The document discusses data tokenization for PCI compliance and cloud environments. Tokenization involves replacing sensitive data like primary account numbers (PANs) with surrogate values called tokens. This reduces the scope of PCI compliance and increases security by removing the actual sensitive data from systems. Tokenization options include internal and third-party solutions. Third-party tokenization can ease implementation but limits flexibility, while internal solutions give more control. The document also covers tokenization use cases, implementing tokenization securely, and how tokenization can reduce PCI scope for e-commerce and other applications.
CISSPills are short-lasting presentations covering topics to study in order to prepare CISSP exam. CISSPills is a digest of my notes and doesn't want to replace a studybook, it wants to be only just another companion for self-paced students.
Every issue covers different topics of CISSP's CCBK and the goal is addressing all the 10 domains which compose CISSP.
IN THIS ISSUE:
Domain 1: Access Control
- Identity Management
- Centralised vs Decentralised Access Control
- Directories
- Single Sign-On
- Kerberos
- Kerberos Process
- Kerberos Weaknesses
- SESAME
My 2012 homerun in IT-security: For many years nothing happened in Web security - with respect to security-enabling the HTTP stack. This is not true anymore: game-changing innovations do emerge right now. Their impact will - likely - be pervasive. It is important to understand what exactly is being launched, why this is happening and which forces are driving this. This presentation establishes this context and elaborates on the implications.
This presentation provides information and tips to assist accountants and audits in introducing cloud technologies into their business. Auditflow - www.auditflow.com - offers a range of innovative audit compliance solutions. Mediasphere - www.mediasphere.com.au - builds websites and client portals for accountants and auditors globally.
Contact Tony Carrucan on tonyc@mediasphere.com.au for more information
CISSPills are short-lasting presentations covering topics to study in order to prepare CISSP exam. CISSPills is a digest of my notes and doesn't want to replace a studybook, it wants to be only just another companion for self-paced students.
Every issue covers different topics of CISSP's CCBK and the goal is addressing all the 10 domains which compose CISSP.
IN THIS ISSUE:
Domain 1: Access Control
- Identity Management
- Centralised vs Decentralised Access Control
- Directories
- Single Sign-On
- Kerberos
- Kerberos Process
- Kerberos Weaknesses
- SESAME
My 2012 homerun in IT-security: For many years nothing happened in Web security - with respect to security-enabling the HTTP stack. This is not true anymore: game-changing innovations do emerge right now. Their impact will - likely - be pervasive. It is important to understand what exactly is being launched, why this is happening and which forces are driving this. This presentation establishes this context and elaborates on the implications.
This presentation provides information and tips to assist accountants and audits in introducing cloud technologies into their business. Auditflow - www.auditflow.com - offers a range of innovative audit compliance solutions. Mediasphere - www.mediasphere.com.au - builds websites and client portals for accountants and auditors globally.
Contact Tony Carrucan on tonyc@mediasphere.com.au for more information
Security+ Guide to Network Security Fundamentals, 3rd Edition, by Mark Ciampa
Knowledge and skills required for Network Administrators and Information Technology professionals to be aware of security vulnerabilities, to implement security measures, to analyze an existing network environment in consideration of known security threats or risks, to defend against attacks or viruses, and to ensure data privacy and integrity. Terminology and procedures for implementation and configuration of security, including access control, authorization, encryption, packet filters, firewalls, and Virtual Private Networks (VPNs).
CNIT 120: Network Security
http://samsclass.info/120/120_S09.shtml#lecture
Policy: http://samsclass.info/policy_use.htm
Many thanks to Sam Bowne for allowing to publish these presentations.
Nimrod Luria, Head of Information Security department at Hi-tech College and the CTO of Qrity.
* Private clouds arcitechture, with focusing
on Microsoft technologies
* Description of threats on cloud systems
* Secure developing & ways to penetrate
and attack systems hosted on cloud
environment
Introduction to Public Key InfrastructureTheo Gravity
Adonis Fung and I worked on a project where we defined and built PKI (Public Key Infrastructure) for our local development and deployed environments. I gave a talk to our engineers on how PKI works, covering encryption, signing, trust stores, and how the HTTPS handshake works.
By the end of this webinar you should be able to understand
What exactly is Blockchain technology?
Why are companies are embracing Blockchain technologies?
Overview of major Enterprise Blockchains (Hyperledger, Ethereum, Quorum and R3 Corda)
What are the most in demand Blockchain Certifications?
How do these certification meet the needs of todays Enterprises?
What about Blockchain Career Demand?
What is a Blockchain?
A cryptographically secure, shared, distributed ledger.
Immutable transactions are written on this distributed ledger on distributed nodes
Transformational technology in which business and government invest in.
It’s a decentralized database which stores information in the form of transactions.
What IT Professionals Should know about where the Future of Blockchain Technology is going.
As an enterprise IT professional, you may be wondering where all the hype is going with blockchain? Blockchains are an open-source distributed database that use state-of-the-art cryptography to essentially facilitate transactions and or interactions that can be either financial or non-financial data. A Blockchain essentially is a record of transactions similar to a traditional ledger. These transactions can be recorded for anything and not just financial Blockchain is NOT Bitcoin Blockchain is NOT just about Cryptocurrency Blockchain is to Bitcoin, what the internet is to email Blockchain is now really about providing value to the enterprise
Whether you just now learning about what blockchain technology is or your deeply involved in a Proof of Concept (POC) then learning about the disruptive nature of blockchain technology is the right move especially technologies such as AI, ML and IoT are now enabling solid use cases with blockchains.
