Upload
others
View
1
Download
0
Embed Size (px)
Citation preview
www.thales-esecurity.comOPEN
Worlds Collide
Are we ready for security at Warp Speed?
2This document may not be reproduced, modified , adapted, published, translated, in any way , in whole or in part or disclosed to a third party without prior written consent of Thales - Thales © 2016 All rights reserved.
OPEN
About your speaker
▌ Chief Technology Officer at Thales e-Security
▌ Career in security at many scales
• nCipher (Lead Architect, Director Technical Strategy)
- And founder of OASIS KMIP• ARM (Director of Technology, Secure Services Division)
- And Board Director at GlobalPlatform• Trustonic (Chief Technology Officer)
- And Chair of GlobalPlatform Security Task Force• Thales e-Security
3This document may not be reproduced, modified , adapted, published, translated, in any way , in whole or in part or disclosed to a third party without prior written consent of Thales - Thales © 2016 All rights reserved.
OPEN
Worlds Collide…
Image Author=Naturkundemuseum Münster, License=Creative Commons Attribution-Share Alike 3.0 Unported
4This document may not be reproduced, modified , adapted, published, translated, in any way , in whole or in part or disclosed to a third party without prior written consent of Thales - Thales © 2016 All rights reserved.
OPEN
Mobile – 10 years on
5This document may not be reproduced, modified , adapted, published, translated, in any way , in whole or in part or disclosed to a third party without prior written consent of Thales - Thales © 2016 All rights reserved.
OPEN
Mobile – apps and data everywhere
6This document may not be reproduced, modified , adapted, published, translated, in any way , in whole or in part or disclosed to a third party without prior written consent of Thales - Thales © 2016 All rights reserved.
OPEN
Mobile – design considerations
Image Author=Köf3, License=Creative Commons Attribution-Share Alike 3.0 Unported
7This document may not be reproduced, modified , adapted, published, translated, in any way , in whole or in part or disclosed to a third party without prior written consent of Thales - Thales © 2016 All rights reserved.
OPEN
Mobile – design considerations
Image Author=Köf3, License=Creative Commons Attribution-Share Alike 3.0 Unported
8This document may not be reproduced, modified , adapted, published, translated, in any way , in whole or in part or disclosed to a third party without prior written consent of Thales - Thales © 2016 All rights reserved.
OPEN
Cloud – also 10 years on
9This document may not be reproduced, modified , adapted, published, translated, in any way , in whole or in part or disclosed to a third party without prior written consent of Thales - Thales © 2016 All rights reserved.
OPEN
What about ‘Cloud’?
Image Author=Brian Solis, License=Creative Commons Attribution 2.0 Generic
Six decades into the computer revolution, four decades since the invention of the
microprocessor, and two decades into the rise of the modern Internet, all of the
technology required to transform industries through software finally works and can be
widely delivered at global scale.
In short, software is eating the world.
10This document may not be reproduced, modified , adapted, published, translated, in any way , in whole or in part or disclosed to a third party without prior written consent of Thales - Thales © 2016 All rights reserved.
OPEN
Cloud residue. It’s raining Data.
11This document may not be reproduced, modified , adapted, published, translated, in any way , in whole or in part or disclosed to a third party without prior written consent of Thales - Thales © 2016 All rights reserved.
OPEN
Cloud residue. APIs rule.
12This document may not be reproduced, modified , adapted, published, translated, in any way , in whole or in part or disclosed to a third party without prior written consent of Thales - Thales © 2016 All rights reserved.
OPEN
Traditionally 2 major camps in crypto module security…
13This document may not be reproduced, modified , adapted, published, translated, in any way , in whole or in part or disclosed to a third party without prior written consent of Thales - Thales © 2016 All rights reserved.
OPEN
Traditionally 2 major camps in crypto module security…
14This document may not be reproduced, modified , adapted, published, translated, in any way , in whole or in part or disclosed to a third party without prior written consent of Thales - Thales © 2016 All rights reserved.
