SlideShare ist ein Scribd-Unternehmen logo

Paul James Adams, InfoSecurity.nl 2010, 3 november, Jaarbeurs Utrecht

Infosecurity2010
Infosecurity2010

Can you keep a secret? Security in the Kolab Groupware

1 von 17
Downloaden Sie, um offline zu lesen
Can You Keep A Secret? Dr. Paul J. Adams 4 November, 2010
Can You Keep A Secret? Dr. Paul J. Adams Introduction Keeping Secrets Who Is This Guy? What Is Kolab? Perspectives Security By Design Proprietary Technology Valuable Targets No Single Point Of Failure Beyond Groupware The Challenges The Solutions What Next? We All Have Secrets But We Don’t All Have Secretaries Someone to whom you share your secrets. You understand them You respect them You trust them
Can You Keep A Secret? Dr. Paul J. Adams Introduction Keeping Secrets Who Is This Guy? What Is Kolab? Perspectives Security By Design Proprietary Technology Valuable Targets No Single Point Of Failure Beyond Groupware The Challenges The Solutions What Next? Jacqui Smith MP Home Secretary: June 2007 – June 2009
Can You Keep A Secret? Dr. Paul J. Adams Introduction Keeping Secrets Who Is This Guy? What Is Kolab? Perspectives Security By Design Proprietary Technology Valuable Targets No Single Point Of Failure Beyond Groupware The Challenges The Solutions What Next? What About Software? Security Is Not A Feature Secure by design Avoid proprietary technology Use well-tested code Avoid creating a valuable target Privacy by design Layered defence Avoid single point of failure
Can You Keep A Secret? Dr. Paul J. Adams Introduction Keeping Secrets Who Is This Guy? What Is Kolab? Perspectives Security By Design Proprietary Technology Valuable Targets No Single Point Of Failure Beyond Groupware The Challenges The Solutions What Next? My Name Is Paul... ... And I Am Not A Security Expert COO of Kolab Systems PhD in Software Engineering Member of KDE eV, Fellow of FSFE, MBCS, MIEEE
Can You Keep A Secret? Dr. Paul J. Adams Introduction Keeping Secrets Who Is This Guy? What Is Kolab? Perspectives Security By Design Proprietary Technology Valuable Targets No Single Point Of Failure Beyond Groupware The Challenges The Solutions What Next? Groupware Software For Supporting Groups
Can You Keep A Secret? Dr. Paul J. Adams Introduction Keeping Secrets Who Is This Guy? What Is Kolab? Perspectives Security By Design Proprietary Technology Valuable Targets No Single Point Of Failure Beyond Groupware The Challenges The Solutions What Next? Groupware For PIM Personal Information Management
Can You Keep A Secret? Dr. Paul J. Adams Introduction Keeping Secrets Who Is This Guy? What Is Kolab? Perspectives Security By Design Proprietary Technology Valuable Targets No Single Point Of Failure Beyond Groupware The Challenges The Solutions What Next?
Can You Keep A Secret? Dr. Paul J. Adams Introduction Keeping Secrets Who Is This Guy? What Is Kolab? Perspectives Security By Design Proprietary Technology Valuable Targets No Single Point Of Failure Beyond Groupware The Challenges The Solutions What Next? Security By Design A Whole Industry Can Be Born Of Design Decisions Ask Yourself, “Why Do We Need...?” Norton Kaspersky Symantec
Can You Keep A Secret? Dr. Paul J. Adams Introduction Keeping Secrets Who Is This Guy? What Is Kolab? Perspectives Security By Design Proprietary Technology Valuable Targets No Single Point Of Failure Beyond Groupware The Challenges The Solutions What Next? Proprietary Technology Where Trust Becomes Faith What Kolab Does... Based upon Free Software Components Developed As Free Software No “Open Core”
Can You Keep A Secret? Dr. Paul J. Adams Introduction Keeping Secrets Who Is This Guy? What Is Kolab? Perspectives Security By Design Proprietary Technology Valuable Targets No Single Point Of Failure Beyond Groupware The Challenges The Solutions What Next? Valuable Targets One Box Is Convenient For The Thieves, Too What Kolab Does... Distribute content over many boxes Content on boxes restricted to individual users Root and physical access required
Can You Keep A Secret? Dr. Paul J. Adams Introduction Keeping Secrets Who Is This Guy? What Is Kolab? Perspectives Security By Design Proprietary Technology Valuable Targets No Single Point Of Failure Beyond Groupware The Challenges The Solutions What Next? No Single Point Of Failure Not Even Your Root User! http://xkcd.com/538/ What Kolab Does Nothing unencrypted passes between clients if you don’t want
Can You Keep A Secret? Dr. Paul J. Adams Introduction Keeping Secrets Who Is This Guy? What Is Kolab? Perspectives Security By Design Proprietary Technology Valuable Targets No Single Point Of Failure Beyond Groupware The Challenges The Solutions What Next? PIM Isn’t What It Use To Be? So Neither Should Groupware Be
Can You Keep A Secret? Dr. Paul J. Adams Introduction Keeping Secrets Who Is This Guy? What Is Kolab? Perspectives Security By Design Proprietary Technology Valuable Targets No Single Point Of Failure Beyond Groupware The Challenges The Solutions What Next? It Is Not Just Different Data It Is Different Devices, Too
Can You Keep A Secret? Dr. Paul J. Adams Introduction Keeping Secrets Who Is This Guy? What Is Kolab? Perspectives Security By Design Proprietary Technology Valuable Targets No Single Point Of Failure Beyond Groupware The Challenges The Solutions What Next? Moving Beyond Groupware Giving You All Your Stuff. Now. Client-side cache of “stuff” “Usual” PIM data Also microblogging or Jabber Fully indexed for fast search Free Software implementation of ActiveSync Development: Collaboration with Zarafa Funded by NLnet
Can You Keep A Secret? Dr. Paul J. Adams Introduction Keeping Secrets Who Is This Guy? What Is Kolab? Perspectives Security By Design Proprietary Technology Valuable Targets No Single Point Of Failure Beyond Groupware The Challenges The Solutions What Next? And Finally... ... What’s Next? Kolab 3.0 under discussion! Things to talk about: Web client Web admin LDAP Chat Focus on creating a well-integrated experience from installation to usage Get Involved #kolab on freenode kolab- devel@kolab.org www.kolab.org
Can You Keep A Secret? Dr. Paul J. Adams Introduction Keeping Secrets Who Is This Guy? What Is Kolab? Perspectives Security By Design Proprietary Technology Valuable Targets No Single Point Of Failure Beyond Groupware The Challenges The Solutions What Next? Paul Adams, Kolab Systems AG adams@kolabsys.com +41 43 501 66 91 http://kolabsys.com

