SlideShare a Scribd company logo

What I Learned at RSAC 2020

Download as PPTX, PDF
Ulf Mattsson
Ulf Mattsson

An important part of RSAC 2020 focused on Business-Critical Application Security and we're seeing a transformational shift in technology. The enterprise architecture we used to know is changing. Cloud application development is accelerating and diversifying where many organizations have virtual machines, containers, and now serverless applications running in the cloud, transforming code into infrastructure. Microservices make a lot of sense for scale and development agility, but if everything is talking to everything else via APIs, it’s likely that there are many (and I mean many) application vulnerabilities. Additionally, API security is new, so processes are likely immature, and API security sits somewhere between application developers, DevOps, and cybersecurity, leading to organizational and skills challenges. We will organize this chaos from RSAC and discuss Security in The API Ecosystem. Security is morphing to a hybrid model for distributed policy enforcement across cloud-based environments. At the same time, organizations want central policy management for the whole environment. You will learn more about what I found interesting at RSAC: 1. “Emerging Privacy Issues” 2. “The Human Factor” 3. “Cloud Security” 4. “Advancements in Machine Learning” 5. “Security in App Development” 6. “Trends from the Innovation Sandbox” 7. “New Standards and Regulations” 8. “Security for The API Economy”

Technology
1 of 58
What I Learned at RSAC 2020
What I Learned at RSAC 2020
Ulf Mattsson • Head of Innovation at TokenEx • Chief Technology Officer at Protegrity • Chief Technology Officer at Atlantic BT Security Solutions • Chief Technology Officer at Compliance Engineering • Developer at IBM Research and Development • Inventor of 70+ issued US patents • Provided products and services for • Application Development, • Robotics, ERP, CRM and Web Apps, • Data Encryption and Tokenization, • Data Discovery, • Cloud Application Security Broker (CASB), • Web Application Firewall (WAF), • Managed Security Services, • Security Operation Center (SOC), • Benchmarking/Gap-analysis
RSAC USA 2020: 1. An important part of RSAC 2020 focused on Business-Critical Application Security and we're seeing a transformational shift in technology. 2. The enterprise architecture we used to know is changing. 3. Cloud application development is accelerating and diversifying where many organizations have virtual machines, containers, and now serverless applications running in the cloud, transforming code into infrastructure. 4. Microservices make a lot of sense for scale and development agility, but if everything is talking to everything else via APIs, it’s likely that there are many (and I mean many) application vulnerabilities. 5. API security is new, so processes are likely immature, and API security sits somewhere between application developers, DevOps, and cybersecurity, leading to organizational and skills challenges. 6. We will organize this chaos from RSAC and discuss Security in The API Ecosystem. 7. Security is morphing to a hybrid model for distributed policy enforcement across cloud-based environments. www.TokenEx.com
Interesting at RSAC USA 2020: 1.Emerging Privacy Issues 2. The Human Factor 3. Advancements in Machine Learning 4. Security in App Development 5. Trends from the Innovation Sandbox 6. New Standards and Regulations 7. Security for The API Economy 8. CSA Summit at RSA Conference 2020 9. Voting Security at RSA Conference 2020 www.TokenEx.com
www.TokenEx.com Number of frauds and identity thefts by year
Source: Verizon DBIR, data-breach-investigations-report Threat Actors www.TokenEx.com
Interesting at RSAC USA 2020: 1. Emerging Privacy Issues 2. The Human Factor 3. Advancements in Machine Learning 4. Security in App Development 5. Trends from the Innovation Sandbox 6. New Standards and Regulations 7. Security for The API Economy 8. CSA Summit at RSA Conference 2020 9. Voting Security at RSA Conference 2020
Interesting at RSAC USA 2020: 1. Emerging Privacy Issues 2. The Human Factor 3. Advancements in Machine Learning 4. Security in App Development 5. Trends from the Innovation Sandbox 6. New Standards and Regulations 7. Security for The API Economy 8. CSA Summit at RSA Conference 2020 9. Voting Security at RSA Conference 2020
www.TokenEx.com
The Difference Between Artificial Intelligence and Machine Learning • Artificial Intelligence describes the ability of machines to perform tasks that are typically associated with human activity and intelligence: reasoning, learning, natural language processing, perception, etc. Any “smart” activity performed by a machine falls under AI. • Artificial Intelligence is the capability of a machine to imitate intelligent human behavior. • Machine Learning is a subset of AI. • ML is a set of algorithms that are built to achieve AI: those algorithms require the ability to learn from data, modify themselves when exposed to more data, and are able to achieve a goal without being explicitly programmed. Source: BigID and Groundlabs www.TokenEx.com
Avatar - Swarm AI – A network of small brains
Swarm AI for Event Outcome Prediction
Interesting at RSAC USA 2020: 1. Emerging Privacy Issues 2. The Human Factor 3. Advancements in Machine Learning 4. Security in App Development 5. Trends from the Innovation Sandbox 6. New Standards and Regulations 7. Security for The API Economy 8. CSA Summit at RSA Conference 2020 9. Voting Security at RSA Conference 2020
DevOps & Security Day: Last year was a turning point for DevSecOps Days at RSA Conference, with over 800 practitioners engaging in the day-long Monday event. This year, the focus will be on how practitioners are handling the transformation to DevSecOps within their company, the types of problems they are surfacing which impeded their progress and how they are getting buy-in from all levels of the company.
DevOps & Security Day
Security Tools for DevOps Static Application Security Testing (SAST) examines all code — or runtime binaries (less effective for Micro Services) Fuzz testing is essentially throwing lots of random garbage at applications, seeing whether any particular (type of) garbage causes errors Vulnerability Analysis including platform configuration, patch levels or application composition to detect known vulnerabilities Runtime Application Self Protection (RASP) provides execution path scanning, monitoring and embedded application white listing (effective for Micro Services) Interactive Application Self- Testing (IAST) provides execution path scanning, monitoring and embedded application white listing (emerging) Source: Securosis, Webomates Regression testing enhances the visibility on your build quality before putting it in production. Examples: Full Regressions, Overnight Targeted Checks and Smoke Checks executed with manual, automation, crowdsourcing and artificial intelligence and allows a software development team to quickly validate their UI and API as well as load test it.
DevOps - Security for APIs and Microservices Source: Securosis Trend: Test/scan API flows, context, parameter input/output. DAST works better. Old: Larger monolithic apps that contain more context. SAST works well. Shift right Trend: IAST is emerging
Interesting at RSAC USA 2020: 1. Emerging Privacy Issues 2. The Human Factor 3. Advancements in Machine Learning 4. Security in App Development 5. Trends from the Innovation Sandbox 6. New Standards and Regulations 7. Security for The API Economy 8. CSA Summit at RSA Conference 2020 9. Voting Security at RSA Conference 2020 20
Trends from the Innovation Sandbox: - 6 vendors addressing app sec www.TokenEx.com21
www.TokenEx.com22
Interesting at RSAC USA 2020: 1. Emerging Privacy Issues 2. The Human Factor 3. Advancements in Machine Learning 4. Security in App Development 5. Trends from the Innovation Sandbox 6. New Standards and Regulations 7. Security for The API Economy 8. CSA Summit at RSA Conference 2020 9. Voting Security at RSA Conference 2020 23
#1 Siloed (Centralized) Identity YOU ACCOUNT ORG STANDARDS: Source: Sovrin.org 24
#2 Third-Party IDP (Federated) Identity YOU ACCOUNT ORG STANDARDS: IDP Source: Sovrin.org 25
#3 Self-Sovereign Identity (SSI) YOU CONNECTION PEER DISTRIBUTED LEDGER (BLOCKCHAIN) Source: Sovrin.org The Sovrin Network is the first public-permissioned blockchain designed as a global public utility exclusively to support self-sovereign identity and verifiable claims. Recent advancements in blockchain technology now allow every public key to have its own address, which is called a decentralized identifier (DID). 26
Emerging De Jure Standards for SSI Verifiable Credentials DID Auth DKMS (Decentralized Key Management System) DID (Decentralized Identifier) Source: Sovrin.org 27
• Privacy enhancing data de-identification terminology and classification of techniques Source: INTERNATIONAL STANDARD ISO/IEC 20889 Encrypted data has the same format Server model Local model Differential Privacy (DP) Formal privacy measurement models (PMM) De-identification techniques (DT) Cryptographic tools (CT) Format Preserving Encryption (FPE) Homomorphic Encryption (HE) Two values encrypted can be combined* K-anonymity model Responses to queries are only able to be obtained through a software component or “middleware”, known as the “curator** The entity receiving the data is looking to reduce risk Ensures that for each identifier there is a corresponding equivalence class containing at least K records *: Multi Party Computation (MPC) **: Example Apple and Google ISO Standard for Encryption and Privacy Models 28
User Payment Application Payment Network Payment Data Tokenization (VBT), encryption and keys User CASB User Call Center Application Format Preserving Encryption (FPE) PII Data Vault-based tokenization (VBT) Data Protection Use Cases – Tokenization and FPE User Data Warehouse PII Data Vault-less tokenization (VLT) Salesforce 29
Data Warehouse Centralized Distributed On- premises Public Cloud Private Cloud Vault-based tokenization y y Vault-less tokenization y y y y y y Format preserving encryption y y y y y Homomorphic encryption y y Masking y y y y y y Hashing y y y y y y Server model y y y y y y Local model y y y y y y L-diversity y y y y y y T-closeness y y y y y y Formal privacy measurement models Differential Privacy K-anonymity model Privacy enhancing data de-identification terminology and classification of techniques De- identification techniques Tokenization Cryptographic tools Suppression techniques Example of mapping of data security and privacy techniques (ISO) to different deployment models 30
Interesting at RSAC USA 2020: 1. Emerging Privacy Issues 2. The Human Factor 3. Advancements in Machine Learning 4. Security in App Development 5. Trends from the Innovation Sandbox 6. New Standards and Regulations 7. Security for The API Economy 8. CSA Summit at RSA Conference 2020 9. Voting Security at RSA Conference 2020 31
Source: Gartner Coding security directly into APIs has the following disadvantages: ■ Violates separation of duties. ■ Makes code more complex and fragile. ■ Adds extra maintenance burden. ■ Is unlikely to cover all aspects that are required in a full API security policy. ■ Not reusable. ■ Not visible to security teams. Security for Microservices www.TokenEx.com32
Source: Gartner Apply policies to APIs (for example, using an API gateway) but avoid situations where each API has a unique security policy Instead, leverage a reusable set of policies that are applied to APIs based on their categorization. Abstract any specific API characteristics (such as URL path) from the policies themselves Products Delivering API Security www.TokenEx.com33
On Premise tokenization • Limited PCI DSS scope reduction - must still maintain a CDE with PCI data • Higher risk – sensitive data still resident in environment • Associated personnel and hardware costs Cloud-Based tokenization • Significant reduction in PCI DSS scope • Reduced risk – sensitive data removed from the environment • Platform-focused security • Lower associated costs – cyber insurance, PCI audit, maintenance Total Cost and Risk of Tokenization in Cloud vs On-prem www.TokenEx.com34
Interesting at RSAC USA 2020: 1. Emerging Privacy Issues 2. The Human Factor 3. Advancements in Machine Learning 4. Security in App Development 5. Trends from the Innovation Sandbox 6. New Standards and Regulations 7. Security for The API Economy 8. CSA Summit at RSA Conference 2020 9. Voting Security at RSA Conference 2020 www.TokenEx.com35
www.TokenEx.com36
www.TokenEx.com37
www.TokenEx.com38
www.TokenEx.com39
www.TokenEx.com40
www.TokenEx.com41
www.TokenEx.com42
43
www.TokenEx.com44
www.TokenEx.com45
www.TokenEx.com46
www.TokenEx.com47
www.TokenEx.com48
www.TokenEx.com49
www.TokenEx.com50
www.TokenEx.com51
www.TokenEx.com52
www.TokenEx.com53
www.TokenEx.com54
Interesting at RSAC USA 2020: 1. Emerging Privacy Issues 2. The Human Factor 3. Advancements in Machine Learning 4. Security in App Development 5. Trends from the Innovation Sandbox 6. New Standards and Regulations 7. Security for The API Economy 8. CSA Summit at RSA Conference 2020 9. Voting Security at RSA Conference 2020 www.TokenEx.com55
Voting Security at RSA Conference 2020 www.TokenEx.com56
www.TokenEx.com57
Thank You! ulf@ulfmattsson.com www.TokenEx.com Ulf Mattsson, TokenEx