OPEN
Always-online changes all that
Image Author=MeekMark, License=Creative Commons Attribution-Share Alike 3.0 Unported
15This document may not be reproduced, modified , adapted, published, translated, in any way , in whole or in part or disclosed to a third party without prior written consent of Thales - Thales © 2016 All rights reserved.
OPEN
IoT – how many years in…?
16This document may not be reproduced, modified , adapted, published, translated, in any way , in whole or in part or disclosed to a third party without prior written consent of Thales - Thales © 2016 All rights reserved.
OPEN
IoT
17This document may not be reproduced, modified , adapted, published, translated, in any way , in whole or in part or disclosed to a third party without prior written consent of Thales - Thales © 2016 All rights reserved.
OPEN
IoT
Image Wikimedia Commons, verified copyright free
18This document may not be reproduced, modified , adapted, published, translated, in any way , in whole or in part or disclosed to a third party without prior written consent of Thales - Thales © 2016 All rights reserved.
OPEN
Different kind of Internet, different kind of security
19This document may not be reproduced, modified , adapted, published, translated, in any way , in whole or in part or disclosed to a third party without prior written consent of Thales - Thales © 2016 All rights reserved.
OPEN
Different kind of Internet, different kind of security
20This document may not be reproduced, modified , adapted, published, translated, in any way , in whole or in part or disclosed to a third party without prior written consent of Thales - Thales © 2016 All rights reserved.
OPEN
That’s all very well in the home, but…
Image Author=Bell Telecom, License=Creative Commons Attribution-Share Alike 3.0 Unported
21This document may not be reproduced, modified , adapted, published, translated, in any way , in whole or in part or disclosed to a third party without prior written consent of Thales - Thales © 2016 All rights reserved.
OPEN
That’s all very well in the home but…
22This document may not be reproduced, modified , adapted, published, translated, in any way , in whole or in part or disclosed to a third party without prior written consent of Thales - Thales © 2016 All rights reserved.
OPEN
That’s all very well in the home, but…
23This document may not be reproduced, modified , adapted, published, translated, in any way , in whole or in part or disclosed to a third party without prior written consent of Thales - Thales © 2016 All rights reserved.
OPEN
That’s all very well in the home, but…
24This document may not be reproduced, modified , adapted, published, translated, in any way , in whole or in part or disclosed to a third party without prior written consent of Thales - Thales © 2016 All rights reserved.
OPEN
That’s all very well in the home, but…
25This document may not be reproduced, modified , adapted, published, translated, in any way , in whole or in part or disclosed to a third party without prior written consent of Thales - Thales © 2016 All rights reserved.
OPEN
These worlds really are colliding
26This document may not be reproduced, modified , adapted, published, translated, in any way , in whole or in part or disclosed to a third party without prior written consent of Thales - Thales © 2016 All rights reserved.
OPEN
People are concerned about IoT security
(Gartner 2015)
27This document may not be reproduced, modified , adapted, published, translated, in any way , in whole or in part or disclosed to a third party without prior written consent of Thales - Thales © 2016 All rights reserved.
OPEN
A brief diversion about diversity
Image Author=Darkone, License=Creative Commons Attribution-Share Alike 2.5 Generic
28This document may not be reproduced, modified , adapted, published, translated, in any way , in whole or in part or disclosed to a third party without prior written consent of Thales - Thales © 2016 All rights reserved.
OPEN
A brief diversion about diversity
Image Author=Darkone, License=Creative Commons Attribution-Share Alike 2.5 Generic
#!
29This document may not be reproduced, modified , adapted, published, translated, in any way , in whole or in part or disclosed to a third party without prior written consent of Thales - Thales © 2016 All rights reserved.
OPEN
It’s all about the money
30This document may not be reproduced, modified , adapted, published, translated, in any way , in whole or in part or disclosed to a third party without prior written consent of Thales - Thales © 2016 All rights reserved.
OPEN
It’s all about the money…
31This document may not be reproduced, modified , adapted, published, translated, in any way , in whole or in part or disclosed to a third party without prior written consent of Thales - Thales © 2016 All rights reserved.
