Proxy contributer Who’s presenting?
Security? Security Feeling Reality Wisdom No panacea /silver bullet solution Trade offs Ignorance is no excuse
Security – Lion and Rabbit Analogy
Security – Rabbit’s Good trade off
Security – Rabbit’s Good trade off– Make family
Security – Bad trade off : RIP rabbit
Threat = Potential violation of security Risk = Perceived threat X value of asset X loss incurred Threat / Risk
Set of activities undertaken to protect systems from known/unknown threats and attacks State of being protected from known/unknown threats and attacks Security
Perfect Security? http://infosanity.files.wordpress.com/2010/06/dilbert-securitycia.gif
Security Triangle
• Unlimited access • Physical security & Data loss Loss of Control • Exposing intranet to internet • Intrusions Network complexity • Uncomprehensive security policies • Procedures & no audits Policies and Procedures 6 Risks categories - Outline
• Data breaches • Breach of confidentiality Intellectual Property Issues • Security bugs • Legacy software Software Quality • Malicious Insiders • Social Engineering Baits Insider Threats 6 Risks categories - Outline
Loss of control Unlimited privileged to access internal systems • Apply principle of least privilege for development teams offshore and for everybody else as well • Just in time and time bound access for critical production/deployment systems intercepted with manual approval [more workflow?] Unrestricted data access • Identify roles, define accesses for roles • Implement Access control lists for file systems, directory access protocols and other assets
Loss of control Physical security breaches • Audit the offshore premises for poor security controls • Access cards and preferably biometric access - regularly audited by IT • Securing the trashes – shredders to combat dumpster diving Data loss • Ensure data is backed up every night – at secure locations • Apply snapshot technologies for virtual machine operating systems and network • RAID or deduplication backup
Overreacting to Risk I understand the natural human disgust reaction, but do these people actually think that their normal drinking water is any more pure? That a single human is that much worse than all the normal birds and other animals? A few ounces distributed amongst 38 million gallons is negligible. - Bruce Schneier https://www.schneier.com/blog/archives/2014/04/overreacting_to_1.html
Network complexity Exposing intranet to the internet • Implement a Virtual Private Network • State of the art / status quo encryption and hashing for VPN passphrase and tunnels • Plan and implement a DMZ (demilitarized zone) for offshore connections • SSL/TLS everywhere to prevent MiTM (Man in the Middle) attacks and sniffing
Network complexity Network intrusions • Assume a breach, implement network controls with intrusion isolations and containment • Strict intrusion prevention rules and firewall traffic monitoring • [IDS/IPS] • Implement strict password policies with good complexity and expiry
Linked password attack and hashes
Security policies and procedures Uncomprehensive security policies and no audits • Review the security policies and conduct a review, hire a consultant if required • Outline and require custom security policies at offshore. Base it on ISO 27001, HIPAA, PCI-DSS or other standards pertaining to the field of operation. • In case of doubt, ask the offshoring partner for security recommendations • Verify if the offshoring partner has a dedicated team or a Center Of Excellence for Information Security with certified professionals [CEH, OSCP, CISSP, and similar certifications]
Security policies and procedures No Malware protection • Ensure presence of a client-server based malware protection system with updated rule sets • Ensure Intrusion Prevention Systems/Intrusion Detection Systems are updated with latest rule sets • Ensure the systems at offshore are updated regularly with security patches for software and operating systems both
Intellectual property issues Data breaches • Identify data that needs to be protected and claim responsibility for data • Ensure removable drives/media are disabled at offshore • Filter/Anonymize production data before transferring to development teams offshore • Sanitize/Shred all media before disposing of
Intellectual property issues Breach of trust and confidentiality • Sign Non Disclosure Agreements with the offshoring partner • Define levels of access based on the confidentiality level of data • Ensure a clean desk policy
Software Quality Security bugs • Train the developers/QAs to write secure code • Write guidelines for writing secure code • Integrate security tools at development builds for early feedback
Security bugs http://news.techworld.com/security/3331283/barclays-97-percent-of-data-breaches-still-due-to-sql-injection/
Security bugs
Software Quality Legacy Software • Rewrite/Migrate/Refresh the technology • Keeps your systems up to date with patches
Sony PSN hack
Insider threats Malicious Insiders • Conduct rigorous background checks on offshore employees • Trust employees only with enough access to perform the tasks they are supposed to do • Strict transparent monitoring of new employee activities, and limited access during probation period [blacklisting later in case of an incident]
Insider threats Social Engineering Baits • Educate employees on information security policies and security risks • Provide email access without requiring VPNs • Educate employees on configuring personal wifi networks • Educate employees on social engineering aided attacks like email phishing, phone phishing, baiting, tailgating, clickjacking and similar attacks • Converse with employees offshore to gauge and improve security awareness
1000% secure? Evolution of technology = Evaluation of threats = Risks increases How good are we at Mitigate the risks Is it worth the trade off?
Prowareness Security Labs {find} • Penetration testing applications and networks {fix} • Security Consulting {comply} • Secure development practices {prevent} • Security training and development
Thanks! Presentation Brochures are close by!

Recommandé

A Guide To Offshore Development Center Set Up by Gramener Digital
A Guide To Offshore Development Center Set Up by Gramener DigitalA Guide To Offshore Development Center Set Up by Gramener Digital
A Guide To Offshore Development Center Set Up by Gramener DigitalCannyfore
 
Offshore Development Center Proposal Easycom
Offshore Development Center Proposal EasycomOffshore Development Center Proposal Easycom
Offshore Development Center Proposal EasycomEasycom Japan Philippines Inc
 
Offshore development center (odc) setup up by faichi solutions - Case Study
Offshore development center (odc) setup up by faichi solutions - Case StudyOffshore development center (odc) setup up by faichi solutions - Case Study
Offshore development center (odc) setup up by faichi solutions - Case StudyFaichi Solutions
 
ODC setup services
ODC setup servicesODC setup services
ODC setup servicesSatish Bhagwat
 
Odc setup
Odc setupOdc setup
Odc setupNOR-LINK IT Solutions Pvt. Ltd.
 
