SlideShare a Scribd company logo

Security best practices.

Cotap Engineering
Cotap Engineering

In this tech talk, Victor Levasseur covers security best practices for mobile development. Data in movement, data at rest, security policies etc.

Engineering
1 of 13
Download to read offline
High Security Requirements Working in the security market
High Security market • Customers: • Intelligence agencies (NSA, CIA, USAF, WH) • Finances (Banks) • Governments (Justice system, education system) • Chief Security Officer / CIO has power to decide • Product features come after security features
ionGrid • Solve BYOD for file access • Secure container • Integrates with current infrastructure
Data in movement
Data in movement (cont) • Provisioning • Enables end-to-end encryption • Improves security against “man in the middle attack” • Secure channel in AMQP protocol • Pro : AMQP instead of HTTPS gives stronger encryption • Cons : very hard to work with… • Real use case • Pretty much everything…
Data at rest (cont) Data Key Password
Data at rest • Encrypt data • Much harder to access the data against a dumping attack • Server gives the key every time authentication is correct • Multiple factor authentication (password, RSA SecureID, etc…) • Offline authentication • Encrypt master key using password • User can retrieve its key with password
Security policies • Classic RWX (Read, Write, Execute) • Pros: Access data, modify them, etc… • Cons: Very hard to express the business needs • “Can I … ?” policies (ie: can login) • Pros: Much better for business needs • Cons: Requires a lot of maintenance • How can I handle a lot of business rules ? • Access data only during the day / at a location • Specify policies per file / folder / user
Security policies (cont) • Empower your customer with its own security policies! • Define “Can I … ?” policies in client • Policy engine is defined in JavaScript • Let the company code and define its own rules or use simple true/false checkboxes • Code snippet can be defined per file / user • Code is shipped to the device • Works offline • Works in the future
Device compromised • Simple cases: • Device stolen or lost • Employee quits or is fired • Device exits location • Active attacks • Faraday bag • Forensic attack TIME-BOMB EVERYTHING!
Real use cases • JP Morgan • Encryption and secure channel • Coke • Executive board members would loose their iPads… • NBC universal • TV Shows scripts should only be accessed with a specific set of rules • Schweppes • Secure video streaming
Real use cases (cont) • New York City Transit • Offline use • Application secure sandbox in HTML5 • “pg&e from the east coast” • Got rid of “secure binders” during Sandy storm • White House / CIA / USAF • Overall security • Supreme court of Australia • Security ended up speeding trial time by 10%
And now… • Which use case around secure messaging have you heard about ? • What security problem should we try to solve ?

Recommended

Building a Hacker Resistant Network
Building a Hacker Resistant Network Building a Hacker Resistant Network
Building a Hacker Resistant Network Sentry Global Technologies, LLC
 
Efficient data transfer in Android
Efficient data transfer in AndroidEfficient data transfer in Android
Efficient data transfer in AndroidCotap Engineering
 
Startup survival lessons
Startup survival lessonsStartup survival lessons
Startup survival lessonsCotap Engineering
 
MQTT
MQTTMQTT
MQTTCotap Engineering
 
Model S Cover - LCT Oct 2013
Model S Cover - LCT Oct 2013Model S Cover - LCT Oct 2013
Model S Cover - LCT Oct 2013Robert Aguirre
 
How to video.
How to video.How to video.
How to video.Cotap Engineering
 
Proterra TearSheet
Proterra TearSheetProterra TearSheet
Proterra TearSheetRobert Aguirre
 
Architecting for the Cloud: Hoping for the best, prepared for the worst
Architecting for the Cloud: Hoping for the best, prepared for the worstArchitecting for the Cloud: Hoping for the best, prepared for the worst
Architecting for the Cloud: Hoping for the best, prepared for the worstCotap Engineering
 

Recommended

Building a Hacker Resistant Network
Building a Hacker Resistant Network Building a Hacker Resistant Network
Building a Hacker Resistant Network Sentry Global Technologies, LLC
 
Efficient data transfer in Android
Efficient data transfer in AndroidEfficient data transfer in Android
Efficient data transfer in AndroidCotap Engineering
 
Startup survival lessons
Startup survival lessonsStartup survival lessons
Startup survival lessonsCotap Engineering
 
