2. High Security market
• Customers:
• Intelligence agencies (NSA, CIA, USAF, WH)
• Finances (Banks)
• Governments (Justice system, education system)
• Chief Security Officer / CIO has power to decide
• Product features come after security features
3. ionGrid
• Solve BYOD for
file access
• Secure container
• Integrates with
current
infrastructure
5. Data in movement (cont)
• Provisioning
• Enables end-to-end encryption
• Improves security against “man in the middle attack”
• Secure channel in AMQP protocol
• Pro : AMQP instead of HTTPS gives stronger encryption
• Cons : very hard to work with…
• Real use case
• Pretty much everything…
7. Data at rest
• Encrypt data
• Much harder to access the data against a dumping attack
• Server gives the key every time authentication is correct
• Multiple factor authentication (password, RSA SecureID,
etc…)
• Offline authentication
• Encrypt master key using password
• User can retrieve its key with password
8. Security policies
• Classic RWX (Read, Write, Execute)
• Pros: Access data, modify them, etc…
• Cons: Very hard to express the business needs
• “Can I … ?” policies (ie: can login)
• Pros: Much better for business needs
• Cons: Requires a lot of maintenance
• How can I handle a lot of business rules ?
• Access data only during the day / at a location
• Specify policies per file / folder / user
9. Security policies (cont)
• Empower your customer with its own security
policies!
• Define “Can I … ?” policies in client
• Policy engine is defined in JavaScript
• Let the company code and define its own
rules or use simple true/false checkboxes
• Code snippet can be defined per file / user
• Code is shipped to the device
• Works offline
• Works in the future
10. Device compromised
• Simple cases:
• Device stolen or lost
• Employee quits or is fired
• Device exits location
• Active attacks
• Faraday bag
• Forensic attack
TIME-BOMB EVERYTHING!
11. Real use cases
• JP Morgan
• Encryption and secure channel
• Coke
• Executive board members would loose their iPads…
• NBC universal
• TV Shows scripts should only be accessed with a specific set of
rules
• Schweppes
• Secure video streaming
12. Real use cases (cont)
• New York City Transit
• Offline use
• Application secure sandbox in HTML5
• “pg&e from the east coast”
• Got rid of “secure binders” during Sandy storm
• White House / CIA / USAF
• Overall security
• Supreme court of Australia
• Security ended up speeding trial time by 10%
13. And now…
• Which use case around secure
messaging have you heard about ?
• What security problem should we try to
solve ?