HAMSA HITECH ODC SETUP & OPERATIONS
HAMSA HITECH ODC SETUP & OPERATIONSHAMSA HITECH ODC SETUP & OPERATIONS
HAMSA HITECH ODC SETUP & OPERATIONSSrikanth M
 
cloud-migrations.pptx
cloud-migrations.pptxcloud-migrations.pptx
cloud-migrations.pptxJohn Mulhall
 
Software Defined Networking - Huawei, June 2017
Software Defined Networking - Huawei, June 2017Software Defined Networking - Huawei, June 2017
Software Defined Networking - Huawei, June 2017Novosco
 

Recommandé

A Guide To Offshore Development Center Set Up by Gramener Digital
A Guide To Offshore Development Center Set Up by Gramener DigitalA Guide To Offshore Development Center Set Up by Gramener Digital
A Guide To Offshore Development Center Set Up by Gramener DigitalCannyfore
 
Offshore Development Center Proposal Easycom
Offshore Development Center Proposal EasycomOffshore Development Center Proposal Easycom
Offshore Development Center Proposal EasycomEasycom Japan Philippines Inc
 
Offshore development center (odc) setup up by faichi solutions - Case Study
Offshore development center (odc) setup up by faichi solutions - Case StudyOffshore development center (odc) setup up by faichi solutions - Case Study
Offshore development center (odc) setup up by faichi solutions - Case StudyFaichi Solutions
 
ODC setup services
ODC setup servicesODC setup services
ODC setup servicesSatish Bhagwat
 
Odc setup
Odc setupOdc setup
Odc setupNOR-LINK IT Solutions Pvt. Ltd.
 
HAMSA HITECH ODC SETUP & OPERATIONS
HAMSA HITECH ODC SETUP & OPERATIONSHAMSA HITECH ODC SETUP & OPERATIONS
HAMSA HITECH ODC SETUP & OPERATIONSSrikanth M
 
cloud-migrations.pptx
cloud-migrations.pptxcloud-migrations.pptx
cloud-migrations.pptxJohn Mulhall
 
Software Defined Networking - Huawei, June 2017
Software Defined Networking - Huawei, June 2017Software Defined Networking - Huawei, June 2017
Software Defined Networking - Huawei, June 2017Novosco
 
Migrating a Large Fortune 100 Healthcare Company to Kubernetes in 7 months
Migrating a Large Fortune 100 Healthcare Company to Kubernetes in 7 monthsMigrating a Large Fortune 100 Healthcare Company to Kubernetes in 7 months
Migrating a Large Fortune 100 Healthcare Company to Kubernetes in 7 monthsKonveyor Community
 
CI/CD with Openshift and Jenkins
CI/CD with Openshift and JenkinsCI/CD with Openshift and Jenkins
CI/CD with Openshift and JenkinsAri LiVigni
 
Verizon Managed SD-WAN with Cisco IWAN
Verizon Managed SD-WAN with Cisco IWAN Verizon Managed SD-WAN with Cisco IWAN
Verizon Managed SD-WAN with Cisco IWAN Cisco Enterprise Networks
 
Data Center Project Management: Key Components of a Successful System
Data Center Project Management: Key Components of a Successful SystemData Center Project Management: Key Components of a Successful System
Data Center Project Management: Key Components of a Successful Systemdpsir
 
Platform Engineering - a 360 degree view
Platform Engineering - a 360 degree viewPlatform Engineering - a 360 degree view
Platform Engineering - a 360 degree viewGiulio Roggero
 
SD-WAN Economics 101 - VeloCloud
SD-WAN Economics 101 - VeloCloudSD-WAN Economics 101 - VeloCloud
SD-WAN Economics 101 - VeloCloudVeloCloud Networks, Inc.
 
Dynamic Adaptive Streaming over HTTP (DASH)
Dynamic Adaptive Streaming over HTTP (DASH)Dynamic Adaptive Streaming over HTTP (DASH)
Dynamic Adaptive Streaming over HTTP (DASH)Alpen-Adria-Universität
 
Four pillars of DevOps - John Shaw - Agile Cambridge 2014
Four pillars of DevOps - John Shaw - Agile Cambridge 2014Four pillars of DevOps - John Shaw - Agile Cambridge 2014
Four pillars of DevOps - John Shaw - Agile Cambridge 2014johnfcshaw
 
IT Services Proposal PowerPoint Presentation Slides
IT Services Proposal PowerPoint Presentation SlidesIT Services Proposal PowerPoint Presentation Slides
IT Services Proposal PowerPoint Presentation SlidesSlideTeam
 
Htc Staff Augmentation Capability V0.2
Htc Staff Augmentation Capability V0.2Htc Staff Augmentation Capability V0.2
Htc Staff Augmentation Capability V0.2guest88e405
 
The Path to Digital Engineering
The Path to Digital EngineeringThe Path to Digital Engineering
The Path to Digital EngineeringElizabeth Steiner
 
Perform a Cloud Readiness Assessment for Your Own Company
Perform a Cloud Readiness Assessment for Your Own CompanyPerform a Cloud Readiness Assessment for Your Own Company
Perform a Cloud Readiness Assessment for Your Own CompanyAmazon Web Services
 
Migration to Alibaba Cloud
Migration to Alibaba CloudMigration to Alibaba Cloud
Migration to Alibaba CloudAlibaba Cloud
 
Data Center Consolidation
Data Center ConsolidationData Center Consolidation
Data Center ConsolidationBarry Weber
 
DevOps cultura y herramientas
DevOps cultura y herramientasDevOps cultura y herramientas
DevOps cultura y herramientasJosé Juan Mora Pérez
 
NAGRA KUDELSKI - Overview and Analysis
NAGRA KUDELSKI - Overview and AnalysisNAGRA KUDELSKI - Overview and Analysis
NAGRA KUDELSKI - Overview and AnalysisPiyushi Chaudhary
 
Transform your enterprise branch with secure sd-wan
Transform your enterprise branch with secure sd-wanTransform your enterprise branch with secure sd-wan
Transform your enterprise branch with secure sd-wanDATA SECURITY SOLUTIONS
 
Como BFF (backend for frontend) pode ser seu melhor amigo para lidar com dife...
Como BFF (backend for frontend) pode ser seu melhor amigo para lidar com dife...Como BFF (backend for frontend) pode ser seu melhor amigo para lidar com dife...
Como BFF (backend for frontend) pode ser seu melhor amigo para lidar com dife...Deivid Hahn Fração
 
DevOps Powerpoint Presentation Slides
DevOps Powerpoint Presentation SlidesDevOps Powerpoint Presentation Slides
DevOps Powerpoint Presentation SlidesSlideTeam
 
SplunkLive! Customer Presentation--ServiceNow
SplunkLive! Customer Presentation--ServiceNowSplunkLive! Customer Presentation--ServiceNow
SplunkLive! Customer Presentation--ServiceNowSplunk
 
Dedicated Offshore Development Centers: a popular trend in outsourcing
Dedicated Offshore Development Centers: a popular trend in outsourcingDedicated Offshore Development Centers: a popular trend in outsourcing
Dedicated Offshore Development Centers: a popular trend in outsourcingSoftheme
 
Offshore development center
Offshore development centerOffshore development center
Offshore development centerDimitri Bekinin
 