Recommended

Data Protection & Privacy During the Coronavirus Pandemic
Data Protection & Privacy During the Coronavirus PandemicData Protection & Privacy During the Coronavirus Pandemic
Data Protection & Privacy During the Coronavirus Pandemic
Ulf Mattsson
 
How to protect privacy sensitive data that is collected to control the corona...
How to protect privacy sensitive data that is collected to control the corona...How to protect privacy sensitive data that is collected to control the corona...
How to protect privacy sensitive data that is collected to control the corona...
Ulf Mattsson
 
The emerging pci dss and nist standards
The emerging pci dss and nist standardsThe emerging pci dss and nist standards
The emerging pci dss and nist standards
Ulf Mattsson
 
New regulations and the evolving cybersecurity technology landscape
New regulations and the evolving cybersecurity technology landscapeNew regulations and the evolving cybersecurity technology landscape
New regulations and the evolving cybersecurity technology landscape
Ulf Mattsson
 
Emerging application and data protection for cloud
Emerging application and data protection for cloudEmerging application and data protection for cloud
Emerging application and data protection for cloud
Ulf Mattsson
 
Emerging application and data protection for multi cloud
Emerging application and data protection for multi cloudEmerging application and data protection for multi cloud
Emerging application and data protection for multi cloud
Ulf Mattsson
 
Data protection on premises, and in public and private clouds
Data protection on premises, and in public and private cloudsData protection on premises, and in public and private clouds
Data protection on premises, and in public and private clouds
Ulf Mattsson
 
Jul 16 isaca london data protection, security and privacy risks - on premis...
Jul 16 isaca london data protection, security and privacy risks - on premis...Jul 16 isaca london data protection, security and privacy risks - on premis...
Jul 16 isaca london data protection, security and privacy risks - on premis...
Ulf Mattsson
 

Recommended

Data Protection & Privacy During the Coronavirus Pandemic
Data Protection & Privacy During the Coronavirus PandemicData Protection & Privacy During the Coronavirus Pandemic
Data Protection & Privacy During the Coronavirus Pandemic
Ulf Mattsson
 
