SlideShare une entreprise Scribd logo

What Is "Secure"?

Peter Coffee
Peter Coffee

Security is too often discussed in terms of what it prevents rather than what it assures. Too much trust in narrowly focused technology, combined with too much fear of the unknown in areas like adoption of the cloud, combine to make many enterprise and other IT systems unnecessarily expensive and inadequately trustworthy.

Technologie
1  sur  14
Télécharger pour lire hors ligne
What is “Secure”? “If you think cryptography can solve your problem, then you don't understand your problem and you don't understand cryptography.” – Bruce Schneier, 1998
The Nouns and Verbs of Security  Preserve integrity, availability & access  Permit authentication and authorization  Assure confidentiality & control  Promote awareness and accountability  Perform inspection; maintain protection; afford detection; enable reaction; build on reflection
The Nouns and Verbs of Security  Preserve integrity, availability & access  Permit authentication and authorization  Assure confidentiality & control  Promote awareness and accountability  Perform inspection; maintain protection; afford detection; enable reaction; build on reflection
The Nouns and Verbs of Security  If all you want is data protection, put it on tape and store it in a Kansas cavern  The point of security is to maximize the risk-adjusted value of the asset: money in a bank, not under a mattress  Infosec is therefore a process, not a product; a mode of travel, not a destination
“Secure” against what?
“Who” Matters So Much More than “Where” "There are five common factors that lead to the compromise of database information": • ignorance • poor password management • rampant account sharing • unfettered access to data • excessive portability of data DarkReading.com, October 2009
Clouds Can Be Usefully Secure
Single-Tenant vs. Multi-Tenant Clouds In a multi-tenant environment, all applications run under a common trust model: more manageable, more consistent, more subject to rigorous scrutiny by trained specialists (internal & customer) Shared infrastructure Other apps Single tenancy entails creation of multiple software stacks, whether real or virtual: each layer in each stack represents a distinct opportunity for misconfiguration or other sources of security risk Server OS Database App Server Storage Network App 1 Server OS Database App Server Storage Network App 2 Server OS Database App Server Storage Network App 3
Every Act an Invocation: Granular Privilege
 Password security policies  Rich Sharing Rules  User Profiles  SSO/2-factor solutions Login… Authenticate… Apply Data Security Rules… View Filtered Content Bottom-Up Design to be “Shared and Secure”
 Expanding legislation, regulation, mainstream mind share  Rising standard of due diligence  Desktop/laptop systems carry far too much “state” – More data than people actually use – Far too much data that user may easily lose – More than one version of what should be one shared truth  Cloud’s Solutions: – Logical view of exactly one database – Profile definitions manage privilege sets – Activity logs precisely record actions Governance: More Eyes, More Agendas
Strong Session Management Every row in the database contains an ORG_ID - Unique encoded string Session Tokens – user unique, non-predictable long random value generated for each session combined with a routing “hint” and checksum, base64 encoded Contains no user-identifiable information Session Timeout – 15 Mins to 8 Hrs Lock Sessions to IP – prevent hijacking and replay attacks SSLv3/TLS used to prevent token capture / session hijacking Session Logout – Explicitly expire and destroy the session Common Controls + Customer Choices
• SSL data encryption • Optional strict password policies • SAS 70 Type II & SysTrust Certification • Security certifications from Fortune 50 financial services customers • May 2008: ISO 27001 Certification Platform Security • Fault tolerant external firewall • Intrusion detection systems • Best practices secure systems mgmt • 3rd party vulnerability assessments Network Security • 24x365 on site security • Biometric readers, man traps • Anonymous exterior • Silent alarm • CCTV • Motion detection • N+1 infrastructure Facility Security World-Class Defense in Depth “There are some strong technical security arguments in favor of Cloud Computing… (Craig Balding, Fortune 500 security practitioner)
Peter Coffee VP for Strategic Research pcoffee@salesforce.com facebook.com/peter.coffee twitter.com/petercoffee

Recommandé

Cobit 2
Cobit 2Cobit 2
Cobit 2Securelogy
 
Secure Web Gateway Ds Lr[1]
Secure Web Gateway Ds Lr[1]Secure Web Gateway Ds Lr[1]
Secure Web Gateway Ds Lr[1]DeepNines Technologies
 
Big Data Security Intelligence and Analytics for Advanced Threat Protection
Big Data Security Intelligence and Analytics for Advanced Threat ProtectionBig Data Security Intelligence and Analytics for Advanced Threat Protection
Big Data Security Intelligence and Analytics for Advanced Threat ProtectionBlue Coat
 
ProtectV - Data Security for the Cloud
ProtectV - Data Security for the CloudProtectV - Data Security for the Cloud
ProtectV - Data Security for the CloudSafeNet
 
What is the future of blockchain in cybersecurity
What is the future of blockchain in cybersecurity What is the future of blockchain in cybersecurity
What is the future of blockchain in cybersecurity Blockchain Council
 
What Is Internet Security
What Is Internet SecurityWhat Is Internet Security
What Is Internet SecurityRavi Ranjan
 
How Privacy in the Cloud Affects Organizations
How Privacy in the Cloud Affects OrganizationsHow Privacy in the Cloud Affects Organizations
How Privacy in the Cloud Affects OrganizationsWSO2
 