Contenu connexe

Tendances

Migrating a Large Fortune 100 Healthcare Company to Kubernetes in 7 months
Migrating a Large Fortune 100 Healthcare Company to Kubernetes in 7 monthsMigrating a Large Fortune 100 Healthcare Company to Kubernetes in 7 months
Migrating a Large Fortune 100 Healthcare Company to Kubernetes in 7 monthsKonveyor Community
 
CI/CD with Openshift and Jenkins
CI/CD with Openshift and JenkinsCI/CD with Openshift and Jenkins
CI/CD with Openshift and JenkinsAri LiVigni
 
Data Center Project Management: Key Components of a Successful System
Data Center Project Management: Key Components of a Successful SystemData Center Project Management: Key Components of a Successful System
Data Center Project Management: Key Components of a Successful Systemdpsir
 
Platform Engineering - a 360 degree view
Platform Engineering - a 360 degree viewPlatform Engineering - a 360 degree view
Platform Engineering - a 360 degree viewGiulio Roggero
 
Dynamic Adaptive Streaming over HTTP (DASH)
Dynamic Adaptive Streaming over HTTP (DASH)Dynamic Adaptive Streaming over HTTP (DASH)
Dynamic Adaptive Streaming over HTTP (DASH)Alpen-Adria-Universität
 
Four pillars of DevOps - John Shaw - Agile Cambridge 2014
Four pillars of DevOps - John Shaw - Agile Cambridge 2014Four pillars of DevOps - John Shaw - Agile Cambridge 2014
Four pillars of DevOps - John Shaw - Agile Cambridge 2014johnfcshaw
 
IT Services Proposal PowerPoint Presentation Slides
IT Services Proposal PowerPoint Presentation SlidesIT Services Proposal PowerPoint Presentation Slides
IT Services Proposal PowerPoint Presentation SlidesSlideTeam
 
Htc Staff Augmentation Capability V0.2
Htc Staff Augmentation Capability V0.2Htc Staff Augmentation Capability V0.2
Htc Staff Augmentation Capability V0.2guest88e405
 
The Path to Digital Engineering
The Path to Digital EngineeringThe Path to Digital Engineering
The Path to Digital EngineeringElizabeth Steiner
 
Perform a Cloud Readiness Assessment for Your Own Company
Perform a Cloud Readiness Assessment for Your Own CompanyPerform a Cloud Readiness Assessment for Your Own Company
Perform a Cloud Readiness Assessment for Your Own CompanyAmazon Web Services
 
Migration to Alibaba Cloud
Migration to Alibaba CloudMigration to Alibaba Cloud
Migration to Alibaba CloudAlibaba Cloud
 
Data Center Consolidation
Data Center ConsolidationData Center Consolidation
Data Center ConsolidationBarry Weber
 
NAGRA KUDELSKI - Overview and Analysis
NAGRA KUDELSKI - Overview and AnalysisNAGRA KUDELSKI - Overview and Analysis
NAGRA KUDELSKI - Overview and AnalysisPiyushi Chaudhary
 
Transform your enterprise branch with secure sd-wan
Transform your enterprise branch with secure sd-wanTransform your enterprise branch with secure sd-wan
Transform your enterprise branch with secure sd-wanDATA SECURITY SOLUTIONS
 
Como BFF (backend for frontend) pode ser seu melhor amigo para lidar com dife...
Como BFF (backend for frontend) pode ser seu melhor amigo para lidar com dife...Como BFF (backend for frontend) pode ser seu melhor amigo para lidar com dife...
Como BFF (backend for frontend) pode ser seu melhor amigo para lidar com dife...Deivid Hahn Fração
 
DevOps Powerpoint Presentation Slides
DevOps Powerpoint Presentation SlidesDevOps Powerpoint Presentation Slides
DevOps Powerpoint Presentation SlidesSlideTeam
 
SplunkLive! Customer Presentation--ServiceNow
SplunkLive! Customer Presentation--ServiceNowSplunkLive! Customer Presentation--ServiceNow
SplunkLive! Customer Presentation--ServiceNowSplunk
 

Tendances (20)

Migrating a Large Fortune 100 Healthcare Company to Kubernetes in 7 months
Migrating a Large Fortune 100 Healthcare Company to Kubernetes in 7 monthsMigrating a Large Fortune 100 Healthcare Company to Kubernetes in 7 months
Migrating a Large Fortune 100 Healthcare Company to Kubernetes in 7 months
 
CI/CD with Openshift and Jenkins
CI/CD with Openshift and JenkinsCI/CD with Openshift and Jenkins
CI/CD with Openshift and Jenkins
 
Verizon Managed SD-WAN with Cisco IWAN
Verizon Managed SD-WAN with Cisco IWAN Verizon Managed SD-WAN with Cisco IWAN
Verizon Managed SD-WAN with Cisco IWAN
 
Data Center Project Management: Key Components of a Successful System
Data Center Project Management: Key Components of a Successful SystemData Center Project Management: Key Components of a Successful System
Data Center Project Management: Key Components of a Successful System
 
Platform Engineering - a 360 degree view
Platform Engineering - a 360 degree viewPlatform Engineering - a 360 degree view
Platform Engineering - a 360 degree view
 
SD-WAN Economics 101 - VeloCloud
SD-WAN Economics 101 - VeloCloudSD-WAN Economics 101 - VeloCloud
SD-WAN Economics 101 - VeloCloud
 
Dynamic Adaptive Streaming over HTTP (DASH)
Dynamic Adaptive Streaming over HTTP (DASH)Dynamic Adaptive Streaming over HTTP (DASH)
Dynamic Adaptive Streaming over HTTP (DASH)
 
Four pillars of DevOps - John Shaw - Agile Cambridge 2014
Four pillars of DevOps - John Shaw - Agile Cambridge 2014Four pillars of DevOps - John Shaw - Agile Cambridge 2014
Four pillars of DevOps - John Shaw - Agile Cambridge 2014
 
IT Services Proposal PowerPoint Presentation Slides
IT Services Proposal PowerPoint Presentation SlidesIT Services Proposal PowerPoint Presentation Slides
IT Services Proposal PowerPoint Presentation Slides
 
Htc Staff Augmentation Capability V0.2
Htc Staff Augmentation Capability V0.2Htc Staff Augmentation Capability V0.2
Htc Staff Augmentation Capability V0.2
 
The Path to Digital Engineering
The Path to Digital EngineeringThe Path to Digital Engineering
The Path to Digital Engineering
 
Perform a Cloud Readiness Assessment for Your Own Company
Perform a Cloud Readiness Assessment for Your Own CompanyPerform a Cloud Readiness Assessment for Your Own Company
Perform a Cloud Readiness Assessment for Your Own Company
 
Migration to Alibaba Cloud
Migration to Alibaba CloudMigration to Alibaba Cloud
Migration to Alibaba Cloud
 
Data Center Consolidation
Data Center ConsolidationData Center Consolidation
Data Center Consolidation
 
DevOps cultura y herramientas
DevOps cultura y herramientasDevOps cultura y herramientas
DevOps cultura y herramientas
 
NAGRA KUDELSKI - Overview and Analysis
NAGRA KUDELSKI - Overview and AnalysisNAGRA KUDELSKI - Overview and Analysis
NAGRA KUDELSKI - Overview and Analysis
 
Transform your enterprise branch with secure sd-wan
Transform your enterprise branch with secure sd-wanTransform your enterprise branch with secure sd-wan
Transform your enterprise branch with secure sd-wan
 
Como BFF (backend for frontend) pode ser seu melhor amigo para lidar com dife...
Como BFF (backend for frontend) pode ser seu melhor amigo para lidar com dife...Como BFF (backend for frontend) pode ser seu melhor amigo para lidar com dife...
Como BFF (backend for frontend) pode ser seu melhor amigo para lidar com dife...
 