How to protect privacy sensitive data that is collected to control the corona...
How to protect privacy sensitive data that is collected to control the corona...How to protect privacy sensitive data that is collected to control the corona...
How to protect privacy sensitive data that is collected to control the corona...
Ulf Mattsson
 
The emerging pci dss and nist standards
The emerging pci dss and nist standardsThe emerging pci dss and nist standards
The emerging pci dss and nist standards
Ulf Mattsson
 
New regulations and the evolving cybersecurity technology landscape
New regulations and the evolving cybersecurity technology landscapeNew regulations and the evolving cybersecurity technology landscape
New regulations and the evolving cybersecurity technology landscape
Ulf Mattsson
 
Emerging application and data protection for cloud
Emerging application and data protection for cloudEmerging application and data protection for cloud
Emerging application and data protection for cloud
Ulf Mattsson
 
Emerging application and data protection for multi cloud
Emerging application and data protection for multi cloudEmerging application and data protection for multi cloud
Emerging application and data protection for multi cloud
Ulf Mattsson
 
Data protection on premises, and in public and private clouds
Data protection on premises, and in public and private cloudsData protection on premises, and in public and private clouds
Data protection on premises, and in public and private clouds
Ulf Mattsson
 
Jul 16 isaca london data protection, security and privacy risks - on premis...
Jul 16 isaca london data protection, security and privacy risks - on premis...Jul 16 isaca london data protection, security and privacy risks - on premis...
Jul 16 isaca london data protection, security and privacy risks - on premis...
Ulf Mattsson
 
ISSA Atlanta - Emerging application and data protection for multi cloud
ISSA Atlanta - Emerging application and data protection for multi cloudISSA Atlanta - Emerging application and data protection for multi cloud
ISSA Atlanta - Emerging application and data protection for multi cloud
Ulf Mattsson
 
(SACON) Ramkumar Narayanan - Personal Data Discovery & Mapping - Challenges f...
(SACON) Ramkumar Narayanan - Personal Data Discovery & Mapping - Challenges f...(SACON) Ramkumar Narayanan - Personal Data Discovery & Mapping - Challenges f...
(SACON) Ramkumar Narayanan - Personal Data Discovery & Mapping - Challenges f...
Priyanka Aash
 
Where Data Security and Value of Data Meet in the Cloud
Where Data Security and Value of Data Meet in the CloudWhere Data Security and Value of Data Meet in the Cloud
Where Data Security and Value of Data Meet in the Cloud
Ulf Mattsson
 
Protecting Data Privacy in Analytics and Machine Learning
Protecting Data Privacy in Analytics and Machine LearningProtecting Data Privacy in Analytics and Machine Learning
Protecting Data Privacy in Analytics and Machine Learning
Ulf Mattsson
 
Evolving regulations are changing the way we think about tools and technology
Evolving regulations are changing the way we think about tools and technologyEvolving regulations are changing the way we think about tools and technology
Evolving regulations are changing the way we think about tools and technology
Ulf Mattsson
 
ISACA NA CACS 2012 Orlando session 414 Ulf Mattsson
ISACA NA CACS 2012 Orlando session 414 Ulf MattssonISACA NA CACS 2012 Orlando session 414 Ulf Mattsson
ISACA NA CACS 2012 Orlando session 414 Ulf Mattsson
Ulf Mattsson
 
Privacy preserving computing and secure multi party computation
Privacy preserving computing and secure multi party computationPrivacy preserving computing and secure multi party computation
Privacy preserving computing and secure multi party computation
Ulf Mattsson
 
Blockchain Decentralized Identifier (DID) Innovation Insights from Patents
Blockchain Decentralized Identifier (DID) Innovation Insights from PatentsBlockchain Decentralized Identifier (DID) Innovation Insights from Patents
Blockchain Decentralized Identifier (DID) Innovation Insights from Patents
Alex G. Lee, Ph.D. Esq. CLP
 
Enabling privacy and_traceability_in_supply_chains_using_blockchain_and_zero_...
Enabling privacy and_traceability_in_supply_chains_using_blockchain_and_zero_...Enabling privacy and_traceability_in_supply_chains_using_blockchain_and_zero_...
Enabling privacy and_traceability_in_supply_chains_using_blockchain_and_zero_...
Cláudia Alves
 
Risk Management Practices for PCI DSS 2.0
Risk Management Practices for PCI DSS 2.0Risk Management Practices for PCI DSS 2.0
Risk Management Practices for PCI DSS 2.0
Ulf Mattsson
 
Insecure magazine - 51
Insecure magazine - 51Insecure magazine - 51
Insecure magazine - 51
Felipe Prado
 
A practical data privacy and security approach to ffiec, gdpr and ccpa
A practical data privacy and security approach to ffiec, gdpr and ccpaA practical data privacy and security approach to ffiec, gdpr and ccpa
A practical data privacy and security approach to ffiec, gdpr and ccpa
Ulf Mattsson
 
ISACA Houston - How to de-classify data and rethink transfer of data between ...
ISACA Houston - How to de-classify data and rethink transfer of data between ...ISACA Houston - How to de-classify data and rethink transfer of data between ...
ISACA Houston - How to de-classify data and rethink transfer of data between ...
Ulf Mattsson
 
[CB20] It is a World Wide Web, but All Politics is Local: Planning to Survive...
[CB20] It is a World Wide Web, but All Politics is Local: Planning to Survive...[CB20] It is a World Wide Web, but All Politics is Local: Planning to Survive...
[CB20] It is a World Wide Web, but All Politics is Local: Planning to Survive...
CODE BLUE
 
Privacy preserving computing and secure multi-party computation ISACA Atlanta
Privacy preserving computing and secure multi-party computation ISACA AtlantaPrivacy preserving computing and secure multi-party computation ISACA Atlanta
Privacy preserving computing and secure multi-party computation ISACA Atlanta
Ulf Mattsson
 
Safeguarding customer and financial data in analytics and machine learning
Safeguarding customer and financial data in analytics and machine learningSafeguarding customer and financial data in analytics and machine learning
Safeguarding customer and financial data in analytics and machine learning
Ulf Mattsson
 
Software Piracy Protection
Software Piracy ProtectionSoftware Piracy Protection
Software Piracy Protection
ijtsrd
 
Isaca new delhi india privacy and big data
Isaca new delhi india privacy and big dataIsaca new delhi india privacy and big data
Isaca new delhi india privacy and big data
Ulf Mattsson
 
IE_ERS_CyberAnalysisReport
IE_ERS_CyberAnalysisReportIE_ERS_CyberAnalysisReport
IE_ERS_CyberAnalysisReport
Camilo do Carmo Pinto
 
Unlock the potential of data security 2020
Unlock the potential of data security 2020Unlock the potential of data security 2020
Unlock the potential of data security 2020
Ulf Mattsson
 
Open Source Insight: 2017 Top 10 IT Security Stories, Breaches, and Predictio...
Open Source Insight: 2017 Top 10 IT Security Stories, Breaches, and Predictio...Open Source Insight: 2017 Top 10 IT Security Stories, Breaches, and Predictio...
Open Source Insight: 2017 Top 10 IT Security Stories, Breaches, and Predictio...
Black Duck by Synopsys
 