SBC 2012 - Dynamic Access Control in Windows Server 2012 (Nguyễn Ngọc Thuận)
SBC 2012 - Dynamic Access Control in Windows Server 2012 (Nguyễn Ngọc Thuận)SBC 2012 - Dynamic Access Control in Windows Server 2012 (Nguyễn Ngọc Thuận)
SBC 2012 - Dynamic Access Control in Windows Server 2012 (Nguyễn Ngọc Thuận)Security Bootcamp
 

Recommandé

Cobit 2
Cobit 2Cobit 2
Cobit 2Securelogy
 
Secure Web Gateway Ds Lr[1]
Secure Web Gateway Ds Lr[1]Secure Web Gateway Ds Lr[1]
Secure Web Gateway Ds Lr[1]DeepNines Technologies
 
Big Data Security Intelligence and Analytics for Advanced Threat Protection
Big Data Security Intelligence and Analytics for Advanced Threat ProtectionBig Data Security Intelligence and Analytics for Advanced Threat Protection
Big Data Security Intelligence and Analytics for Advanced Threat ProtectionBlue Coat
 
ProtectV - Data Security for the Cloud
ProtectV - Data Security for the CloudProtectV - Data Security for the Cloud
ProtectV - Data Security for the CloudSafeNet
 
What is the future of blockchain in cybersecurity
What is the future of blockchain in cybersecurity What is the future of blockchain in cybersecurity
What is the future of blockchain in cybersecurity Blockchain Council
 
What Is Internet Security
What Is Internet SecurityWhat Is Internet Security
What Is Internet SecurityRavi Ranjan
 
How Privacy in the Cloud Affects Organizations
How Privacy in the Cloud Affects OrganizationsHow Privacy in the Cloud Affects Organizations
How Privacy in the Cloud Affects OrganizationsWSO2
 
SBC 2012 - Dynamic Access Control in Windows Server 2012 (Nguyễn Ngọc Thuận)
SBC 2012 - Dynamic Access Control in Windows Server 2012 (Nguyễn Ngọc Thuận)SBC 2012 - Dynamic Access Control in Windows Server 2012 (Nguyễn Ngọc Thuận)
SBC 2012 - Dynamic Access Control in Windows Server 2012 (Nguyễn Ngọc Thuận)Security Bootcamp
 
Symantec Enterprise Mobility Enhancements
Symantec Enterprise Mobility EnhancementsSymantec Enterprise Mobility Enhancements
Symantec Enterprise Mobility EnhancementsSymantec
 
NTXISSACSC3 - Security at the Point of Storage by Todd Barton
NTXISSACSC3 - Security at the Point of Storage by Todd BartonNTXISSACSC3 - Security at the Point of Storage by Todd Barton
NTXISSACSC3 - Security at the Point of Storage by Todd BartonNorth Texas Chapter of the ISSA
 
Audit Log Protection: Avoiding a False Sense of Security
Audit Log Protection: Avoiding a False Sense of SecurityAudit Log Protection: Avoiding a False Sense of Security
Audit Log Protection: Avoiding a False Sense of SecurityNbukhari
 
Whitepaper: Best Practices for Electronic Document Management and Security
Whitepaper: Best Practices for Electronic Document Management and SecurityWhitepaper: Best Practices for Electronic Document Management and Security
Whitepaper: Best Practices for Electronic Document Management and SecurityDocuSign
 
GDPR Part 4: Better Together Quest & SonicWall
GDPR Part 4: Better Together Quest & SonicWallGDPR Part 4: Better Together Quest & SonicWall
GDPR Part 4: Better Together Quest & SonicWallAdrian Dumitrescu
 
Logs vs Insiders
Logs vs InsidersLogs vs Insiders
Logs vs InsidersAnton Chuvakin
 
How can cas bs help
How can cas bs helpHow can cas bs help
How can cas bs helpCipherCloud
 
Will My SaaS Provider Leak My Corporate Data? - Collaborate '15 Presentation
Will My SaaS Provider Leak My Corporate Data? - Collaborate '15 PresentationWill My SaaS Provider Leak My Corporate Data? - Collaborate '15 Presentation
Will My SaaS Provider Leak My Corporate Data? - Collaborate '15 PresentationSnag
 
Cybersecurity aspects of blockchain and cryptocurrency
Cybersecurity aspects of blockchain and cryptocurrencyCybersecurity aspects of blockchain and cryptocurrency
Cybersecurity aspects of blockchain and cryptocurrencyTony Martin-Vegue
 
[EB100510] Evelyn del Monte: Context-Aware and Adaptive Security
[EB100510] Evelyn del Monte: Context-Aware and Adaptive Security[EB100510] Evelyn del Monte: Context-Aware and Adaptive Security
[EB100510] Evelyn del Monte: Context-Aware and Adaptive SecurityComputerworld Philippines
 
Introduction to PKI & SafeNet Luna Hardware Security Modules with Microsoft W...
Introduction to PKI & SafeNet Luna Hardware Security Modules with Microsoft W...Introduction to PKI & SafeNet Luna Hardware Security Modules with Microsoft W...
Introduction to PKI & SafeNet Luna Hardware Security Modules with Microsoft W...SafeNet
 
IT Controls Presentation
IT Controls PresentationIT Controls Presentation
IT Controls PresentationBill Lisse
 
HTTPS
HTTPSHTTPS
HTTPSJustin Denton
 
Cyber security
Cyber securityCyber security
Cyber securityPeter Henley
 
How to protect virtualized data from theft
How to protect virtualized data from theftHow to protect virtualized data from theft
How to protect virtualized data from theftDataGravity
 