Empfohlen

ศูนย์ภาคีวิจัยล้านนา
ศูนย์ภาคีวิจัยล้านนาศูนย์ภาคีวิจัยล้านนา
ศูนย์ภาคีวิจัยล้านนาrattapol
 
Presentation2
Presentation2Presentation2
Presentation2rattapol
 
Eric Verheul, Infosecurity.nl, 3 november, Jaarbeurs Utrecht
Eric Verheul, Infosecurity.nl, 3 november, Jaarbeurs UtrechtEric Verheul, Infosecurity.nl, 3 november, Jaarbeurs Utrecht
Eric Verheul, Infosecurity.nl, 3 november, Jaarbeurs UtrechtInfosecurity2010
 
Emiel Brok, Open Source tijdens Infosecurity.nl Storage Expo en Tooling Event...
Emiel Brok, Open Source tijdens Infosecurity.nl Storage Expo en Tooling Event...Emiel Brok, Open Source tijdens Infosecurity.nl Storage Expo en Tooling Event...
Emiel Brok, Open Source tijdens Infosecurity.nl Storage Expo en Tooling Event...Infosecurity2010
 
Nrct
NrctNrct
Nrctrattapol
 
Kick off nrct
Kick off nrctKick off nrct
Kick off nrctrattapol
 
Training for research&transfer
Training for research&transferTraining for research&transfer
Training for research&transferrattapol
 
Arie Kuit
Arie KuitArie Kuit
Arie Kuitariesax
 

Empfohlen

ศูนย์ภาคีวิจัยล้านนา
ศูนย์ภาคีวิจัยล้านนาศูนย์ภาคีวิจัยล้านนา
ศูนย์ภาคีวิจัยล้านนาrattapol
 
Presentation2
Presentation2Presentation2
Presentation2rattapol
 
Eric Verheul, Infosecurity.nl, 3 november, Jaarbeurs Utrecht
Eric Verheul, Infosecurity.nl, 3 november, Jaarbeurs UtrechtEric Verheul, Infosecurity.nl, 3 november, Jaarbeurs Utrecht
Eric Verheul, Infosecurity.nl, 3 november, Jaarbeurs UtrechtInfosecurity2010
 
Emiel Brok, Open Source tijdens Infosecurity.nl Storage Expo en Tooling Event...
Emiel Brok, Open Source tijdens Infosecurity.nl Storage Expo en Tooling Event...Emiel Brok, Open Source tijdens Infosecurity.nl Storage Expo en Tooling Event...
Emiel Brok, Open Source tijdens Infosecurity.nl Storage Expo en Tooling Event...Infosecurity2010
 
Nrct
NrctNrct
Nrctrattapol
 
Kick off nrct
Kick off nrctKick off nrct
Kick off nrctrattapol
 
Training for research&transfer
Training for research&transferTraining for research&transfer
Training for research&transferrattapol
 
Arie Kuit
Arie KuitArie Kuit
Arie Kuitariesax
 
Doc002
Doc002Doc002
Doc002rattapol
 
Doc001
Doc001Doc001
Doc001rattapol
 
iWave Company Profile
iWave Company ProfileiWave Company Profile
iWave Company Profileazeezsr
 
Sharon Conheady - Social engineering & social networks (4 novmber Jaarbeurs U...
Sharon Conheady - Social engineering & social networks (4 novmber Jaarbeurs U...Sharon Conheady - Social engineering & social networks (4 novmber Jaarbeurs U...
Sharon Conheady - Social engineering & social networks (4 novmber Jaarbeurs U...Infosecurity2010
 
ComponentKit basics presentation: Improving View Performance with ComponentKit
ComponentKit basics presentation: Improving View Performance with ComponentKitComponentKit basics presentation: Improving View Performance with ComponentKit
ComponentKit basics presentation: Improving View Performance with ComponentKitCorneliu Chitanu
 
