SlideShare a Scribd company logo

RSAC2013 CME Group case study

Venafi
Venafi

Trust is the common denominator that differentiates industry leaders from their peers. Managed correctly encryption and certificate-based authentication provide the foundation of trust: security, privacy, authenticity, and compliance. Learn how CME Group is managing control over trust across their organization with enterprise key and certificate management. These slides were presented at the RSA Conference 2013 in San Francisco. The full presentation with audio is available at http://www.venafi.com/cme-group-case-study/.

BusinessTechnology
1 of 19
Download to read offline
MANAGING TRUST & RISK Bryan Green, CME Group
LEARNING OBJECTIVES ►  Building the Business Case for Trust ►  Building Trust ►  Maintaining Trust ►  Lessons learned and what you can do starting next week!
ABOUT CME GROUP ►  Worlds largest and most diverse futures exchange in the world. ►  CME Group is comprised of ►  Chicago Mercantile Exchange (CME) ►  Chicago Board of Trade (CBOT) ►  New York Mercantile Exchange (NYMEX) ►  Commodities Exchange (COMEX) ►  Where the world comes to manage risk
ABOUT CME GROUP ►  Highly Regulated Industry ►  Commodities Futures Trading Commission (CFTC) ►  Securities and Exchange Commission (SEC) ►  The Numbers ►  13.4 Million Average Daily Trades ►  3.4 Billion Contracts Traded in 2011 ►  Over $1 Quadrillion in Notational Value in 2011 ►  1 Quadrillion = 1000 Trillion
BUILDING THE BUSINESS CASE ►  Move to common authentication scheme ►  Replace PAC files ►  Replace RSA Tokens ►  Lower authentication TCO ►  Replace RSA Token after 2011 breach in trust ►  Bring security controls in house ►  Improve existing PKI assurance
BUIDLING TRUST ►  Build PKI with a high level of assurance ►  Secured with offline CAs ►  Secured with Hardware Security Modules ►  Secured with multi-party authentication
BUIDLING TRUST ►  Documented Processes ►  Audited ►  Enterprise Key and Certificate Management
MAINTAINING TRUST “Trust can take years to build, seconds to destroy, and forever to repair.” - Unknown
MAINTAINING TRUST ►  What can break trust? ►  Lax Access Controls ►  Who has access to your private keys? Are you sure? Can you prove it? ►  Antiquated Security Standards ►  Insecure hashing algorithms ►  Outdated Key Length
DEMO: POLICY ENFORCEMENT
DEMO: POLICY ENFORCEMENT ▶  https://ssl-tools.verisign.com/#csrValidator -----BEGIN NEW CERTIFICATE REQUEST----- MIIByjCCATMCAQAwgYkxCzAJBgNVBAYTAlVTMQswCQYDVQQIEwJJTDEQMA4GA1UEBxMHQ2hpY2Fn bzESMBAGA1UEChMJQ01FIEdyb3VwMQ0wCwYDVQQLEwRFVFBBMSEwHwYJKoZIhvcNAQkBFhJub29u ZUBjbWVncm91cC5jb20xFTATBgNVBAMMDCouZ29vZ2xlLmNvbTCBnzANBgkqhkiG9w0BAQEFAAOB jQAwgYkCgYEAgAC6Fu1s3K+zwouWkxcnWISSeZ49bE9bMc916GU7rbX7dUR4OUCLMtTX6FGxeam8 Nnt9zd8F3RZjKN2LY7q8IMTKWZ42snuHhJ3Xr6CJ5Y8rX7/vuwCt2Os4DGM261lo6Bi9ns9eVDJE Rq6h055Tl0sDTVrLvIWQScTXkI6TNo0CAwEAAaAAMA0GCSqGSIb3DQEBBAUAA4GBACSDXSv4fRlL 6l1v0qz3DQ89VHVtcMXkgRnNN2zL/EY6FJgumv2VKIBcvdB+ECNowWgdBOzBFjZOlvyux2jEBbO9 /vkojVwrG+xI4G1Zeh5vMLvbc3sD+NK50+aKYZ/Sq8sEyMFWxbzEk8Zi5nV/TO+jWFe+3cDpLKdh Yt1H4aQ+ -----END NEW CERTIFICATE REQUEST-----
POLICY ENFORCEMENT: EVEN BETER
POLICY ENFORCEMENT: EVEN BETER Set central policies to eliminate errors, mistakes, guesswork, audit violations, and much worse
MAINTAINING TRUST ►  What can break trust? ►  Poor Key and Certificate Management ►  Expired Certificates ►  Certificate CN mismatches.
MAINTAINING TRUST ►  Don’t let this be you!
LESSONS LEARNED What We Didn’t Know ►  Level of required processes ►  Documentation ►  Key Transport ►  Cross Organizational Engagement Creates Trust ►  Trust Creates Demand
LESSONS LEARNED How Our Process is Changing ►  Built-in ►  Policy enforcement ►  Visibility & tracking ►  Support many, many different use cases ►  Devices ►  Encryption v. authentication ►  When to use Internal v. Hosted PKI ►  Less reliance on hosted PKI
LESSONS LEARNED What’s next for CME Group ►  Figuring out what we have ►  Venafi Director for Internal and External Inventory Scans ►  Prioritizing demand ►  With limited PKI SMEs we have to prioritize. ►  Internal Education ►  PKI is voodoo! ►  Automate, automate, automate! ►  Policy Enforcement ►  Enrollment ►  Self Service
LESSONS LEARNED What’s next for Your Organization? ►  Today ►  Do you have an internal PKI? ►  What is the current state of your PKI? ►  3 Months ►  Plan for certificate based encryption and authentication ►  Develop your business case! ►  6 Months ►  Budget money ►  Budget time ►  Engage SMEs for help. If you don’t get it right the first time, there can’t be any trust!