Introduction to Network Security
Introduction to Network SecurityIntroduction to Network Security
Introduction to Network SecurityShitiz Upreti
 
HTTP vs HTTPS Difference
HTTP vs HTTPS Difference HTTP vs HTTPS Difference
HTTP vs HTTPS Difference Real Estate
 
Cybersecurity service provider
Cybersecurity service providerCybersecurity service provider
Cybersecurity service providerVishvendra Saini
 
SmartLock
SmartLockSmartLock
SmartLockmasa-pay
 
Construction: Protect Your Assets From Ground-Breaking Threats
Construction: Protect Your Assets From Ground-Breaking ThreatsConstruction: Protect Your Assets From Ground-Breaking Threats
Construction: Protect Your Assets From Ground-Breaking ThreatsThe TNS Group
 
Busting Silos, Boosting Communities
Busting Silos, Boosting CommunitiesBusting Silos, Boosting Communities
Busting Silos, Boosting CommunitiesPeter Coffee
 
Game of Phones - Becoming the Architects of Connection (Midwest Dreamin' Clos...
Game of Phones - Becoming the Architects of Connection (Midwest Dreamin' Clos...Game of Phones - Becoming the Architects of Connection (Midwest Dreamin' Clos...
Game of Phones - Becoming the Architects of Connection (Midwest Dreamin' Clos...Peter Coffee
 

Contenu connexe

Tendances

Symantec Enterprise Mobility Enhancements
Symantec Enterprise Mobility EnhancementsSymantec Enterprise Mobility Enhancements
Symantec Enterprise Mobility EnhancementsSymantec
 
NTXISSACSC3 - Security at the Point of Storage by Todd Barton
NTXISSACSC3 - Security at the Point of Storage by Todd BartonNTXISSACSC3 - Security at the Point of Storage by Todd Barton
NTXISSACSC3 - Security at the Point of Storage by Todd BartonNorth Texas Chapter of the ISSA
 
Audit Log Protection: Avoiding a False Sense of Security
Audit Log Protection: Avoiding a False Sense of SecurityAudit Log Protection: Avoiding a False Sense of Security
Audit Log Protection: Avoiding a False Sense of SecurityNbukhari
 
Whitepaper: Best Practices for Electronic Document Management and Security
Whitepaper: Best Practices for Electronic Document Management and SecurityWhitepaper: Best Practices for Electronic Document Management and Security
Whitepaper: Best Practices for Electronic Document Management and SecurityDocuSign
 
GDPR Part 4: Better Together Quest & SonicWall
GDPR Part 4: Better Together Quest & SonicWallGDPR Part 4: Better Together Quest & SonicWall
GDPR Part 4: Better Together Quest & SonicWallAdrian Dumitrescu
 
How can cas bs help
How can cas bs helpHow can cas bs help
How can cas bs helpCipherCloud
 
Will My SaaS Provider Leak My Corporate Data? - Collaborate '15 Presentation
Will My SaaS Provider Leak My Corporate Data? - Collaborate '15 PresentationWill My SaaS Provider Leak My Corporate Data? - Collaborate '15 Presentation
Will My SaaS Provider Leak My Corporate Data? - Collaborate '15 PresentationSnag
 
Cybersecurity aspects of blockchain and cryptocurrency
Cybersecurity aspects of blockchain and cryptocurrencyCybersecurity aspects of blockchain and cryptocurrency
Cybersecurity aspects of blockchain and cryptocurrencyTony Martin-Vegue
 
[EB100510] Evelyn del Monte: Context-Aware and Adaptive Security
[EB100510] Evelyn del Monte: Context-Aware and Adaptive Security[EB100510] Evelyn del Monte: Context-Aware and Adaptive Security
[EB100510] Evelyn del Monte: Context-Aware and Adaptive SecurityComputerworld Philippines
 
Introduction to PKI & SafeNet Luna Hardware Security Modules with Microsoft W...
Introduction to PKI & SafeNet Luna Hardware Security Modules with Microsoft W...Introduction to PKI & SafeNet Luna Hardware Security Modules with Microsoft W...
Introduction to PKI & SafeNet Luna Hardware Security Modules with Microsoft W...SafeNet
 
IT Controls Presentation
IT Controls PresentationIT Controls Presentation
IT Controls PresentationBill Lisse
 
How to protect virtualized data from theft
How to protect virtualized data from theftHow to protect virtualized data from theft
How to protect virtualized data from theftDataGravity
 
Introduction to Network Security
Introduction to Network SecurityIntroduction to Network Security
Introduction to Network SecurityShitiz Upreti
 
HTTP vs HTTPS Difference
HTTP vs HTTPS Difference HTTP vs HTTPS Difference
HTTP vs HTTPS Difference Real Estate
 
Cybersecurity service provider
Cybersecurity service providerCybersecurity service provider
Cybersecurity service providerVishvendra Saini
 
Construction: Protect Your Assets From Ground-Breaking Threats
Construction: Protect Your Assets From Ground-Breaking ThreatsConstruction: Protect Your Assets From Ground-Breaking Threats
Construction: Protect Your Assets From Ground-Breaking ThreatsThe TNS Group
 

Tendances (20)

Symantec Enterprise Mobility Enhancements
Symantec Enterprise Mobility EnhancementsSymantec Enterprise Mobility Enhancements
Symantec Enterprise Mobility Enhancements
 
NTXISSACSC3 - Security at the Point of Storage by Todd Barton
NTXISSACSC3 - Security at the Point of Storage by Todd BartonNTXISSACSC3 - Security at the Point of Storage by Todd Barton
NTXISSACSC3 - Security at the Point of Storage by Todd Barton
 