DevOps Powerpoint Presentation Slides
DevOps Powerpoint Presentation SlidesDevOps Powerpoint Presentation Slides
DevOps Powerpoint Presentation Slides
 
SplunkLive! Customer Presentation--ServiceNow
SplunkLive! Customer Presentation--ServiceNowSplunkLive! Customer Presentation--ServiceNow
SplunkLive! Customer Presentation--ServiceNow
 

En vedette

Dedicated Offshore Development Centers: a popular trend in outsourcing
Dedicated Offshore Development Centers: a popular trend in outsourcingDedicated Offshore Development Centers: a popular trend in outsourcing
Dedicated Offshore Development Centers: a popular trend in outsourcingSoftheme
 
Offshore development center
Offshore development centerOffshore development center
Offshore development centerDimitri Bekinin
 
Establishing an offshore development center ver4d
Establishing an offshore development center ver4dEstablishing an offshore development center ver4d
Establishing an offshore development center ver4dMark Werwath
 
Evolutionary ATM & Cyber Security - Selex ES - Angeloluca Barba
Evolutionary ATM & Cyber Security - Selex ES - Angeloluca BarbaEvolutionary ATM & Cyber Security - Selex ES - Angeloluca Barba
Evolutionary ATM & Cyber Security - Selex ES - Angeloluca BarbaAngeloluca Barba
 
Offshore IT Projects - Best Practices
Offshore IT Projects - Best PracticesOffshore IT Projects - Best Practices
Offshore IT Projects - Best PracticesVasantha Gullapalli
 
Top 10 dos and donts in agile offshoring
Top 10 dos and donts in agile offshoringTop 10 dos and donts in agile offshoring
Top 10 dos and donts in agile offshoringOve Holmberg
 
Governing your realm to ensure your customers are consistently delighted with...
Governing your realm to ensure your customers are consistently delighted with...Governing your realm to ensure your customers are consistently delighted with...
Governing your realm to ensure your customers are consistently delighted with...sharedserviceslink.com
 
Eastern Melbourne Agile Meetup - Challenge Constraints
Eastern Melbourne Agile Meetup - Challenge ConstraintsEastern Melbourne Agile Meetup - Challenge Constraints
Eastern Melbourne Agile Meetup - Challenge ConstraintsNish Mahanty
 
Managing Offshore Software Development
Managing Offshore Software DevelopmentManaging Offshore Software Development
Managing Offshore Software Developmentbicer
 
Harnessing Agile Development In Distributed Environment Dusan K Part
Harnessing Agile Development In Distributed Environment Dusan K PartHarnessing Agile Development In Distributed Environment Dusan K Part
Harnessing Agile Development In Distributed Environment Dusan K PartDusan Kocurek
 
Distributed Agile Development
Distributed Agile DevelopmentDistributed Agile Development
Distributed Agile DevelopmentCarlos Garcia
 
Lessons learned from scaling Agile to distributed, offshore teams
Lessons learned from scaling Agile to distributed, offshore teamsLessons learned from scaling Agile to distributed, offshore teams
Lessons learned from scaling Agile to distributed, offshore teamssrondal
 
Agile Case Study With Cliffnotes
Agile Case Study With CliffnotesAgile Case Study With Cliffnotes
Agile Case Study With CliffnotesNish Mahanty
 
How To Identify And Mitigate Security And Intellectual Property Risks When Ou...
How To Identify And Mitigate Security And Intellectual Property Risks When Ou...How To Identify And Mitigate Security And Intellectual Property Risks When Ou...
How To Identify And Mitigate Security And Intellectual Property Risks When Ou...Altoros
 
Scrum_Blr 11th meet up 13 dec-2014 - Introduction to SAFe - Nagesh_Sharma
Scrum_Blr 11th meet up 13 dec-2014 - Introduction to SAFe - Nagesh_SharmaScrum_Blr 11th meet up 13 dec-2014 - Introduction to SAFe - Nagesh_Sharma
Scrum_Blr 11th meet up 13 dec-2014 - Introduction to SAFe - Nagesh_SharmaScrum Bangalore
 
The Impact of Culture on Distributed Agile - DiscussAgile - May 07 2016
The Impact of Culture on Distributed Agile - DiscussAgile - May 07 2016The Impact of Culture on Distributed Agile - DiscussAgile - May 07 2016
The Impact of Culture on Distributed Agile - DiscussAgile - May 07 2016gmaran23
 
How to Kick Start a New Scrum Team - Agility and HR at Delft Netherlands 21 J...
How to Kick Start a New Scrum Team - Agility and HR at Delft Netherlands 21 J...How to Kick Start a New Scrum Team - Agility and HR at Delft Netherlands 21 J...
How to Kick Start a New Scrum Team - Agility and HR at Delft Netherlands 21 J...gmaran23
 
Scrum Bangalore 17th Meetup - June 11, 2016 - The Death of Project Manager - ...
Scrum Bangalore 17th Meetup - June 11, 2016 - The Death of Project Manager - ...Scrum Bangalore 17th Meetup - June 11, 2016 - The Death of Project Manager - ...
Scrum Bangalore 17th Meetup - June 11, 2016 - The Death of Project Manager - ...Scrum Bangalore
 

En vedette (20)

Dedicated Offshore Development Centers: a popular trend in outsourcing
Dedicated Offshore Development Centers: a popular trend in outsourcingDedicated Offshore Development Centers: a popular trend in outsourcing
Dedicated Offshore Development Centers: a popular trend in outsourcing
 
Offshore development center
Offshore development centerOffshore development center
Offshore development center
 
Establishing an offshore development center ver4d
Establishing an offshore development center ver4dEstablishing an offshore development center ver4d
Establishing an offshore development center ver4d
 
Evolutionary ATM & Cyber Security - Selex ES - Angeloluca Barba
Evolutionary ATM & Cyber Security - Selex ES - Angeloluca BarbaEvolutionary ATM & Cyber Security - Selex ES - Angeloluca Barba
Evolutionary ATM & Cyber Security - Selex ES - Angeloluca Barba
 
Offshore IT Projects - Best Practices
Offshore IT Projects - Best PracticesOffshore IT Projects - Best Practices
Offshore IT Projects - Best Practices
 
Top 10 dos and donts in agile offshoring
Top 10 dos and donts in agile offshoringTop 10 dos and donts in agile offshoring
Top 10 dos and donts in agile offshoring
 
Governing your realm to ensure your customers are consistently delighted with...
Governing your realm to ensure your customers are consistently delighted with...Governing your realm to ensure your customers are consistently delighted with...
Governing your realm to ensure your customers are consistently delighted with...
 