Recommended

CILogon & SciTokens: OIDC/OAuth Federation
CILogon & SciTokens: OIDC/OAuth FederationCILogon & SciTokens: OIDC/OAuth Federation
CILogon & SciTokens: OIDC/OAuth Federationjbasney
 
Secure content caching
Secure content cachingSecure content caching
Secure content cachingVarnish Software
 
Introduction to Security Vulnerabilities
Introduction to Security VulnerabilitiesIntroduction to Security Vulnerabilities
Introduction to Security VulnerabilitiesvodQA
 
Protecting Java Microservices: Best Practices and Strategies
Protecting Java Microservices: Best Practices and StrategiesProtecting Java Microservices: Best Practices and Strategies
Protecting Java Microservices: Best Practices and StrategiesRodrigo Cândido da Silva
 
Trust Online is at the Breaking Point
Trust Online is at the Breaking PointTrust Online is at the Breaking Point
Trust Online is at the Breaking PointVenafi
 
What is-flame-miniflame
What is-flame-miniflameWhat is-flame-miniflame
What is-flame-miniflameVenafi
 
Four Must Know Certificate and Key Management Threats That Can Bring Down You...
Four Must Know Certificate and Key Management Threats That Can Bring Down You...Four Must Know Certificate and Key Management Threats That Can Bring Down You...
Four Must Know Certificate and Key Management Threats That Can Bring Down You...Venafi
 
Præsentation Greenland Hostels
Præsentation Greenland HostelsPræsentation Greenland Hostels
Præsentation Greenland HostelsJohn Harry Enggaard
 

Recommended

CILogon & SciTokens: OIDC/OAuth Federation
CILogon & SciTokens: OIDC/OAuth FederationCILogon & SciTokens: OIDC/OAuth Federation
CILogon & SciTokens: OIDC/OAuth Federationjbasney
 
Secure content caching
Secure content cachingSecure content caching
Secure content cachingVarnish Software
 
Introduction to Security Vulnerabilities
Introduction to Security VulnerabilitiesIntroduction to Security Vulnerabilities
Introduction to Security VulnerabilitiesvodQA
 
Protecting Java Microservices: Best Practices and Strategies
Protecting Java Microservices: Best Practices and StrategiesProtecting Java Microservices: Best Practices and Strategies
Protecting Java Microservices: Best Practices and StrategiesRodrigo Cândido da Silva
 
Trust Online is at the Breaking Point
Trust Online is at the Breaking PointTrust Online is at the Breaking Point
Trust Online is at the Breaking PointVenafi
 
What is-flame-miniflame
What is-flame-miniflameWhat is-flame-miniflame
What is-flame-miniflameVenafi
 
Four Must Know Certificate and Key Management Threats That Can Bring Down You...
Four Must Know Certificate and Key Management Threats That Can Bring Down You...Four Must Know Certificate and Key Management Threats That Can Bring Down You...
Four Must Know Certificate and Key Management Threats That Can Bring Down You...Venafi
 
Præsentation Greenland Hostels
Præsentation Greenland HostelsPræsentation Greenland Hostels
Præsentation Greenland HostelsJohn Harry Enggaard
 
Tech t18
Tech t18Tech t18
Tech t18SelectedPresentations
 
Alternatives to Certificate Authorities for a Secure Web
Alternatives to Certificate Authorities for a Secure WebAlternatives to Certificate Authorities for a Secure Web
Alternatives to Certificate Authorities for a Secure WebCASCouncil
 
The Future of Authentication - Verifiable Credentials / Self-Sovereign Identity
The Future of Authentication - Verifiable Credentials / Self-Sovereign IdentityThe Future of Authentication - Verifiable Credentials / Self-Sovereign Identity
The Future of Authentication - Verifiable Credentials / Self-Sovereign IdentityEvernym
 
Build and Operate Your Own Certificate Management Center of Mediocrity
Build and Operate Your Own Certificate Management Center of MediocrityBuild and Operate Your Own Certificate Management Center of Mediocrity
Build and Operate Your Own Certificate Management Center of MediocrityT.Rob Wyatt
 
Public, private and hybrid blockchains: what makes sense where
Public, private and hybrid blockchains: what makes sense wherePublic, private and hybrid blockchains: what makes sense where
Public, private and hybrid blockchains: what makes sense whereEY
 
Sect f41
Sect f41Sect f41
Sect f41SelectedPresentations
 
Why and how to implement strong authentication on the web cartes 2010 - pat...
Why and how to implement strong authentication on the web cartes 2010 - pat...Why and how to implement strong authentication on the web cartes 2010 - pat...
Why and how to implement strong authentication on the web cartes 2010 - pat...Keynectis
 
Ponemon - Cost of Failed Trust: Threats and Attacks
Ponemon - Cost of Failed Trust: Threats and AttacksPonemon - Cost of Failed Trust: Threats and Attacks
Ponemon - Cost of Failed Trust: Threats and AttacksVenafi
 
Rothke rsa 2013 - deployment strategies for effective encryption
Rothke rsa 2013 - deployment strategies for effective encryptionRothke rsa 2013 - deployment strategies for effective encryption
Rothke rsa 2013 - deployment strategies for effective encryptionBen Rothke
 
Why You Need Compliance Before Series A Funding with Weaver
Why You Need Compliance Before Series A Funding with WeaverWhy You Need Compliance Before Series A Funding with Weaver
Why You Need Compliance Before Series A Funding with Weaversaastr
 
Achieving Compliance Through Security
Achieving Compliance Through SecurityAchieving Compliance Through Security
Achieving Compliance Through SecurityEnergySec
 