Nrct northern initiatives
Nrct northern initiativesNrct northern initiatives
Nrct northern initiativesrattapol
 
Doc002
Doc002Doc002
Doc002rattapol
 
How is Destiny Created?
How is Destiny Created?How is Destiny Created?
How is Destiny Created?VibhutiGanesh Ji
 
Employee stress management techniques 2
Employee stress management techniques 2Employee stress management techniques 2
Employee stress management techniques 2Dinesh Chandran
 
Timefly iOS App Development Presentation
Timefly iOS App Development PresentationTimefly iOS App Development Presentation
Timefly iOS App Development PresentationCorneliu Chitanu
 
Opsec for security researchers
Opsec for security researchersOpsec for security researchers
Opsec for security researchersvicenteDiaz_KL
 
The Security Industry: How to Survive Becoming Management BSIDESLV 2013 Keynote
The Security Industry: How to Survive Becoming Management BSIDESLV 2013 KeynoteThe Security Industry: How to Survive Becoming Management BSIDESLV 2013 Keynote
The Security Industry: How to Survive Becoming Management BSIDESLV 2013 KeynoteVeracode
 
Slides to the online event "Creating an effective cybersecurity strategy" by ...
Slides to the online event "Creating an effective cybersecurity strategy" by ...Slides to the online event "Creating an effective cybersecurity strategy" by ...
Slides to the online event "Creating an effective cybersecurity strategy" by ...Berezha Security Group
 
Shadow IT: The CISO Perspective on Regaining Control
Shadow IT: The CISO Perspective on Regaining ControlShadow IT: The CISO Perspective on Regaining Control
Shadow IT: The CISO Perspective on Regaining ControlCipherCloud
 
Kaseya Connect 2013: Becoming A Trusted Security Advisor - It’s Easier Than Y...
Kaseya Connect 2013: Becoming A Trusted Security Advisor - It’s Easier Than Y...Kaseya Connect 2013: Becoming A Trusted Security Advisor - It’s Easier Than Y...
Kaseya Connect 2013: Becoming A Trusted Security Advisor - It’s Easier Than Y...Kaseya
 
[Wroclaw #9] To be or Not To Be - Threat Modeling in Security World
[Wroclaw #9] To be or Not To Be - Threat Modeling in Security World[Wroclaw #9] To be or Not To Be - Threat Modeling in Security World
[Wroclaw #9] To be or Not To Be - Threat Modeling in Security WorldOWASP
 
Developing Software with Security in Mind
Developing Software with Security in MindDeveloping Software with Security in Mind
Developing Software with Security in Mindsblom
 
Security First - Adam Baldwin
Security First - Adam BaldwinSecurity First - Adam Baldwin
Security First - Adam BaldwinAdam Baldwin
 
SDLC & DevSecOps
SDLC & DevSecOpsSDLC & DevSecOps
SDLC & DevSecOpsIrina Kostina
 
Embracing Uncertainty: A Most Difficult Leap of Faith
Embracing Uncertainty: A Most Difficult Leap of FaithEmbracing Uncertainty: A Most Difficult Leap of Faith
Embracing Uncertainty: A Most Difficult Leap of FaithTechWell
 
The Cloud 9 - Threat & Solutions 2016 by Bobby Dominguez
The Cloud 9 - Threat & Solutions 2016 by Bobby DominguezThe Cloud 9 - Threat & Solutions 2016 by Bobby Dominguez
The Cloud 9 - Threat & Solutions 2016 by Bobby DominguezEC-Council
 
Cybersecurity 5 road_blocks
Cybersecurity 5 road_blocksCybersecurity 5 road_blocks
Cybersecurity 5 road_blocksCyphort
 

Weitere ähnliche Inhalte

Andere mochten auch

iWave Company Profile
iWave Company ProfileiWave Company Profile
iWave Company Profileazeezsr
 
Sharon Conheady - Social engineering & social networks (4 novmber Jaarbeurs U...
Sharon Conheady - Social engineering & social networks (4 novmber Jaarbeurs U...Sharon Conheady - Social engineering & social networks (4 novmber Jaarbeurs U...
Sharon Conheady - Social engineering & social networks (4 novmber Jaarbeurs U...Infosecurity2010
 
ComponentKit basics presentation: Improving View Performance with ComponentKit
ComponentKit basics presentation: Improving View Performance with ComponentKitComponentKit basics presentation: Improving View Performance with ComponentKit
ComponentKit basics presentation: Improving View Performance with ComponentKitCorneliu Chitanu
 
Nrct northern initiatives
Nrct northern initiativesNrct northern initiatives
Nrct northern initiativesrattapol
 
Employee stress management techniques 2
Employee stress management techniques 2Employee stress management techniques 2
Employee stress management techniques 2Dinesh Chandran
 
Timefly iOS App Development Presentation
Timefly iOS App Development PresentationTimefly iOS App Development Presentation
Timefly iOS App Development PresentationCorneliu Chitanu
 

Andere mochten auch (10)

Doc002
Doc002Doc002
Doc002
 
Doc001
Doc001Doc001
Doc001
 
iWave Company Profile
iWave Company ProfileiWave Company Profile
iWave Company Profile
 
Sharon Conheady - Social engineering & social networks (4 novmber Jaarbeurs U...
Sharon Conheady - Social engineering & social networks (4 novmber Jaarbeurs U...Sharon Conheady - Social engineering & social networks (4 novmber Jaarbeurs U...
Sharon Conheady - Social engineering & social networks (4 novmber Jaarbeurs U...
 