Eastern Melbourne Agile Meetup - Challenge Constraints
Eastern Melbourne Agile Meetup - Challenge ConstraintsEastern Melbourne Agile Meetup - Challenge Constraints
Eastern Melbourne Agile Meetup - Challenge Constraints
 
Managing Offshore Software Development
Managing Offshore Software DevelopmentManaging Offshore Software Development
Managing Offshore Software Development
 
Harnessing Agile Development In Distributed Environment Dusan K Part
Harnessing Agile Development In Distributed Environment Dusan K PartHarnessing Agile Development In Distributed Environment Dusan K Part
Harnessing Agile Development In Distributed Environment Dusan K Part
 
Distributed Agile Development
Distributed Agile DevelopmentDistributed Agile Development
Distributed Agile Development
 
Lessons learned from scaling Agile to distributed, offshore teams
Lessons learned from scaling Agile to distributed, offshore teamsLessons learned from scaling Agile to distributed, offshore teams
Lessons learned from scaling Agile to distributed, offshore teams
 
Agile Case Study With Cliffnotes
Agile Case Study With CliffnotesAgile Case Study With Cliffnotes
Agile Case Study With Cliffnotes
 
How To Identify And Mitigate Security And Intellectual Property Risks When Ou...
How To Identify And Mitigate Security And Intellectual Property Risks When Ou...How To Identify And Mitigate Security And Intellectual Property Risks When Ou...
How To Identify And Mitigate Security And Intellectual Property Risks When Ou...
 
Who is scrum.org
Who is scrum.orgWho is scrum.org
Who is scrum.org
 
Scrum_Blr 11th meet up 13 dec-2014 - Introduction to SAFe - Nagesh_Sharma
Scrum_Blr 11th meet up 13 dec-2014 - Introduction to SAFe - Nagesh_SharmaScrum_Blr 11th meet up 13 dec-2014 - Introduction to SAFe - Nagesh_Sharma
Scrum_Blr 11th meet up 13 dec-2014 - Introduction to SAFe - Nagesh_Sharma
 
The Impact of Culture on Distributed Agile - DiscussAgile - May 07 2016
The Impact of Culture on Distributed Agile - DiscussAgile - May 07 2016The Impact of Culture on Distributed Agile - DiscussAgile - May 07 2016
The Impact of Culture on Distributed Agile - DiscussAgile - May 07 2016
 
20140724 psm i - scrum.org
20140724 psm i - scrum.org20140724 psm i - scrum.org
20140724 psm i - scrum.org
 
How to Kick Start a New Scrum Team - Agility and HR at Delft Netherlands 21 J...
How to Kick Start a New Scrum Team - Agility and HR at Delft Netherlands 21 J...How to Kick Start a New Scrum Team - Agility and HR at Delft Netherlands 21 J...
How to Kick Start a New Scrum Team - Agility and HR at Delft Netherlands 21 J...
 
Scrum Bangalore 17th Meetup - June 11, 2016 - The Death of Project Manager - ...
Scrum Bangalore 17th Meetup - June 11, 2016 - The Death of Project Manager - ...Scrum Bangalore 17th Meetup - June 11, 2016 - The Death of Project Manager - ...
Scrum Bangalore 17th Meetup - June 11, 2016 - The Death of Project Manager - ...
 

Similaire à Six steps for securing offshore development

Invited Talk - Cyber Security and Open Source
Invited Talk - Cyber Security and Open SourceInvited Talk - Cyber Security and Open Source
Invited Talk - Cyber Security and Open Sourcehack33
 
Network Security, Change Control, Outsourcing
Network Security, Change Control, OutsourcingNetwork Security, Change Control, Outsourcing
Network Security, Change Control, OutsourcingNicholas Davis
 
Network security, change control, outsourcing
Network security, change control, outsourcingNetwork security, change control, outsourcing
Network security, change control, outsourcingNicholas Davis
 
Power Grid Communications & Control Systems
Power Grid Communications & Control SystemsPower Grid Communications & Control Systems
Power Grid Communications & Control Systemsfajjarrehman
 
110307 cloud security requirements gourley
110307 cloud security requirements gourley110307 cloud security requirements gourley
110307 cloud security requirements gourleyGovCloud Network
 
Material best practices in network security using ethical hacking
Material best practices in network security using ethical hackingMaterial best practices in network security using ethical hacking
Material best practices in network security using ethical hackingDesmond Devendran
 
Cyber Security
Cyber SecurityCyber Security
Cyber Securityfrcarlson
 
chap-1 : Vulnerabilities in Information Systems
chap-1 : Vulnerabilities in Information Systemschap-1 : Vulnerabilities in Information Systems
chap-1 : Vulnerabilities in Information SystemsKashfUlHuda1
 
Review of Information Security Concepts
Review of Information Security ConceptsReview of Information Security Concepts
Review of Information Security Conceptsprimeteacher32
 
Port of seattle security presentation david morris
Port of seattle security presentation david morrisPort of seattle security presentation david morris
Port of seattle security presentation david morrisEmily2014
 
Inetsecurity.in Ethical Hacking presentation
Inetsecurity.in Ethical Hacking presentationInetsecurity.in Ethical Hacking presentation
Inetsecurity.in Ethical Hacking presentationJoshua Prince
 
Track 5 session 2 - st dev con 2016 - security iot best practices
Track 5 session 2 - st dev con 2016 - security iot best practicesTrack 5 session 2 - st dev con 2016 - security iot best practices
Track 5 session 2 - st dev con 2016 - security iot best practicesST_World
 
Information Security Lesson 13 - Advanced Security - Eric Vanderburg
Information Security Lesson 13 - Advanced Security - Eric VanderburgInformation Security Lesson 13 - Advanced Security - Eric Vanderburg
Information Security Lesson 13 - Advanced Security - Eric VanderburgEric Vanderburg
 