MQTT
MQTTMQTT
MQTTCotap Engineering
 
Model S Cover - LCT Oct 2013
Model S Cover - LCT Oct 2013Model S Cover - LCT Oct 2013
Model S Cover - LCT Oct 2013Robert Aguirre
 
How to video.
How to video.How to video.
How to video.Cotap Engineering
 
Proterra TearSheet
Proterra TearSheetProterra TearSheet
Proterra TearSheetRobert Aguirre
 
Architecting for the Cloud: Hoping for the best, prepared for the worst
Architecting for the Cloud: Hoping for the best, prepared for the worstArchitecting for the Cloud: Hoping for the best, prepared for the worst
Architecting for the Cloud: Hoping for the best, prepared for the worstCotap Engineering
 
Laporan hasil pratikum indikator asam basa alami
Laporan hasil pratikum indikator asam basa alamiLaporan hasil pratikum indikator asam basa alami
Laporan hasil pratikum indikator asam basa alamiNita Kurniasih
 
Rennes
RennesRennes
Rennesleireagirregabiria
 
Natural language processing in iOS / OSX
Natural language processing in iOS / OSXNatural language processing in iOS / OSX
Natural language processing in iOS / OSXCotap Engineering
 
Indeks harga dan inflasi, permintaan dan penawaran uang
Indeks harga dan inflasi, permintaan dan penawaran uangIndeks harga dan inflasi, permintaan dan penawaran uang
Indeks harga dan inflasi, permintaan dan penawaran uangNita Kurniasih
 
Agama qada dan qadar
Agama qada dan qadarAgama qada dan qadar
Agama qada dan qadarNita Kurniasih
 
Sejarah peradaban Yunani Kuno
Sejarah peradaban Yunani KunoSejarah peradaban Yunani Kuno
Sejarah peradaban Yunani KunoNita Kurniasih
 
Notes on Debugging
Notes on DebuggingNotes on Debugging
Notes on DebuggingCotap Engineering
 
Sejarah Perang Aceh
Sejarah Perang AcehSejarah Perang Aceh
Sejarah Perang AcehNita Kurniasih
 
Laporan Hasil Praktikum Koloid
Laporan Hasil Praktikum KoloidLaporan Hasil Praktikum Koloid
Laporan Hasil Praktikum KoloidNita Kurniasih
 
Pancasila sebagai ideologi
Pancasila sebagai ideologiPancasila sebagai ideologi
Pancasila sebagai ideologiNita Kurniasih
 
Web-of-Things and Services Security
Web-of-Things and Services SecurityWeb-of-Things and Services Security
Web-of-Things and Services SecurityOliver Pfaff
 
Expand Your Control of Access to IBM i Systems and Data
Expand Your Control of Access to IBM i Systems and DataExpand Your Control of Access to IBM i Systems and Data
Expand Your Control of Access to IBM i Systems and DataPrecisely
 
Controlling Access to IBM i Systems and Data
Controlling Access to IBM i Systems and DataControlling Access to IBM i Systems and Data
Controlling Access to IBM i Systems and DataPrecisely
 
It security the condensed version
It security the condensed version It security the condensed version
It security the condensed version Brian Pichman
 
What Does a Full Featured Security Strategy Look Like?
What Does a Full Featured Security Strategy Look Like?What Does a Full Featured Security Strategy Look Like?
What Does a Full Featured Security Strategy Look Like?Precisely
 
Protecting Data with Short-Lived Encryption Keys and Hardware Root of Trust
Protecting Data with Short-Lived Encryption Keys and Hardware Root of TrustProtecting Data with Short-Lived Encryption Keys and Hardware Root of Trust
Protecting Data with Short-Lived Encryption Keys and Hardware Root of TrustDan Griffin
 
Keynote Information Security days Luxembourg 2015
Keynote Information Security days Luxembourg 2015Keynote Information Security days Luxembourg 2015
Keynote Information Security days Luxembourg 2015Claus Cramon Houmann
 
Track 5 session 2 - st dev con 2016 - security iot best practices
Track 5 session 2 - st dev con 2016 - security iot best practicesTrack 5 session 2 - st dev con 2016 - security iot best practices
Track 5 session 2 - st dev con 2016 - security iot best practicesST_World
 