The seminar will cover topics such as.
• What exactly is Blockchain technology and why is so disruptive?
• Why are companies are embracing Blockchain technologies?
• Overview of major Enterprise Blockchains (Hyperledger, Ethereum, Quorum and R3 Corda)
• What are the industries that are ripe for disruption from Blockchain Technology?
• What is Blockchain as a Service (BaaS) and why as an IT Professional you should understand this technology.
• The top five areas that IT Pros should learn to profit from Blockchain
Scott Rea - IoT: Taking PKI Where No PKI Has Gone BeforeDigiCert, Inc.
Presentation by Scott Rea, DigiCert's Sr. PKI Architect, at AppSec California 2015.
Abstract:
Traditional PKI focuses on binding a public key to the keyholder’s identity, which is implicitly assumed to be a well-defined, relatively static thing (such as individual’s full name or email address, or the hostname of a public webserver). However, in the envisioned smart grid, for example, the relevant properties of the keyholder are not just the device’s identity (i.e. this is a meter made by ACME or this is a refrigerator made by GE) but its context: This is a refrigerator in the apartment rented by Alice, who buys power from X.
This context information will not necessarily be known until device installation and also may change dynamically. What if Alice sells her fridge on Craigslist or sublets her apartment to Bob? What if repair personnel replace Alice’s meter? This information may also not be particularly simple. What if Alice’s landlord owns many apartment buildings, and changes power vendors to get a better rate?
If our cryptographic infrastructure is going to enable relying parties to make the right judgments about IoT devices (such as the example provided using Smart Grid), this additional contextual information needs to be available. We can try to modify a traditional identity-based PKI to attest to these more dynamic kinds of identities, and we can also try to adapt the largely experimental world of attribute certificates to supplement the identity certificates in the smart-grid PKI. Either of these approaches will break new ground.
Alternatively, we can leave the identity PKI in place and use some other method of maintaining and distributing this additional data; which would require supplementing our scalable PKI with a non-scalable database.
In any of these approaches, we also need to think about who is authorized to make these dynamic updates or who is authoritative for making these types of attestations. Who witnesses that Alice has sold her refrigerator? Thinking about this organizational structure IoT devices also complicates the revocation problem. If we can’t quite figure out who it is that speaks for where a device currently lives, how will we figure out who it is who is authorized to say it has been compromised?
In this presentation, all of these issues and more will be explored and actionable guidelines will be proposed to build a secure and scalable system of IDs and attributes for the complex networked world that awaits us all.
POC with a Cloud Service
A POC can be a simple setup or complex
Use a Cloud Service if possible to minimize resource commitments and costs
Testnets are available for most enterprise blockchains
Security+ Guide to Network Security Fundamentals, 3rd Edition, by Mark Ciampa
Knowledge and skills required for Network Administrators and Information Technology professionals to be aware of security vulnerabilities, to implement security measures, to analyze an existing network environment in consideration of known security threats or risks, to defend against attacks or viruses, and to ensure data privacy and integrity. Terminology and procedures for implementation and configuration of security, including access control, authorization, encryption, packet filters, firewalls, and Virtual Private Networks (VPNs).
CNIT 120: Network Security
http://samsclass.info/120/120_S09.shtml#lecture
Policy: http://samsclass.info/policy_use.htm
Many thanks to Sam Bowne for allowing to publish these presentations.
Nimrod Luria, Head of Information Security department at Hi-tech College and the CTO of Qrity.
* Private clouds arcitechture, with focusing
on Microsoft technologies
* Description of threats on cloud systems
* Secure developing & ways to penetrate
and attack systems hosted on cloud
environment
Introduction to Public Key InfrastructureTheo Gravity
Adonis Fung and I worked on a project where we defined and built PKI (Public Key Infrastructure) for our local development and deployed environments. I gave a talk to our engineers on how PKI works, covering encryption, signing, trust stores, and how the HTTPS handshake works.
By the end of this webinar you should be able to understand
What exactly is Blockchain technology?
Why are companies are embracing Blockchain technologies?
Overview of major Enterprise Blockchains (Hyperledger, Ethereum, Quorum and R3 Corda)
What are the most in demand Blockchain Certifications?
How do these certification meet the needs of todays Enterprises?
What about Blockchain Career Demand?
What is a Blockchain?
A cryptographically secure, shared, distributed ledger.
Immutable transactions are written on this distributed ledger on distributed nodes
Transformational technology in which business and government invest in.
It’s a decentralized database which stores information in the form of transactions.
What IT Professionals Should know about where the Future of Blockchain Technology is going.
As an enterprise IT professional, you may be wondering where all the hype is going with blockchain? Blockchains are an open-source distributed database that use state-of-the-art cryptography to essentially facilitate transactions and or interactions that can be either financial or non-financial data. A Blockchain essentially is a record of transactions similar to a traditional ledger. These transactions can be recorded for anything and not just financial Blockchain is NOT Bitcoin Blockchain is NOT just about Cryptocurrency Blockchain is to Bitcoin, what the internet is to email Blockchain is now really about providing value to the enterprise
Whether you just now learning about what blockchain technology is or your deeply involved in a Proof of Concept (POC) then learning about the disruptive nature of blockchain technology is the right move especially technologies such as AI, ML and IoT are now enabling solid use cases with blockchains.