ComponentKit basics presentation: Improving View Performance with ComponentKit
ComponentKit basics presentation: Improving View Performance with ComponentKitComponentKit basics presentation: Improving View Performance with ComponentKit
ComponentKit basics presentation: Improving View Performance with ComponentKit
 
Nrct northern initiatives
Nrct northern initiativesNrct northern initiatives
Nrct northern initiatives
 
Doc002
Doc002Doc002
Doc002
 
How is Destiny Created?
How is Destiny Created?How is Destiny Created?
How is Destiny Created?
 
Employee stress management techniques 2
Employee stress management techniques 2Employee stress management techniques 2
Employee stress management techniques 2
 
Timefly iOS App Development Presentation
Timefly iOS App Development PresentationTimefly iOS App Development Presentation
Timefly iOS App Development Presentation
 

Ähnlich wie Paul James Adams, InfoSecurity.nl 2010, 3 november, Jaarbeurs Utrecht

Opsec for security researchers
Opsec for security researchersOpsec for security researchers
Opsec for security researchersvicenteDiaz_KL
 
The Security Industry: How to Survive Becoming Management BSIDESLV 2013 Keynote
The Security Industry: How to Survive Becoming Management BSIDESLV 2013 KeynoteThe Security Industry: How to Survive Becoming Management BSIDESLV 2013 Keynote
The Security Industry: How to Survive Becoming Management BSIDESLV 2013 KeynoteVeracode
 
Slides to the online event "Creating an effective cybersecurity strategy" by ...
Slides to the online event "Creating an effective cybersecurity strategy" by ...Slides to the online event "Creating an effective cybersecurity strategy" by ...
Slides to the online event "Creating an effective cybersecurity strategy" by ...Berezha Security Group
 
Shadow IT: The CISO Perspective on Regaining Control
Shadow IT: The CISO Perspective on Regaining ControlShadow IT: The CISO Perspective on Regaining Control
Shadow IT: The CISO Perspective on Regaining ControlCipherCloud
 
Kaseya Connect 2013: Becoming A Trusted Security Advisor - It’s Easier Than Y...
Kaseya Connect 2013: Becoming A Trusted Security Advisor - It’s Easier Than Y...Kaseya Connect 2013: Becoming A Trusted Security Advisor - It’s Easier Than Y...
Kaseya Connect 2013: Becoming A Trusted Security Advisor - It’s Easier Than Y...Kaseya
 
[Wroclaw #9] To be or Not To Be - Threat Modeling in Security World
[Wroclaw #9] To be or Not To Be - Threat Modeling in Security World[Wroclaw #9] To be or Not To Be - Threat Modeling in Security World
[Wroclaw #9] To be or Not To Be - Threat Modeling in Security WorldOWASP
 
Developing Software with Security in Mind
Developing Software with Security in MindDeveloping Software with Security in Mind
Developing Software with Security in Mindsblom
 
Security First - Adam Baldwin
Security First - Adam BaldwinSecurity First - Adam Baldwin
Security First - Adam BaldwinAdam Baldwin
 
Embracing Uncertainty: A Most Difficult Leap of Faith
Embracing Uncertainty: A Most Difficult Leap of FaithEmbracing Uncertainty: A Most Difficult Leap of Faith
Embracing Uncertainty: A Most Difficult Leap of FaithTechWell
 
The Cloud 9 - Threat & Solutions 2016 by Bobby Dominguez
The Cloud 9 - Threat & Solutions 2016 by Bobby DominguezThe Cloud 9 - Threat & Solutions 2016 by Bobby Dominguez
The Cloud 9 - Threat & Solutions 2016 by Bobby DominguezEC-Council
 
Cybersecurity 5 road_blocks
Cybersecurity 5 road_blocksCybersecurity 5 road_blocks
Cybersecurity 5 road_blocksCyphort
 
Embracing Failure: How Netflix Builds better global products through A/B test...
Embracing Failure: How Netflix Builds better global products through A/B test...Embracing Failure: How Netflix Builds better global products through A/B test...
Embracing Failure: How Netflix Builds better global products through A/B test...Andrew Law
 
The Best & Worst Uses of AI in Software Testing
The Best & Worst Uses of AI in Software TestingThe Best & Worst Uses of AI in Software Testing
The Best & Worst Uses of AI in Software TestingEficode
 
Be Yourself- Startup & Entrepreneurial tips by Tomer Dvir, Mit Forum israel
Be Yourself- Startup & Entrepreneurial tips by Tomer Dvir, Mit Forum israelBe Yourself- Startup & Entrepreneurial tips by Tomer Dvir, Mit Forum israel
Be Yourself- Startup & Entrepreneurial tips by Tomer Dvir, Mit Forum israelJosh (Tzvika) Avnery
 
Eugene Pilyankevich - Getting Secure Against Challenges Or Getting Security C...
Eugene Pilyankevich - Getting Secure Against Challenges Or Getting Security C...Eugene Pilyankevich - Getting Secure Against Challenges Or Getting Security C...
Eugene Pilyankevich - Getting Secure Against Challenges Or Getting Security C...NoNameCon
 