Security Challenges in Emerging Technologies
Security Challenges in Emerging TechnologiesSecurity Challenges in Emerging Technologies
Security Challenges in Emerging TechnologiesSmart Assessment
 
Security Challenges in Emerging Technologies
Security Challenges in Emerging TechnologiesSecurity Challenges in Emerging Technologies
Security Challenges in Emerging TechnologiesPraveen Vackayil
 
Keynote at the Cyber Security Summit Prague 2015
Keynote at the Cyber Security Summit Prague 2015Keynote at the Cyber Security Summit Prague 2015
Keynote at the Cyber Security Summit Prague 2015Claus Cramon Houmann
 
Ryan Elkins - Simple Security Defense to Thwart an Army of Cyber Ninja Warriors
Ryan Elkins - Simple Security Defense to Thwart an Army of Cyber Ninja WarriorsRyan Elkins - Simple Security Defense to Thwart an Army of Cyber Ninja Warriors
Ryan Elkins - Simple Security Defense to Thwart an Army of Cyber Ninja WarriorsRyan Elkins
 

More Related Content

Viewers also liked

Laporan hasil pratikum indikator asam basa alami
Laporan hasil pratikum indikator asam basa alamiLaporan hasil pratikum indikator asam basa alami
Laporan hasil pratikum indikator asam basa alamiNita Kurniasih
 
Natural language processing in iOS / OSX
Natural language processing in iOS / OSXNatural language processing in iOS / OSX
Natural language processing in iOS / OSXCotap Engineering
 
Indeks harga dan inflasi, permintaan dan penawaran uang
Indeks harga dan inflasi, permintaan dan penawaran uangIndeks harga dan inflasi, permintaan dan penawaran uang
Indeks harga dan inflasi, permintaan dan penawaran uangNita Kurniasih
 
Sejarah peradaban Yunani Kuno
Sejarah peradaban Yunani KunoSejarah peradaban Yunani Kuno
Sejarah peradaban Yunani KunoNita Kurniasih
 
Laporan Hasil Praktikum Koloid
Laporan Hasil Praktikum KoloidLaporan Hasil Praktikum Koloid
Laporan Hasil Praktikum KoloidNita Kurniasih
 
Pancasila sebagai ideologi
Pancasila sebagai ideologiPancasila sebagai ideologi
Pancasila sebagai ideologiNita Kurniasih
 

Viewers also liked (10)

Laporan hasil pratikum indikator asam basa alami
Laporan hasil pratikum indikator asam basa alamiLaporan hasil pratikum indikator asam basa alami
Laporan hasil pratikum indikator asam basa alami
 
Rennes
RennesRennes
Rennes
 
Natural language processing in iOS / OSX
Natural language processing in iOS / OSXNatural language processing in iOS / OSX
Natural language processing in iOS / OSX
 
Indeks harga dan inflasi, permintaan dan penawaran uang
Indeks harga dan inflasi, permintaan dan penawaran uangIndeks harga dan inflasi, permintaan dan penawaran uang
Indeks harga dan inflasi, permintaan dan penawaran uang
 
Agama qada dan qadar
Agama qada dan qadarAgama qada dan qadar
Agama qada dan qadar
 
Sejarah peradaban Yunani Kuno
Sejarah peradaban Yunani KunoSejarah peradaban Yunani Kuno
Sejarah peradaban Yunani Kuno
 
Notes on Debugging
Notes on DebuggingNotes on Debugging
Notes on Debugging
 
Sejarah Perang Aceh
Sejarah Perang AcehSejarah Perang Aceh
Sejarah Perang Aceh
 
Laporan Hasil Praktikum Koloid
Laporan Hasil Praktikum KoloidLaporan Hasil Praktikum Koloid
Laporan Hasil Praktikum Koloid
 
Pancasila sebagai ideologi
Pancasila sebagai ideologiPancasila sebagai ideologi
Pancasila sebagai ideologi
 

Similar to Security best practices.