Audit Log Protection: Avoiding a False Sense of Security
Audit Log Protection: Avoiding a False Sense of SecurityAudit Log Protection: Avoiding a False Sense of Security
Audit Log Protection: Avoiding a False Sense of Security
 
Whitepaper: Best Practices for Electronic Document Management and Security
Whitepaper: Best Practices for Electronic Document Management and SecurityWhitepaper: Best Practices for Electronic Document Management and Security
Whitepaper: Best Practices for Electronic Document Management and Security
 
GDPR Part 4: Better Together Quest & SonicWall
GDPR Part 4: Better Together Quest & SonicWallGDPR Part 4: Better Together Quest & SonicWall
GDPR Part 4: Better Together Quest & SonicWall
 
Logs vs Insiders
Logs vs InsidersLogs vs Insiders
Logs vs Insiders
 
How can cas bs help
How can cas bs helpHow can cas bs help
How can cas bs help
 
Will My SaaS Provider Leak My Corporate Data? - Collaborate '15 Presentation
Will My SaaS Provider Leak My Corporate Data? - Collaborate '15 PresentationWill My SaaS Provider Leak My Corporate Data? - Collaborate '15 Presentation
Will My SaaS Provider Leak My Corporate Data? - Collaborate '15 Presentation
 
Cybersecurity aspects of blockchain and cryptocurrency
Cybersecurity aspects of blockchain and cryptocurrencyCybersecurity aspects of blockchain and cryptocurrency
Cybersecurity aspects of blockchain and cryptocurrency
 
[EB100510] Evelyn del Monte: Context-Aware and Adaptive Security
[EB100510] Evelyn del Monte: Context-Aware and Adaptive Security[EB100510] Evelyn del Monte: Context-Aware and Adaptive Security
[EB100510] Evelyn del Monte: Context-Aware and Adaptive Security
 
Introduction to PKI & SafeNet Luna Hardware Security Modules with Microsoft W...
Introduction to PKI & SafeNet Luna Hardware Security Modules with Microsoft W...Introduction to PKI & SafeNet Luna Hardware Security Modules with Microsoft W...
Introduction to PKI & SafeNet Luna Hardware Security Modules with Microsoft W...
 
IT Controls Presentation
IT Controls PresentationIT Controls Presentation
IT Controls Presentation
 
HTTPS
HTTPSHTTPS
HTTPS
 
Cyber security
Cyber securityCyber security
Cyber security
 
How to protect virtualized data from theft
How to protect virtualized data from theftHow to protect virtualized data from theft
How to protect virtualized data from theft
 
Introduction to Network Security
Introduction to Network SecurityIntroduction to Network Security
Introduction to Network Security
 
HTTP vs HTTPS Difference
HTTP vs HTTPS Difference HTTP vs HTTPS Difference
HTTP vs HTTPS Difference
 
Cybersecurity service provider
Cybersecurity service providerCybersecurity service provider
Cybersecurity service provider
 
SmartLock
SmartLockSmartLock
SmartLock
 
Construction: Protect Your Assets From Ground-Breaking Threats
Construction: Protect Your Assets From Ground-Breaking ThreatsConstruction: Protect Your Assets From Ground-Breaking Threats
Construction: Protect Your Assets From Ground-Breaking Threats
 

En vedette

Busting Silos, Boosting Communities
Busting Silos, Boosting CommunitiesBusting Silos, Boosting Communities
Busting Silos, Boosting CommunitiesPeter Coffee
 
Game of Phones - Becoming the Architects of Connection (Midwest Dreamin' Clos...
Game of Phones - Becoming the Architects of Connection (Midwest Dreamin' Clos...Game of Phones - Becoming the Architects of Connection (Midwest Dreamin' Clos...
Game of Phones - Becoming the Architects of Connection (Midwest Dreamin' Clos...Peter Coffee
 
The Rising Floor of Platform - MIT Platform Summit 2014
The Rising Floor of Platform - MIT Platform Summit 2014The Rising Floor of Platform - MIT Platform Summit 2014
The Rising Floor of Platform - MIT Platform Summit 2014Peter Coffee
 
Looking Back at the Next Ten Years - Fusion Symposium 2024
Looking Back at the Next Ten Years - Fusion Symposium 2024Looking Back at the Next Ten Years - Fusion Symposium 2024
Looking Back at the Next Ten Years - Fusion Symposium 2024Peter Coffee
 
Your API: A Big Enough Box of Crayons?
Your API: A Big Enough Box of Crayons?Your API: A Big Enough Box of Crayons?
Your API: A Big Enough Box of Crayons?Peter Coffee
 
Redefining "Clean IT": Rejecting Incremental Improvement
Redefining "Clean IT": Rejecting Incremental ImprovementRedefining "Clean IT": Rejecting Incremental Improvement
Redefining "Clean IT": Rejecting Incremental ImprovementPeter Coffee
 
Unleash innovation on the Customer Success Platform
Unleash innovation on the Customer Success PlatformUnleash innovation on the Customer Success Platform
Unleash innovation on the Customer Success PlatformPeter Coffee
 
Governing The Connected Everything
Governing The Connected EverythingGoverning The Connected Everything
Governing The Connected EverythingPeter Coffee
 
Fusion Trumps Confusion - 2015
Fusion Trumps Confusion - 2015Fusion Trumps Confusion - 2015
Fusion Trumps Confusion - 2015Peter Coffee
 