Failure is not an option - It's a core feature
Failure is not an option - It's a core featureFailure is not an option - It's a core feature
Failure is not an option - It's a core featureAndre Morgan
 
Failure is not an option it's a core feature
Failure is not an option it's a core featureFailure is not an option it's a core feature
Failure is not an option it's a core featureJames Boswell
 
Sit in a common area and observe. This may be in your office, a co.docx
Sit in a common area and observe. This may be in your office, a co.docxSit in a common area and observe. This may be in your office, a co.docx
Sit in a common area and observe. This may be in your office, a co.docxjennifer822
 
Introduction to the ZeroTrust Initiative
Introduction to the ZeroTrust InitiativeIntroduction to the ZeroTrust Initiative
Introduction to the ZeroTrust Initiativepjdzt
 

Ähnlich wie Paul James Adams, InfoSecurity.nl 2010, 3 november, Jaarbeurs Utrecht (20)

Opsec for security researchers
Opsec for security researchersOpsec for security researchers
Opsec for security researchers
 
The Security Industry: How to Survive Becoming Management BSIDESLV 2013 Keynote
The Security Industry: How to Survive Becoming Management BSIDESLV 2013 KeynoteThe Security Industry: How to Survive Becoming Management BSIDESLV 2013 Keynote
The Security Industry: How to Survive Becoming Management BSIDESLV 2013 Keynote
 
Slides to the online event "Creating an effective cybersecurity strategy" by ...
Slides to the online event "Creating an effective cybersecurity strategy" by ...Slides to the online event "Creating an effective cybersecurity strategy" by ...
Slides to the online event "Creating an effective cybersecurity strategy" by ...
 
Shadow IT: The CISO Perspective on Regaining Control
Shadow IT: The CISO Perspective on Regaining ControlShadow IT: The CISO Perspective on Regaining Control
Shadow IT: The CISO Perspective on Regaining Control
 
Kaseya Connect 2013: Becoming A Trusted Security Advisor - It’s Easier Than Y...
Kaseya Connect 2013: Becoming A Trusted Security Advisor - It’s Easier Than Y...Kaseya Connect 2013: Becoming A Trusted Security Advisor - It’s Easier Than Y...
Kaseya Connect 2013: Becoming A Trusted Security Advisor - It’s Easier Than Y...
 
[Wroclaw #9] To be or Not To Be - Threat Modeling in Security World
[Wroclaw #9] To be or Not To Be - Threat Modeling in Security World[Wroclaw #9] To be or Not To Be - Threat Modeling in Security World
[Wroclaw #9] To be or Not To Be - Threat Modeling in Security World
 
Developing Software with Security in Mind
Developing Software with Security in MindDeveloping Software with Security in Mind
Developing Software with Security in Mind
 
Security First - Adam Baldwin
Security First - Adam BaldwinSecurity First - Adam Baldwin
Security First - Adam Baldwin
 
SDLC & DevSecOps
SDLC & DevSecOpsSDLC & DevSecOps
SDLC & DevSecOps
 
Embracing Uncertainty: A Most Difficult Leap of Faith
Embracing Uncertainty: A Most Difficult Leap of FaithEmbracing Uncertainty: A Most Difficult Leap of Faith
Embracing Uncertainty: A Most Difficult Leap of Faith
 
The Cloud 9 - Threat & Solutions 2016 by Bobby Dominguez
The Cloud 9 - Threat & Solutions 2016 by Bobby DominguezThe Cloud 9 - Threat & Solutions 2016 by Bobby Dominguez
The Cloud 9 - Threat & Solutions 2016 by Bobby Dominguez
 
Cybersecurity 5 road_blocks
Cybersecurity 5 road_blocksCybersecurity 5 road_blocks
Cybersecurity 5 road_blocks
 
Embracing Failure: How Netflix Builds better global products through A/B test...
Embracing Failure: How Netflix Builds better global products through A/B test...Embracing Failure: How Netflix Builds better global products through A/B test...
Embracing Failure: How Netflix Builds better global products through A/B test...
 
The Best & Worst Uses of AI in Software Testing
The Best & Worst Uses of AI in Software TestingThe Best & Worst Uses of AI in Software Testing
The Best & Worst Uses of AI in Software Testing
 
Be Yourself- Startup & Entrepreneurial tips by Tomer Dvir, Mit Forum israel
Be Yourself- Startup & Entrepreneurial tips by Tomer Dvir, Mit Forum israelBe Yourself- Startup & Entrepreneurial tips by Tomer Dvir, Mit Forum israel
Be Yourself- Startup & Entrepreneurial tips by Tomer Dvir, Mit Forum israel
 
Eugene Pilyankevich - Getting Secure Against Challenges Or Getting Security C...
Eugene Pilyankevich - Getting Secure Against Challenges Or Getting Security C...Eugene Pilyankevich - Getting Secure Against Challenges Or Getting Security C...
Eugene Pilyankevich - Getting Secure Against Challenges Or Getting Security C...
 