UNCOVER DATA SECURITY BLIND SPOTS IN YOUR CLOUD, BIG DATA & DEVOPS ENVIRONMENT
UNCOVER DATA SECURITY BLIND SPOTS IN YOUR CLOUD, BIG DATA & DEVOPS ENVIRONMENTUNCOVER DATA SECURITY BLIND SPOTS IN YOUR CLOUD, BIG DATA & DEVOPS ENVIRONMENT
UNCOVER DATA SECURITY BLIND SPOTS IN YOUR CLOUD, BIG DATA & DEVOPS ENVIRONMENT
Ulf Mattsson
 

More Related Content

What's hot

ISSA Atlanta - Emerging application and data protection for multi cloud
ISSA Atlanta - Emerging application and data protection for multi cloudISSA Atlanta - Emerging application and data protection for multi cloud
ISSA Atlanta - Emerging application and data protection for multi cloud
Ulf Mattsson
 
(SACON) Ramkumar Narayanan - Personal Data Discovery & Mapping - Challenges f...
(SACON) Ramkumar Narayanan - Personal Data Discovery & Mapping - Challenges f...(SACON) Ramkumar Narayanan - Personal Data Discovery & Mapping - Challenges f...
(SACON) Ramkumar Narayanan - Personal Data Discovery & Mapping - Challenges f...
Priyanka Aash
 
Protecting Data Privacy in Analytics and Machine Learning
Protecting Data Privacy in Analytics and Machine LearningProtecting Data Privacy in Analytics and Machine Learning
Protecting Data Privacy in Analytics and Machine Learning
Ulf Mattsson
 
Evolving regulations are changing the way we think about tools and technology
Evolving regulations are changing the way we think about tools and technologyEvolving regulations are changing the way we think about tools and technology
Evolving regulations are changing the way we think about tools and technology
Ulf Mattsson
 
ISACA NA CACS 2012 Orlando session 414 Ulf Mattsson
ISACA NA CACS 2012 Orlando session 414 Ulf MattssonISACA NA CACS 2012 Orlando session 414 Ulf Mattsson
ISACA NA CACS 2012 Orlando session 414 Ulf Mattsson
Ulf Mattsson
 
Blockchain Decentralized Identifier (DID) Innovation Insights from Patents
Blockchain Decentralized Identifier (DID) Innovation Insights from PatentsBlockchain Decentralized Identifier (DID) Innovation Insights from Patents
Blockchain Decentralized Identifier (DID) Innovation Insights from Patents
Alex G. Lee, Ph.D. Esq. CLP
 
Enabling privacy and_traceability_in_supply_chains_using_blockchain_and_zero_...
Enabling privacy and_traceability_in_supply_chains_using_blockchain_and_zero_...Enabling privacy and_traceability_in_supply_chains_using_blockchain_and_zero_...
Enabling privacy and_traceability_in_supply_chains_using_blockchain_and_zero_...
Cláudia Alves
 
A practical data privacy and security approach to ffiec, gdpr and ccpa
A practical data privacy and security approach to ffiec, gdpr and ccpaA practical data privacy and security approach to ffiec, gdpr and ccpa
A practical data privacy and security approach to ffiec, gdpr and ccpa
Ulf Mattsson
 
[CB20] It is a World Wide Web, but All Politics is Local: Planning to Survive...
[CB20] It is a World Wide Web, but All Politics is Local: Planning to Survive...[CB20] It is a World Wide Web, but All Politics is Local: Planning to Survive...
[CB20] It is a World Wide Web, but All Politics is Local: Planning to Survive...
CODE BLUE
 
Privacy preserving computing and secure multi-party computation ISACA Atlanta
Privacy preserving computing and secure multi-party computation ISACA AtlantaPrivacy preserving computing and secure multi-party computation ISACA Atlanta
Privacy preserving computing and secure multi-party computation ISACA Atlanta
Ulf Mattsson
 
Safeguarding customer and financial data in analytics and machine learning
Safeguarding customer and financial data in analytics and machine learningSafeguarding customer and financial data in analytics and machine learning
Safeguarding customer and financial data in analytics and machine learning
Ulf Mattsson
 
Software Piracy Protection
Software Piracy ProtectionSoftware Piracy Protection
Software Piracy Protection
ijtsrd
 

What's hot (20)

ISSA Atlanta - Emerging application and data protection for multi cloud
ISSA Atlanta - Emerging application and data protection for multi cloudISSA Atlanta - Emerging application and data protection for multi cloud
ISSA Atlanta - Emerging application and data protection for multi cloud
 
(SACON) Ramkumar Narayanan - Personal Data Discovery & Mapping - Challenges f...
(SACON) Ramkumar Narayanan - Personal Data Discovery & Mapping - Challenges f...(SACON) Ramkumar Narayanan - Personal Data Discovery & Mapping - Challenges f...
(SACON) Ramkumar Narayanan - Personal Data Discovery & Mapping - Challenges f...
 
Where Data Security and Value of Data Meet in the Cloud
Where Data Security and Value of Data Meet in the CloudWhere Data Security and Value of Data Meet in the Cloud
Where Data Security and Value of Data Meet in the Cloud
 
Protecting Data Privacy in Analytics and Machine Learning
Protecting Data Privacy in Analytics and Machine LearningProtecting Data Privacy in Analytics and Machine Learning
Protecting Data Privacy in Analytics and Machine Learning
 
Evolving regulations are changing the way we think about tools and technology
Evolving regulations are changing the way we think about tools and technologyEvolving regulations are changing the way we think about tools and technology
Evolving regulations are changing the way we think about tools and technology
 
ISACA NA CACS 2012 Orlando session 414 Ulf Mattsson
ISACA NA CACS 2012 Orlando session 414 Ulf MattssonISACA NA CACS 2012 Orlando session 414 Ulf Mattsson
ISACA NA CACS 2012 Orlando session 414 Ulf Mattsson
 
Privacy preserving computing and secure multi party computation
Privacy preserving computing and secure multi party computationPrivacy preserving computing and secure multi party computation
Privacy preserving computing and secure multi party computation
 
Blockchain Decentralized Identifier (DID) Innovation Insights from Patents
Blockchain Decentralized Identifier (DID) Innovation Insights from PatentsBlockchain Decentralized Identifier (DID) Innovation Insights from Patents
Blockchain Decentralized Identifier (DID) Innovation Insights from Patents
 
Enabling privacy and_traceability_in_supply_chains_using_blockchain_and_zero_...
Enabling privacy and_traceability_in_supply_chains_using_blockchain_and_zero_...Enabling privacy and_traceability_in_supply_chains_using_blockchain_and_zero_...
Enabling privacy and_traceability_in_supply_chains_using_blockchain_and_zero_...
 
Risk Management Practices for PCI DSS 2.0
Risk Management Practices for PCI DSS 2.0Risk Management Practices for PCI DSS 2.0
Risk Management Practices for PCI DSS 2.0
 
Insecure magazine - 51
Insecure magazine - 51Insecure magazine - 51
Insecure magazine - 51
 
A practical data privacy and security approach to ffiec, gdpr and ccpa
A practical data privacy and security approach to ffiec, gdpr and ccpaA practical data privacy and security approach to ffiec, gdpr and ccpa
A practical data privacy and security approach to ffiec, gdpr and ccpa
 
ISACA Houston - How to de-classify data and rethink transfer of data between ...
ISACA Houston - How to de-classify data and rethink transfer of data between ...ISACA Houston - How to de-classify data and rethink transfer of data between ...
ISACA Houston - How to de-classify data and rethink transfer of data between ...
 