Preatorian Secure partners with Cipher loc - New Encryption Technology
Preatorian Secure partners with Cipher loc - New Encryption Technology Preatorian Secure partners with Cipher loc - New Encryption Technology
Preatorian Secure partners with Cipher loc - New Encryption Technology Austin Ross
 
Understanding Database Encryption & Protecting Against the Insider Threat wit...
Understanding Database Encryption & Protecting Against the Insider Threat wit...Understanding Database Encryption & Protecting Against the Insider Threat wit...
Understanding Database Encryption & Protecting Against the Insider Threat wit...MongoDB
 

Similaire à Six steps for securing offshore development (20)

Invited Talk - Cyber Security and Open Source
Invited Talk - Cyber Security and Open SourceInvited Talk - Cyber Security and Open Source
Invited Talk - Cyber Security and Open Source
 
Network Security, Change Control, Outsourcing
Network Security, Change Control, OutsourcingNetwork Security, Change Control, Outsourcing
Network Security, Change Control, Outsourcing
 
Network security, change control, outsourcing
Network security, change control, outsourcingNetwork security, change control, outsourcing
Network security, change control, outsourcing
 
Power Grid Communications & Control Systems
Power Grid Communications & Control SystemsPower Grid Communications & Control Systems
Power Grid Communications & Control Systems
 
Linux Security best Practices with Fedora
Linux Security best Practices with FedoraLinux Security best Practices with Fedora
Linux Security best Practices with Fedora
 
110307 cloud security requirements gourley
110307 cloud security requirements gourley110307 cloud security requirements gourley
110307 cloud security requirements gourley
 
Material best practices in network security using ethical hacking
Material best practices in network security using ethical hackingMaterial best practices in network security using ethical hacking
Material best practices in network security using ethical hacking
 
Cyber Security
Cyber SecurityCyber Security
Cyber Security
 
chap-1 : Vulnerabilities in Information Systems
chap-1 : Vulnerabilities in Information Systemschap-1 : Vulnerabilities in Information Systems
chap-1 : Vulnerabilities in Information Systems
 
Review of Information Security Concepts
Review of Information Security ConceptsReview of Information Security Concepts
Review of Information Security Concepts
 
Ccna sec 01
Ccna sec 01Ccna sec 01
Ccna sec 01
 
Port of seattle security presentation david morris
Port of seattle security presentation david morrisPort of seattle security presentation david morris
Port of seattle security presentation david morris
 
Inetsecurity.in Ethical Hacking presentation
Inetsecurity.in Ethical Hacking presentationInetsecurity.in Ethical Hacking presentation
Inetsecurity.in Ethical Hacking presentation
 
Track 5 session 2 - st dev con 2016 - security iot best practices
Track 5 session 2 - st dev con 2016 - security iot best practicesTrack 5 session 2 - st dev con 2016 - security iot best practices
Track 5 session 2 - st dev con 2016 - security iot best practices
 
Information Security Lesson 13 - Advanced Security - Eric Vanderburg
Information Security Lesson 13 - Advanced Security - Eric VanderburgInformation Security Lesson 13 - Advanced Security - Eric Vanderburg
Information Security Lesson 13 - Advanced Security - Eric Vanderburg
 
Praetorian secure encryption_services_overview
Praetorian secure encryption_services_overviewPraetorian secure encryption_services_overview
Praetorian secure encryption_services_overview
 
Praetorian_Secure_EncryptionServices_Overview
Praetorian_Secure_EncryptionServices_OverviewPraetorian_Secure_EncryptionServices_Overview
Praetorian_Secure_EncryptionServices_Overview
 
Praetorian secure encryption_services_overview
Praetorian secure encryption_services_overviewPraetorian secure encryption_services_overview
Praetorian secure encryption_services_overview
 
Preatorian Secure partners with Cipher loc - New Encryption Technology
Preatorian Secure partners with Cipher loc - New Encryption Technology Preatorian Secure partners with Cipher loc - New Encryption Technology
Preatorian Secure partners with Cipher loc - New Encryption Technology
 
Understanding Database Encryption & Protecting Against the Insider Threat wit...
Understanding Database Encryption & Protecting Against the Insider Threat wit...Understanding Database Encryption & Protecting Against the Insider Threat wit...
Understanding Database Encryption & Protecting Against the Insider Threat wit...
 

Plus de gmaran23

First Software Security Netherlands Meet Up - Delft - 18 May 2017
First Software Security Netherlands Meet Up - Delft - 18 May 2017First Software Security Netherlands Meet Up - Delft - 18 May 2017
First Software Security Netherlands Meet Up - Delft - 18 May 2017gmaran23
 
N Different Strategies to Automate OWASP ZAP - Cybersecurity WithTheBest - Oc...
N Different Strategies to Automate OWASP ZAP - Cybersecurity WithTheBest - Oc...N Different Strategies to Automate OWASP ZAP - Cybersecurity WithTheBest - Oc...
N Different Strategies to Automate OWASP ZAP - Cybersecurity WithTheBest - Oc...gmaran23
 
N Different Strategies to Automate OWASP ZAP - OWASP APPSec BUCHAREST - Oct 1...
N Different Strategies to Automate OWASP ZAP - OWASP APPSec BUCHAREST - Oct 1...N Different Strategies to Automate OWASP ZAP - OWASP APPSec BUCHAREST - Oct 1...
N Different Strategies to Automate OWASP ZAP - OWASP APPSec BUCHAREST - Oct 1...gmaran23
 
What is new in OWASP Top 10 2017 (RC) - Prowareness Tech Talk Tuesdays - 20 J...
What is new in OWASP Top 10 2017 (RC) - Prowareness Tech Talk Tuesdays - 20 J...What is new in OWASP Top 10 2017 (RC) - Prowareness Tech Talk Tuesdays - 20 J...
What is new in OWASP Top 10 2017 (RC) - Prowareness Tech Talk Tuesdays - 20 J...gmaran23
 
Prioritizing Portfolio Backlog to Maximize Value Steve Mayner Agile Asia 2016
Prioritizing Portfolio Backlog to Maximize Value Steve Mayner Agile Asia 2016Prioritizing Portfolio Backlog to Maximize Value Steve Mayner Agile Asia 2016
Prioritizing Portfolio Backlog to Maximize Value Steve Mayner Agile Asia 2016gmaran23
 
Performance Appraisals in Agile Environment Nagesh Sharma
Performance Appraisals in Agile Environment Nagesh SharmaPerformance Appraisals in Agile Environment Nagesh Sharma
Performance Appraisals in Agile Environment Nagesh Sharmagmaran23
 
Automating Web Application Security Testing With OWASP ZAP DOT NET API - Tech...
Automating Web Application Security Testing With OWASP ZAP DOT NET API - Tech...Automating Web Application Security Testing With OWASP ZAP DOT NET API - Tech...
Automating Web Application Security Testing With OWASP ZAP DOT NET API - Tech...gmaran23
 
