Data breaches

Transcription

Data breaches
1
Data breaches
BUILDING SECURE WEB APPS WITHIN MINUTES
2015 So Cal Code Camp – San Diego
Sid Shetye
sid@crypteron.com
About the speaker

Sid Shetye - Founder & CEO of Crypteron Inc.
Sid is a leading security expert with over a decade of
experience in the security and cloud software space. A
developer a heart, he has engineered the largest
deployment of secure boot devices on the planet whose
deployments include commercial phone manufacturers as
well as government agencies. Sid designed the growth
strategy for ecoATM’s founders which then sold for $350M
a year later. He has a Masters in Electrical Engineering
(Security) from The University of Southern California and an
MBA from UCSD’s Rady School of Management.
2
Have You Heard Of Data Breaches Lately?
3
Have You Heard Of Data Breaches Lately?
4
Data Breaches are EXPEN$IVE
Source: Ponemon Institute
5
Data Breaches are EXPEN$IVE
Source: Ponemon Institute
6
Not just a ‘tech’ issue anymore

Not just s/w developer or architects or even CIOs

CEOs are getting fired

Gregg Steinhafel

Target’s President, CEO and Chairman of the Board

well, … former
7
8
Thanks but what can I do …
“Sandwich” model
Front
end
security
Your App i.e.
Unique
magic!
9
Back
end
security
Boring yet vital infrastructure pieces
Front end security – TotalAuth MFA
PIN/Password
Crypto Token
Biometric
Location
Time
10
Back end security

Tame cloud security complexity by reducing your
trust footprint
 Machines
 Infrastructure
 People
/ Administrators
Strong encryption for all sensitive data
 Equally powerful and seamless key management

 Data
app

encryption keys MUST be decoupled from main
If it’s NOT stupid easy, it’s not going to be done
11
Reduce your trust footprint
12
CipherDB - backend data security

SQL TDE (Transparent Data Encryption) won’t help

Attacks are at protocol layer i.e. above TDE

TDE simply offers attacker the decrypted data (“Transparent”
part …)

Requires trusting the database servers, counter to reduced trust
footprint

App layer security needed

Encrypting your data the right way legally releases you from
being sued for negligent

Disclaimer: Always consult your own lawyer(s)
13
Blob storage? CipherStor!

For data in unstructured format that’s still sensitive

Reports, Audio, Video, Documents etc.

Same consistent security model

Same key management framework
14
15
DEMO
CloudMedic.io demo using Crypteron CipherDB for protection
… securing your app within 60 seconds (really!)
Follow-up Resources


Get notified when CloudMedic.io launches (~August 31, 2015)

Open-sourced HIPAA ready medical bootstrapped cloud-first app

crypteron.com/cloudmedic
CipherDB – protect your app’s data even in the cloud



Signup for free at crypteron.com/cipherdb
GitHub Sample Apps at github.com/crypteron
Special discount for all SoCalCodeCamp attendees

Signup for free, when your upgrade, first month’s on us!

crypteron.com/promo/socalcode
16
Thank you!
Q&A

Email : sid@crypteron.com

Twitter: @crypteron
17