Web-of-Things and Services Security
Web-of-Things and Services SecurityWeb-of-Things and Services Security
Web-of-Things and Services SecurityOliver Pfaff
 
Expand Your Control of Access to IBM i Systems and Data
Expand Your Control of Access to IBM i Systems and DataExpand Your Control of Access to IBM i Systems and Data
Expand Your Control of Access to IBM i Systems and DataPrecisely
 
Controlling Access to IBM i Systems and Data
Controlling Access to IBM i Systems and DataControlling Access to IBM i Systems and Data
Controlling Access to IBM i Systems and DataPrecisely
 
It security the condensed version
It security the condensed version It security the condensed version
It security the condensed version Brian Pichman
 
What Does a Full Featured Security Strategy Look Like?
What Does a Full Featured Security Strategy Look Like?What Does a Full Featured Security Strategy Look Like?
What Does a Full Featured Security Strategy Look Like?Precisely
 
Protecting Data with Short-Lived Encryption Keys and Hardware Root of Trust
Protecting Data with Short-Lived Encryption Keys and Hardware Root of TrustProtecting Data with Short-Lived Encryption Keys and Hardware Root of Trust
Protecting Data with Short-Lived Encryption Keys and Hardware Root of TrustDan Griffin
 
Keynote Information Security days Luxembourg 2015
Keynote Information Security days Luxembourg 2015Keynote Information Security days Luxembourg 2015
Keynote Information Security days Luxembourg 2015Claus Cramon Houmann
 
Track 5 session 2 - st dev con 2016 - security iot best practices
Track 5 session 2 - st dev con 2016 - security iot best practicesTrack 5 session 2 - st dev con 2016 - security iot best practices
Track 5 session 2 - st dev con 2016 - security iot best practicesST_World
 
Security Challenges in Emerging Technologies
Security Challenges in Emerging TechnologiesSecurity Challenges in Emerging Technologies
Security Challenges in Emerging TechnologiesSmart Assessment
 
Security Challenges in Emerging Technologies
Security Challenges in Emerging TechnologiesSecurity Challenges in Emerging Technologies
Security Challenges in Emerging TechnologiesPraveen Vackayil
 
Keynote at the Cyber Security Summit Prague 2015
Keynote at the Cyber Security Summit Prague 2015Keynote at the Cyber Security Summit Prague 2015
Keynote at the Cyber Security Summit Prague 2015Claus Cramon Houmann
 
Ryan Elkins - Simple Security Defense to Thwart an Army of Cyber Ninja Warriors
Ryan Elkins - Simple Security Defense to Thwart an Army of Cyber Ninja WarriorsRyan Elkins - Simple Security Defense to Thwart an Army of Cyber Ninja Warriors
Ryan Elkins - Simple Security Defense to Thwart an Army of Cyber Ninja WarriorsRyan Elkins
 
Presentation infra and_datacentrre_dialogue_v2
Presentation infra and_datacentrre_dialogue_v2Presentation infra and_datacentrre_dialogue_v2
Presentation infra and_datacentrre_dialogue_v2Claus Cramon Houmann
 
java-card20232024999999999999999999999999999999999999999999999999999999999999...
java-card20232024999999999999999999999999999999999999999999999999999999999999...java-card20232024999999999999999999999999999999999999999999999999999999999999...
java-card20232024999999999999999999999999999999999999999999999999999999999999...ouahibakellou
 
Authentication Technologies
Authentication TechnologiesAuthentication Technologies
Authentication TechnologiesNicholas Davis
 
Authentication technologies
Authentication technologiesAuthentication technologies
Authentication technologiesNicholas Davis
 
SANSFIRE18: War Stories on Using Automated Threat Intelligence for Defense
SANSFIRE18: War Stories on Using Automated Threat Intelligence for DefenseSANSFIRE18: War Stories on Using Automated Threat Intelligence for Defense
SANSFIRE18: War Stories on Using Automated Threat Intelligence for DefenseJohn Bambenek
 
MongoDB .local London 2019: New Encryption Capabilities in MongoDB 4.2: A Dee...
MongoDB .local London 2019: New Encryption Capabilities in MongoDB 4.2: A Dee...MongoDB .local London 2019: New Encryption Capabilities in MongoDB 4.2: A Dee...
MongoDB .local London 2019: New Encryption Capabilities in MongoDB 4.2: A Dee...MongoDB
 
Have the Bad Guys Won the Cyber security War...
Have the Bad Guys Won the Cyber security War...Have the Bad Guys Won the Cyber security War...
Have the Bad Guys Won the Cyber security War...Andrew Hammond
 

Similar to Security best practices. (20)