Offer a trustworthy environment on your web site
Offer a trustworthy environment on your web siteOffer a trustworthy environment on your web site
Offer a trustworthy environment on your web siteKeynectis
 
How to offer a trustworhty environment on the web?
How to offer a trustworhty environment on the web?How to offer a trustworhty environment on the web?
How to offer a trustworhty environment on the web?Keynectis
 
WordCamp Raleigh 2017 - Move from HTTP to HTTPS or become irrelevant - Peter ...
WordCamp Raleigh 2017 - Move from HTTP to HTTPS or become irrelevant - Peter ...WordCamp Raleigh 2017 - Move from HTTP to HTTPS or become irrelevant - Peter ...
WordCamp Raleigh 2017 - Move from HTTP to HTTPS or become irrelevant - Peter ...Peter LaFond
 
Blockchains : Risk or Mitigation?
Blockchains : Risk or Mitigation?Blockchains : Risk or Mitigation?
Blockchains : Risk or Mitigation?ITU
 
When agile meets governance, risk and compliance (GRC)
When agile meets governance, risk and compliance (GRC)When agile meets governance, risk and compliance (GRC)
When agile meets governance, risk and compliance (GRC)Agile ME
 
Pci compliance overview earth link business
Pci compliance overview earth link businessPci compliance overview earth link business
Pci compliance overview earth link businessMike Shelah
 
Scot Secure 2019 Edinburgh (Day 2)
Scot Secure 2019 Edinburgh (Day 2)Scot Secure 2019 Edinburgh (Day 2)
Scot Secure 2019 Edinburgh (Day 2)Ray Bugg
 
William Diederich - Security Certifications: Are They Worth the Investment? A...
William Diederich - Security Certifications: Are They Worth the Investment? A...William Diederich - Security Certifications: Are They Worth the Investment? A...
William Diederich - Security Certifications: Are They Worth the Investment? A...centralohioissa
 
What makes a successful SSI strategy?
What makes a successful SSI strategy?What makes a successful SSI strategy?
What makes a successful SSI strategy?Evernym
 
Where Are My SSH Keys?
Where Are My SSH Keys?Where Are My SSH Keys?
Where Are My SSH Keys?Venafi
 
When a Certificate Authority Fails, How Quickly Can You Restore Trust?
When a Certificate Authority Fails, How Quickly Can You Restore Trust?When a Certificate Authority Fails, How Quickly Can You Restore Trust?
When a Certificate Authority Fails, How Quickly Can You Restore Trust?Venafi
 

More Related Content

Similar to RSAC2013 CME Group case study

Alternatives to Certificate Authorities for a Secure Web
Alternatives to Certificate Authorities for a Secure WebAlternatives to Certificate Authorities for a Secure Web
Alternatives to Certificate Authorities for a Secure WebCASCouncil
 
The Future of Authentication - Verifiable Credentials / Self-Sovereign Identity
The Future of Authentication - Verifiable Credentials / Self-Sovereign IdentityThe Future of Authentication - Verifiable Credentials / Self-Sovereign Identity
The Future of Authentication - Verifiable Credentials / Self-Sovereign IdentityEvernym
 
Build and Operate Your Own Certificate Management Center of Mediocrity
Build and Operate Your Own Certificate Management Center of MediocrityBuild and Operate Your Own Certificate Management Center of Mediocrity
Build and Operate Your Own Certificate Management Center of MediocrityT.Rob Wyatt
 
Public, private and hybrid blockchains: what makes sense where
Public, private and hybrid blockchains: what makes sense wherePublic, private and hybrid blockchains: what makes sense where
Public, private and hybrid blockchains: what makes sense whereEY
 
Why and how to implement strong authentication on the web cartes 2010 - pat...
Why and how to implement strong authentication on the web cartes 2010 - pat...Why and how to implement strong authentication on the web cartes 2010 - pat...
Why and how to implement strong authentication on the web cartes 2010 - pat...Keynectis
 
Ponemon - Cost of Failed Trust: Threats and Attacks
Ponemon - Cost of Failed Trust: Threats and AttacksPonemon - Cost of Failed Trust: Threats and Attacks
Ponemon - Cost of Failed Trust: Threats and AttacksVenafi
 
Rothke rsa 2013 - deployment strategies for effective encryption
Rothke rsa 2013 - deployment strategies for effective encryptionRothke rsa 2013 - deployment strategies for effective encryption
Rothke rsa 2013 - deployment strategies for effective encryptionBen Rothke
 
Why You Need Compliance Before Series A Funding with Weaver
Why You Need Compliance Before Series A Funding with WeaverWhy You Need Compliance Before Series A Funding with Weaver
Why You Need Compliance Before Series A Funding with Weaversaastr
 
Achieving Compliance Through Security
Achieving Compliance Through SecurityAchieving Compliance Through Security
Achieving Compliance Through SecurityEnergySec
 
Offer a trustworthy environment on your web site
Offer a trustworthy environment on your web siteOffer a trustworthy environment on your web site
Offer a trustworthy environment on your web siteKeynectis
 
How to offer a trustworhty environment on the web?
How to offer a trustworhty environment on the web?How to offer a trustworhty environment on the web?
How to offer a trustworhty environment on the web?Keynectis
 
WordCamp Raleigh 2017 - Move from HTTP to HTTPS or become irrelevant - Peter ...
WordCamp Raleigh 2017 - Move from HTTP to HTTPS or become irrelevant - Peter ...WordCamp Raleigh 2017 - Move from HTTP to HTTPS or become irrelevant - Peter ...
WordCamp Raleigh 2017 - Move from HTTP to HTTPS or become irrelevant - Peter ...Peter LaFond
 