The seminar will cover topics such as.
• What exactly is Blockchain technology and why is so disruptive?
• Why are companies are embracing Blockchain technologies?
• Overview of major Enterprise Blockchains (Hyperledger, Ethereum, Quorum and R3 Corda)
• What are the industries that are ripe for disruption from Blockchain Technology?
• What is Blockchain as a Service (BaaS) and why as an IT Professional you should understand this technology.
• The top five areas that IT Pros should learn to profit from Blockchain
Scott Rea - IoT: Taking PKI Where No PKI Has Gone BeforeDigiCert, Inc.
Presentation by Scott Rea, DigiCert's Sr. PKI Architect, at AppSec California 2015.
Abstract:
Traditional PKI focuses on binding a public key to the keyholder’s identity, which is implicitly assumed to be a well-defined, relatively static thing (such as individual’s full name or email address, or the hostname of a public webserver). However, in the envisioned smart grid, for example, the relevant properties of the keyholder are not just the device’s identity (i.e. this is a meter made by ACME or this is a refrigerator made by GE) but its context: This is a refrigerator in the apartment rented by Alice, who buys power from X.
This context information will not necessarily be known until device installation and also may change dynamically. What if Alice sells her fridge on Craigslist or sublets her apartment to Bob? What if repair personnel replace Alice’s meter? This information may also not be particularly simple. What if Alice’s landlord owns many apartment buildings, and changes power vendors to get a better rate?
If our cryptographic infrastructure is going to enable relying parties to make the right judgments about IoT devices (such as the example provided using Smart Grid), this additional contextual information needs to be available. We can try to modify a traditional identity-based PKI to attest to these more dynamic kinds of identities, and we can also try to adapt the largely experimental world of attribute certificates to supplement the identity certificates in the smart-grid PKI. Either of these approaches will break new ground.
Alternatively, we can leave the identity PKI in place and use some other method of maintaining and distributing this additional data; which would require supplementing our scalable PKI with a non-scalable database.
In any of these approaches, we also need to think about who is authorized to make these dynamic updates or who is authoritative for making these types of attestations. Who witnesses that Alice has sold her refrigerator? Thinking about this organizational structure IoT devices also complicates the revocation problem. If we can’t quite figure out who it is that speaks for where a device currently lives, how will we figure out who it is who is authorized to say it has been compromised?
In this presentation, all of these issues and more will be explored and actionable guidelines will be proposed to build a secure and scalable system of IDs and attributes for the complex networked world that awaits us all.
POC with a Cloud Service
A POC can be a simple setup or complex
Use a Cloud Service if possible to minimize resource commitments and costs
Testnets are available for most enterprise blockchains
Securing Your Data for Your Journey to the CloudLiwei Ren任力偉
n the era of cloud computing, data security is one of the concerns for adopting cloud applications. In this talk, we will investigate a few general data security issues caused by cloud platforms: (a) Data security & privacy for the residence in cloud when using cloud SaaS or cloud apps; (b) Data leaks to personal cloud apps directly from enterprise networks; (c) Data leaks to personal cloud apps indirectly via BYOD devices.
Multiple technologies do exist for solving these data security issues. They are CASB , Cloud Encryption Gateway, Cloud DLP, and even traditional DLP. Those products or services are ad-hoc in nature. In long term, general cloud security technologies such as FHE (fully homomorphic encryption) or MPC (multi-party computation) should be implemented when they become practical.
Federation Evolved: How Cloud, Mobile & APIs Change the Way We Broker IdentityCA API Management
Understanding how emerging standards like OAuth and OpenID Connect impact federation
Federation is a critical technology for reconciling user identity across Web applications. Now that users consume the same data through cloud and mobile, federation infrastructure must adapt to enable these new channels while maintaining security and providing a consistent user experience.
This webinar will examine the differences between identity federation across Web, cloud and mobile, look at API specific use cases and explore the impact of emerging federation standards.
You Will Learn
Best practices for federating identity across mobile and cloud
How emerging identity federation standards will impact your infrastructure
How to implement an identity-centric API security and management infrastructure
Presenters
Ehud Amiri
Director, Product Management, CA Technologies
Francois Lascelles
Chief Architect, Layer 7
What is Payment Tokenization?
Tokenization enables banks, acquirers and merchants to offer more secure (mobile) payment services.
It is the process of replacing card data with alternate values.
The original personal account number (PAN) is disconnected and replaced with a unique identifier called a payment token.
The ‘mapping’ between the real PAN and the payment tokens is safely stored in the token vault.
With tokenization the original PAN information is removed from environments where data can be vulnerable.
Why tokenization?
Tokenization heavily reduces payment fraud by removing confidential consumer credit card data from the network.
The original data stays in the bank’s control. External systems have no access to this.
Tokens are not based on cryptography and can therefore not be traced back to the original value.
How does tokenization work?
Step 1: A payment token is generated from the PAN for one time use within a specific domain such as a merchant’s website or channel.
Tokens are sent to the token vault and stored in a PCI-compliant environment which does not allow merchants to store credit card numbers.