Web-of-Things and Services Security
Web-of-Things and Services SecurityWeb-of-Things and Services Security
Web-of-Things and Services Security
 
Expand Your Control of Access to IBM i Systems and Data
Expand Your Control of Access to IBM i Systems and DataExpand Your Control of Access to IBM i Systems and Data
Expand Your Control of Access to IBM i Systems and Data
 
Controlling Access to IBM i Systems and Data
Controlling Access to IBM i Systems and DataControlling Access to IBM i Systems and Data
Controlling Access to IBM i Systems and Data
 
It security the condensed version
It security the condensed version It security the condensed version
It security the condensed version
 
What Does a Full Featured Security Strategy Look Like?
What Does a Full Featured Security Strategy Look Like?What Does a Full Featured Security Strategy Look Like?
What Does a Full Featured Security Strategy Look Like?
 
Protecting Data with Short-Lived Encryption Keys and Hardware Root of Trust
Protecting Data with Short-Lived Encryption Keys and Hardware Root of TrustProtecting Data with Short-Lived Encryption Keys and Hardware Root of Trust
Protecting Data with Short-Lived Encryption Keys and Hardware Root of Trust
 
Keynote Information Security days Luxembourg 2015
Keynote Information Security days Luxembourg 2015Keynote Information Security days Luxembourg 2015
Keynote Information Security days Luxembourg 2015
 
Track 5 session 2 - st dev con 2016 - security iot best practices
Track 5 session 2 - st dev con 2016 - security iot best practicesTrack 5 session 2 - st dev con 2016 - security iot best practices
Track 5 session 2 - st dev con 2016 - security iot best practices
 
Security Challenges in Emerging Technologies
Security Challenges in Emerging TechnologiesSecurity Challenges in Emerging Technologies
Security Challenges in Emerging Technologies
 
Security Challenges in Emerging Technologies
Security Challenges in Emerging TechnologiesSecurity Challenges in Emerging Technologies
Security Challenges in Emerging Technologies
 
Keynote at the Cyber Security Summit Prague 2015
Keynote at the Cyber Security Summit Prague 2015Keynote at the Cyber Security Summit Prague 2015
Keynote at the Cyber Security Summit Prague 2015
 
Ryan Elkins - Simple Security Defense to Thwart an Army of Cyber Ninja Warriors
Ryan Elkins - Simple Security Defense to Thwart an Army of Cyber Ninja WarriorsRyan Elkins - Simple Security Defense to Thwart an Army of Cyber Ninja Warriors
Ryan Elkins - Simple Security Defense to Thwart an Army of Cyber Ninja Warriors
 
Presentation infra and_datacentrre_dialogue_v2
Presentation infra and_datacentrre_dialogue_v2Presentation infra and_datacentrre_dialogue_v2
Presentation infra and_datacentrre_dialogue_v2
 
java-card20232024999999999999999999999999999999999999999999999999999999999999...
java-card20232024999999999999999999999999999999999999999999999999999999999999...java-card20232024999999999999999999999999999999999999999999999999999999999999...
java-card20232024999999999999999999999999999999999999999999999999999999999999...
 
Authentication Technologies
Authentication TechnologiesAuthentication Technologies
Authentication Technologies
 
Authentication technologies
Authentication technologiesAuthentication technologies
Authentication technologies
 
SANSFIRE18: War Stories on Using Automated Threat Intelligence for Defense
SANSFIRE18: War Stories on Using Automated Threat Intelligence for DefenseSANSFIRE18: War Stories on Using Automated Threat Intelligence for Defense
SANSFIRE18: War Stories on Using Automated Threat Intelligence for Defense
 
Security Issues in Internet of Things
Security Issues in Internet of ThingsSecurity Issues in Internet of Things
Security Issues in Internet of Things
 
MongoDB .local London 2019: New Encryption Capabilities in MongoDB 4.2: A Dee...
MongoDB .local London 2019: New Encryption Capabilities in MongoDB 4.2: A Dee...MongoDB .local London 2019: New Encryption Capabilities in MongoDB 4.2: A Dee...
MongoDB .local London 2019: New Encryption Capabilities in MongoDB 4.2: A Dee...
 