Blockchains : Risk or Mitigation?
Blockchains : Risk or Mitigation?Blockchains : Risk or Mitigation?
Blockchains : Risk or Mitigation?ITU
 
When agile meets governance, risk and compliance (GRC)
When agile meets governance, risk and compliance (GRC)When agile meets governance, risk and compliance (GRC)
When agile meets governance, risk and compliance (GRC)Agile ME
 
Pci compliance overview earth link business
Pci compliance overview earth link businessPci compliance overview earth link business
Pci compliance overview earth link businessMike Shelah
 
Scot Secure 2019 Edinburgh (Day 2)
Scot Secure 2019 Edinburgh (Day 2)Scot Secure 2019 Edinburgh (Day 2)
Scot Secure 2019 Edinburgh (Day 2)Ray Bugg
 
William Diederich - Security Certifications: Are They Worth the Investment? A...
William Diederich - Security Certifications: Are They Worth the Investment? A...William Diederich - Security Certifications: Are They Worth the Investment? A...
William Diederich - Security Certifications: Are They Worth the Investment? A...centralohioissa
 
What makes a successful SSI strategy?
What makes a successful SSI strategy?What makes a successful SSI strategy?
What makes a successful SSI strategy?Evernym
 

Similar to RSAC2013 CME Group case study (20)

Tech t18
Tech t18Tech t18
Tech t18
 
Alternatives to Certificate Authorities for a Secure Web
Alternatives to Certificate Authorities for a Secure WebAlternatives to Certificate Authorities for a Secure Web
Alternatives to Certificate Authorities for a Secure Web
 
The Future of Authentication - Verifiable Credentials / Self-Sovereign Identity
The Future of Authentication - Verifiable Credentials / Self-Sovereign IdentityThe Future of Authentication - Verifiable Credentials / Self-Sovereign Identity
The Future of Authentication - Verifiable Credentials / Self-Sovereign Identity
 
Build and Operate Your Own Certificate Management Center of Mediocrity
Build and Operate Your Own Certificate Management Center of MediocrityBuild and Operate Your Own Certificate Management Center of Mediocrity
Build and Operate Your Own Certificate Management Center of Mediocrity
 
Public, private and hybrid blockchains: what makes sense where
Public, private and hybrid blockchains: what makes sense wherePublic, private and hybrid blockchains: what makes sense where
Public, private and hybrid blockchains: what makes sense where
 
Sect f41
Sect f41Sect f41
Sect f41
 
Why and how to implement strong authentication on the web cartes 2010 - pat...
Why and how to implement strong authentication on the web cartes 2010 - pat...Why and how to implement strong authentication on the web cartes 2010 - pat...
Why and how to implement strong authentication on the web cartes 2010 - pat...
 
Ponemon - Cost of Failed Trust: Threats and Attacks
Ponemon - Cost of Failed Trust: Threats and AttacksPonemon - Cost of Failed Trust: Threats and Attacks
Ponemon - Cost of Failed Trust: Threats and Attacks
 
Rothke rsa 2013 - deployment strategies for effective encryption
Rothke rsa 2013 - deployment strategies for effective encryptionRothke rsa 2013 - deployment strategies for effective encryption
Rothke rsa 2013 - deployment strategies for effective encryption
 
Why You Need Compliance Before Series A Funding with Weaver
Why You Need Compliance Before Series A Funding with WeaverWhy You Need Compliance Before Series A Funding with Weaver
Why You Need Compliance Before Series A Funding with Weaver
 
Achieving Compliance Through Security
Achieving Compliance Through SecurityAchieving Compliance Through Security
Achieving Compliance Through Security
 
Offer a trustworthy environment on your web site
Offer a trustworthy environment on your web siteOffer a trustworthy environment on your web site
Offer a trustworthy environment on your web site
 
How to offer a trustworhty environment on the web?
How to offer a trustworhty environment on the web?How to offer a trustworhty environment on the web?
How to offer a trustworhty environment on the web?
 
WordCamp Raleigh 2017 - Move from HTTP to HTTPS or become irrelevant - Peter ...
WordCamp Raleigh 2017 - Move from HTTP to HTTPS or become irrelevant - Peter ...WordCamp Raleigh 2017 - Move from HTTP to HTTPS or become irrelevant - Peter ...
WordCamp Raleigh 2017 - Move from HTTP to HTTPS or become irrelevant - Peter ...
 
Blockchains : Risk or Mitigation?
Blockchains : Risk or Mitigation?Blockchains : Risk or Mitigation?
Blockchains : Risk or Mitigation?
 
When agile meets governance, risk and compliance (GRC)
When agile meets governance, risk and compliance (GRC)When agile meets governance, risk and compliance (GRC)
When agile meets governance, risk and compliance (GRC)
 
Pci compliance overview earth link business
Pci compliance overview earth link businessPci compliance overview earth link business
Pci compliance overview earth link business
 
Scot Secure 2019 Edinburgh (Day 2)
Scot Secure 2019 Edinburgh (Day 2)Scot Secure 2019 Edinburgh (Day 2)
Scot Secure 2019 Edinburgh (Day 2)
 
William Diederich - Security Certifications: Are They Worth the Investment? A...
William Diederich - Security Certifications: Are They Worth the Investment? A...William Diederich - Security Certifications: Are They Worth the Investment? A...
William Diederich - Security Certifications: Are They Worth the Investment? A...
 
What makes a successful SSI strategy?
What makes a successful SSI strategy?What makes a successful SSI strategy?
What makes a successful SSI strategy?
 

