How to Eat the Privacy and Security Elephant One Bite at a Time
•
0 likes•155 views
From the IronCore Southern Fried Agile Conference, October 2019
Recommended
Recommended
More Related Content
Recently uploaded
Recently uploaded (20)
Featured
Featured (20)
How to Eat the Privacy and Security Elephant One Bite at a Time
- 1. @ironcorelabs HOW TO EAT THE PRIVACY AND SECURITY ELEPHANT ONE BITE AT A TIME @ironcorelabs
- 2. @ironcorelabs “Everybody is getting more sensitive to storing data in the cloud.”
- 3. @ironcorelabs FACEBOOK MISTAKES MAKE PRIVACY A TOP CONCERN
- 4. @ironcorelabs — GDPR ARTICLE 25 “Data protection by design and by default” — GDPR ARTICLE 32 “Security of processing”
- 9. @ironcorelabs AS A DATA OWNER… I WANT TO GRANT, MONITOR AND REVOKE ACCESS TO MY DATA, STORED IN YOUR SYSTEMS, SO THAT, MY PRIVACY AND SECURITY IS PROTECTED
- 11. @ironcorelabs OBJECTIVE PLAN PRIVACY AND SECURITY FOR YOUR ENTERPRISE-SCALE AGILE SOFTWARE INITIATIVE.
- 12. @ironcorelabs OUTCOMES DEFINE AN ARCHITECTURAL SPIKE CALENDAR A WORKSHOP TO CONTINUE THE DISCUSSION
- 13. @ironcorelabs WORKSHOP +STAKEHOLDERS Architecture Security Compliance
- 14. @ironcorelabs RULES FIX THE TIMEBOX, VARY THE SCOPE TABLEMASTER NOTETAKER http://bit.ly/ironcore-sfa19
- 16. @ironcorelabs DATA SHAPES Data Shape Estimate Value Notes Files M Records and Fields L Big Data L Search XL Events (Message Q) M Logs S
- 18. @ironcorelabs Restricted Private Public HR Finance Legal Trade Secret PII PHI ••• DATA CONTROL
- 19. @ironcorelabs Restricted Private Public HR Finance Legal Trade Secret PII PHI ••• DATA CONTROL Determine classes of data you want to control access to.
- 20. @ironcorelabs Restricted Private Public HR Finance Legal Trade Secret PII PHI ••• Employee SSN, Salary Job openings DATA CONTROL
- 21. @ironcorelabs Restricted Private Public HR Finance Legal Trade Secret PII PHI ••• DATA CONTROL Start with one slice of data.
- 22. @ironcorelabs Iterate and control more data over time or as needed.
- 24. @ironcorelabs Restricted Private Public HR Finance Legal Trade Secret PII PHI ••• DATA CONTROL
- 25. @ironcorelabs STEP 2: SET POLICY Highly Sensitive Confidential Public HR Finance Legal Trade Secret PII PHI ••• Execs, HR, and tax service Determine groups, users, and services that should have access.
- 27. @ironcorelabs App Data Layer ACCESS CONTROL App Data Layer ACCESS CONTROL CHECKS DBA, AMAZON EMPLOYEE, DEVELOPER, HACKER TRANSPARENT ENCRYPTION BAD GOOD
- 28. @ironcorelabs Server-side control Key Management Server(s) Access attempt Needs decrypt assistance E2E control Public key crypto + multi-party computation
- 29. @ironcorelabs Server-side control Key Management Server(s) No Assistance Access revoked X X X E2E control Public key crypto + multi-party computation
- 31. @ironcorelabs SPIKE STORY AS A DEVELOPMENT ORGANIZATION, I WANT TO EVALUATE A POLICY-DRIVEN, TRUST-BUT-VERIFY SOLUTION PATH FOR CUSTOMER TRADE SECRETS SHARED AS ATTACHMENTS
- 33. @ironcorelabs