Building Trust in a Digital World. Brian Phelps, BSc CISSP Director of Advanced Solutions Group EMEA Thales UK, Ltd.

Transcription

1 Building Trust in a Digital World Brian Phelps, BSc CISSP Director of Advanced Solutions Group EMEA Thales UK, Ltd.

2 2 Global incidents Equivalent of 117,339 incoming attacks per day, everyday Total number of detected incidents - growth of 66% CAGR www. pwc.com/gx/en/consulting-services/information-security-survey/download.jhtml

3 3 And more targeted

4 4 How Much is Data Worth? At the end of April, there were 270 reported breaches with 102,372,157 records compromised! Thales e-security CONFIDENTIAL Source- Identity Theft Resource Center

5 5 Trust in a digital world ecommerce egovernment ecitizen Smart phones Smart grid Smart vehicles

6 6 Trust Management is a central problem to solve Organizations are losing control over their application environment Clouds, consumer devices (BYOD), remote connected devices, fragmented workforce - emphasis moves from control to trust Targeted attacks drive need for data neutralization Mobile, remote devices and cloud services increase attack surface Privacy requirements drive need for data protection wherever it resides Increased scrutiny and governance drives need to prove trust as well as simply establish it Dynamic business relationships requires trust to be dynamic Federated, transitory and anonymous relationships create the need for new trust models and technologies Virtualized and shared environments Need for trust varies by application but infrastructure is increasingly shared Scale and dynamics of connected everything forces automation of trust properties Manual controls are no longer practical or cost effective

7 7 Crypto is the key to establish and enforce trust Identity and Access Controls Data Confidentiality and privacy Data Integrity and Non-Repudiation

8 8 The role of cryptography Identity and Access Controls Password protection Key Management Credential management Strong authentication Payment card issuance Document signing Signed DNSSEC SSL Payments processing Application-level encryption Public Key Infrastructure Audit & log signing Code signing Tokenization encryption Digital rights management Data Confidentiality and privacy Database encryption Disk encryption Tape encryption Point of sale encryption (P2PE) Server-file encryption Network encryption SAN switch encryption Data Integrity and Non-Repudiation

9 9 Thales e-security CONFIDENTIAL

10 10 The pain of key management Please rate the overall pain associated with key and certificate management in your organization 35% 30% 25% 20% 15% 10% 5% 0% 1-2 (Minor) (Severe) Source: 2015 Global Encryption and Key Management Trends Study - Ponemon Institute (April 2015) 55%

11 11 What makes key management hard? Source: 2015 Global Encryption and Key Management Trends Study - Ponemon Institute (April 2015)

12 12 What s at stake? The secrecy of keys underpins trust if keys are stolen or misused, data is compromised The availability of keys keeps systems running lost keys can destroy data and bring services to a standstill Lifecycle management of keys is costly complexity, delays and errors can quickly escalate Key management is under intense scrutiny policies, controls and reporting simplify audits and compliance

13 13 Hardware secures applications everywhere Trusted Platform Modules (TPM) protect desktop apps Secure Elements and SIMs protect mobile apps Hardware Security Modules (HSM) protect server based apps

14 14 So, what s changing?

15 15 Mobile payments

16 16 Mobile Payments from Buzzwords to Business Mobile Payments HCE mpos Mobile Commerce EMV NFC TSM SE The race is finally on! Mobile acceptance versus mobile payments Retail versus Person to Person Disruptors versus incumbents

17 17 Knocking down the barriers 1. Convincing consumers to give it a try 2. Preparing the cardholder data 3. Equipping phones to protecting the data 4. Delivering the data to the phone 5. Enabling merchants to read the phones 6. Enabling user to easily authorize transactions 7. Encouraging consumers to make it a habit