Have the Bad Guys Won the Cyber security War...
Have the Bad Guys Won the Cyber security War...Have the Bad Guys Won the Cyber security War...
Have the Bad Guys Won the Cyber security War...
 

Recently uploaded

Oxy acetylene welding presentation note.
Oxy acetylene welding presentation note.Oxy acetylene welding presentation note.
Oxy acetylene welding presentation note.eptoze12
 
Electronically Controlled suspensions system .pdf
Electronically Controlled suspensions system .pdfElectronically Controlled suspensions system .pdf
Electronically Controlled suspensions system .pdfme23b1001
 
Past, Present and Future of Generative AI
Past, Present and Future of Generative AIPast, Present and Future of Generative AI
Past, Present and Future of Generative AIabhishek36461
 
INFLUENCE OF NANOSILICA ON THE PROPERTIES OF CONCRETE
INFLUENCE OF NANOSILICA ON THE PROPERTIES OF CONCRETEINFLUENCE OF NANOSILICA ON THE PROPERTIES OF CONCRETE
INFLUENCE OF NANOSILICA ON THE PROPERTIES OF CONCRETEroselinkalist12
 
Instrumentation, measurement and control of bio process parameters ( Temperat...
Instrumentation, measurement and control of bio process parameters ( Temperat...Instrumentation, measurement and control of bio process parameters ( Temperat...
Instrumentation, measurement and control of bio process parameters ( Temperat...121011101441
 
CCS355 Neural Network & Deep Learning UNIT III notes and Question bank .pdf
CCS355 Neural Network & Deep Learning UNIT III notes and Question bank .pdfCCS355 Neural Network & Deep Learning UNIT III notes and Question bank .pdf
CCS355 Neural Network & Deep Learning UNIT III notes and Question bank .pdfAsst.prof M.Gokilavani
 
Unit7-DC_Motors nkkjnsdkfnfcdfknfdgfggfg
Unit7-DC_Motors nkkjnsdkfnfcdfknfdgfggfgUnit7-DC_Motors nkkjnsdkfnfcdfknfdgfggfg
Unit7-DC_Motors nkkjnsdkfnfcdfknfdgfggfgsaravananr517913
 
Concrete Mix Design - IS 10262-2019 - .pptx
Concrete Mix Design - IS 10262-2019 - .pptxConcrete Mix Design - IS 10262-2019 - .pptx
Concrete Mix Design - IS 10262-2019 - .pptxKartikeyaDwivedi3
 
IVE Industry Focused Event - Defence Sector 2024
IVE Industry Focused Event - Defence Sector 2024IVE Industry Focused Event - Defence Sector 2024
IVE Industry Focused Event - Defence Sector 2024Mark Billinghurst
 
Solving The Right Triangles PowerPoint 2.ppt
Solving The Right Triangles PowerPoint 2.pptSolving The Right Triangles PowerPoint 2.ppt
Solving The Right Triangles PowerPoint 2.pptJasonTagapanGulla
 
computer application and construction management
computer application and construction managementcomputer application and construction management
computer application and construction managementMariconPadriquez1
 
Vishratwadi & Ghorpadi Bridge Tender documents
Vishratwadi & Ghorpadi Bridge Tender documentsVishratwadi & Ghorpadi Bridge Tender documents
Vishratwadi & Ghorpadi Bridge Tender documentsSachinPawar510423
 
welding defects observed during the welding
welding defects observed during the weldingwelding defects observed during the welding
welding defects observed during the weldingMuhammadUzairLiaqat
 
Transport layer issues and challenges - Guide
Transport layer issues and challenges - GuideTransport layer issues and challenges - Guide
Transport layer issues and challenges - GuideGOPINATHS437943
 
Call Us ≽ 8377877756 ≼ Call Girls In Shastri Nagar (Delhi)
Call Us ≽ 8377877756 ≼ Call Girls In Shastri Nagar (Delhi)Call Us ≽ 8377877756 ≼ Call Girls In Shastri Nagar (Delhi)
Call Us ≽ 8377877756 ≼ Call Girls In Shastri Nagar (Delhi)dollysharma2066
 
complete construction, environmental and economics information of biomass com...
complete construction, environmental and economics information of biomass com...complete construction, environmental and economics information of biomass com...
complete construction, environmental and economics information of biomass com...asadnawaz62
 