[CB20] It is a World Wide Web, but All Politics is Local: Planning to Survive...
[CB20] It is a World Wide Web, but All Politics is Local: Planning to Survive...[CB20] It is a World Wide Web, but All Politics is Local: Planning to Survive...
[CB20] It is a World Wide Web, but All Politics is Local: Planning to Survive...
 
Privacy preserving computing and secure multi-party computation ISACA Atlanta
Privacy preserving computing and secure multi-party computation ISACA AtlantaPrivacy preserving computing and secure multi-party computation ISACA Atlanta
Privacy preserving computing and secure multi-party computation ISACA Atlanta
 
Safeguarding customer and financial data in analytics and machine learning
Safeguarding customer and financial data in analytics and machine learningSafeguarding customer and financial data in analytics and machine learning
Safeguarding customer and financial data in analytics and machine learning
 
Software Piracy Protection
Software Piracy ProtectionSoftware Piracy Protection
Software Piracy Protection
 
Isaca new delhi india privacy and big data
Isaca new delhi india privacy and big dataIsaca new delhi india privacy and big data
Isaca new delhi india privacy and big data
 
IE_ERS_CyberAnalysisReport
IE_ERS_CyberAnalysisReportIE_ERS_CyberAnalysisReport
IE_ERS_CyberAnalysisReport
 
Unlock the potential of data security 2020
Unlock the potential of data security 2020Unlock the potential of data security 2020
Unlock the potential of data security 2020
 

Similar to What I Learned at RSAC 2020

Cyber Risk Management in 2017: Challenges & Recommendations
Cyber Risk Management in 2017: Challenges & RecommendationsCyber Risk Management in 2017: Challenges & Recommendations
Cyber Risk Management in 2017: Challenges & Recommendations
Ulf Mattsson
 
Product security by Blockchain, AI and Security Certs
Product security by Blockchain, AI and Security CertsProduct security by Blockchain, AI and Security Certs
Product security by Blockchain, AI and Security Certs
LabSharegroup
 
What I learned from RSAC 2019
What I learned from RSAC 2019What I learned from RSAC 2019
What I learned from RSAC 2019
Ulf Mattsson
 
CE Cybersecurity Trends and Strategies for Hosting in the Cloud
CE Cybersecurity Trends and Strategies for Hosting in the CloudCE Cybersecurity Trends and Strategies for Hosting in the Cloud
CE Cybersecurity Trends and Strategies for Hosting in the Cloud
Case IQ
 
Cyber Risk Management in 2017 - Challenges & Recommendations
Cyber Risk Management in 2017 - Challenges & RecommendationsCyber Risk Management in 2017 - Challenges & Recommendations
Cyber Risk Management in 2017 - Challenges & Recommendations
Ulf Mattsson
 
Managing ISO 31000 Framework in AI Systems - The EU ACT and other regulations
Managing ISO 31000 Framework in AI Systems - The EU ACT and other regulationsManaging ISO 31000 Framework in AI Systems - The EU ACT and other regulations
Managing ISO 31000 Framework in AI Systems - The EU ACT and other regulations
PECB
 
Protecting data privacy in analytics and machine learning ISACA London UK
Protecting data privacy in analytics and machine learning ISACA London UKProtecting data privacy in analytics and machine learning ISACA London UK
Protecting data privacy in analytics and machine learning ISACA London UK
Ulf Mattsson
 
Real-time Visibility at Scale with Sumo Logic
Real-time Visibility at Scale with Sumo LogicReal-time Visibility at Scale with Sumo Logic
Real-time Visibility at Scale with Sumo Logic
Amazon Web Services
 
Top 2020 Predictions: Cybersecurity Threats, Trends, and the CCPA Regulation
Top 2020 Predictions: Cybersecurity Threats, Trends, and the CCPA RegulationTop 2020 Predictions: Cybersecurity Threats, Trends, and the CCPA Regulation
Top 2020 Predictions: Cybersecurity Threats, Trends, and the CCPA Regulation
PECB
 
How can i find my security blind spots in Oracle - nyoug - sep 2016
How can i find my security blind spots in Oracle - nyoug - sep 2016How can i find my security blind spots in Oracle - nyoug - sep 2016
How can i find my security blind spots in Oracle - nyoug - sep 2016
Ulf Mattsson
 

Similar to What I Learned at RSAC 2020 (20)

Open Source Insight: 2017 Top 10 IT Security Stories, Breaches, and Predictio...
Open Source Insight: 2017 Top 10 IT Security Stories, Breaches, and Predictio...Open Source Insight: 2017 Top 10 IT Security Stories, Breaches, and Predictio...
Open Source Insight: 2017 Top 10 IT Security Stories, Breaches, and Predictio...
 
UNCOVER DATA SECURITY BLIND SPOTS IN YOUR CLOUD, BIG DATA & DEVOPS ENVIRONMENT
UNCOVER DATA SECURITY BLIND SPOTS IN YOUR CLOUD, BIG DATA & DEVOPS ENVIRONMENTUNCOVER DATA SECURITY BLIND SPOTS IN YOUR CLOUD, BIG DATA & DEVOPS ENVIRONMENT
UNCOVER DATA SECURITY BLIND SPOTS IN YOUR CLOUD, BIG DATA & DEVOPS ENVIRONMENT
 
Emerging application and data protection for multi cloud
Emerging application and data protection for multi cloudEmerging application and data protection for multi cloud
Emerging application and data protection for multi cloud
 
Cyber Risk Management in 2017: Challenges & Recommendations
Cyber Risk Management in 2017: Challenges & RecommendationsCyber Risk Management in 2017: Challenges & Recommendations
Cyber Risk Management in 2017: Challenges & Recommendations
 
Product security by Blockchain, AI and Security Certs
Product security by Blockchain, AI and Security CertsProduct security by Blockchain, AI and Security Certs
Product security by Blockchain, AI and Security Certs
 
What I learned from RSAC 2019
What I learned from RSAC 2019What I learned from RSAC 2019
What I learned from RSAC 2019
 
apidays Helsinki & North 2023 - API Security in the era of Generative AI, Mat...
apidays Helsinki & North 2023 - API Security in the era of Generative AI, Mat...apidays Helsinki & North 2023 - API Security in the era of Generative AI, Mat...
apidays Helsinki & North 2023 - API Security in the era of Generative AI, Mat...
 