It's About The Citizen - Changing Needs and Rising Expectations
It's About The Citizen - Changing Needs and Rising ExpectationsIt's About The Citizen - Changing Needs and Rising Expectations
It's About The Citizen - Changing Needs and Rising ExpectationsPeter Coffee
 
Big Data Goes to Work - Liberating Latent Value in a Connected World - P.Coffee
Big Data Goes to Work - Liberating Latent Value in a Connected World - P.CoffeeBig Data Goes to Work - Liberating Latent Value in a Connected World - P.Coffee
Big Data Goes to Work - Liberating Latent Value in a Connected World - P.CoffeePeter Coffee
 
New Services, No Silos: The Next 15 Years
New Services, No Silos: The Next 15 YearsNew Services, No Silos: The Next 15 Years
New Services, No Silos: The Next 15 YearsPeter Coffee
 
Inside Out and Upside Down - FOO Camp 2016 - Peter Coffee
Inside Out and Upside Down - FOO Camp 2016 - Peter CoffeeInside Out and Upside Down - FOO Camp 2016 - Peter Coffee
Inside Out and Upside Down - FOO Camp 2016 - Peter CoffeePeter Coffee
 
Forces of the Future That's Now - Peter Coffee at SoTeC 2015
Forces of the Future That's Now - Peter Coffee at SoTeC 2015Forces of the Future That's Now - Peter Coffee at SoTeC 2015
Forces of the Future That's Now - Peter Coffee at SoTeC 2015Peter Coffee
 
Forcing Functions: Reconceiving Everything - Peter Coffee at AITP San Diego C...
Forcing Functions: Reconceiving Everything - Peter Coffee at AITP San Diego C...Forcing Functions: Reconceiving Everything - Peter Coffee at AITP San Diego C...
Forcing Functions: Reconceiving Everything - Peter Coffee at AITP San Diego C...Peter Coffee
 
Delighting the Customer - The New Business Normal
Delighting the Customer - The New Business NormalDelighting the Customer - The New Business Normal
Delighting the Customer - The New Business NormalPeter Coffee
 
How To Thrive In A World of Connected Customers
How To Thrive In A World of Connected CustomersHow To Thrive In A World of Connected Customers
How To Thrive In A World of Connected CustomersPeter Coffee
 

En vedette (17)

Busting Silos, Boosting Communities
Busting Silos, Boosting CommunitiesBusting Silos, Boosting Communities
Busting Silos, Boosting Communities
 
Game of Phones - Becoming the Architects of Connection (Midwest Dreamin' Clos...
Game of Phones - Becoming the Architects of Connection (Midwest Dreamin' Clos...Game of Phones - Becoming the Architects of Connection (Midwest Dreamin' Clos...
Game of Phones - Becoming the Architects of Connection (Midwest Dreamin' Clos...
 
The Rising Floor of Platform - MIT Platform Summit 2014
The Rising Floor of Platform - MIT Platform Summit 2014The Rising Floor of Platform - MIT Platform Summit 2014
The Rising Floor of Platform - MIT Platform Summit 2014
 
Looking Back at the Next Ten Years - Fusion Symposium 2024
Looking Back at the Next Ten Years - Fusion Symposium 2024Looking Back at the Next Ten Years - Fusion Symposium 2024
Looking Back at the Next Ten Years - Fusion Symposium 2024
 
Your API: A Big Enough Box of Crayons?
Your API: A Big Enough Box of Crayons?Your API: A Big Enough Box of Crayons?
Your API: A Big Enough Box of Crayons?
 
Redefining "Clean IT": Rejecting Incremental Improvement
Redefining "Clean IT": Rejecting Incremental ImprovementRedefining "Clean IT": Rejecting Incremental Improvement
Redefining "Clean IT": Rejecting Incremental Improvement
 
Unleash innovation on the Customer Success Platform
Unleash innovation on the Customer Success PlatformUnleash innovation on the Customer Success Platform
Unleash innovation on the Customer Success Platform
 
Governing The Connected Everything
Governing The Connected EverythingGoverning The Connected Everything
Governing The Connected Everything
 
Fusion Trumps Confusion - 2015
Fusion Trumps Confusion - 2015Fusion Trumps Confusion - 2015
Fusion Trumps Confusion - 2015
 
It's About The Citizen - Changing Needs and Rising Expectations
It's About The Citizen - Changing Needs and Rising ExpectationsIt's About The Citizen - Changing Needs and Rising Expectations
It's About The Citizen - Changing Needs and Rising Expectations
 
Big Data Goes to Work - Liberating Latent Value in a Connected World - P.Coffee
Big Data Goes to Work - Liberating Latent Value in a Connected World - P.CoffeeBig Data Goes to Work - Liberating Latent Value in a Connected World - P.Coffee
Big Data Goes to Work - Liberating Latent Value in a Connected World - P.Coffee
 
New Services, No Silos: The Next 15 Years
New Services, No Silos: The Next 15 YearsNew Services, No Silos: The Next 15 Years
New Services, No Silos: The Next 15 Years
 
Inside Out and Upside Down - FOO Camp 2016 - Peter Coffee
Inside Out and Upside Down - FOO Camp 2016 - Peter CoffeeInside Out and Upside Down - FOO Camp 2016 - Peter Coffee
Inside Out and Upside Down - FOO Camp 2016 - Peter Coffee
 
Forces of the Future That's Now - Peter Coffee at SoTeC 2015
Forces of the Future That's Now - Peter Coffee at SoTeC 2015Forces of the Future That's Now - Peter Coffee at SoTeC 2015
Forces of the Future That's Now - Peter Coffee at SoTeC 2015
 
Forcing Functions: Reconceiving Everything - Peter Coffee at AITP San Diego C...
Forcing Functions: Reconceiving Everything - Peter Coffee at AITP San Diego C...Forcing Functions: Reconceiving Everything - Peter Coffee at AITP San Diego C...
Forcing Functions: Reconceiving Everything - Peter Coffee at AITP San Diego C...
 
