Note: This agenda is a work in progress. Check back for updates on additional sessions as well as the agenda schedule.
Your encrypted data is only as secure as your encryption keys. A strong encryption key management strategy is essential for a comprehensive security policy, as well as meeting compliance requirements. Attendees of this presentation will learn:
This is a non-technical session but will be of value to developers and implementers. Attendees will learn the core principles of effective and secure encryption key management. These principles can be used in developing in-house key management solutions or in evaluating vendor solutions.
Learning Objectives
Data security is top of mind for most businesses trying to respond to the constant barrage of news highlighting data theft, security breaches, and the resulting punitive costs. Combined with litigation risks, compliance issues and pending legislation, companies face a myriad of technologies and products that all claim to protect data-at-rest on storage devices. What is the right approach to encrypting stored data? The Trusted Computing Group, with the active participation of the drive industry, has standardized on the technology for self-encrypting drives (SED): the encryption is implemented directly in the drive hardware and electronics. Mature SED products are now available from all the major drive companies, both HDD (rotating media) and SSD (solid state) and both laptops and data center. SEDs provide a low-cost, transparent, performance-optimized solution for stored-data encryption. SEDs do not protect data in transit, upstream of the storage system. For overall data protection, a layered encryption approach is advised. Sensitive data (eg, as identified by specific regulations: HIPAA, PCI DSS) may require encryption outside and upstream from storage, such as in selected applications or associated with database manipulations. This presentation will examine a pyramid approach to encryption: selected, sensitive data encrypted at the higher logical levels, with full data encryption for all stored data provided by SEDs.
Learning Objectives
After reviewing the diverging data protection legislation in the EU member states, the European Commission (EC) decided that this situation would impede the free flow of data within the EU zone. The EC response was to undertake an effort to "harmonize" the data protection regulations and it started the process by proposing a new data protection framework. This proposal includes some significant changes like defining a data breach to include data destruction, adding the right to be forgotten, adopting the U.S. practice of breach notifications, and many other new elements. Another major change is a shift from a directive to a rule, which means the protections are the same for all 27 countries and includes significant financial penalties for infractions. This tutorial explores the new EU data protection legislation and highlights the elements that could have significant impacts on data handling practices.
Learning Objectives
As a novel computing platform, IoT will bring many security challenges to enterprise networks, and create new opportunities for security industry. This talk will provide a general overview of enterprise network security problems, especially the data security, caused by IoT. After that, a few existing security technologies are evaluated as necessary elements of a holistic network security that cover IoT devices. These technologies include : (a) IoT security monitoring and control; (b) FOTA for firmware vulnerability management; (c) NetFlow based big data security analysis. In the end, the practice of standard security protocols (such as OpenIoC and IODEF) will be strongly advocated for delivering effective IoT security solutions.
Learning Objectives
The Trusted Computing Group's Storage Work Group published the Opal Security Subsystem Class, a specification defining management of the cryptographic protection of data at rest, in 2009. Since then, new storage technologies and interfaces have become more common, and the TCG Storage Work Group is in the process of releasing additional specifications enhancing Opal and defining enhancements to its existing capabilities. This presentation will describe the new specifications and capabilities, as well as associated use cases and benefits.
Learning Objectives
Representatives from a range of established KMIP Key Management vendors answer questions from the moderators and from the audience on various aspects of encryption, standardised key management via KMIP and some of the deployment issues and opportunities brought about through enterprise key management.
Self-Protecting, Self-Encrypting, Storage Devices (SP-SEDs) are already widely available and successful in the marketplace. This talk will focus on exciting new concepts that take existing standards, and existing Open Source code repositories to create opportunities for new wealth through security and privacy. Look to the clouds for guidance for what should be in the Personal Storage Device.
Abstract pending
Based on forensic evidence collected from 70 partner organizations as well as the Verizon caseload, the 2015 Verizon Data Breach Investigation Report (DBIR) presents a rare and comprehensive view into the world of corporate cybercrime. Now in its' eighth year of publication, this research has been used by thousands of organizations to evaluate and improve their security programs. The presentation will discuss the evolution of results over the years and delve into the people, methods and motives that drive attackers today to better inform your own security program.
The imperative to encrypt data has driven the strong and sustained growth in the Enterprise Key Management market. Gaining accurate knowledge and clear insight into this market is a significant challenge both for vendors and end-users. Publically accessible information is littered with half-truths, misdirection and creative marketing content. Failing to distil reality from fantasy will undermine your ability to make the critical decisions you need stay competitive. This session will provide you with the inside information about what was, what is and what will be in the next 18 months of Enterprise Key Management.
Abstract Pending
There is a natural balance between keeping enough copies of data so that it does not get prematurely lost, and assuring that data that should be destroyed is reliably destroyed. This talk describes a technology that enables a storage system to allow a piece of data to be stored with an optional expiration date. After the expiration date the data is impossible to recover from the storage system, even if all of the state of the storage system is captured on backups, including, for instance, copies that are stored offline. Obviously, the answer involves encrypting the data and then discarding keys, but that isn't the entire answer, because it would be necessary to make backup copies of the keys, and once keys are copied, it is difficult to assure that no copies can be recovered after the expiration date. This presentation describes a system that is easy to build, very scalable, and very robust.
Be honest with yourself: do you really know what's in your data? And do you know who is doing what with the information that data contains? Probably not. Unfortunately, that lack of awareness is growing increasingly dangerous. Data stores for organizations in all industries are growing at a rapid rate, and without cutting to the core of the storage and finding what sensitive information lurks inside, you're setting your team and your business up for potential disaster. This presentation will cover what it means to truly take control of and defend your company's data across the full spectrum of vulnerabilities.
Learning Objectives
With the increasing sophistication of cyber-attacks penetrating the most highly protected government and commercial systems, many look to encrypted storage as a silver bullet to prevent the loss of critical data and reputational loss. The session will explore the implications of mainstreaming the use of encrypted storage and the future of large scale encryption.
HIPAA Privacy Rules protect individually identifiable health information held by covered entities and gives patients’ rights with respect to that information. The Privacy Rule is balanced so that it allows disclosure of health information needed for patient care and other important purposes. Researchers and software developers can obtain valuable information from health data repositories. Analytics can determine correlations between variables that can improve patient care. Developers can integrate functionality into a electronic health record (EHR) systems if the data they use supports testing that functionality. PHI presents a unique challenge in that de-identification of data can invalidate the conclusions that may be drawn. Data may be de-identified based two standard methods; “Expert Determination” (statistical analysis) and “Safe Harbor” (removing data elements). The “Safe Harbor” method requires that 18 specific data elements be de-identified. Some of these have relevance to the value of the resulting data repository.
Learning Objectives
Two veterans of the KMIP world work through various approaches from both the perspective of data storage appliance and key management servers, using their experience to provide practical examples of how commercial success has been achieved through the deployment of KMIP. Between them Nathan and Tony have a wealth of knowledge garnered through participation in the KMIP specification development and enabling the success of their customers as they deliver KMIP solutions.