Step 2: Tokens are loaded on the mobile device.
Step 3: The NFC device makes a payment at a merchant’s NFC point-of-sales (POS) terminal.
Step 4: The POS terminal sends the token to the acquiring bank, which sends it to the issuing bank through the payment network.
Step 5: The issuer de-tokenizes the token to the real PAN and, if in order, approves the payment.
Step 6: After authorization from the card issuer, the token is returned to the merchant’s POS terminal.
Payment tokens perform like the original PAN for returns, sales reports, marketing analysis, recurring payments etc.
20. How can I issue tokens?
In order to use tokenization, a bank or merchant should become a token service provider (TSP).
A TSP manages the entire lifecycle of payment credentials including:
1. Tokenization: replaces the PAN with a payment token.
2. De-Tokenization: converts the token back to the PAN using the token vault.
3. Token vault: establishes and maintains the payment token to PAN mapping.
4. Domain management: improves protection by defining payment tokens for specific use.
5. Clearing and settlement: ad-hoc de-tokenization during clearing and settlement process.
6. Identification and verification: ensures the original PAN is legitimately used by the token requestor.
Thinking of issuing payment tokens to e.g. secure mobile payments or secure your online sales channel? Bell ID can help: www.bellid.com – info@bellid.com
Martin Cox – Global Head of Sales
To increase the security of mobile payments, many payment schemes nowadays apply a technology called tokenization.
Tokenization is the process of replacing an existing payment card number with a surrogate value (token).
This token is used during a payment transaction, keeping the original card number safe.
A Token Service Provider (TSP) is an entity within the payments ecosystem that generates and manages tokens.
The TSP maps the original card number with the payment tokens and stores this safely in a token vault.
Often these tokens can only be used in a specific domain such as a merchant’s online website or channel, limiting the risk even further.
A TSP manages the entire lifecycle of payment credentials including: Token Requestor Authorization Host
1. Tokenization: Replaces the PAN with a payment token.
2. De-tokenization: Converts the token back to the PAN using the token vault.
3. Token vault: Establishes and maintains the payment token to PAN mapping.
4. Domain management: Adds additional security by restricting tokens to be used within specific (retail) channels or domains.
5. Identification and verification: Ensures that the payment token is replacing a PAN that was legitimately used by the token requestor.
6. Clearing and settlement: Ad-hoc de-tokenization during clearing and settlement process.
Issuers, acquirers and merchants that wish to offer mobile and/or digital payments to customers can become a TSP.
Becoming your own TSP gives full control over the tokenization process: creation, storage, issuance and management.
By having your own TSP, you are in full control of digital payments by issuing tokens directly without third party intervention.
By using a third party TSP from the payment schemes, issuers need to integrate with each payment scheme.
Benefits of having you own TSP:
1. Reduce long term costs: no additional TSP fees from the payment schemes.
2. On-us transactions: save on transaction fees when you are the issuing as well as the acquiring bank.
3. Banks retain their privacy because data and roadmaps do not have to be shared with the schemes.
4. Keep track of customer payment behavior to gain valuable insight and be able to offer personalized services.
5. Expand to multiple use cases. Host Card Emulation Embedded SE Internet: Card-Not-Present Value added services / non-card payments
6. Have your own strategy and be future proof in order to stay competitive.
Bell ID® Token Service Provider enables issuers and processors to perform the role of a Token Service Provider.
This white paper examines the factors that have driven rapid adoption of tokenization among retailers and other merchants, and offers lessons from the PCI experience that can be applied to other industries and use cases.
PCI Descoping: How to Reduce Controls and Streamline ComplianceTokenEx
Descoping a data environment by decreasing the amount of PCI traversing it is one of the simplest and most effective ways of complying with the PCI DSS. By outsourcing the handling of sensitive payment information to security experts, organizations can reduce compliance and operational costs while minimizing the risk and liability associated with a potential data breach. Tokenization is especially effective at this due to its ability to remove sensitive data from an environment and store it in a secure, cloud-based token vault.
In this deck you will learn:
PCI controls for organizations that handle card information
Which controls can be removed from scope
How cloud-based tokenization outsources PCI compliance to a tokenization provider
Additional strategies and best practices for achieving PCI compliance
PCI Scope Reduction Using Tokenization for Security Assessors (QSA, ISA)TokenEx
Achieving and maintaining compliance with the PCI DSS (Payment Card Industry Data Security Standard) is a complex and painful process that can vary widely across different industries and businesses. PCI scope reduction can simplify and reduce the pain of compliance for many organizations.
Quiterian Analytics is a self-service, web based, visual data mining, advance analytics and predictive platform with which companies can perform indepth and agile customer analytics on the fly without the need for metadata, or aggregates.
I have helped more than 100 customers build new and innovative services for their customers with the help of IoT technology. With this slides, I share the lessons learned working with these customers as they start a journey into improved digitalization. My focus is on IT operations and project management.
Point-to-Point Encryption: Best Practices and PCI Compliance UpdateMerchant Link
Point-to-point encryption (P2PE) is gaining momentum as one of the most effective ways to secure payment data as it moves through and from the merchant environment. Recently, the technology got the official nod from the PCI Council with the release of their final requirements to safely deploy P2PE solutions.
