Scribd Logo
Upload

Welcome to Scribd!

  • NordicITSecurity2015 Hart Gemalto T6

    Uploaded by

    Damon Jose
    76 views52 pages
    NordicITSecurity2015-Hart-Gemalto-T6

    Copyright

    © © All Rights Reserved

    Available Formats

    PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    NordicITSecurity2015-Hart-Gemalto-T6

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    76 views52 pages

    NordicITSecurity2015 Hart Gemalto T6

    Uploaded by

    Damon Jose
    NordicITSecurity2015-Hart-Gemalto-T6

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 52

    Cloudy with a Chance

    of Breaches
    will you be a Victim

    Jason Hart CISSP CISM


    CTO Data Protection
    Sources: www.breachlevelindex.com
    $80 Billion
    Spent of on Information Security during
    the past 12 months
    Source: Gartner
    The Numbers
    Data
    Is the new Oil
    IN 2000 THE WORLD GENERATED

    TWO EXABYTES
    OF NEW INFORMATION

    EVERY DAY
    Data Security Elements

    Technology Process
    Technology
    is tested and scrutinized
    Processes
    are reviewed and audited
    People
    are assumed and accepted
    Shift responsibility - Lack expertise
    Ignore policy - Make mistakes………. …
    Dorks
    Slang: Google search queries that uncover
    sensitive information

    Source: Wikipedia
    BEGIN RSA PRIVATE KEY “filetype:key –github”

    To find private RSA Private SSL Keys


    Source: Jason Hart
    intext:aws_secret ext:env

    API Credentials for AWS

    Source: Gorav Arora


    site:github.com inurl:sftp-config.json

    Pulling Secure FTP login credentials from


    github repositories
    Source: Jason Hart
    "OpenSSL" AND "1.0.1 Server at" OR
    "1.0.1a Server at" OR "1.0.1b Server at" OR
    "1.0.1c Server at" OR "1.0.1d Server at" OR
    "1.0.1e Server at" OR "1.0.1f Server at"

    Lists Web applications vulnerable


    to Heartbleed
    Source: Jason Hart
    Forget
    What you know about Information
    Security
    New Mindset
    Transform the
    mindset
    from Breach Prevention
    To
    Breach Acceptance
    Think like a bad
    guy…
    What is he after?
    Ok…
    now what should I do?
    How about.
    “Kill” the Data….
    Is it really
    that simple?
    Protect the Keys
    to the Data
    Control Access
    to the Data
    Crypto Loves Cloud
    Hackers Hate Crypto
    Culture
    Security in every team.
    Confidentiality
    Integrity
    Availability
    Accountability
    Auditability
    Trust. Every day
    Gemalto’s SafeNet Encryption Portfolio
    Servers Storage Media Networks
    On-premises/Cloud/Virtual

    (Files, Databases, and


    (Volumes or Shares) (Drives and Tapes) (Data-in-Motion)
    Virtual Machines)

    SafeNet Encryption Solutions


    ProtectFile
    • File Encryption
    • ProtectApp
    Application Encryption
    • Database Encryption
    ProtectV • Storage Encryption • Network Encryption High Speed
    StorageSecure
    • Virtual Machine Encryption (HSE)
    ProtectDB
    Encryption
    Tokenization

    SafeNet Key Management Solution


    • Encryption Key Vaulting
    • Encryption Key Management SafeNet
    (Generation, Rotation, Expiration, etc.)
    KeySecure/
    • Audit Reporting andVirtual
    Compliance Management
    KeySecure
    Secure the entire identity trust chain

    Ensuring strong
    identities and
    securing data
    from the edge
    to the core

    50
    Trust. Every day 05.11.15
    Our clients are some of the world’s big brands

    30,000+
    ENTERPRISES

    450
    MOBILE
    OPERATORS

    80+
    eGOVERNMENT
    PROGRAMS

    3000+
    FINANCIAL
    INSTITUTIONS

    51 Trust. Every day 05.11.15


    Thank You
    #Hart_Jason
    #acceptthebreach

    Trust. Every day

    You might also like