Zero Knowledge; you can't leak what you don't know
We regularly hear of another data breach at another large company, or of governments collecting and storing more of our data. Even if we trust our service providers, they're creating a honey-pot of information that criminals would love to get their hands on.
Data in transit is a mostly solved problem, with TLS securing the connections, but how about when the data is at rest? Encryption is hard, and worse, it's not end-user friendly. One misstep, and it's as good as useless.
Learn the steps you can take to secure more of the data you store, and how you can evaluate the benefit or risk these different approaches will bring you and your customers.
Outline/Structure of the Talk
Origins of communication
Encryption - the benefits and blind-spots
Describe an example Software-as-a-Service system
How can we secure the data at rest?
How can we process encrypted data?
What security holes still exist, and what can we do about those?
How can you use this information to make a plan of what's suitable for your organisation or product?
You will gain an understanding of
- where encryption can help secure your data at rest,
- where it won't help you, and
- how you can plan to implement certain strategies to protect your organisation and its customers.
Software Engineers, Solutions Architects
Prerequisites for Attendees
While this talk is accessible to all, some basic understanding of internet communications and data storage might be useful.