Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.
Upcoming SlideShare
What to Upload to SlideShare
What to Upload to SlideShare
Loading in …3
×
1 of 33

How to Eat the Privacy and Security Elephant One Bite at a Time

0

Share

Download to read offline

From the IronCore Southern Fried Agile Conference, October 2019

Related Books

Free with a 30 day trial from Scribd

See all

Related Audiobooks

Free with a 30 day trial from Scribd

See all

How to Eat the Privacy and Security Elephant One Bite at a Time

  1. 1. @ironcorelabs HOW TO EAT THE PRIVACY AND SECURITY ELEPHANT ONE BITE AT A TIME @ironcorelabs
  2. 2. @ironcorelabs “Everybody is getting more sensitive to storing data in the cloud.”
  3. 3. @ironcorelabs FACEBOOK MISTAKES MAKE PRIVACY A TOP CONCERN
  4. 4. @ironcorelabs — GDPR ARTICLE 25 “Data protection by design and by default” — GDPR ARTICLE 32 “Security of processing”
  5. 5. @ironcorelabs
  6. 6. @ironcorelabs
  7. 7. @ironcorelabs
  8. 8. @ironcorelabs CONTEXT @ironcorelabs 7
  9. 9. @ironcorelabs AS A DATA OWNER… I WANT TO GRANT, MONITOR AND REVOKE ACCESS TO MY DATA, STORED IN YOUR SYSTEMS, SO THAT, MY PRIVACY AND SECURITY IS PROTECTED
  10. 10. @ironcorelabs WORKSHOP @ironcorelabs 10
  11. 11. @ironcorelabs OBJECTIVE PLAN PRIVACY AND SECURITY FOR YOUR ENTERPRISE-SCALE AGILE SOFTWARE INITIATIVE.
  12. 12. @ironcorelabs OUTCOMES DEFINE AN ARCHITECTURAL SPIKE CALENDAR A WORKSHOP TO CONTINUE THE DISCUSSION
  13. 13. @ironcorelabs WORKSHOP +STAKEHOLDERS Architecture Security Compliance
  14. 14. @ironcorelabs RULES FIX THE TIMEBOX, VARY THE SCOPE TABLEMASTER NOTETAKER http://bit.ly/ironcore-sfa19
  15. 15. @ironcorelabs DATA SHAPES @ironcorelabs 13
  16. 16. @ironcorelabs DATA SHAPES Data Shape Estimate Value Notes Files M Records and Fields L Big Data L Search XL Events (Message Q) M Logs S
  17. 17. @ironcorelabs CLASSIFICATION @ironcorelabs 21
  18. 18. @ironcorelabs Restricted Private Public HR Finance Legal Trade Secret PII PHI ••• DATA CONTROL
  19. 19. @ironcorelabs Restricted Private Public HR Finance Legal Trade Secret PII PHI ••• DATA CONTROL Determine classes of data you want to control access to.
  20. 20. @ironcorelabs Restricted Private Public HR Finance Legal Trade Secret PII PHI ••• Employee SSN, Salary Job openings DATA CONTROL
  21. 21. @ironcorelabs Restricted Private Public HR Finance Legal Trade Secret PII PHI ••• DATA CONTROL Start with one slice of data.
  22. 22. @ironcorelabs Iterate and control more data over time or as needed.
  23. 23. @ironcorelabs ACCESS POLICY @ironcorelabs 29
  24. 24. @ironcorelabs Restricted Private Public HR Finance Legal Trade Secret PII PHI ••• DATA CONTROL
  25. 25. @ironcorelabs STEP 2: SET POLICY Highly Sensitive Confidential Public HR Finance Legal Trade Secret PII PHI ••• Execs, HR, and tax service Determine groups, users, and services that should have access.
  26. 26. @ironcorelabs TRUST MODELS @ironcorelabs 35
  27. 27. @ironcorelabs App Data Layer ACCESS CONTROL App Data Layer ACCESS CONTROL CHECKS DBA, AMAZON EMPLOYEE, DEVELOPER, HACKER TRANSPARENT ENCRYPTION BAD GOOD
  28. 28. @ironcorelabs Server-side control Key Management Server(s) Access attempt
 Needs decrypt assistance E2E control Public key crypto + multi-party computation
  29. 29. @ironcorelabs Server-side control Key Management Server(s) No Assistance
 Access revoked X X X E2E control Public key crypto + multi-party computation
  30. 30. @ironcorelabs DEFINE SPIKE @ironcorelabs 43
  31. 31. @ironcorelabs SPIKE STORY AS A DEVELOPMENT ORGANIZATION, I WANT TO EVALUATE A POLICY-DRIVEN, TRUST-BUT-VERIFY SOLUTION PATH FOR CUSTOMER TRADE SECRETS SHARED AS ATTACHMENTS
  32. 32. @ironcorelabs YOUR WORKSHOP @ironcorelabs 46
  33. 33. @ironcorelabs

×