More from Venafi

Where Are My SSH Keys?
Where Are My SSH Keys?Where Are My SSH Keys?
Where Are My SSH Keys?Venafi
 
When a Certificate Authority Fails, How Quickly Can You Restore Trust?
When a Certificate Authority Fails, How Quickly Can You Restore Trust?When a Certificate Authority Fails, How Quickly Can You Restore Trust?
When a Certificate Authority Fails, How Quickly Can You Restore Trust?Venafi
 
SANS 20 Critical Security Control 17 Requirements for SSL/TLS Security and Ma...
SANS 20 Critical Security Control 17 Requirements for SSL/TLS Security and Ma...SANS 20 Critical Security Control 17 Requirements for SSL/TLS Security and Ma...
SANS 20 Critical Security Control 17 Requirements for SSL/TLS Security and Ma...Venafi
 
Ponemon Report: When Trust Online Breaks, Businesses Lose Customers
Ponemon Report: When Trust Online Breaks, Businesses Lose CustomersPonemon Report: When Trust Online Breaks, Businesses Lose Customers
Ponemon Report: When Trust Online Breaks, Businesses Lose CustomersVenafi
 
How an Attack by a Cyber-espionage Operator Bypassed Security Controls
How an Attack by a Cyber-espionage Operator Bypassed Security ControlsHow an Attack by a Cyber-espionage Operator Bypassed Security Controls
How an Attack by a Cyber-espionage Operator Bypassed Security ControlsVenafi
 
Breaching the NSA Graphic
Breaching the NSA GraphicBreaching the NSA Graphic
Breaching the NSA GraphicVenafi
 
Breaching the NSA
Breaching the NSABreaching the NSA
Breaching the NSAVenafi
 
The Evolution of Cyber Attacks
The Evolution of Cyber AttacksThe Evolution of Cyber Attacks
The Evolution of Cyber AttacksVenafi
 
Five Must Haves to Prevent Encryption Disasters
Five Must Haves to Prevent Encryption DisastersFive Must Haves to Prevent Encryption Disasters
Five Must Haves to Prevent Encryption DisastersVenafi
 

More from Venafi (9)

Where Are My SSH Keys?
Where Are My SSH Keys?Where Are My SSH Keys?
Where Are My SSH Keys?
 
When a Certificate Authority Fails, How Quickly Can You Restore Trust?
When a Certificate Authority Fails, How Quickly Can You Restore Trust?When a Certificate Authority Fails, How Quickly Can You Restore Trust?
When a Certificate Authority Fails, How Quickly Can You Restore Trust?
 
SANS 20 Critical Security Control 17 Requirements for SSL/TLS Security and Ma...
SANS 20 Critical Security Control 17 Requirements for SSL/TLS Security and Ma...SANS 20 Critical Security Control 17 Requirements for SSL/TLS Security and Ma...
SANS 20 Critical Security Control 17 Requirements for SSL/TLS Security and Ma...
 
Ponemon Report: When Trust Online Breaks, Businesses Lose Customers
Ponemon Report: When Trust Online Breaks, Businesses Lose CustomersPonemon Report: When Trust Online Breaks, Businesses Lose Customers
Ponemon Report: When Trust Online Breaks, Businesses Lose Customers
 
How an Attack by a Cyber-espionage Operator Bypassed Security Controls
How an Attack by a Cyber-espionage Operator Bypassed Security ControlsHow an Attack by a Cyber-espionage Operator Bypassed Security Controls
How an Attack by a Cyber-espionage Operator Bypassed Security Controls
 
Breaching the NSA Graphic
Breaching the NSA GraphicBreaching the NSA Graphic
Breaching the NSA Graphic
 
Breaching the NSA
Breaching the NSABreaching the NSA
Breaching the NSA
 
The Evolution of Cyber Attacks
The Evolution of Cyber AttacksThe Evolution of Cyber Attacks
The Evolution of Cyber Attacks
 
Five Must Haves to Prevent Encryption Disasters
Five Must Haves to Prevent Encryption DisastersFive Must Haves to Prevent Encryption Disasters
Five Must Haves to Prevent Encryption Disasters
 

Recently uploaded

Business Model Canvas (BMC)- A new venture concept
Business Model Canvas (BMC)- A new venture conceptBusiness Model Canvas (BMC)- A new venture concept
Business Model Canvas (BMC)- A new venture conceptP&CO
 
Call Girls Ludhiana Just Call 98765-12871 Top Class Call Girl Service Available
Call Girls Ludhiana Just Call 98765-12871 Top Class Call Girl Service AvailableCall Girls Ludhiana Just Call 98765-12871 Top Class Call Girl Service Available
Call Girls Ludhiana Just Call 98765-12871 Top Class Call Girl Service AvailableSeo
 
Russian Call Girls In Gurgaon ❤️8448577510 ⊹Best Escorts Service In 24/7 Delh...
Russian Call Girls In Gurgaon ❤️8448577510 ⊹Best Escorts Service In 24/7 Delh...Russian Call Girls In Gurgaon ❤️8448577510 ⊹Best Escorts Service In 24/7 Delh...
Russian Call Girls In Gurgaon ❤️8448577510 ⊹Best Escorts Service In 24/7 Delh...lizamodels9
 
Phases of Negotiation .pptx
Phases of Negotiation .pptx Phases of Negotiation .pptx
Phases of Negotiation .pptxnandhinijagan9867
 
The Abortion pills for sale in Qatar@Doha [+27737758557] []Deira Dubai Kuwait
The Abortion pills for sale in Qatar@Doha [+27737758557] []Deira Dubai KuwaitThe Abortion pills for sale in Qatar@Doha [+27737758557] []Deira Dubai Kuwait
The Abortion pills for sale in Qatar@Doha [+27737758557] []Deira Dubai Kuwaitdaisycvs
 