CE Cybersecurity Trends and Strategies for Hosting in the Cloud
CE Cybersecurity Trends and Strategies for Hosting in the CloudCE Cybersecurity Trends and Strategies for Hosting in the Cloud
CE Cybersecurity Trends and Strategies for Hosting in the Cloud
 
Cyber Risk Management in 2017 - Challenges & Recommendations
Cyber Risk Management in 2017 - Challenges & RecommendationsCyber Risk Management in 2017 - Challenges & Recommendations
Cyber Risk Management in 2017 - Challenges & Recommendations
 
Managing ISO 31000 Framework in AI Systems - The EU ACT and other regulations
Managing ISO 31000 Framework in AI Systems - The EU ACT and other regulationsManaging ISO 31000 Framework in AI Systems - The EU ACT and other regulations
Managing ISO 31000 Framework in AI Systems - The EU ACT and other regulations
 
Protecting data privacy in analytics and machine learning ISACA London UK
Protecting data privacy in analytics and machine learning ISACA London UKProtecting data privacy in analytics and machine learning ISACA London UK
Protecting data privacy in analytics and machine learning ISACA London UK
 
Security in the age of open source - Myths and misperceptions
Security in the age of open source - Myths and misperceptionsSecurity in the age of open source - Myths and misperceptions
Security in the age of open source - Myths and misperceptions
 
Real-time Visibility at Scale with Sumo Logic
Real-time Visibility at Scale with Sumo LogicReal-time Visibility at Scale with Sumo Logic
Real-time Visibility at Scale with Sumo Logic
 
Open Source Insight: Samba Vulnerability, Connected Car Risks, and Are You R...
Open Source Insight: Samba Vulnerability, Connected Car Risks, and Are You R...Open Source Insight: Samba Vulnerability, Connected Car Risks, and Are You R...
Open Source Insight: Samba Vulnerability, Connected Car Risks, and Are You R...
 
Top 2020 Predictions: Cybersecurity Threats, Trends, and the CCPA Regulation
Top 2020 Predictions: Cybersecurity Threats, Trends, and the CCPA RegulationTop 2020 Predictions: Cybersecurity Threats, Trends, and the CCPA Regulation
Top 2020 Predictions: Cybersecurity Threats, Trends, and the CCPA Regulation
 
CYBERSECURITY MESH - DIGITAL TRUST FRAMEWORK
CYBERSECURITY MESH - DIGITAL TRUST FRAMEWORKCYBERSECURITY MESH - DIGITAL TRUST FRAMEWORK
CYBERSECURITY MESH - DIGITAL TRUST FRAMEWORK
 
Chris Swan's presentation from the London Tech Entrepreneurs' Meetup
Chris Swan's presentation from the London Tech Entrepreneurs' MeetupChris Swan's presentation from the London Tech Entrepreneurs' Meetup
Chris Swan's presentation from the London Tech Entrepreneurs' Meetup
 
Isaca atlanta - practical data security and privacy
Isaca atlanta - practical data security and privacyIsaca atlanta - practical data security and privacy
Isaca atlanta - practical data security and privacy
 
How can i find my security blind spots in Oracle - nyoug - sep 2016
How can i find my security blind spots in Oracle - nyoug - sep 2016How can i find my security blind spots in Oracle - nyoug - sep 2016
How can i find my security blind spots in Oracle - nyoug - sep 2016
 
API security
API securityAPI security
API security
 

More from Ulf Mattsson

Jun 29 new privacy technologies for unicode and international data standards ...
Jun 29 new privacy technologies for unicode and international data standards ...Jun 29 new privacy technologies for unicode and international data standards ...
Jun 29 new privacy technologies for unicode and international data standards ...
Ulf Mattsson
 
Book
BookBook
Book
Ulf Mattsson
 
Qubit conference-new-york-2021
Qubit conference-new-york-2021Qubit conference-new-york-2021
Qubit conference-new-york-2021
Ulf Mattsson
 
Secure analytics and machine learning in cloud use cases
Secure analytics and machine learning in cloud use casesSecure analytics and machine learning in cloud use cases
Secure analytics and machine learning in cloud use cases
Ulf Mattsson
 
Data encryption and tokenization for international unicode
Data encryption and tokenization for international unicodeData encryption and tokenization for international unicode
Data encryption and tokenization for international unicode
Ulf Mattsson
 
New opportunities and business risks with evolving privacy regulations
New opportunities and business risks with evolving privacy regulationsNew opportunities and business risks with evolving privacy regulations
New opportunities and business risks with evolving privacy regulations
Ulf Mattsson
 
Protecting data privacy in analytics and machine learning - ISACA
Protecting data privacy in analytics and machine learning - ISACAProtecting data privacy in analytics and machine learning - ISACA
Protecting data privacy in analytics and machine learning - ISACA
Ulf Mattsson
 
What is tokenization in blockchain?
What is tokenization in blockchain?What is tokenization in blockchain?
What is tokenization in blockchain?
Ulf Mattsson
 

More from Ulf Mattsson (18)

Jun 29 new privacy technologies for unicode and international data standards ...
Jun 29 new privacy technologies for unicode and international data standards ...Jun 29 new privacy technologies for unicode and international data standards ...
Jun 29 new privacy technologies for unicode and international data standards ...
 
Jun 15 privacy in the cloud at financial institutions at the object managemen...
Jun 15 privacy in the cloud at financial institutions at the object managemen...Jun 15 privacy in the cloud at financial institutions at the object managemen...
Jun 15 privacy in the cloud at financial institutions at the object managemen...
 
Book
BookBook
Book
 
May 6 evolving international privacy regulations and cross border data tran...
May 6 evolving international privacy regulations and cross border data tran...May 6 evolving international privacy regulations and cross border data tran...
May 6 evolving international privacy regulations and cross border data tran...
 
Qubit conference-new-york-2021
Qubit conference-new-york-2021Qubit conference-new-york-2021
Qubit conference-new-york-2021
 
Secure analytics and machine learning in cloud use cases
Secure analytics and machine learning in cloud use casesSecure analytics and machine learning in cloud use cases
Secure analytics and machine learning in cloud use cases
 
Evolving international privacy regulations and cross border data transfer - g...
Evolving international privacy regulations and cross border data transfer - g...Evolving international privacy regulations and cross border data transfer - g...
Evolving international privacy regulations and cross border data transfer - g...
 
Data encryption and tokenization for international unicode
Data encryption and tokenization for international unicodeData encryption and tokenization for international unicode
Data encryption and tokenization for international unicode
 
The future of data security and blockchain
The future of data security and blockchainThe future of data security and blockchain
The future of data security and blockchain
 
New technologies for data protection
New technologies for data protectionNew technologies for data protection
New technologies for data protection
 
GDPR and evolving international privacy regulations
GDPR and evolving international privacy regulationsGDPR and evolving international privacy regulations
GDPR and evolving international privacy regulations
 
New opportunities and business risks with evolving privacy regulations
New opportunities and business risks with evolving privacy regulationsNew opportunities and business risks with evolving privacy regulations
New opportunities and business risks with evolving privacy regulations
 
What is tokenization in blockchain - BCS London
What is tokenization in blockchain - BCS LondonWhat is tokenization in blockchain - BCS London
What is tokenization in blockchain - BCS London
 
Protecting data privacy in analytics and machine learning - ISACA
Protecting data privacy in analytics and machine learning - ISACAProtecting data privacy in analytics and machine learning - ISACA
Protecting data privacy in analytics and machine learning - ISACA
 
What is tokenization in blockchain?
What is tokenization in blockchain?What is tokenization in blockchain?
What is tokenization in blockchain?
 
Nov 2 security for blockchain and analytics ulf mattsson 2020 nov 2b
Nov 2 security for blockchain and analytics ulf mattsson 2020 nov 2bNov 2 security for blockchain and analytics ulf mattsson 2020 nov 2b
Nov 2 security for blockchain and analytics ulf mattsson 2020 nov 2b
 
What is tokenization in blockchain?
What is tokenization in blockchain?What is tokenization in blockchain?
What is tokenization in blockchain?
 