In this webinar, recorded on 9-26-12, attendees were able to:
* Find out what was discussed at the PCI Community Meeting and where the Council is headed as it relates to P2PE and PCI compliance
* Learn best practices for P2PE implementation and encryption key management
* Identify different types of P2PE solutions and evaluate which one is right for you
* Understand how the upcoming move to EMV will impact and integrate with P2PE
Usage Based Metering in the Cloud (Subscribed13)Zuora, Inc.
CloudPassage - Rand Wacker, VP Products
Link Bermuda - Winston Morton, VP Technology
Want to move to a usage-based pricing model but afraid of how to accurately measure and bill your customers? Come and learn about the processes and technology used to manage this advanced pricing model from two leading cloud service providers.
Cloud computing is more than an opportunity to lower the costs of IT as it has been; it's a chance to re-envision IT as fundamentally more connected, more immediate, and more responsive to the needs of tomorrow's competitive environment.
Having the Cloud Conversation: Why the Business Architect Should CarePeter Coffee
Peter Coffee presentation at The Open Group in Seattle, February 2010, on business incentives and handling of business concerns surrounding cloud computing
Elevating Tactical DDD Patterns Through Object CalisthenicsDorra BARTAGUIZ
After immersing yourself in the blue book and its red counterpart, attending DDD-focused conferences, and applying tactical patterns, you're left with a crucial question: How do I ensure my design is effective? Tactical patterns within Domain-Driven Design (DDD) serve as guiding principles for creating clear and manageable domain models. However, achieving success with these patterns requires additional guidance. Interestingly, we've observed that a set of constraints initially designed for training purposes remarkably aligns with effective pattern implementation, offering a more ‘mechanical’ approach. Let's explore together how Object Calisthenics can elevate the design of your tactical DDD patterns, offering concrete help for those venturing into DDD for the first time!
Accelerate your Kubernetes clusters with Varnish CachingThijs Feryn
A presentation about the usage and availability of Varnish on Kubernetes. This talk explores the capabilities of Varnish caching and shows how to use the Varnish Helm chart to deploy it to Kubernetes.
This presentation was delivered at K8SUG Singapore. See https://feryn.eu/presentations/accelerate-your-kubernetes-clusters-with-varnish-caching-k8sug-singapore-28-2024 for more details.
The Art of the Pitch: WordPress Relationships and SalesLaura Byrne
Clients don’t know what they don’t know. What web solutions are right for them? How does WordPress come into the picture? How do you make sure you understand scope and timeline? What do you do if sometime changes?
All these questions and more will be explored as we talk about matching clients’ needs with what your agency offers without pulling teeth or pulling your hair out. Practical tips, and strategies for successful relationship building that leads to closing the deal.
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...UiPathCommunity
💥 Speed, accuracy, and scaling – discover the superpowers of GenAI in action with UiPath Document Understanding and Communications Mining™:
See how to accelerate model training and optimize model performance with active learning
Learn about the latest enhancements to out-of-the-box document processing – with little to no training required
Get an exclusive demo of the new family of UiPath LLMs – GenAI models specialized for processing different types of documents and messages
This is a hands-on session specifically designed for automation developers and AI enthusiasts seeking to enhance their knowledge in leveraging the latest intelligent document processing capabilities offered by UiPath.
Speakers:
👨🏫 Andras Palfi, Senior Product Manager, UiPath
👩🏫 Lenka Dulovicova, Product Program Manager, UiPath
Generating a custom Ruby SDK for your web service or Rails API using Smithyg2nightmarescribd
Have you ever wanted a Ruby client API to communicate with your web service? Smithy is a protocol-agnostic language for defining services and SDKs. Smithy Ruby is an implementation of Smithy that generates a Ruby SDK using a Smithy model. In this talk, we will explore Smithy and Smithy Ruby to learn how to generate custom feature-rich SDKs that can communicate with any web service, such as a Rails JSON API.
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...DanBrown980551
Do you want to learn how to model and simulate an electrical network from scratch in under an hour?
Then welcome to this PowSyBl workshop, hosted by Rte, the French Transmission System Operator (TSO)!
During the webinar, you will discover the PowSyBl ecosystem as well as handle and study an electrical network through an interactive Python notebook.
PowSyBl is an open source project hosted by LF Energy, which offers a comprehensive set of features for electrical grid modelling and simulation. Among other advanced features, PowSyBl provides:
- A fully editable and extendable library for grid component modelling;
- Visualization tools to display your network;
- Grid simulation tools, such as power flows, security analyses (with or without remedial actions) and sensitivity analyses;
The framework is mostly written in Java, with a Python binding so that Python developers can access PowSyBl functionalities as well.
What you will learn during the webinar:
- For beginners: discover PowSyBl's functionalities through a quick general presentation and the notebook, without needing any expert coding skills;
- For advanced developers: master the skills to efficiently apply PowSyBl functionalities to your real-world scenarios.
JMeter webinar - integration with InfluxDB and GrafanaRTTS
Watch this recorded webinar about real-time monitoring of application performance. See how to integrate Apache JMeter, the open-source leader in performance testing, with InfluxDB, the open-source time-series database, and Grafana, the open-source analytics and visualization application.
In this webinar, we will review the benefits of leveraging InfluxDB and Grafana when executing load tests and demonstrate how these tools are used to visualize performance metrics.