Failure is not an option - It's a core feature
Failure is not an option - It's a core featureFailure is not an option - It's a core feature
Failure is not an option - It's a core feature
 
Failure is not an option it's a core feature
Failure is not an option it's a core featureFailure is not an option it's a core feature
Failure is not an option it's a core feature
 
Sit in a common area and observe. This may be in your office, a co.docx
Sit in a common area and observe. This may be in your office, a co.docxSit in a common area and observe. This may be in your office, a co.docx
Sit in a common area and observe. This may be in your office, a co.docx
 
Introduction to the ZeroTrust Initiative
Introduction to the ZeroTrust InitiativeIntroduction to the ZeroTrust Initiative
Introduction to the ZeroTrust Initiative
 

Mehr von Infosecurity2010

Stephan Hendriks Eric IJpelaar - Identity access management in the cloud -
Stephan Hendriks Eric IJpelaar - Identity access management in the cloud - Stephan Hendriks Eric IJpelaar - Identity access management in the cloud -
Stephan Hendriks Eric IJpelaar - Identity access management in the cloud - Infosecurity2010
 
Nick Barcet, Open Source tijdens Infosecurity.nl Storage Expo en Tooling Even...
Nick Barcet, Open Source tijdens Infosecurity.nl Storage Expo en Tooling Even...Nick Barcet, Open Source tijdens Infosecurity.nl Storage Expo en Tooling Even...
Nick Barcet, Open Source tijdens Infosecurity.nl Storage Expo en Tooling Even...Infosecurity2010
 
Ruud Mollema, Infosecurity.nl, 3 november 2010, Jaarbeurs Utrecht
Ruud Mollema, Infosecurity.nl, 3 november 2010, Jaarbeurs UtrechtRuud Mollema, Infosecurity.nl, 3 november 2010, Jaarbeurs Utrecht
Ruud Mollema, Infosecurity.nl, 3 november 2010, Jaarbeurs UtrechtInfosecurity2010
 
Stefan Eisses, Infosecurity 3 november 2010 jaarbeurs utrecht
Stefan Eisses, Infosecurity 3 november 2010 jaarbeurs utrechtStefan Eisses, Infosecurity 3 november 2010 jaarbeurs utrecht
Stefan Eisses, Infosecurity 3 november 2010 jaarbeurs utrechtInfosecurity2010
 
Koen Gijsbers, Infosecurity.nl, 4 november, Jaarbeurs Utrecht
Koen Gijsbers, Infosecurity.nl, 4 november, Jaarbeurs UtrechtKoen Gijsbers, Infosecurity.nl, 4 november, Jaarbeurs Utrecht
Koen Gijsbers, Infosecurity.nl, 4 november, Jaarbeurs UtrechtInfosecurity2010
 
Peter Kornelisse, Infosecurity.nl, 4 november, Jaarbeurs Utrecht
Peter Kornelisse, Infosecurity.nl, 4 november, Jaarbeurs UtrechtPeter Kornelisse, Infosecurity.nl, 4 november, Jaarbeurs Utrecht
Peter Kornelisse, Infosecurity.nl, 4 november, Jaarbeurs UtrechtInfosecurity2010
 
Jeroen de Boer, Infosecurity.nl, 3 november, Jaarbeurs Utrecht
Jeroen de Boer, Infosecurity.nl, 3 november, Jaarbeurs UtrechtJeroen de Boer, Infosecurity.nl, 3 november, Jaarbeurs Utrecht
Jeroen de Boer, Infosecurity.nl, 3 november, Jaarbeurs UtrechtInfosecurity2010
 
Auke Huistra, Infosecurity.nl, 3 november, Jaarbeurs Utrecht
Auke Huistra, Infosecurity.nl, 3 november, Jaarbeurs UtrechtAuke Huistra, Infosecurity.nl, 3 november, Jaarbeurs Utrecht
Auke Huistra, Infosecurity.nl, 3 november, Jaarbeurs UtrechtInfosecurity2010
 
David Burg, Infosecurity.nl, 3 november, Jaarbeurs Utrecht
David Burg, Infosecurity.nl, 3 november, Jaarbeurs UtrechtDavid Burg, Infosecurity.nl, 3 november, Jaarbeurs Utrecht
David Burg, Infosecurity.nl, 3 november, Jaarbeurs UtrechtInfosecurity2010
 
Helmer Wieringa, Infosecurity.nl, 3 november 2010, Jaarbeurs Utrecht
Helmer Wieringa, Infosecurity.nl, 3 november 2010, Jaarbeurs UtrechtHelmer Wieringa, Infosecurity.nl, 3 november 2010, Jaarbeurs Utrecht
Helmer Wieringa, Infosecurity.nl, 3 november 2010, Jaarbeurs UtrechtInfosecurity2010
 
Andrew Yeomans, Infosecurity.nl, 3 november 2010, Jaarbeurs Utrecht
Andrew Yeomans, Infosecurity.nl, 3 november 2010, Jaarbeurs UtrechtAndrew Yeomans, Infosecurity.nl, 3 november 2010, Jaarbeurs Utrecht
Andrew Yeomans, Infosecurity.nl, 3 november 2010, Jaarbeurs UtrechtInfosecurity2010
 

Mehr von Infosecurity2010 (11)

Stephan Hendriks Eric IJpelaar - Identity access management in the cloud -
Stephan Hendriks Eric IJpelaar - Identity access management in the cloud - Stephan Hendriks Eric IJpelaar - Identity access management in the cloud -
Stephan Hendriks Eric IJpelaar - Identity access management in the cloud -
 
Nick Barcet, Open Source tijdens Infosecurity.nl Storage Expo en Tooling Even...
Nick Barcet, Open Source tijdens Infosecurity.nl Storage Expo en Tooling Even...Nick Barcet, Open Source tijdens Infosecurity.nl Storage Expo en Tooling Even...
Nick Barcet, Open Source tijdens Infosecurity.nl Storage Expo en Tooling Even...
 