OPEN
Dr. Larry Ponemon, sponsored by Thales
Top Trends in Encryption and Data Protection 2016
Change of control of Crypto Module user
32This document may not be reproduced, modified , adapted, published, translated, in any way , in whole or in part or disclosed to a third party without prior written consent of Thales - Thales © 2016 All rights reserved.
OPEN
Dr. Larry Ponemon, sponsored by Thales
Top Trends in Encryption and Data Protection 2016
Change of control of Crypto Module user
This presentation contains the findings of a survey completed by 5,009 IT and IT security
practitioners in the following 11 countries: United States, United Kingdom, Germany, France, Australia, Japan, Brazil, Russian
Federation, India, Mexico and Arabia. The research examines how the use of encryption
has evolved over the past 11 years.
33This document may not be reproduced, modified , adapted, published, translated, in any way , in whole or in part or disclosed to a third party without prior written consent of Thales - Thales © 2016 All rights reserved.
OPEN
Change of control of Crypto Module user
34This document may not be reproduced, modified , adapted, published, translated, in any way , in whole or in part or disclosed to a third party without prior written consent of Thales - Thales © 2016 All rights reserved.
OPEN
And when data is money…
Wikimedia commons / Markus Kuhn
35This document may not be reproduced, modified , adapted, published, translated, in any way , in whole or in part or disclosed to a third party without prior written consent of Thales - Thales © 2016 All rights reserved.
OPEN
And when data is money…
Wikimedia commons / Markus Kuhn
36This document may not be reproduced, modified , adapted, published, translated, in any way , in whole or in part or disclosed to a third party without prior written consent of Thales - Thales © 2016 All rights reserved.
OPEN
Regulation – Friend or foe?
37This document may not be reproduced, modified , adapted, published, translated, in any way , in whole or in part or disclosed to a third party without prior written consent of Thales - Thales © 2016 All rights reserved.
OPEN
Regulatory environment is evolving rapidly
▌ Companies facing
• Increased responsibility and accountability
• Requirements to provide more control to users
• Heavier sanctions
38This document may not be reproduced, modified , adapted, published, translated, in any way , in whole or in part or disclosed to a third party without prior written consent of Thales - Thales © 2016 All rights reserved.
OPEN
So what can we do?
39This document may not be reproduced, modified , adapted, published, translated, in any way , in whole or in part or disclosed to a third party without prior written consent of Thales - Thales © 2016 All rights reserved.
OPEN
The way forward
All of these trends point to a world that is moving incredibly fast, all built on shared data.
This is a real problem for traditional conservative crypto module developers and users: one camp wishes to control data and have absolute visibility, the other camp wishes to free it.
Traditional CM certification programmes take years to write and months to test, but in the new Internet economy whole industries can rise and fall in that time! They need protection too.
We have moved well and truly out of the data centre and controlled operations. The threats we face outside are remarkably different to the days in which the old FIPS, TPM, PCI etc were devised.
In a truly connected world threats are not statistically neutral, and nobody can control everything.
BUT, there are opportunities to improve security if we work with the emerging technologies.What should we be doing?
40This document may not be reproduced, modified , adapted, published, translated, in any way , in whole or in part or disclosed to a third party without prior written consent of Thales - Thales © 2016 All rights reserved.
OPEN
The way forward
As a community, we need to recognise:
Cryptography is not the only fruit. We must define modules that understand context.
In commercial use cases, certification is only useful if it saves time for device makers or service providers. No mater how perfect the scheme might be in abstract, if it misses its design window it’s no good. So we have to define schemes and evidence that work for the market they serve.
Everything these days is distributed and fragmented, and we can’t expect all of the security, or crypto, or key management, to be done in one place or in one type of device made by one vendor. So composite validations are becoming essential.
It’s time for us to realize that the world is full of grey areas and risks. We have often tried to make infosec somehow perfect: tick the boxes and nothing will break. Buy a widget and nothing will leak. But that’s not true in any of our real-world corollaries. Can we find a way to openly recognise weaknesses in our defences and thereby improve security?
41This document may not be reproduced, modified , adapted, published, translated, in any way , in whole or in part or disclosed to a third party without prior written consent of Thales - Thales © 2016 All rights reserved.
OPEN
Please enjoy the track