Length: 30 minutes
Session Overview
-------------------------------------------
During this webinar, we will cover the following topics while demonstrating the integrations of JMeter, InfluxDB and Grafana:
- What out-of-the-box solutions are available for real-time monitoring JMeter tests?
- What are the benefits of integrating InfluxDB and Grafana into the load testing stack?
- Which features are provided by Grafana?
- Demonstration of InfluxDB and Grafana using a practice web application
To view the webinar recording, go to:
https://www.rttsweb.com/jmeter-integration-webinar
Straight Talk on Data Tokenization for PCI & Cloud
1. Straight Talk on Data Tokenization for
PCI & Cloud
PAN Data Tokens
Presented by:
Andy Thurai
Intel® Application Security & Identity Products
1
2. Tokenization and PCI
• Tokenization: replacing a valuable piece of information with
a surrogate value, or token
- In a PCI context, replacing PAN data with random number
strings
• Why tokens?
- Reduce PCI scope, cost of PCI compliance
- Increase security
2
3. Does it Apply to Me?
“ PCI DSS compliance includes merchants and service
providers who ACCEPT, CAPTURE, STORE, TRANSMIT
or PROCESS credit and debit card data.”
PCI DSS 2.0 standards became effective on
January 1st. Is your organization prepared?
3
4. The Case for Tokenization
• Replace PAN with
(random) number - token
• Use that random number
EVERYWHERE in your
environment
• Keep PAN and reference
to token
4
6. Tokenization Use Cases
• Tokenization replaces primary account number (PAN) data
with surrogate value, or “token”
• Token engine and vault in scope, but post-payment
applications may be out of scope
6
9. Tokenization
• Construction
- Tokens should be random
• Options
- Single- or multi-use
- Format preserving (characteristics of a PAN)
- Lifetime
• Tokenization is not encryption
- Encryption is reversible, tokens are not
- Encryption has a role in token vault
9
10. Tokenization and PCI Council
• Tokens can reduce scope
• “The level of PCI DSS scope
reduction offered by a tokenization
solution will also need to be
carefully evaluated for each
implementation.”
• “High-value” tokens may be in
scope, e.g.:
• Used as a payment instrument”
• Initiate a transaction
10
11. Tokenization and PCI Council
• What does it mean?
- Guidance is, well, guidance
- Tokenization can reduce PCI scope
- High-value tokens require additional controls
- High-value tokens used to initiate a transaction might be in
scope
• Remember
- Token engine and vault always in scope
- Access to token vault must be restricted
11
12. Implementing Tokenization: Options
Tokenization Option Advantages Disadvantages
Internal, Home Grown Control Security a core strength?
Time and cost to
implement
Internal, Package Control Cost
Flexibility
Time to implement
Expertise/functionality
3rd Party, Processor Easy implementation Cost
Good PCI scope reduction Limited flexibility
Compatibility with apps
Vendor lock-in
3rd Party, Token Vendor Easy implementation Cost
Good PCI scope reduction Compatibility with apps
Vendor lock-in
Business risk (12.8)
12
13. Implementing Tokenization: Options
• Third-party solutions appeal to smaller (L3, L4) merchants
- Ease
- Cost
• Internal hosting appropriate for larger (L1, L2) merchants
and service providers
- Control
- Technical capabilities
13
14. Implementing Tokenization: Security
• The tokenization security tradeoff
- Tokens are secure, but…
- Any breach of token vault could be devastating
• Protecting the token vault
- Restricting and authenticating users and access
- Segmenting network to isolate out of scope systems
- Ensuring physical security
- Managing PAN encryption and key management
14
15. Internal vs. External Tokenization
External Tokenization: Internal Tokenization:
• BIG Vision! • Easier to Implement
• Solves BIG Problems! • Solves URGENT Problems!
• Involves processors, brands, • Only involves YOUR
3rd parties organization
Example: Example:
Cybersource/VISA model
15
16. Intel Application Security and Identity Products
• Review of what is available today
• On-premise software, hardware or virtual machines for
• (1) Lightweight ESB, transformation, integration
• (2) Edge Security – Perimeter defense, Cloud API management,
authentication, throttling, metering, auditing
• (3) Tokenization – PCI DSS, format preserving tokenization for service
calls, documents, files and databases
16
17. Data Tokenization for Cloud or PCI
Tokenization enables faster searching for data vs
encryption 17
18. Expressway PCI Scope Reduction with Internal Tokenization
Hosted
Payment Payment
Gateways Processors
Payment
Applications
Customer
Internet Data Warehouse
Retail / Card Swipe / Chip Reader Store
/ Keypad Server
Point of Sale
Environment
(POS)
CRM Order
Applications Processing
Applications
Point of Sale Environment PCI Scope
Complete Merchant PCI Scope Merchant
Data Center
Reduced or Removed PCI Scope
18
19. Goal: E-Commerce Order Processing
Manual Invoice Processing Problem: Exception cases require manual
review, bringing additional systems into scope
Solution: Internal tokenization
Payment
Processor
E-Commerce Invoice with Payment BPM Supply
Web Server Supply
Website Credit Card Number Application System Chain App Chain App
Order
Exception
Manual review of
invoice and re-entry
Portal Additional
…
Data Store Post-Payment
Applications
PCI Scope
Merchant
Data Center
19
20. Goal: E-Commerce Order Processing
Manual Invoice Processing Problem: Exception cases require manual
review, bringing additional systems into scope
Solution: Internal tokenization
Payment
Processor
E-Commerce Invoice with Payment BPM Supply
Web Server Supply
Website Credit Card Number Application System Chain App Chain App
Order
Exception
Manual review of
invoice and re-entry
Portal Additional
…
Data Store Post-Payment
Applications
PCI Scope
Merchant
Data Center
20
21. Goal: Bill Processing, Consolidation, Printing
Financial Statement Processor Problem: Non-payment processing applications
contain PAN information, increasing scoping
costs
Solution: Internal tokenization
Customer Customized Bills
Billing Information and Statements
Documents
Large Data with original PAN
Feeds with PAN data
Data
Connected App.