Famous Olympic Siblings from the 21st Century
Famous Olympic Siblings from the 21st CenturyFamous Olympic Siblings from the 21st Century
Famous Olympic Siblings from the 21st Centuryrwgiffor
 
Call Girls In Noida 959961⊹3876 Independent Escort Service Noida
Call Girls In Noida 959961⊹3876 Independent Escort Service NoidaCall Girls In Noida 959961⊹3876 Independent Escort Service Noida
Call Girls In Noida 959961⊹3876 Independent Escort Service Noidadlhescort
 
Malegaon Call Girls Service ☎ ️82500–77686 ☎️ Enjoy 24/7 Escort Service
Malegaon Call Girls Service ☎ ️82500–77686 ☎️ Enjoy 24/7 Escort ServiceMalegaon Call Girls Service ☎ ️82500–77686 ☎️ Enjoy 24/7 Escort Service
Malegaon Call Girls Service ☎ ️82500–77686 ☎️ Enjoy 24/7 Escort ServiceDamini Dixit
 
Organizational Transformation Lead with Culture
Organizational Transformation Lead with CultureOrganizational Transformation Lead with Culture
Organizational Transformation Lead with CultureSeta Wicaksana
 
Call Girls From Pari Chowk Greater Noida ❤️8448577510 ⊹Best Escorts Service I...
Call Girls From Pari Chowk Greater Noida ❤️8448577510 ⊹Best Escorts Service I...Call Girls From Pari Chowk Greater Noida ❤️8448577510 ⊹Best Escorts Service I...
Call Girls From Pari Chowk Greater Noida ❤️8448577510 ⊹Best Escorts Service I...lizamodels9
 
Call Now ☎️🔝 9332606886🔝 Call Girls ❤ Service In Bhilwara Female Escorts Serv...
Call Now ☎️🔝 9332606886🔝 Call Girls ❤ Service In Bhilwara Female Escorts Serv...Call Now ☎️🔝 9332606886🔝 Call Girls ❤ Service In Bhilwara Female Escorts Serv...
Call Now ☎️🔝 9332606886🔝 Call Girls ❤ Service In Bhilwara Female Escorts Serv...Anamikakaur10
 
Lundin Gold - Q1 2024 Conference Call Presentation (Revised)
Lundin Gold - Q1 2024 Conference Call Presentation (Revised)Lundin Gold - Q1 2024 Conference Call Presentation (Revised)
Lundin Gold - Q1 2024 Conference Call Presentation (Revised)Adnet Communications
 
Eluru Call Girls Service ☎ ️93326-06886 ❤️‍🔥 Enjoy 24/7 Escort Service
Eluru Call Girls Service ☎ ️93326-06886 ❤️‍🔥 Enjoy 24/7 Escort ServiceEluru Call Girls Service ☎ ️93326-06886 ❤️‍🔥 Enjoy 24/7 Escort Service
Eluru Call Girls Service ☎ ️93326-06886 ❤️‍🔥 Enjoy 24/7 Escort ServiceDamini Dixit
 
Whitefield CALL GIRL IN 98274*61493 ❤CALL GIRLS IN ESCORT SERVICE❤CALL GIRL
Whitefield CALL GIRL IN 98274*61493 ❤CALL GIRLS IN ESCORT SERVICE❤CALL GIRLWhitefield CALL GIRL IN 98274*61493 ❤CALL GIRLS IN ESCORT SERVICE❤CALL GIRL
Whitefield CALL GIRL IN 98274*61493 ❤CALL GIRLS IN ESCORT SERVICE❤CALL GIRLkapoorjyoti4444
 
PHX May 2024 Corporate Presentation Final
PHX May 2024 Corporate Presentation FinalPHX May 2024 Corporate Presentation Final
PHX May 2024 Corporate Presentation FinalPanhandleOilandGas
 
Dr. Admir Softic_ presentation_Green Club_ENG.pdf
Dr. Admir Softic_ presentation_Green Club_ENG.pdfDr. Admir Softic_ presentation_Green Club_ENG.pdf
Dr. Admir Softic_ presentation_Green Club_ENG.pdfAdmir Softic
 
Al Mizhar Dubai Escorts +971561403006 Escorts Service In Al Mizhar
Al Mizhar Dubai Escorts +971561403006 Escorts Service In Al MizharAl Mizhar Dubai Escorts +971561403006 Escorts Service In Al Mizhar
Al Mizhar Dubai Escorts +971561403006 Escorts Service In Al Mizharallensay1
 
Uneak White's Personal Brand Exploration Presentation
Uneak White's Personal Brand Exploration PresentationUneak White's Personal Brand Exploration Presentation
Uneak White's Personal Brand Exploration Presentationuneakwhite
 

Recently uploaded (20)

Business Model Canvas (BMC)- A new venture concept
Business Model Canvas (BMC)- A new venture conceptBusiness Model Canvas (BMC)- A new venture concept
Business Model Canvas (BMC)- A new venture concept
 
Call Girls Ludhiana Just Call 98765-12871 Top Class Call Girl Service Available
Call Girls Ludhiana Just Call 98765-12871 Top Class Call Girl Service AvailableCall Girls Ludhiana Just Call 98765-12871 Top Class Call Girl Service Available
Call Girls Ludhiana Just Call 98765-12871 Top Class Call Girl Service Available
 
Russian Call Girls In Gurgaon ❤️8448577510 ⊹Best Escorts Service In 24/7 Delh...
Russian Call Girls In Gurgaon ❤️8448577510 ⊹Best Escorts Service In 24/7 Delh...Russian Call Girls In Gurgaon ❤️8448577510 ⊹Best Escorts Service In 24/7 Delh...
Russian Call Girls In Gurgaon ❤️8448577510 ⊹Best Escorts Service In 24/7 Delh...
 