Ruud Mollema, Infosecurity.nl, 3 november 2010, Jaarbeurs Utrecht
Ruud Mollema, Infosecurity.nl, 3 november 2010, Jaarbeurs UtrechtRuud Mollema, Infosecurity.nl, 3 november 2010, Jaarbeurs Utrecht
Ruud Mollema, Infosecurity.nl, 3 november 2010, Jaarbeurs Utrecht
 
Stefan Eisses, Infosecurity 3 november 2010 jaarbeurs utrecht
Stefan Eisses, Infosecurity 3 november 2010 jaarbeurs utrechtStefan Eisses, Infosecurity 3 november 2010 jaarbeurs utrecht
Stefan Eisses, Infosecurity 3 november 2010 jaarbeurs utrecht
 
Koen Gijsbers, Infosecurity.nl, 4 november, Jaarbeurs Utrecht
Koen Gijsbers, Infosecurity.nl, 4 november, Jaarbeurs UtrechtKoen Gijsbers, Infosecurity.nl, 4 november, Jaarbeurs Utrecht
Koen Gijsbers, Infosecurity.nl, 4 november, Jaarbeurs Utrecht
 
Peter Kornelisse, Infosecurity.nl, 4 november, Jaarbeurs Utrecht
Peter Kornelisse, Infosecurity.nl, 4 november, Jaarbeurs UtrechtPeter Kornelisse, Infosecurity.nl, 4 november, Jaarbeurs Utrecht
Peter Kornelisse, Infosecurity.nl, 4 november, Jaarbeurs Utrecht
 
Jeroen de Boer, Infosecurity.nl, 3 november, Jaarbeurs Utrecht
Jeroen de Boer, Infosecurity.nl, 3 november, Jaarbeurs UtrechtJeroen de Boer, Infosecurity.nl, 3 november, Jaarbeurs Utrecht
Jeroen de Boer, Infosecurity.nl, 3 november, Jaarbeurs Utrecht
 
Auke Huistra, Infosecurity.nl, 3 november, Jaarbeurs Utrecht
Auke Huistra, Infosecurity.nl, 3 november, Jaarbeurs UtrechtAuke Huistra, Infosecurity.nl, 3 november, Jaarbeurs Utrecht
Auke Huistra, Infosecurity.nl, 3 november, Jaarbeurs Utrecht
 
David Burg, Infosecurity.nl, 3 november, Jaarbeurs Utrecht
David Burg, Infosecurity.nl, 3 november, Jaarbeurs UtrechtDavid Burg, Infosecurity.nl, 3 november, Jaarbeurs Utrecht
David Burg, Infosecurity.nl, 3 november, Jaarbeurs Utrecht
 
Helmer Wieringa, Infosecurity.nl, 3 november 2010, Jaarbeurs Utrecht
Helmer Wieringa, Infosecurity.nl, 3 november 2010, Jaarbeurs UtrechtHelmer Wieringa, Infosecurity.nl, 3 november 2010, Jaarbeurs Utrecht
Helmer Wieringa, Infosecurity.nl, 3 november 2010, Jaarbeurs Utrecht
 
Andrew Yeomans, Infosecurity.nl, 3 november 2010, Jaarbeurs Utrecht
Andrew Yeomans, Infosecurity.nl, 3 november 2010, Jaarbeurs UtrechtAndrew Yeomans, Infosecurity.nl, 3 november 2010, Jaarbeurs Utrecht
Andrew Yeomans, Infosecurity.nl, 3 november 2010, Jaarbeurs Utrecht
 