ISACA Houston - Practical data privacy and de-identification techniques
ISACA Houston - Practical data privacy and de-identification techniquesISACA Houston - Practical data privacy and de-identification techniques
ISACA Houston - Practical data privacy and de-identification techniques
 

Recently uploaded

The Zero-ETL Approach: Enhancing Data Agility and Insight
The Zero-ETL Approach: Enhancing Data Agility and InsightThe Zero-ETL Approach: Enhancing Data Agility and Insight
The Zero-ETL Approach: Enhancing Data Agility and Insight
Safe Software
 
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Victor Rentea
 
Architecting Cloud Native Applications
Architecting Cloud Native ApplicationsArchitecting Cloud Native Applications
Architecting Cloud Native Applications
WSO2
 
Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire business
panagenda
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Safe Software
 
DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 AmsterdamDEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
UiPathCommunity
 
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Victor Rentea
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Safe Software
 

Recently uploaded (20)

Quantum Leap in Next-Generation Computing
Quantum Leap in Next-Generation ComputingQuantum Leap in Next-Generation Computing
Quantum Leap in Next-Generation Computing
 
The Zero-ETL Approach: Enhancing Data Agility and Insight
The Zero-ETL Approach: Enhancing Data Agility and InsightThe Zero-ETL Approach: Enhancing Data Agility and Insight
The Zero-ETL Approach: Enhancing Data Agility and Insight
 
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
 
Architecting Cloud Native Applications
Architecting Cloud Native ApplicationsArchitecting Cloud Native Applications
Architecting Cloud Native Applications
 
How to Check CNIC Information Online with Pakdata cf
How to Check CNIC Information Online with Pakdata cfHow to Check CNIC Information Online with Pakdata cf
How to Check CNIC Information Online with Pakdata cf
 
Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire business
 
Six Myths about Ontologies: The Basics of Formal Ontology
Six Myths about Ontologies: The Basics of Formal OntologySix Myths about Ontologies: The Basics of Formal Ontology
Six Myths about Ontologies: The Basics of Formal Ontology
 
Stronger Together: Developing an Organizational Strategy for Accessible Desig...
Stronger Together: Developing an Organizational Strategy for Accessible Desig...Stronger Together: Developing an Organizational Strategy for Accessible Desig...
Stronger Together: Developing an Organizational Strategy for Accessible Desig...
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
 
DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 AmsterdamDEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
 
WSO2's API Vision: Unifying Control, Empowering Developers
WSO2's API Vision: Unifying Control, Empowering DevelopersWSO2's API Vision: Unifying Control, Empowering Developers
WSO2's API Vision: Unifying Control, Empowering Developers
 
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ..."I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
 
JavaScript Usage Statistics 2024 - The Ultimate Guide
JavaScript Usage Statistics 2024 - The Ultimate GuideJavaScript Usage Statistics 2024 - The Ultimate Guide
JavaScript Usage Statistics 2024 - The Ultimate Guide
 
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
 
JohnPollard-hybrid-app-RailsConf2024.pptx
JohnPollard-hybrid-app-RailsConf2024.pptxJohnPollard-hybrid-app-RailsConf2024.pptx
JohnPollard-hybrid-app-RailsConf2024.pptx
 
Simplifying Mobile A11y Presentation.pptx
Simplifying Mobile A11y Presentation.pptxSimplifying Mobile A11y Presentation.pptx
Simplifying Mobile A11y Presentation.pptx
 
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodPolkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
 
DBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor PresentationDBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor Presentation
 
Choreo: Empowering the Future of Enterprise Software Engineering
Choreo: Empowering the Future of Enterprise Software EngineeringChoreo: Empowering the Future of Enterprise Software Engineering
Choreo: Empowering the Future of Enterprise Software Engineering
 