Phases of Negotiation .pptx
Phases of Negotiation .pptx Phases of Negotiation .pptx
Phases of Negotiation .pptx
 
unwanted pregnancy Kit [+918133066128] Abortion Pills IN Dubai UAE Abudhabi
unwanted pregnancy Kit [+918133066128] Abortion Pills IN Dubai UAE Abudhabiunwanted pregnancy Kit [+918133066128] Abortion Pills IN Dubai UAE Abudhabi
unwanted pregnancy Kit [+918133066128] Abortion Pills IN Dubai UAE Abudhabi
 
The Abortion pills for sale in Qatar@Doha [+27737758557] []Deira Dubai Kuwait
The Abortion pills for sale in Qatar@Doha [+27737758557] []Deira Dubai KuwaitThe Abortion pills for sale in Qatar@Doha [+27737758557] []Deira Dubai Kuwait
The Abortion pills for sale in Qatar@Doha [+27737758557] []Deira Dubai Kuwait
 
Famous Olympic Siblings from the 21st Century
Famous Olympic Siblings from the 21st CenturyFamous Olympic Siblings from the 21st Century
Famous Olympic Siblings from the 21st Century
 
Call Girls In Noida 959961⊹3876 Independent Escort Service Noida
Call Girls In Noida 959961⊹3876 Independent Escort Service NoidaCall Girls In Noida 959961⊹3876 Independent Escort Service Noida
Call Girls In Noida 959961⊹3876 Independent Escort Service Noida
 
(Anamika) VIP Call Girls Napur Call Now 8617697112 Napur Escorts 24x7
(Anamika) VIP Call Girls Napur Call Now 8617697112 Napur Escorts 24x7(Anamika) VIP Call Girls Napur Call Now 8617697112 Napur Escorts 24x7
(Anamika) VIP Call Girls Napur Call Now 8617697112 Napur Escorts 24x7
 
Malegaon Call Girls Service ☎ ️82500–77686 ☎️ Enjoy 24/7 Escort Service
Malegaon Call Girls Service ☎ ️82500–77686 ☎️ Enjoy 24/7 Escort ServiceMalegaon Call Girls Service ☎ ️82500–77686 ☎️ Enjoy 24/7 Escort Service
Malegaon Call Girls Service ☎ ️82500–77686 ☎️ Enjoy 24/7 Escort Service
 
Organizational Transformation Lead with Culture
Organizational Transformation Lead with CultureOrganizational Transformation Lead with Culture
Organizational Transformation Lead with Culture
 
Call Girls From Pari Chowk Greater Noida ❤️8448577510 ⊹Best Escorts Service I...
Call Girls From Pari Chowk Greater Noida ❤️8448577510 ⊹Best Escorts Service I...Call Girls From Pari Chowk Greater Noida ❤️8448577510 ⊹Best Escorts Service I...
Call Girls From Pari Chowk Greater Noida ❤️8448577510 ⊹Best Escorts Service I...
 
Call Now ☎️🔝 9332606886🔝 Call Girls ❤ Service In Bhilwara Female Escorts Serv...
Call Now ☎️🔝 9332606886🔝 Call Girls ❤ Service In Bhilwara Female Escorts Serv...Call Now ☎️🔝 9332606886🔝 Call Girls ❤ Service In Bhilwara Female Escorts Serv...
Call Now ☎️🔝 9332606886🔝 Call Girls ❤ Service In Bhilwara Female Escorts Serv...
 
Lundin Gold - Q1 2024 Conference Call Presentation (Revised)
Lundin Gold - Q1 2024 Conference Call Presentation (Revised)Lundin Gold - Q1 2024 Conference Call Presentation (Revised)
Lundin Gold - Q1 2024 Conference Call Presentation (Revised)
 
Eluru Call Girls Service ☎ ️93326-06886 ❤️‍🔥 Enjoy 24/7 Escort Service
Eluru Call Girls Service ☎ ️93326-06886 ❤️‍🔥 Enjoy 24/7 Escort ServiceEluru Call Girls Service ☎ ️93326-06886 ❤️‍🔥 Enjoy 24/7 Escort Service
Eluru Call Girls Service ☎ ️93326-06886 ❤️‍🔥 Enjoy 24/7 Escort Service
 
Whitefield CALL GIRL IN 98274*61493 ❤CALL GIRLS IN ESCORT SERVICE❤CALL GIRL
Whitefield CALL GIRL IN 98274*61493 ❤CALL GIRLS IN ESCORT SERVICE❤CALL GIRLWhitefield CALL GIRL IN 98274*61493 ❤CALL GIRLS IN ESCORT SERVICE❤CALL GIRL
Whitefield CALL GIRL IN 98274*61493 ❤CALL GIRLS IN ESCORT SERVICE❤CALL GIRL
 
PHX May 2024 Corporate Presentation Final
PHX May 2024 Corporate Presentation FinalPHX May 2024 Corporate Presentation Final
PHX May 2024 Corporate Presentation Final
 
Dr. Admir Softic_ presentation_Green Club_ENG.pdf
Dr. Admir Softic_ presentation_Green Club_ENG.pdfDr. Admir Softic_ presentation_Green Club_ENG.pdf
Dr. Admir Softic_ presentation_Green Club_ENG.pdf
 
Al Mizhar Dubai Escorts +971561403006 Escorts Service In Al Mizhar
Al Mizhar Dubai Escorts +971561403006 Escorts Service In Al MizharAl Mizhar Dubai Escorts +971561403006 Escorts Service In Al Mizhar
Al Mizhar Dubai Escorts +971561403006 Escorts Service In Al Mizhar
 