Delighting the Customer - The New Business Normal
Delighting the Customer - The New Business NormalDelighting the Customer - The New Business Normal
Delighting the Customer - The New Business Normal
 
How To Thrive In A World of Connected Customers
How To Thrive In A World of Connected CustomersHow To Thrive In A World of Connected Customers
How To Thrive In A World of Connected Customers
 

Similaire à What Is "Secure"?

CHAPTER 7 Authentication and Authorization On
CHAPTER 7 Authentication and Authorization OnCHAPTER 7 Authentication and Authorization On
CHAPTER 7 Authentication and Authorization OnMaximaSheffield592
 
Authentication and session v4
Authentication and session v4Authentication and session v4
Authentication and session v4skimil
 
Data exfiltration so many threats 2016
Data exfiltration so many threats 2016Data exfiltration so many threats 2016
Data exfiltration so many threats 2016FitCEO, Inc. (FCI)
 
Physician Office Presentation
Physician Office PresentationPhysician Office Presentation
Physician Office Presentationfranbodh
 
Stopping Breaches at the Perimeter: Strategies for Secure Access Control
Stopping Breaches at the Perimeter: Strategies for Secure Access ControlStopping Breaches at the Perimeter: Strategies for Secure Access Control
Stopping Breaches at the Perimeter: Strategies for Secure Access ControlSecureAuth
 
Aligning Application Security to Compliance
Aligning Application Security to ComplianceAligning Application Security to Compliance
Aligning Application Security to ComplianceSecurity Innovation
 
Information security: importance of having defined policy & process
Information security: importance of having defined policy & processInformation security: importance of having defined policy & process
Information security: importance of having defined policy & processInformation Technology Society Nepal
 
A guide to Sustainable Cyber Security
A guide to Sustainable Cyber SecurityA guide to Sustainable Cyber Security
A guide to Sustainable Cyber SecurityErnest Staats
 
Whose Cloud Is It Anyway: Exploring Data Security Ownership and Control
Whose Cloud Is It Anyway: Exploring Data Security Ownership and ControlWhose Cloud Is It Anyway: Exploring Data Security Ownership and Control
Whose Cloud Is It Anyway: Exploring Data Security Ownership and ControlSafeNet
 
Privacies are Coming
Privacies are ComingPrivacies are Coming
Privacies are ComingErnest Staats
 
Data security to protect pci data flow ulf mattsson - insecure-mag-40
Data security to protect pci data flow ulf mattsson - insecure-mag-40Data security to protect pci data flow ulf mattsson - insecure-mag-40
Data security to protect pci data flow ulf mattsson - insecure-mag-40Ulf Mattsson
 
Psychological Security: Introducing the PsySec Field
Psychological Security: Introducing the PsySec FieldPsychological Security: Introducing the PsySec Field
Psychological Security: Introducing the PsySec FieldZach(ary) Eikenberry
 
How To Plan Successful Encryption Strategy
How To Plan Successful Encryption StrategyHow To Plan Successful Encryption Strategy
How To Plan Successful Encryption StrategyClickSSL
 
DataGravity Security Pop Quiz
DataGravity Security Pop QuizDataGravity Security Pop Quiz
DataGravity Security Pop QuizDataGravity
 
Security and Privacy
Security and PrivacySecurity and Privacy
Security and PrivacyJenny Nixon
 

Similaire à What Is "Secure"? (20)

CHAPTER 7 Authentication and Authorization On
CHAPTER 7 Authentication and Authorization OnCHAPTER 7 Authentication and Authorization On
CHAPTER 7 Authentication and Authorization On
 
Authentication and session v4
Authentication and session v4Authentication and session v4
Authentication and session v4
 
Data exfiltration so many threats 2016
Data exfiltration so many threats 2016Data exfiltration so many threats 2016
Data exfiltration so many threats 2016
 
Physician Office Presentation
Physician Office PresentationPhysician Office Presentation
Physician Office Presentation
 
Stopping Breaches at the Perimeter: Strategies for Secure Access Control
Stopping Breaches at the Perimeter: Strategies for Secure Access ControlStopping Breaches at the Perimeter: Strategies for Secure Access Control
Stopping Breaches at the Perimeter: Strategies for Secure Access Control
 
Aligning Application Security to Compliance
Aligning Application Security to ComplianceAligning Application Security to Compliance
Aligning Application Security to Compliance
 
Information security: importance of having defined policy & process
Information security: importance of having defined policy & processInformation security: importance of having defined policy & process
Information security: importance of having defined policy & process
 
Iss lecture 5
Iss lecture 5Iss lecture 5
Iss lecture 5
 
A guide to Sustainable Cyber Security
A guide to Sustainable Cyber SecurityA guide to Sustainable Cyber Security
A guide to Sustainable Cyber Security
 
The Cloud Beckons, But is it Safe?
The Cloud Beckons, But is it Safe?The Cloud Beckons, But is it Safe?
The Cloud Beckons, But is it Safe?
 