Why does (not) Kafka need fsync: Eliminating tail latency spikes caused by fsync
Why does (not) Kafka need fsync: Eliminating tail latency spikes caused by fsyncWhy does (not) Kafka need fsync: Eliminating tail latency spikes caused by fsync
Why does (not) Kafka need fsync: Eliminating tail latency spikes caused by fsyncssuser2ae721
 
Software and Systems Engineering Standards: Verification and Validation of Sy...
Software and Systems Engineering Standards: Verification and Validation of Sy...Software and Systems Engineering Standards: Verification and Validation of Sy...
Software and Systems Engineering Standards: Verification and Validation of Sy...VICTOR MAESTRE RAMIREZ
 
Sachpazis Costas: Geotechnical Engineering: A student's Perspective Introduction
Sachpazis Costas: Geotechnical Engineering: A student's Perspective IntroductionSachpazis Costas: Geotechnical Engineering: A student's Perspective Introduction
Sachpazis Costas: Geotechnical Engineering: A student's Perspective IntroductionDr.Costas Sachpazis
 

Recently uploaded (20)

Oxy acetylene welding presentation note.
Oxy acetylene welding presentation note.Oxy acetylene welding presentation note.
Oxy acetylene welding presentation note.
 
Electronically Controlled suspensions system .pdf
Electronically Controlled suspensions system .pdfElectronically Controlled suspensions system .pdf
Electronically Controlled suspensions system .pdf
 
Past, Present and Future of Generative AI
Past, Present and Future of Generative AIPast, Present and Future of Generative AI
Past, Present and Future of Generative AI
 
INFLUENCE OF NANOSILICA ON THE PROPERTIES OF CONCRETE
INFLUENCE OF NANOSILICA ON THE PROPERTIES OF CONCRETEINFLUENCE OF NANOSILICA ON THE PROPERTIES OF CONCRETE
INFLUENCE OF NANOSILICA ON THE PROPERTIES OF CONCRETE
 
Instrumentation, measurement and control of bio process parameters ( Temperat...
Instrumentation, measurement and control of bio process parameters ( Temperat...Instrumentation, measurement and control of bio process parameters ( Temperat...
Instrumentation, measurement and control of bio process parameters ( Temperat...
 
CCS355 Neural Network & Deep Learning UNIT III notes and Question bank .pdf
CCS355 Neural Network & Deep Learning UNIT III notes and Question bank .pdfCCS355 Neural Network & Deep Learning UNIT III notes and Question bank .pdf
CCS355 Neural Network & Deep Learning UNIT III notes and Question bank .pdf
 
Unit7-DC_Motors nkkjnsdkfnfcdfknfdgfggfg
Unit7-DC_Motors nkkjnsdkfnfcdfknfdgfggfgUnit7-DC_Motors nkkjnsdkfnfcdfknfdgfggfg
Unit7-DC_Motors nkkjnsdkfnfcdfknfdgfggfg
 
Concrete Mix Design - IS 10262-2019 - .pptx
Concrete Mix Design - IS 10262-2019 - .pptxConcrete Mix Design - IS 10262-2019 - .pptx
Concrete Mix Design - IS 10262-2019 - .pptx
 
IVE Industry Focused Event - Defence Sector 2024
IVE Industry Focused Event - Defence Sector 2024IVE Industry Focused Event - Defence Sector 2024
IVE Industry Focused Event - Defence Sector 2024
 
Solving The Right Triangles PowerPoint 2.ppt
Solving The Right Triangles PowerPoint 2.pptSolving The Right Triangles PowerPoint 2.ppt
Solving The Right Triangles PowerPoint 2.ppt
 
computer application and construction management
computer application and construction managementcomputer application and construction management
computer application and construction management
 
Vishratwadi & Ghorpadi Bridge Tender documents
Vishratwadi & Ghorpadi Bridge Tender documentsVishratwadi & Ghorpadi Bridge Tender documents
Vishratwadi & Ghorpadi Bridge Tender documents
 
welding defects observed during the welding
welding defects observed during the weldingwelding defects observed during the welding
welding defects observed during the welding
 
Transport layer issues and challenges - Guide
Transport layer issues and challenges - GuideTransport layer issues and challenges - Guide
Transport layer issues and challenges - Guide
 
Call Us ≽ 8377877756 ≼ Call Girls In Shastri Nagar (Delhi)
Call Us ≽ 8377877756 ≼ Call Girls In Shastri Nagar (Delhi)Call Us ≽ 8377877756 ≼ Call Girls In Shastri Nagar (Delhi)
Call Us ≽ 8377877756 ≼ Call Girls In Shastri Nagar (Delhi)
 
complete construction, environmental and economics information of biomass com...
complete construction, environmental and economics information of biomass com...complete construction, environmental and economics information of biomass com...
complete construction, environmental and economics information of biomass com...
 