Paul James Adams, InfoSecurity.nl 2010, 3 november, Jaarbeurs Utrecht

  • 1. Can You Keep A Secret? Dr. Paul J. Adams 4 November, 2010
  • 2. Can You Keep A Secret? Dr. Paul J. Adams Introduction Keeping Secrets Who Is This Guy? What Is Kolab? Perspectives Security By Design Proprietary Technology Valuable Targets No Single Point Of Failure Beyond Groupware The Challenges The Solutions What Next? We All Have Secrets But We Don’t All Have Secretaries Someone to whom you share your secrets. You understand them You respect them You trust them
  • 3. Can You Keep A Secret? Dr. Paul J. Adams Introduction Keeping Secrets Who Is This Guy? What Is Kolab? Perspectives Security By Design Proprietary Technology Valuable Targets No Single Point Of Failure Beyond Groupware The Challenges The Solutions What Next? Jacqui Smith MP Home Secretary: June 2007 – June 2009
  • 4. Can You Keep A Secret? Dr. Paul J. Adams Introduction Keeping Secrets Who Is This Guy? What Is Kolab? Perspectives Security By Design Proprietary Technology Valuable Targets No Single Point Of Failure Beyond Groupware The Challenges The Solutions What Next? What About Software? Security Is Not A Feature Secure by design Avoid proprietary technology Use well-tested code Avoid creating a valuable target Privacy by design Layered defence Avoid single point of failure
  • 5. Can You Keep A Secret? Dr. Paul J. Adams Introduction Keeping Secrets Who Is This Guy? What Is Kolab? Perspectives Security By Design Proprietary Technology Valuable Targets No Single Point Of Failure Beyond Groupware The Challenges The Solutions What Next? My Name Is Paul... ... And I Am Not A Security Expert COO of Kolab Systems PhD in Software Engineering Member of KDE eV, Fellow of FSFE, MBCS, MIEEE
  • 6. Can You Keep A Secret? Dr. Paul J. Adams Introduction Keeping Secrets Who Is This Guy? What Is Kolab? Perspectives Security By Design Proprietary Technology Valuable Targets No Single Point Of Failure Beyond Groupware The Challenges The Solutions What Next? Groupware Software For Supporting Groups
  • 7. Can You Keep A Secret? Dr. Paul J. Adams Introduction Keeping Secrets Who Is This Guy? What Is Kolab? Perspectives Security By Design Proprietary Technology Valuable Targets No Single Point Of Failure Beyond Groupware The Challenges The Solutions What Next? Groupware For PIM Personal Information Management
  • 8. Can You Keep A Secret? Dr. Paul J. Adams Introduction Keeping Secrets Who Is This Guy? What Is Kolab? Perspectives Security By Design Proprietary Technology Valuable Targets No Single Point Of Failure Beyond Groupware The Challenges The Solutions What Next?
  • 9. Can You Keep A Secret? Dr. Paul J. Adams Introduction Keeping Secrets Who Is This Guy? What Is Kolab? Perspectives Security By Design Proprietary Technology Valuable Targets No Single Point Of Failure Beyond Groupware The Challenges The Solutions What Next? Security By Design A Whole Industry Can Be Born Of Design Decisions Ask Yourself, “Why Do We Need...?” Norton Kaspersky Symantec
  • 10. Can You Keep A Secret? Dr. Paul J. Adams Introduction Keeping Secrets Who Is This Guy? What Is Kolab? Perspectives Security By Design Proprietary Technology Valuable Targets No Single Point Of Failure Beyond Groupware The Challenges The Solutions What Next? Proprietary Technology Where Trust Becomes Faith What Kolab Does... Based upon Free Software Components Developed As Free Software No “Open Core”
  • 11. Can You Keep A Secret? Dr. Paul J. Adams Introduction Keeping Secrets Who Is This Guy? What Is Kolab? Perspectives Security By Design Proprietary Technology Valuable Targets No Single Point Of Failure Beyond Groupware The Challenges The Solutions What Next? Valuable Targets One Box Is Convenient For The Thieves, Too What Kolab Does... Distribute content over many boxes Content on boxes restricted to individual users Root and physical access required
  • 12. Can You Keep A Secret? Dr. Paul J. Adams Introduction Keeping Secrets Who Is This Guy? What Is Kolab? Perspectives Security By Design Proprietary Technology Valuable Targets No Single Point Of Failure Beyond Groupware The Challenges The Solutions What Next? No Single Point Of Failure Not Even Your Root User! http://xkcd.com/538/ What Kolab Does Nothing unencrypted passes between clients if you don’t want
  • 13. Can You Keep A Secret? Dr. Paul J. Adams Introduction Keeping Secrets Who Is This Guy? What Is Kolab? Perspectives Security By Design Proprietary Technology Valuable Targets No Single Point Of Failure Beyond Groupware The Challenges The Solutions What Next? PIM Isn’t What It Use To Be? So Neither Should Groupware Be
  • 14. Can You Keep A Secret? Dr. Paul J. Adams Introduction Keeping Secrets Who Is This Guy? What Is Kolab? Perspectives Security By Design Proprietary Technology Valuable Targets No Single Point Of Failure Beyond Groupware The Challenges The Solutions What Next? It Is Not Just Different Data It Is Different Devices, Too
  • 15. Can You Keep A Secret? Dr. Paul J. Adams Introduction Keeping Secrets Who Is This Guy? What Is Kolab? Perspectives Security By Design Proprietary Technology Valuable Targets No Single Point Of Failure Beyond Groupware The Challenges The Solutions What Next? Moving Beyond Groupware Giving You All Your Stuff. Now. Client-side cache of “stuff” “Usual” PIM data Also microblogging or Jabber Fully indexed for fast search Free Software implementation of ActiveSync Development: Collaboration with Zarafa Funded by NLnet
  • 16. Can You Keep A Secret? Dr. Paul J. Adams Introduction Keeping Secrets Who Is This Guy? What Is Kolab? Perspectives Security By Design Proprietary Technology Valuable Targets No Single Point Of Failure Beyond Groupware The Challenges The Solutions What Next? And Finally... ... What’s Next? Kolab 3.0 under discussion! Things to talk about: Web client Web admin LDAP Chat Focus on creating a well-integrated experience from installation to usage Get Involved #kolab on freenode kolab- devel@kolab.org www.kolab.org
  • 17. Can You Keep A Secret? Dr. Paul J. Adams Introduction Keeping Secrets Who Is This Guy? What Is Kolab? Perspectives Security By Design Proprietary Technology Valuable Targets No Single Point Of Failure Beyond Groupware The Challenges The Solutions What Next? Paul Adams, Kolab Systems AG adams@kolabsys.com +41 43 501 66 91 http://kolabsys.com