Whose Cloud Is It Anyway: Exploring Data Security Ownership and Control
Whose Cloud Is It Anyway: Exploring Data Security Ownership and ControlWhose Cloud Is It Anyway: Exploring Data Security Ownership and Control
Whose Cloud Is It Anyway: Exploring Data Security Ownership and Control
 
Main Menu
Main MenuMain Menu
Main Menu
 
Privacies are Coming
Privacies are ComingPrivacies are Coming
Privacies are Coming
 
Data security to protect pci data flow ulf mattsson - insecure-mag-40
Data security to protect pci data flow ulf mattsson - insecure-mag-40Data security to protect pci data flow ulf mattsson - insecure-mag-40
Data security to protect pci data flow ulf mattsson - insecure-mag-40
 
Psychological Security: Introducing the PsySec Field
Psychological Security: Introducing the PsySec FieldPsychological Security: Introducing the PsySec Field
Psychological Security: Introducing the PsySec Field
 
How To Plan Successful Encryption Strategy
How To Plan Successful Encryption StrategyHow To Plan Successful Encryption Strategy
How To Plan Successful Encryption Strategy
 
Digital Identity
Digital Identity Digital Identity
Digital Identity
 
DataGravity Security Pop Quiz
DataGravity Security Pop QuizDataGravity Security Pop Quiz
DataGravity Security Pop Quiz
 
Security and Privacy
Security and PrivacySecurity and Privacy
Security and Privacy
 
OWASP_Training.pptx
OWASP_Training.pptxOWASP_Training.pptx
OWASP_Training.pptx
 

Plus de Peter Coffee

Create And Keep a Customer
Create And Keep a CustomerCreate And Keep a Customer
Create And Keep a CustomerPeter Coffee
 
Snowforce 2017 Keynote - Peter Coffee
Snowforce 2017 Keynote - Peter CoffeeSnowforce 2017 Keynote - Peter Coffee
Snowforce 2017 Keynote - Peter CoffeePeter Coffee
 
#PaveItForward 2016 - Peter Coffee
#PaveItForward 2016 - Peter Coffee#PaveItForward 2016 - Peter Coffee
#PaveItForward 2016 - Peter CoffeePeter Coffee
 
Connecting Above the Cloud
Connecting Above the CloudConnecting Above the Cloud
Connecting Above the CloudPeter Coffee
 
We Do That Differently* Now
We Do That Differently* NowWe Do That Differently* Now
We Do That Differently* NowPeter Coffee
 
Future Normal - Why Every IT Trend Points to PaaS
Future Normal - Why Every IT Trend Points to PaaSFuture Normal - Why Every IT Trend Points to PaaS
Future Normal - Why Every IT Trend Points to PaaSPeter Coffee
 
Six Things About "The Cloud"
Six Things About "The Cloud"Six Things About "The Cloud"
Six Things About "The Cloud"Peter Coffee
 
"Disruption 101" Keynote Philly Phorum 2013
"Disruption 101" Keynote Philly Phorum 2013"Disruption 101" Keynote Philly Phorum 2013
"Disruption 101" Keynote Philly Phorum 2013Peter Coffee
 
Connection is the Goal: A View from Above the Cloud
Connection is the Goal: A View from Above the CloudConnection is the Goal: A View from Above the Cloud
Connection is the Goal: A View from Above the CloudPeter Coffee
 
Beyond the Internet of Things
Beyond the Internet of ThingsBeyond the Internet of Things
Beyond the Internet of ThingsPeter Coffee
 
Social Models and Innovation Ecosystems
Social Models and Innovation EcosystemsSocial Models and Innovation Ecosystems
Social Models and Innovation EcosystemsPeter Coffee
 
World Wide Platform
World Wide PlatformWorld Wide Platform
World Wide PlatformPeter Coffee
 
Possible; Inevitable; Essential: The Social and Mobile Cloud
Possible; Inevitable; Essential: The Social and Mobile Cloud Possible; Inevitable; Essential: The Social and Mobile Cloud
Possible; Inevitable; Essential: The Social and Mobile Cloud Peter Coffee
 

Plus de Peter Coffee (13)

Create And Keep a Customer
Create And Keep a CustomerCreate And Keep a Customer
Create And Keep a Customer
 
Snowforce 2017 Keynote - Peter Coffee
Snowforce 2017 Keynote - Peter CoffeeSnowforce 2017 Keynote - Peter Coffee
Snowforce 2017 Keynote - Peter Coffee
 
#PaveItForward 2016 - Peter Coffee
#PaveItForward 2016 - Peter Coffee#PaveItForward 2016 - Peter Coffee
#PaveItForward 2016 - Peter Coffee
 
Connecting Above the Cloud
Connecting Above the CloudConnecting Above the Cloud
Connecting Above the Cloud
 
We Do That Differently* Now
We Do That Differently* NowWe Do That Differently* Now
We Do That Differently* Now
 
Future Normal - Why Every IT Trend Points to PaaS
Future Normal - Why Every IT Trend Points to PaaSFuture Normal - Why Every IT Trend Points to PaaS
Future Normal - Why Every IT Trend Points to PaaS
 
Six Things About "The Cloud"
Six Things About "The Cloud"Six Things About "The Cloud"
Six Things About "The Cloud"
 