Databases Portals
IBM WebSphere Middleware Invoicing, Bill Payment Bill Production and Printing
Bank Statement Customization
and Consolidation
PCI Scope Service Provider
Data Center
21
22. Goal: Bill Processing, Consolidation, Printing
Financial Statement Processor Problem: Non-payment processing applications
contain PAN information, increasing scoping
costs
Solution: Internal tokenization
Data w/ Tokens
Customer Customized Bills
Billing Information and Statements
Documents
Large Data with original PAN
Edge Security + Tokenization
Feeds with PAN data
Data
Connected App.
Databases Portals
Invoicing, Bill Payment Bill Production and Printing
Bank Statement Customization
and Consolidation
PCI Scope Service Provider
Data Center
22
27. Addressing PCI DSS Requirements
with Tokenization Broker
Intel® Expressway Tokenization
Requirement
Broker Capabilities
Build/ Maintain Secure
• Application-level security proxy & firewall.
Network
• Protects credit card data stored at rest/ in transit .
Protect Cardholder Data
• Supports tokenization for reduced PCI scope.
Maintain Vulnerability • Integrates with on-premise virus scanning servers
Management Program • Reduces threat of malicious attachments.
• Supports strong access control.
Implement Strong Access
• Integrates with existing identity management investments.
Control Measures
• Improves physical security for tokenization through tamper-resistant form-factor.
• Tracks, monitors & logs authorization requests from merchant to card
Regularly Monitor & Test
processor.
Networks
• Offers regular testing & alerts in case of server failures.
Maintain Information • Maintains auditable security policies in hardened form-factor.
Security Policy • Allows for convenient review & change control.
Review our QSA Assessors Guide, which shows how Tokenization
Broker addresses more than 200 PCI compliance requirements.
27
28. Intel® Expressway Tokenization Broker:
Features & Benefits
Feature Summary Benefit Summary
• Flexible Software Appliance Reduce or remove payment
Form Factor applications and databases from
• Secure Appliance Form Factor PCI scope
• Tokenization Own and manage PAN data
on-premise with a secure hardware
• Token Vault
appliance
• Authentication & Access Control Easily Choose tokenization scheme
• High Performance, optimized appropriate for your business
for Intel® Multi-Core High performance operation
ensures low-latency document
processing
Leverage existing Enterprise identity
management investments
Avoid token migration challenges
Minimize change to existing
applications compared to E2E
Encryption
28
29. For Additional Information, go to: www.intel.com/go/identity
Download Eval
Data Sheet
PCI White Paper
Assessors Guide
E-mail: intelsoainfo@intel.com 29
31. Market Shifts to Brokers to Solve Cloud Consumption Complexity
Functions: Service API:
Security/Governance, Billing,
Integration, Support, Process
Provider
• Apps
• SaaS, PaaS, IaaS
• IdM 3rd Party
IT Broker Service Broker • B2B
• Legacy Consumption
Provider
• App Mashups
Enterprise • Mobile CSB Platform CSB Platform
Private Cloud Public Cloud
Provider
CSB is a role in which a 3 Broker Types
company or other entity adds • Aggregation - Distributor/Solution Provider
Unify access via service bundling
value to one or more cloud • Integration - System Integrator
services on behalf of 1-n New functions via data/process integration
consumers of those services • Customization - ISV
New functions via service enhancement
Do-it-yourself IT and/or 3rd Party Consumption Models
Software and Services Group 31
32. Specialty Focus on Cloud Access & Security Brokerage
Identity & Services Brokers
IT Private IT Cloud Provider 3rd Party
Cloud Public/Hybrid Bundled Service
Access Platform Functions
Policy Enforce
Authentication
& Orchestrate
ID Integration
Compliance
IID Context
Federation
Transport
AuthZ
Enabling Technology
Strong Auth Access Data Security Gov & Integration Form Factor
Cloud Security Platform • Adaptive • SSO • Tokenization • API Mgt • Soft, hardware,
• Client aware • Provisioning PII, PHI, PAN • Edge Threats VM appliance
• Soft token • XACML • Encryption • Meter • Multi-tenant as-
• Hard token • STS Token • DLP • Orchestrate a service
• OOB Signing Mapping • SIEM • Transform • Mobile Browser
• IdM Connectors • Logs-Data, • Protocol & Native
User, Apps
Intel & McAfee are CSB platform technology providers
32
33. Cloud Access Broker Vision: Example IT as a Broker
IT Private
Supports “mix and match” of capabilities Cloud “Broker” IaaS and PaaS
Applications
per internal/external tenant
Identity HTTP,
Trusted Internal Network Broker REST
Tenant #1
Apps, IDM and SaaS Applications
Middleware
PII
M2M Service Tokenization
Call Tenant #2 HTTP
Departments 1-n Browser and Mobile
External Enterprise
Employees, Applications
Administrators API Mgt Browser and Mobile
Tenant 3 Applications
Portal/Browser
Strong HTTP,
Request
Auth REST
Transform &
Orchestrate
Tennant 4 Partner Apps &
3rd Party Brokers
HTTP,
REST/SOAP
• Extends security policy to cloud
• Complete visibility & audit
• Enables aggregation of services
• Protects PII data stored in cloud
• Up-levels security posture of providers with
strong auth overlay 33
34. Use Model: Cloud Security Gateway & API Security
