This topic will go through current standards and future trends for building a scalable security model for distributed cloud based data. We’ll look into practices and considerations behind handing highly privileged data globally, diving into topics such as:
- How global compliance and regulations affect security practices.
- Handling data permissions, identity, and security with application access to data.
- Considerations, trends, and standards for global data availability.
2. The World of Interconnected Devices
Jonathan LeBlanc. | Twitter: @jcleblanc | Email: jleblanc@box.com
3. A tale of a hackathon, voice
payments, and the security
through requests not to steal.
Jonathan LeBlanc. | Twitter: @jcleblanc | Email: jleblanc@box.com
4. Case Study: Fixing that
massive security hole
Jonathan LeBlanc. | Twitter: @jcleblanc | Email: jleblanc@box.com
5. How do we enhance the data?
How do we secure the data?
Jonathan LeBlanc. | Twitter: @jcleblanc | Email: jleblanc@box.com
6. How do we enhance the data?
Jonathan LeBlanc. | Twitter: @jcleblanc | Email: jleblanc@box.com
7. Serverless framework provides the
compute and data management from
stored data location to machine learning
engine.
Machine learning system provides the
data enhancement capabilities which
improves the underlying source data’s
metadata (information about information).
7
Jonathan LeBlanc. | Twitter: @jcleblanc | Email: jleblanc@box.com
8. Case Study: Enhancing Video
Indexing Data
Jonathan LeBlanc. | Twitter: @jcleblanc | Email: jleblanc@box.com
9. Cloud Data
Data store &
initial metadata
Serverless Framework
Callback handler and code
execution
Machine Learning
Data processor and
enhancer
Webhook
Metadata
Execute
Callback
Jonathan LeBlanc. | Twitter: @jcleblanc | Email: jleblanc@box.com
10. // JSON payload for a sample video file
{
"status": "active",
"author": "Jonathan LeBlanc",
"currentState": "staging",
"type": "video-content-d086c908-2498-4d3e-8a1f-01e82bfc2abe",
"parent": "folder_94784195",
"id": "46586c534-21e1-619r-bera-521a0573914e",
"version": 1,
"typeVersion": 1,
"scope": "enterprise_5425632”
}
Normal File Payload
Jonathan LeBlanc. | Twitter: @jcleblanc | Email: jleblanc@box.com
11. // JSON payload for a sample video file with additional metadata
{
"token": { …read / write tokens for restricted access… }
"transcription": {[
"start_time" : "1523550398",
"end_time" : " 1523551036",
"text": "text transcription",
"tone": "emotion analysis of tone",
"image": "image capture of person speaking",
"data": { …user data analysis… }
]},
"status": "active",
"author": "Jonathan LeBlanc",
"currentState": "staging",
…
}
Enhanced File Payload
Jonathan LeBlanc. | Twitter: @jcleblanc | Email: jleblanc@box.com
12. How do we secure the data?
Jonathan LeBlanc. | Twitter: @jcleblanc | Email: jleblanc@box.com
13.
14. Regional Regulations
• General Data Protection Regulations (EU)
• Personal Information Protection and Electronic
Documents Act (Canada)
• Personal Information Protection Act (South Korea)
• etc.
Encrypted Data at Rest
Using encryption keys to be able to store data securely.
This can be done on a company and individual account
basis.
Jonathan LeBlanc. | Twitter: @jcleblanc | Email: jleblanc@box.com
15. Document Retention and Disposition
How long should personal documents be stored for?
Should documents be retained for a period of time after deletion?
Should documents always be retained?
Regulatory Compliance
How do you ensure tight controls over how data is shared?
Ensuring data meets regulatory compliance standards:
• PCI DSS: Payment Card Industry Data Security Standard
• HIPAA: Health Insurance Portability and Accountability Act
• FedRAMP: Federal Risk and Authorization Management Program
Jonathan LeBlanc. | Twitter: @jcleblanc | Email: jleblanc@box.com
17. Cloud Data
Data store &
initial metadata
Serverless Framework
Callback handler and code
execution
Machine Learning
Data processor and
enhancer
Webhook
Metadata
Execute
Callback
Jonathan LeBlanc. | Twitter: @jcleblanc | Email: jleblanc@box.com
18. 18
Access Tokens
Provides access to application and
root account, as well as the
machine learning account.
Privileged Data
The data that’s provided through
the transmission channels.
Jonathan LeBlanc. | Twitter: @jcleblanc | Email: jleblanc@box.com
19. Access Token
Master token with
full access
Downscoped Token
Limited token with tightly
scoped access
Timed Usage
Limited usage by
scope & time
Jonathan LeBlanc. | Twitter: @jcleblanc | Email: jleblanc@box.com
20. Cloud Data Secure Vault
Payment Issuer
Bank
1. PAN
6. Status 3. Token
2. PAN
5.Status
4.Token
Jonathan LeBlanc. | Twitter: @jcleblanc | Email: jleblanc@box.com
21. Data at Rest Data in Motion
Jonathan LeBlanc. | Twitter: @jcleblanc | Email: jleblanc@box.com
22. How do we enhance the data?
How do we secure the data?
Jonathan LeBlanc. | Twitter: @jcleblanc | Email: jleblanc@box.com
Hinweis der Redaktion
Introduction - We're in an age where our digital lives, data, and many facets of our day to day lives are interconnected through a host of sites, services, and hardware, with a presence living within secure cloud data systems.
Story time – hack supplying credit card information
How we can solve the same issues with the hack
Two questions - how do we enhance the data sources and how do we secure them
Serverless frameworks and machine learning
Use case of how these systems can work together
Webhook -> Lambda -> ML Service -> Lambda callback -> Original data
metadata payload for a file / folder
metadata payload after having been adjusted with ML systems
Data security by country - how much access does government have