"Disruption 101" Keynote Philly Phorum 2013
"Disruption 101" Keynote Philly Phorum 2013"Disruption 101" Keynote Philly Phorum 2013
"Disruption 101" Keynote Philly Phorum 2013
 
Connection is the Goal: A View from Above the Cloud
Connection is the Goal: A View from Above the CloudConnection is the Goal: A View from Above the Cloud
Connection is the Goal: A View from Above the Cloud
 
Beyond the Internet of Things
Beyond the Internet of ThingsBeyond the Internet of Things
Beyond the Internet of Things
 
Social Models and Innovation Ecosystems
Social Models and Innovation EcosystemsSocial Models and Innovation Ecosystems
Social Models and Innovation Ecosystems
 
World Wide Platform
World Wide PlatformWorld Wide Platform
World Wide Platform
 
Possible; Inevitable; Essential: The Social and Mobile Cloud
Possible; Inevitable; Essential: The Social and Mobile Cloud Possible; Inevitable; Essential: The Social and Mobile Cloud
Possible; Inevitable; Essential: The Social and Mobile Cloud
 

Dernier

IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsEnterprise Knowledge
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountPuma Security, LLC
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slidevu2urc
 
Maximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxMaximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxOnBoard
 
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...HostedbyConfluent
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Igalia
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationRadu Cotescu
 
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 3652toLead Limited
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Miguel Araújo
 
A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024Results
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Drew Madelung
 
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | DelhiFULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhisoniya singh
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)Gabriella Davis
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityPrincipled Technologies
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdfhans926745
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonAnna Loughnan Colquhoun
 
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Alan Dix
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking MenDelhi Call girls
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsMaria Levchenko
 
SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024Scott Keck-Warren
 

Dernier (20)

IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI Solutions
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path Mount
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slide
 
Maximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxMaximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptx
 
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
 
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
 
A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
 
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | DelhiFULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt Robison
 
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed texts
 
SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024
 

What Is "Secure"?

  • 1. What is “Secure”? “If you think cryptography can solve your problem, then you don't understand your problem and you don't understand cryptography.” – Bruce Schneier, 1998
  • 2. The Nouns and Verbs of Security  Preserve integrity, availability & access  Permit authentication and authorization  Assure confidentiality & control  Promote awareness and accountability  Perform inspection; maintain protection; afford detection; enable reaction; build on reflection
  • 3. The Nouns and Verbs of Security  Preserve integrity, availability & access  Permit authentication and authorization  Assure confidentiality & control  Promote awareness and accountability  Perform inspection; maintain protection; afford detection; enable reaction; build on reflection
  • 4. The Nouns and Verbs of Security  If all you want is data protection, put it on tape and store it in a Kansas cavern  The point of security is to maximize the risk-adjusted value of the asset: money in a bank, not under a mattress  Infosec is therefore a process, not a product; a mode of travel, not a destination
  • 6. “Who” Matters So Much More than “Where” "There are five common factors that lead to the compromise of database information": • ignorance • poor password management • rampant account sharing • unfettered access to data • excessive portability of data DarkReading.com, October 2009
  • 8. Single-Tenant vs. Multi-Tenant Clouds In a multi-tenant environment, all applications run under a common trust model: more manageable, more consistent, more subject to rigorous scrutiny by trained specialists (internal & customer) Shared infrastructure Other apps Single tenancy entails creation of multiple software stacks, whether real or virtual: each layer in each stack represents a distinct opportunity for misconfiguration or other sources of security risk Server OS Database App Server Storage Network App 1 Server OS Database App Server Storage Network App 2 Server OS Database App Server Storage Network App 3
  • 9. Every Act an Invocation: Granular Privilege
  • 10.  Password security policies  Rich Sharing Rules  User Profiles  SSO/2-factor solutions Login… Authenticate… Apply Data Security Rules… View Filtered Content Bottom-Up Design to be “Shared and Secure”
  • 11.  Expanding legislation, regulation, mainstream mind share  Rising standard of due diligence  Desktop/laptop systems carry far too much “state” – More data than people actually use – Far too much data that user may easily lose – More than one version of what should be one shared truth  Cloud’s Solutions: – Logical view of exactly one database – Profile definitions manage privilege sets – Activity logs precisely record actions Governance: More Eyes, More Agendas
  • 12. Strong Session Management Every row in the database contains an ORG_ID - Unique encoded string Session Tokens – user unique, non-predictable long random value generated for each session combined with a routing “hint” and checksum, base64 encoded Contains no user-identifiable information Session Timeout – 15 Mins to 8 Hrs Lock Sessions to IP – prevent hijacking and replay attacks SSLv3/TLS used to prevent token capture / session hijacking Session Logout – Explicitly expire and destroy the session Common Controls + Customer Choices
  • 13. • SSL data encryption • Optional strict password policies • SAS 70 Type II & SysTrust Certification • Security certifications from Fortune 50 financial services customers • May 2008: ISO 27001 Certification Platform Security • Fault tolerant external firewall • Intrusion detection systems • Best practices secure systems mgmt • 3rd party vulnerability assessments Network Security • 24x365 on site security • Biometric readers, man traps • Anonymous exterior • Silent alarm • CCTV • Motion detection • N+1 infrastructure Facility Security World-Class Defense in Depth “There are some strong technical security arguments in favor of Cloud Computing… (Craig Balding, Fortune 500 security practitioner)
  • 14. Peter Coffee VP for Strategic Research pcoffee@salesforce.com facebook.com/peter.coffee twitter.com/petercoffee