• Perimeter Security
API/Service • Authentication
Proxy
• Quality of Service
• Policy Control
• API Versioning
SOAP/REST • Auditing
On premise
Enterprise applications
Service Clients Mobile Clients
See detailed back up for All Use Case Diagrams
34
35. Expressway provides API Security for vCloud
Non-vCloud Partner
(SOAP) REST API Security
• SSL/TLS Termination
• SOAP to REST Mediation
• Authentication
• HTTP Inspection
• Message Throttling
• Audit Logging
• API Masking
• API Versioning
•Strong Authentication
•Code Injection Protection
• Threat detection / AV
scanning in OVF files
Intel® Expressway can provide full API
protection and mediation for vCloud
35
36. Case Study
Hybrid Cloud Bursting (PaaS)
2. Local Authentication
Enterprise
4. AWS Credential Mapping
Private Cloud and Data Retrieval
IdM or Active
Directory
Amazon EC2 Storage
Service Gateway Public Cloud
Portal
Application The Gateway mediates access to public
cloud services
•Perimeter Security
1. Enterprise Portal Login
•Seamless User Experience
•Preserve existing IDM investments
•Abstract cloud providers
•Data Control
3. Resource Request
36
Editor's Notes
Visa: “Knowing only the token, the recovery of the original PAN must not be computationally feasible” see page 18
Intel Expressway Tokenization Broker enables an organization to tokenize sensitive data such as credit card information so that back end enterprise systems or cloud based environments do not store or handle the data directly. This has an added benefit of taking systems out of scope for PCI-DSS audits. Tokenization produces faster searches of data vs encrypting and decrypting data.
Editor’s Note: Once again, match the product components/benefits on this slide with the customer’s specific needs.
EAMSoftware Appliance Form FactorRed Hat AS5-64 bit, Solaris 10 64 bit, SLES 11, Windows 2003Secure Appliance Form FactorPhysical Tripwire, Secure Boot and BIOSSnooping protection, Seamless Disk EncryptionHardware Random Number GenerationTokenizationFormat preserving tokens based on secure random number generationToken VaultAutomatic encryption of PAN data (AES/3DES)Includes starter token vault Supports Oracle, MySQL, SQL ServerAuthentication and Access ControlIntegrates with identity management systems for secure PAN data retrievalPerformanceBuilt on Intel’s high-performance service gateway platform optimized for Intel® Multi-CoreCustomers’ benefits include: Reducing or removing payment applications and databases from PCI scopeOwning and managing PAN data on-premise with a secure hardware applianceEasilyChoosing the tokenization scheme appropriate for theirbusinesses High performance operation that ensures low-latency document processing Leveraging existing Enterprise identity management investmentsAvoiding token migration challengesMinimizing changes to existing applications compared to E2E Encryption
Resources on the PCI Solutions page of DP include the following: Eval Version of Tokenization Broker Data Sheet PCI DSS White Paper Gateway Tokenization Webinar Playback QSA Assessors Guide (New content’s being added on a regular basis- Please keep posted!)
While many varying definitions of a Cloud Service Brokerage exist, in general they follow the same value propositions. Gartner defines a CSB as a role in which a company or other entity adds value to one or more cloud services on behalf of 1-n consumers of those services. This can be further segmented into 3 broker types: An Aggregation brokerage that unifies service access for consumers through service bundling, unified billing, and is responsible for overall SLAs- today this is a common- for instance there are CSBs that say aggregate licensing, support, reporting, migration kits, etc for google apps. Many other examples exist.Integration Brokerages go one step further by organizing services, integrating multiple on-prem & cloud data service providers to create a complete product offering generally around a vertical industry or community business process. An example of this are many of the large B2B supply chain oriented exchanges that have connected vertical industries for years like GHX in healthcare or Covisint in automotive supply chain management. This role will go beyond the narrow B2B role to service any community business process. To run an integration brokerage with people & connected processes will require an experise on security, integration/translation, service governance & API management to name a few. Security is such an important & complex area that may evolve to specialized security brokerage providers that Integration brokerages leverage. Customization Brokerages actually create brand new value added services that may tailored uniquely for the Enterprise cloud consumer. In the CSB realm there is a role for 3rd party broker operators and a role where IT creates a brokerage for a certain set of services it wishes to maintain under its control as it manages consumption by internal departments. Many IT departments are already planning for a unified cloud access layer in their enterprise architectures to be operated in a private cloud. Bottom line CSBs- help simplify sourcing, technical consumption, increase time to market and add value with a better ROI.