What Can I Learn From You?
What Can I Learn From You?What Can I Learn From You?
What Can I Learn From You?gmaran23
 
Beefing Up Security In ASP.NET Part 2 Dot Net Bangalore 4th meet up on August...
Beefing Up Security In ASP.NET Part 2 Dot Net Bangalore 4th meet up on August...Beefing Up Security In ASP.NET Part 2 Dot Net Bangalore 4th meet up on August...
Beefing Up Security In ASP.NET Part 2 Dot Net Bangalore 4th meet up on August...gmaran23
 
Beefing Up Security In ASP.NET Dot Net Bangalore 3rd meet up on May 16 2015
Beefing Up Security In ASP.NET Dot Net Bangalore 3rd meet up on May 16 2015Beefing Up Security In ASP.NET Dot Net Bangalore 3rd meet up on May 16 2015
Beefing Up Security In ASP.NET Dot Net Bangalore 3rd meet up on May 16 2015gmaran23
 
Practical Security Testing for Developers using OWASP ZAP at Dot Net Bangalor...
Practical Security Testing for Developers using OWASP ZAP at Dot Net Bangalor...Practical Security Testing for Developers using OWASP ZAP at Dot Net Bangalor...
Practical Security Testing for Developers using OWASP ZAP at Dot Net Bangalor...gmaran23
 
OWASP Zed Attack Proxy Demonstration - OWASP Bangalore Nov 22 2014
OWASP Zed Attack Proxy Demonstration - OWASP Bangalore Nov 22 2014OWASP Zed Attack Proxy Demonstration - OWASP Bangalore Nov 22 2014
OWASP Zed Attack Proxy Demonstration - OWASP Bangalore Nov 22 2014gmaran23
 
Devouring Security Insufficient data validation risks Cross Site Scripting
Devouring Security Insufficient data validation risks Cross Site ScriptingDevouring Security Insufficient data validation risks Cross Site Scripting
Devouring Security Insufficient data validation risks Cross Site Scriptinggmaran23
 
Devouring Security XML Attack surface and Defences
Devouring Security XML Attack surface and DefencesDevouring Security XML Attack surface and Defences
Devouring Security XML Attack surface and Defencesgmaran23
 
Devouring Security Sqli Exploitation and Prevention
Devouring Security Sqli Exploitation and PreventionDevouring Security Sqli Exploitation and Prevention
Devouring Security Sqli Exploitation and Preventiongmaran23
 

Plus de gmaran23 (15)

First Software Security Netherlands Meet Up - Delft - 18 May 2017
First Software Security Netherlands Meet Up - Delft - 18 May 2017First Software Security Netherlands Meet Up - Delft - 18 May 2017
First Software Security Netherlands Meet Up - Delft - 18 May 2017
 
N Different Strategies to Automate OWASP ZAP - Cybersecurity WithTheBest - Oc...
N Different Strategies to Automate OWASP ZAP - Cybersecurity WithTheBest - Oc...N Different Strategies to Automate OWASP ZAP - Cybersecurity WithTheBest - Oc...
N Different Strategies to Automate OWASP ZAP - Cybersecurity WithTheBest - Oc...
 
N Different Strategies to Automate OWASP ZAP - OWASP APPSec BUCHAREST - Oct 1...
N Different Strategies to Automate OWASP ZAP - OWASP APPSec BUCHAREST - Oct 1...N Different Strategies to Automate OWASP ZAP - OWASP APPSec BUCHAREST - Oct 1...
N Different Strategies to Automate OWASP ZAP - OWASP APPSec BUCHAREST - Oct 1...
 
What is new in OWASP Top 10 2017 (RC) - Prowareness Tech Talk Tuesdays - 20 J...
What is new in OWASP Top 10 2017 (RC) - Prowareness Tech Talk Tuesdays - 20 J...What is new in OWASP Top 10 2017 (RC) - Prowareness Tech Talk Tuesdays - 20 J...
What is new in OWASP Top 10 2017 (RC) - Prowareness Tech Talk Tuesdays - 20 J...
 
Prioritizing Portfolio Backlog to Maximize Value Steve Mayner Agile Asia 2016
Prioritizing Portfolio Backlog to Maximize Value Steve Mayner Agile Asia 2016Prioritizing Portfolio Backlog to Maximize Value Steve Mayner Agile Asia 2016
Prioritizing Portfolio Backlog to Maximize Value Steve Mayner Agile Asia 2016
 
Performance Appraisals in Agile Environment Nagesh Sharma
Performance Appraisals in Agile Environment Nagesh SharmaPerformance Appraisals in Agile Environment Nagesh Sharma
Performance Appraisals in Agile Environment Nagesh Sharma
 
Automating Web Application Security Testing With OWASP ZAP DOT NET API - Tech...
Automating Web Application Security Testing With OWASP ZAP DOT NET API - Tech...Automating Web Application Security Testing With OWASP ZAP DOT NET API - Tech...
Automating Web Application Security Testing With OWASP ZAP DOT NET API - Tech...
 
What Can I Learn From You?
What Can I Learn From You?What Can I Learn From You?
What Can I Learn From You?
 
Beefing Up Security In ASP.NET Part 2 Dot Net Bangalore 4th meet up on August...
Beefing Up Security In ASP.NET Part 2 Dot Net Bangalore 4th meet up on August...Beefing Up Security In ASP.NET Part 2 Dot Net Bangalore 4th meet up on August...
Beefing Up Security In ASP.NET Part 2 Dot Net Bangalore 4th meet up on August...
 
Beefing Up Security In ASP.NET Dot Net Bangalore 3rd meet up on May 16 2015
Beefing Up Security In ASP.NET Dot Net Bangalore 3rd meet up on May 16 2015Beefing Up Security In ASP.NET Dot Net Bangalore 3rd meet up on May 16 2015
Beefing Up Security In ASP.NET Dot Net Bangalore 3rd meet up on May 16 2015
 
Practical Security Testing for Developers using OWASP ZAP at Dot Net Bangalor...
Practical Security Testing for Developers using OWASP ZAP at Dot Net Bangalor...Practical Security Testing for Developers using OWASP ZAP at Dot Net Bangalor...
Practical Security Testing for Developers using OWASP ZAP at Dot Net Bangalor...
 
