Zero Knowledge; you can't leak what you don't know

We regularly hear of another data breach at another large company, or of governments collecting and storing more of our data. Even if we trust our service providers, they're creating a honey-pot of information that criminals would love to get their hands on.

Data in transit is a mostly solved problem, with TLS securing the connections, but how about when the data is at rest? Encryption is hard, and worse, it's not end-user friendly. One misstep, and it's as good as useless.

Learn the steps you can take to secure more of the data you store, and how you can evaluate the benefit or risk these different approaches will bring you and your customers.


Outline/Structure of the Talk

Origins of communication

Encryption - the benefits and blind-spots

Describe an example Software-as-a-Service system

How can we secure the data at rest?

How can we process encrypted data?

What security holes still exist, and what can we do about those?

How can you use this information to make a plan of what's suitable for your organisation or product?

Learning Outcome

You will gain an understanding of

  • where encryption can help secure your data at rest,
  • where it won't help you, and
  • how you can plan to implement certain strategies to protect your organisation and its customers.

Target Audience

Software Engineers, Solutions Architects

Prerequisites for Attendees

While this talk is accessible to all, some basic understanding of internet communications and data storage might be useful.

schedule Submitted 3 years ago