What I Learned at RSAC 2020

  • 1. What I Learned at RSAC 2020
  • 2. What I Learned at RSAC 2020
  • 3. Ulf Mattsson • Head of Innovation at TokenEx • Chief Technology Officer at Protegrity • Chief Technology Officer at Atlantic BT Security Solutions • Chief Technology Officer at Compliance Engineering • Developer at IBM Research and Development • Inventor of 70+ issued US patents • Provided products and services for • Application Development, • Robotics, ERP, CRM and Web Apps, • Data Encryption and Tokenization, • Data Discovery, • Cloud Application Security Broker (CASB), • Web Application Firewall (WAF), • Managed Security Services, • Security Operation Center (SOC), • Benchmarking/Gap-analysis
  • 4. RSAC USA 2020: 1. An important part of RSAC 2020 focused on Business-Critical Application Security and we're seeing a transformational shift in technology. 2. The enterprise architecture we used to know is changing. 3. Cloud application development is accelerating and diversifying where many organizations have virtual machines, containers, and now serverless applications running in the cloud, transforming code into infrastructure. 4. Microservices make a lot of sense for scale and development agility, but if everything is talking to everything else via APIs, it’s likely that there are many (and I mean many) application vulnerabilities. 5. API security is new, so processes are likely immature, and API security sits somewhere between application developers, DevOps, and cybersecurity, leading to organizational and skills challenges. 6. We will organize this chaos from RSAC and discuss Security in The API Ecosystem. 7. Security is morphing to a hybrid model for distributed policy enforcement across cloud-based environments. www.TokenEx.com
  • 5. Interesting at RSAC USA 2020: 1.Emerging Privacy Issues 2. The Human Factor 3. Advancements in Machine Learning 4. Security in App Development 5. Trends from the Innovation Sandbox 6. New Standards and Regulations 7. Security for The API Economy 8. CSA Summit at RSA Conference 2020 9. Voting Security at RSA Conference 2020 www.TokenEx.com
  • 6. www.TokenEx.com Number of frauds and identity thefts by year
  • 7. Source: Verizon DBIR, data-breach-investigations-report Threat Actors www.TokenEx.com
  • 8. Interesting at RSAC USA 2020: 1. Emerging Privacy Issues 2. The Human Factor 3. Advancements in Machine Learning 4. Security in App Development 5. Trends from the Innovation Sandbox 6. New Standards and Regulations 7. Security for The API Economy 8. CSA Summit at RSA Conference 2020 9. Voting Security at RSA Conference 2020
  • 9.
  • 10. Interesting at RSAC USA 2020: 1. Emerging Privacy Issues 2. The Human Factor 3. Advancements in Machine Learning 4. Security in App Development 5. Trends from the Innovation Sandbox 6. New Standards and Regulations 7. Security for The API Economy 8. CSA Summit at RSA Conference 2020 9. Voting Security at RSA Conference 2020
  • 12. The Difference Between Artificial Intelligence and Machine Learning • Artificial Intelligence describes the ability of machines to perform tasks that are typically associated with human activity and intelligence: reasoning, learning, natural language processing, perception, etc. Any “smart” activity performed by a machine falls under AI. • Artificial Intelligence is the capability of a machine to imitate intelligent human behavior. • Machine Learning is a subset of AI. • ML is a set of algorithms that are built to achieve AI: those algorithms require the ability to learn from data, modify themselves when exposed to more data, and are able to achieve a goal without being explicitly programmed. Source: BigID and Groundlabs www.TokenEx.com
  • 13. Avatar - Swarm AI – A network of small brains
  • 14. Swarm AI for Event Outcome Prediction
  • 15. Interesting at RSAC USA 2020: 1. Emerging Privacy Issues 2. The Human Factor 3. Advancements in Machine Learning 4. Security in App Development 5. Trends from the Innovation Sandbox 6. New Standards and Regulations 7. Security for The API Economy 8. CSA Summit at RSA Conference 2020 9. Voting Security at RSA Conference 2020
  • 16. DevOps & Security Day: Last year was a turning point for DevSecOps Days at RSA Conference, with over 800 practitioners engaging in the day-long Monday event. This year, the focus will be on how practitioners are handling the transformation to DevSecOps within their company, the types of problems they are surfacing which impeded their progress and how they are getting buy-in from all levels of the company.
  • 18. Security Tools for DevOps Static Application Security Testing (SAST) examines all code — or runtime binaries (less effective for Micro Services) Fuzz testing is essentially throwing lots of random garbage at applications, seeing whether any particular (type of) garbage causes errors Vulnerability Analysis including platform configuration, patch levels or application composition to detect known vulnerabilities Runtime Application Self Protection (RASP) provides execution path scanning, monitoring and embedded application white listing (effective for Micro Services) Interactive Application Self- Testing (IAST) provides execution path scanning, monitoring and embedded application white listing (emerging) Source: Securosis, Webomates Regression testing enhances the visibility on your build quality before putting it in production. Examples: Full Regressions, Overnight Targeted Checks and Smoke Checks executed with manual, automation, crowdsourcing and artificial intelligence and allows a software development team to quickly validate their UI and API as well as load test it.
  • 19. DevOps - Security for APIs and Microservices Source: Securosis Trend: Test/scan API flows, context, parameter input/output. DAST works better. Old: Larger monolithic apps that contain more context. SAST works well. Shift right Trend: IAST is emerging
  • 20. Interesting at RSAC USA 2020: 1. Emerging Privacy Issues 2. The Human Factor 3. Advancements in Machine Learning 4. Security in App Development 5. Trends from the Innovation Sandbox 6. New Standards and Regulations 7. Security for The API Economy 8. CSA Summit at RSA Conference 2020 9. Voting Security at RSA Conference 2020 20
  • 21. Trends from the Innovation Sandbox: - 6 vendors addressing app sec www.TokenEx.com21
  • 23. Interesting at RSAC USA 2020: 1. Emerging Privacy Issues 2. The Human Factor 3. Advancements in Machine Learning 4. Security in App Development 5. Trends from the Innovation Sandbox 6. New Standards and Regulations 7. Security for The API Economy 8. CSA Summit at RSA Conference 2020 9. Voting Security at RSA Conference 2020 23
  • 24. #1 Siloed (Centralized) Identity YOU ACCOUNT ORG STANDARDS: Source: Sovrin.org 24
  • 25. #2 Third-Party IDP (Federated) Identity YOU ACCOUNT ORG STANDARDS: IDP Source: Sovrin.org 25
  • 26. #3 Self-Sovereign Identity (SSI) YOU CONNECTION PEER DISTRIBUTED LEDGER (BLOCKCHAIN) Source: Sovrin.org The Sovrin Network is the first public-permissioned blockchain designed as a global public utility exclusively to support self-sovereign identity and verifiable claims. Recent advancements in blockchain technology now allow every public key to have its own address, which is called a decentralized identifier (DID). 26
  • 27. Emerging De Jure Standards for SSI Verifiable Credentials DID Auth DKMS (Decentralized Key Management System) DID (Decentralized Identifier) Source: Sovrin.org 27
  • 28. • Privacy enhancing data de-identification terminology and classification of techniques Source: INTERNATIONAL STANDARD ISO/IEC 20889 Encrypted data has the same format Server model Local model Differential Privacy (DP) Formal privacy measurement models (PMM) De-identification techniques (DT) Cryptographic tools (CT) Format Preserving Encryption (FPE) Homomorphic Encryption (HE) Two values encrypted can be combined* K-anonymity model Responses to queries are only able to be obtained through a software component or “middleware”, known as the “curator** The entity receiving the data is looking to reduce risk Ensures that for each identifier there is a corresponding equivalence class containing at least K records *: Multi Party Computation (MPC) **: Example Apple and Google ISO Standard for Encryption and Privacy Models 28
  • 29. User Payment Application Payment Network Payment Data Tokenization (VBT), encryption and keys User CASB User Call Center Application Format Preserving Encryption (FPE) PII Data Vault-based tokenization (VBT) Data Protection Use Cases – Tokenization and FPE User Data Warehouse PII Data Vault-less tokenization (VLT) Salesforce 29
  • 30. Data Warehouse Centralized Distributed On- premises Public Cloud Private Cloud Vault-based tokenization y y Vault-less tokenization y y y y y y Format preserving encryption y y y y y Homomorphic encryption y y Masking y y y y y y Hashing y y y y y y Server model y y y y y y Local model y y y y y y L-diversity y y y y y y T-closeness y y y y y y Formal privacy measurement models Differential Privacy K-anonymity model Privacy enhancing data de-identification terminology and classification of techniques De- identification techniques Tokenization Cryptographic tools Suppression techniques Example of mapping of data security and privacy techniques (ISO) to different deployment models 30
  • 31. Interesting at RSAC USA 2020: 1. Emerging Privacy Issues 2. The Human Factor 3. Advancements in Machine Learning 4. Security in App Development 5. Trends from the Innovation Sandbox 6. New Standards and Regulations 7. Security for The API Economy 8. CSA Summit at RSA Conference 2020 9. Voting Security at RSA Conference 2020 31
  • 32. Source: Gartner Coding security directly into APIs has the following disadvantages: ■ Violates separation of duties. ■ Makes code more complex and fragile. ■ Adds extra maintenance burden. ■ Is unlikely to cover all aspects that are required in a full API security policy. ■ Not reusable. ■ Not visible to security teams. Security for Microservices www.TokenEx.com32
  • 33. Source: Gartner Apply policies to APIs (for example, using an API gateway) but avoid situations where each API has a unique security policy Instead, leverage a reusable set of policies that are applied to APIs based on their categorization. Abstract any specific API characteristics (such as URL path) from the policies themselves Products Delivering API Security www.TokenEx.com33
  • 34. On Premise tokenization • Limited PCI DSS scope reduction - must still maintain a CDE with PCI data • Higher risk – sensitive data still resident in environment • Associated personnel and hardware costs Cloud-Based tokenization • Significant reduction in PCI DSS scope • Reduced risk – sensitive data removed from the environment • Platform-focused security • Lower associated costs – cyber insurance, PCI audit, maintenance Total Cost and Risk of Tokenization in Cloud vs On-prem www.TokenEx.com34
  • 35. Interesting at RSAC USA 2020: 1. Emerging Privacy Issues 2. The Human Factor 3. Advancements in Machine Learning 4. Security in App Development 5. Trends from the Innovation Sandbox 6. New Standards and Regulations 7. Security for The API Economy 8. CSA Summit at RSA Conference 2020 9. Voting Security at RSA Conference 2020 www.TokenEx.com35
  • 43. 43
  • 55. Interesting at RSAC USA 2020: 1. Emerging Privacy Issues 2. The Human Factor 3. Advancements in Machine Learning 4. Security in App Development 5. Trends from the Innovation Sandbox 6. New Standards and Regulations 7. Security for The API Economy 8. CSA Summit at RSA Conference 2020 9. Voting Security at RSA Conference 2020 www.TokenEx.com55
  • 56. Voting Security at RSA Conference 2020 www.TokenEx.com56