Uneak White's Personal Brand Exploration Presentation
Uneak White's Personal Brand Exploration PresentationUneak White's Personal Brand Exploration Presentation
Uneak White's Personal Brand Exploration Presentation
 

RSAC2013 CME Group case study

  • 1. MANAGING TRUST & RISK Bryan Green, CME Group
  • 2. LEARNING OBJECTIVES ►  Building the Business Case for Trust ►  Building Trust ►  Maintaining Trust ►  Lessons learned and what you can do starting next week!
  • 3. ABOUT CME GROUP ►  Worlds largest and most diverse futures exchange in the world. ►  CME Group is comprised of ►  Chicago Mercantile Exchange (CME) ►  Chicago Board of Trade (CBOT) ►  New York Mercantile Exchange (NYMEX) ►  Commodities Exchange (COMEX) ►  Where the world comes to manage risk
  • 4. ABOUT CME GROUP ►  Highly Regulated Industry ►  Commodities Futures Trading Commission (CFTC) ►  Securities and Exchange Commission (SEC) ►  The Numbers ►  13.4 Million Average Daily Trades ►  3.4 Billion Contracts Traded in 2011 ►  Over $1 Quadrillion in Notational Value in 2011 ►  1 Quadrillion = 1000 Trillion
  • 5. BUILDING THE BUSINESS CASE ►  Move to common authentication scheme ►  Replace PAC files ►  Replace RSA Tokens ►  Lower authentication TCO ►  Replace RSA Token after 2011 breach in trust ►  Bring security controls in house ►  Improve existing PKI assurance
  • 6. BUIDLING TRUST ►  Build PKI with a high level of assurance ►  Secured with offline CAs ►  Secured with Hardware Security Modules ►  Secured with multi-party authentication
  • 7. BUIDLING TRUST ►  Documented Processes ►  Audited ►  Enterprise Key and Certificate Management
  • 8. MAINTAINING TRUST “Trust can take years to build, seconds to destroy, and forever to repair.” - Unknown
  • 9. MAINTAINING TRUST ►  What can break trust? ►  Lax Access Controls ►  Who has access to your private keys? Are you sure? Can you prove it? ►  Antiquated Security Standards ►  Insecure hashing algorithms ►  Outdated Key Length
  • 11. DEMO: POLICY ENFORCEMENT ▶  https://ssl-tools.verisign.com/#csrValidator -----BEGIN NEW CERTIFICATE REQUEST----- MIIByjCCATMCAQAwgYkxCzAJBgNVBAYTAlVTMQswCQYDVQQIEwJJTDEQMA4GA1UEBxMHQ2hpY2Fn bzESMBAGA1UEChMJQ01FIEdyb3VwMQ0wCwYDVQQLEwRFVFBBMSEwHwYJKoZIhvcNAQkBFhJub29u ZUBjbWVncm91cC5jb20xFTATBgNVBAMMDCouZ29vZ2xlLmNvbTCBnzANBgkqhkiG9w0BAQEFAAOB jQAwgYkCgYEAgAC6Fu1s3K+zwouWkxcnWISSeZ49bE9bMc916GU7rbX7dUR4OUCLMtTX6FGxeam8 Nnt9zd8F3RZjKN2LY7q8IMTKWZ42snuHhJ3Xr6CJ5Y8rX7/vuwCt2Os4DGM261lo6Bi9ns9eVDJE Rq6h055Tl0sDTVrLvIWQScTXkI6TNo0CAwEAAaAAMA0GCSqGSIb3DQEBBAUAA4GBACSDXSv4fRlL 6l1v0qz3DQ89VHVtcMXkgRnNN2zL/EY6FJgumv2VKIBcvdB+ECNowWgdBOzBFjZOlvyux2jEBbO9 /vkojVwrG+xI4G1Zeh5vMLvbc3sD+NK50+aKYZ/Sq8sEyMFWxbzEk8Zi5nV/TO+jWFe+3cDpLKdh Yt1H4aQ+ -----END NEW CERTIFICATE REQUEST-----
  • 13. POLICY ENFORCEMENT: EVEN BETER Set central policies to eliminate errors, mistakes, guesswork, audit violations, and much worse
  • 14. MAINTAINING TRUST ►  What can break trust? ►  Poor Key and Certificate Management ►  Expired Certificates ►  Certificate CN mismatches.
  • 16. LESSONS LEARNED What We Didn’t Know ►  Level of required processes ►  Documentation ►  Key Transport ►  Cross Organizational Engagement Creates Trust ►  Trust Creates Demand
  • 17. LESSONS LEARNED How Our Process is Changing ►  Built-in ►  Policy enforcement ►  Visibility & tracking ►  Support many, many different use cases ►  Devices ►  Encryption v. authentication ►  When to use Internal v. Hosted PKI ►  Less reliance on hosted PKI
  • 18. LESSONS LEARNED What’s next for CME Group ►  Figuring out what we have ►  Venafi Director for Internal and External Inventory Scans ►  Prioritizing demand ►  With limited PKI SMEs we have to prioritize. ►  Internal Education ►  PKI is voodoo! ►  Automate, automate, automate! ►  Policy Enforcement ►  Enrollment ►  Self Service
  • 19. LESSONS LEARNED What’s next for Your Organization? ►  Today ►  Do you have an internal PKI? ►  What is the current state of your PKI? ►  3 Months ►  Plan for certificate based encryption and authentication ►  Develop your business case! ►  6 Months ►  Budget money ►  Budget time ►  Engage SMEs for help. If you don’t get it right the first time, there can’t be any trust!