OWASP Zed Attack Proxy Demonstration - OWASP Bangalore Nov 22 2014
OWASP Zed Attack Proxy Demonstration - OWASP Bangalore Nov 22 2014OWASP Zed Attack Proxy Demonstration - OWASP Bangalore Nov 22 2014
OWASP Zed Attack Proxy Demonstration - OWASP Bangalore Nov 22 2014
 
Devouring Security Insufficient data validation risks Cross Site Scripting
Devouring Security Insufficient data validation risks Cross Site ScriptingDevouring Security Insufficient data validation risks Cross Site Scripting
Devouring Security Insufficient data validation risks Cross Site Scripting
 
Devouring Security XML Attack surface and Defences
Devouring Security XML Attack surface and DefencesDevouring Security XML Attack surface and Defences
Devouring Security XML Attack surface and Defences
 
Devouring Security Sqli Exploitation and Prevention
Devouring Security Sqli Exploitation and PreventionDevouring Security Sqli Exploitation and Prevention
Devouring Security Sqli Exploitation and Prevention
 

Dernier

Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfsudhanshuwaghmare1
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024Rafal Los
 
GenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdfGenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdflior mazor
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Servicegiselly40
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘RTylerCroy
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Enterprise Knowledge
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking MenDelhi Call girls
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationRadu Cotescu
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsEnterprise Knowledge
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonetsnaman860154
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Scriptwesley chun
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slidevu2urc
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024The Digital Insurer
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdfhans926745
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking MenDelhi Call girls
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptxHampshireHUG
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking MenDelhi Call girls
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationSafe Software
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoffsammart93
 

Dernier (20)

Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdf
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
 
GenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdfGenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdf
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Service
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI Solutions
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonets
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Script
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slide
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
 

Six steps for securing offshore development

  • 1. 6 Steps for Securing Offshore Development Agile Outsourcing Conference 2014 @ Delft, Netherlands
  • 2. Marudhamaran Gunasekaran • Security Expert @ Prowareness, Bangalore • Information Security • Secure Programming Practices • Compliance (ISO 27001) • Ec-Council Certified Security Analyst (Ethical hacker), Professional Scrum Master • Open source enthusiast - Writes a lot of code, hacks applications • OWASP Zed Attack Proxy contributer Who’s presenting?
  • 3. Security? Security Feeling Reality Wisdom No panacea /silver bullet solution Trade offs Ignorance is no excuse
  • 4. Security – Lion and Rabbit Analogy
  • 5. Security – Rabbit’s Good trade off
  • 6. Security – Rabbit’s Good trade off– Make family
  • 7. Security – Bad trade off : RIP rabbit
  • 8. Threat = Potential violation of security Risk = Perceived threat X value of asset X loss incurred Threat / Risk
  • 9. Set of activities undertaken to protect systems from known/unknown threats and attacks State of being protected from known/unknown threats and attacks Security
  • 12. • Unlimited access • Physical security & Data loss Loss of Control • Exposing intranet to internet • Intrusions Network complexity • Uncomprehensive security policies • Procedures & no audits Policies and Procedures 6 Risks categories - Outline
  • 13. • Data breaches • Breach of confidentiality Intellectual Property Issues • Security bugs • Legacy software Software Quality • Malicious Insiders • Social Engineering Baits Insider Threats 6 Risks categories - Outline
  • 14. Loss of control Unlimited privileged to access internal systems • Apply principle of least privilege for development teams offshore and for everybody else as well • Just in time and time bound access for critical production/deployment systems intercepted with manual approval [more workflow?] Unrestricted data access • Identify roles, define accesses for roles • Implement Access control lists for file systems, directory access protocols and other assets
  • 15. Loss of control Physical security breaches • Audit the offshore premises for poor security controls • Access cards and preferably biometric access - regularly audited by IT • Securing the trashes – shredders to combat dumpster diving Data loss • Ensure data is backed up every night – at secure locations • Apply snapshot technologies for virtual machine operating systems and network • RAID or deduplication backup
  • 16. Overreacting to Risk I understand the natural human disgust reaction, but do these people actually think that their normal drinking water is any more pure? That a single human is that much worse than all the normal birds and other animals? A few ounces distributed amongst 38 million gallons is negligible. - Bruce Schneier https://www.schneier.com/blog/archives/2014/04/overreacting_to_1.html
  • 17. Network complexity Exposing intranet to the internet • Implement a Virtual Private Network • State of the art / status quo encryption and hashing for VPN passphrase and tunnels • Plan and implement a DMZ (demilitarized zone) for offshore connections • SSL/TLS everywhere to prevent MiTM (Man in the Middle) attacks and sniffing
  • 18. Network complexity Network intrusions • Assume a breach, implement network controls with intrusion isolations and containment • Strict intrusion prevention rules and firewall traffic monitoring • [IDS/IPS] • Implement strict password policies with good complexity and expiry
  • 20. Security policies and procedures Uncomprehensive security policies and no audits • Review the security policies and conduct a review, hire a consultant if required • Outline and require custom security policies at offshore. Base it on ISO 27001, HIPAA, PCI-DSS or other standards pertaining to the field of operation. • In case of doubt, ask the offshoring partner for security recommendations • Verify if the offshoring partner has a dedicated team or a Center Of Excellence for Information Security with certified professionals [CEH, OSCP, CISSP, and similar certifications]
  • 21. Security policies and procedures No Malware protection • Ensure presence of a client-server based malware protection system with updated rule sets • Ensure Intrusion Prevention Systems/Intrusion Detection Systems are updated with latest rule sets • Ensure the systems at offshore are updated regularly with security patches for software and operating systems both
  • 22. Intellectual property issues Data breaches • Identify data that needs to be protected and claim responsibility for data • Ensure removable drives/media are disabled at offshore • Filter/Anonymize production data before transferring to development teams offshore • Sanitize/Shred all media before disposing of
  • 23. Intellectual property issues Breach of trust and confidentiality • Sign Non Disclosure Agreements with the offshoring partner • Define levels of access based on the confidentiality level of data • Ensure a clean desk policy
  • 24. Software Quality Security bugs • Train the developers/QAs to write secure code • Write guidelines for writing secure code • Integrate security tools at development builds for early feedback
  • 27. Software Quality Legacy Software • Rewrite/Migrate/Refresh the technology • Keeps your systems up to date with patches
  • 29. Insider threats Malicious Insiders • Conduct rigorous background checks on offshore employees • Trust employees only with enough access to perform the tasks they are supposed to do • Strict transparent monitoring of new employee activities, and limited access during probation period [blacklisting later in case of an incident]
  • 30. Insider threats Social Engineering Baits • Educate employees on information security policies and security risks • Provide email access without requiring VPNs • Educate employees on configuring personal wifi networks • Educate employees on social engineering aided attacks like email phishing, phone phishing, baiting, tailgating, clickjacking and similar attacks • Converse with employees offshore to gauge and improve security awareness
  • 31. 1000% secure? Evolution of technology = Evaluation of threats = Risks increases How good are we at Mitigate the risks Is it worth the trade off?
  • 32. Prowareness Security Labs {find} • Penetration testing applications and networks {fix} • Security Consulting {comply} • Secure development practices {prevent} • Security training and development