Upload
others
View
3
Download
0
Embed Size (px)
Citation preview
www.cloudsec.com | #cloudsec
Embark on a Secure Digital Journey
TM Ching, Security Chief Technologist | DXC Technology
© 2019 DXC Technology Company. All rights reserved.
Embark on a Secure Digital JourneyTM Ching
Security Chief Technologist, ANZ
9 September 2019 3© 2019 DXC Technology Company. All rights reserved. 9 September 2019 3© 2019 DXC Technology Company. All rights reserved.
Agenda
1. Why digital security is
important?
2. 10 critical areas of focus
3. How to start securing
digital?
9 September 2019 4© 2019 DXC Technology Company. All rights reserved.
Current weather: cloudy
• Does less control imply more
challenges to security?
• Do you know where your cloud
providers host your data?
• Do you use cloud features to
enable digital security
capabilities such as site
reliability engineering?
Cloud is the reason
why digital
transformation is
possible.
9 September 2019 5© 2019 DXC Technology Company. All rights reserved.
The language of digital
• API is cleartext in nature, do
you encrypt their transmission
end-to-end?
• Authentication between
systems are done using API
keys, how do you store and
transmit them?
• Is it better to have one API
token to have 100 privileges, or
to have 100 API tokens to each
have 1 privilege?
API is the language
that every digital
platform speaks.
9 September 2019 6© 2019 DXC Technology Company. All rights reserved.
Orchestrate and automate
• Speed to do things = Speed to
break things
• How is change approval
process affected in a world
where speed of automation is
required? Can change approval
be automated?
• Do you constantly review the
orchestration workflow to see if
it has been tampered? What
happen if the input variables
change in the future?
Orchestration and
automation are the
drivers to productivity
gains via digital
transformation.
9 September 2019 7© 2019 DXC Technology Company. All rights reserved.
The thinking machine
• A tainted dataset will provide a
broken machine learning model
• Do you have mechanisms to
detect machine learning
steering away from business
objectives?
• Do you have mechanisms to
complement machine learning
rather than wholly depend on
them?
Machine Learning
shows business
insights that cannot be
done via manual
means in a reasonable
time frame.
9 September 2019 8© 2019 DXC Technology Company. All rights reserved.
All about the CRUX
• Does your platform provide a
good secure UX?
• Does 2-factor authentication
improve or impair UX?
• Does your UX designers
understand the security
implications when designing
input and output elements?
The main objective
of digital
transformation is
improving the User
Experience (UX).
9 September 2019 9© 2019 DXC Technology Company. All rights reserved.
The I in IoT
• Do you know what your IoT
devices capture? Do you know
where they store the
information?
• How does one secure IoT
devices in a pragmatic
manner?
• What is your backup plan if the
IoT vendors go out of
business?
IoT expands the
digital experience
into the physical
realm.
9 September 2019 10© 2019 DXC Technology Company. All rights reserved.
Data, data everywhere
• Massive data capture can lead
to privacy concerns
• Is PII natively identified and
encrypted by default?
• Have you implement
pseudo-anonymisation
mechanism in your big data
platform?
Big data is the
discipline that
provides in-depth
performance
visibility to the
business.
9 September 2019 11© 2019 DXC Technology Company. All rights reserved.
Is that a human or machine?
• How do you trust that the
device is secure?
• Conversely, how does the
device trust it is you?
• How does one verify if
machines communicating to
other machines are properly
authenticated?
Digital experience
blurs the line
between user/user,
user/machine and
machine/machine
interactions.
9 September 2019 12© 2019 DXC Technology Company. All rights reserved.
The infinity loop
• Making and implementing many
changes quickly means security
testing must be done often and
quickly
• Is all code tested for security
vulnerabilities before deployed?
• Consider automating the
security testing, and working
towards fixing security issues
quickly
DevOps culture is
essential to the
success of digital
transformation.
9 September 2019 13© 2019 DXC Technology Company. All rights reserved.
Hide the data, share the data
• GDPR and NDB compel
organisations to protect users’
information
• Consumer data rights
encourage organisations to
share users’ information under
specific framework to drive
economic improvements
• How does an organisation
balance the needs of both?
Regardless of
legacy or digital
environment,
legislative outcomes
are important to data
protection.
9 September 2019 14© 2019 DXC Technology Company. All rights reserved.
How does customers begin the secure digital journey?
9 September 2019 15© 2019 DXC Technology Company. All rights reserved.
Remember the slide order? Work backwards.
• Legislation (Business must first respect data)
• DevOps (.. and company culture has to change to be Digital ready)
• Machine versus Human interactions (Think how interactions work in a Digital world …)
• Big data (… and what information do you need to capture and provide?)
• Internet of Things (Consider what spatial information is required that can …)
• User experience (… further provide a rich user experience through Digital means …)
• Machine learning (… improved by machine learning understanding of user behaviour …)
• Automation and orchestration (… seamlessly and effectively via this outcome …)
• Application programming interface (… which is enabled by APIs …)
• Cloud (… all powered by the Cloud in a secure manner)
© 2019 DXC Technology Company. All rights reserved.
#cloudsec www.cloudsec.com
THANK YOU