Why does (not) Kafka need fsync: Eliminating tail latency spikes caused by fsync
Why does (not) Kafka need fsync: Eliminating tail latency spikes caused by fsyncWhy does (not) Kafka need fsync: Eliminating tail latency spikes caused by fsync
Why does (not) Kafka need fsync: Eliminating tail latency spikes caused by fsync
 
Software and Systems Engineering Standards: Verification and Validation of Sy...
Software and Systems Engineering Standards: Verification and Validation of Sy...Software and Systems Engineering Standards: Verification and Validation of Sy...
Software and Systems Engineering Standards: Verification and Validation of Sy...
 
9953056974 Call Girls In South Ex, Escorts (Delhi) NCR.pdf
9953056974 Call Girls In South Ex, Escorts (Delhi) NCR.pdf9953056974 Call Girls In South Ex, Escorts (Delhi) NCR.pdf
9953056974 Call Girls In South Ex, Escorts (Delhi) NCR.pdf
 
Sachpazis Costas: Geotechnical Engineering: A student's Perspective Introduction
Sachpazis Costas: Geotechnical Engineering: A student's Perspective IntroductionSachpazis Costas: Geotechnical Engineering: A student's Perspective Introduction
Sachpazis Costas: Geotechnical Engineering: A student's Perspective Introduction
 

Security best practices.

  • 2. High Security market • Customers: • Intelligence agencies (NSA, CIA, USAF, WH) • Finances (Banks) • Governments (Justice system, education system) • Chief Security Officer / CIO has power to decide • Product features come after security features
  • 3. ionGrid • Solve BYOD for file access • Secure container • Integrates with current infrastructure
  • 5. Data in movement (cont) • Provisioning • Enables end-to-end encryption • Improves security against “man in the middle attack” • Secure channel in AMQP protocol • Pro : AMQP instead of HTTPS gives stronger encryption • Cons : very hard to work with… • Real use case • Pretty much everything…
  • 6. Data at rest (cont) Data Key Password
  • 7. Data at rest • Encrypt data • Much harder to access the data against a dumping attack • Server gives the key every time authentication is correct • Multiple factor authentication (password, RSA SecureID, etc…) • Offline authentication • Encrypt master key using password • User can retrieve its key with password
  • 8. Security policies • Classic RWX (Read, Write, Execute) • Pros: Access data, modify them, etc… • Cons: Very hard to express the business needs • “Can I … ?” policies (ie: can login) • Pros: Much better for business needs • Cons: Requires a lot of maintenance • How can I handle a lot of business rules ? • Access data only during the day / at a location • Specify policies per file / folder / user
  • 9. Security policies (cont) • Empower your customer with its own security policies! • Define “Can I … ?” policies in client • Policy engine is defined in JavaScript • Let the company code and define its own rules or use simple true/false checkboxes • Code snippet can be defined per file / user • Code is shipped to the device • Works offline • Works in the future
  • 10. Device compromised • Simple cases: • Device stolen or lost • Employee quits or is fired • Device exits location • Active attacks • Faraday bag • Forensic attack TIME-BOMB EVERYTHING!
  • 11. Real use cases • JP Morgan • Encryption and secure channel • Coke • Executive board members would loose their iPads… • NBC universal • TV Shows scripts should only be accessed with a specific set of rules • Schweppes • Secure video streaming
  • 12. Real use cases (cont) • New York City Transit • Offline use • Application secure sandbox in HTML5 • “pg&e from the east coast” • Got rid of “secure binders” during Sandy storm • White House / CIA / USAF • Overall security • Supreme court of Australia • Security ended up speeding trial time by 10%
  • 13. And now… • Which use case around secure messaging have you heard about ? • What security problem should we try to solve ?