18 18 Simple ecosystems are good Barrier Apple Android Apple Pay SE/TSM HCE 1. Convincing consumers to give it a try Apple Phone manufacturer, wallet provider 2. Preparing the cardholder data Card brands 3. Equipping phones to protecting the data Apple Issuer Phone manufacturer or carrier (SIM) 4. Delivering the data to the phone Apple Carrier or 3 rd 5. Enabling merchants to read the phones 6. Enabling user to easily authorize transactions 7. Encouraging consumers to make it a habit party Issuer Issuer Issuer (cloud) Issuer NFC NFC NFC Apple Wallet provider Issuer Apple? Issuer

19 19 Mobile Payments Thales PayShield HSM s significant player across the mobile payments ecosystem International roll-out in campaign to target Android market through new HCE capability in payshield and ASAP partners Our blog

20 20 Keys in the cloud Thales e-security CONFIDENTIAL

21 21 Amazon Key Management $1 per key per month $0.03 per 10,000 operations

22 22 HSMs in the cloud The Key Vault service performs all cryptographic operations on HSM-protected keys inside Hardware Security Modules. The service uses Thales nshield HSMs Dan Plastina - Microsoft Our blog

23 23 Microsoft Azure Key Vault

24 24 Evolving cloud landscape Users (service consumers) Software Applications & content Platform OS, tools & services Infrastructure Hardware & networks

25 25 Evolving cloud landscape Users (service consumers) Enterprises running private clouds Enterprises with workloads in the cloud Service providers operating from the cloud Software Applications & content Platform OS, tools & services Infrastructure Hardware & networks

26 26 Evolving cloud landscape Users (service consumers) Enterprises running private clouds Enterprises with workloads in the cloud Service providers operating from the cloud Software Applications & content CSP CSP CSP CSP Platform OS, tools & services Infrastructure Hardware & networks Private infrastructure Public infrastructure Private infrastructure

27 27 Evolving cloud landscape Users (service consumers) Enterprises running private clouds Enterprises with workloads in the cloud Service providers operating from the cloud Software Applications & content CSP CSP CSP CSP Platform OS, tools & services Infrastructure Hardware & networks Private infrastructure Public infrastructure Private infrastructure

28 28 Evolving cloud landscape Users (service consumers) Enterprises running private clouds Enterprises with workloads in the cloud Service providers operating from the cloud Software Applications & content CSP CSP CSP CSP Platform OS, tools & services Infrastructure Hardware & networks Private infrastructure Public infrastructure Private infrastructure

29 29 Crypto-currency Thales e-security CONFIDENTIAL

30 30 Cryptocurrency We looked at every HSM on the market to find one that could support Bitcoin wallets, and none of them could do it, so we built it ourselves {using codesafe}. Thales really came through for us, and the level of enthusiasm they have for our growing industry is incredible. Micah Winkelspecht - Gem CEO and Founder Our blog

31 31 Digital currency Bitcoin Wallets to store private keys Public key crypto Bitcoin mining Interface to traditional payment rails

32 32 Bitcoin Hacks Reports suggested the site shut down after it discovered that an estimated 744,000 bitcoins - about $350m ( 210m) - had been stolen due to a loophole in its security.

33 33 Bitcoin Hacks

34 34 What is our value proposition Private key protection Key derivation for privacy and scale Multi-signature for dual control security

35 35

36 36 IoT Touches EVERYTHING Asset tracking Consumer Smart homes & cities Energy Agriculture Automotive Security Building management National infrastructure Embedded Healthcare Mobile

37 37 Big Numbers Big Challenge

38 38 Market Potential - The Internet of Things A development of the Internet in which everyday objects have network connectivity, allowing them to send and receive data. Oxford Dictionary

39 39 The IoT Has Passed an Inflection Point According to Cisco Internet Business Systems Group (IBSG), the Internet of Things was born in 2008 when more things were connected to the Internet than people. According to Gartner, By 2020, the number of smart-phones, tablets, and PCs in use will reach about 7.3 billion units. In contrast, the IoT will have about 26 billion units at that time. IDC Predicts that IoT will reach $3 Trillion by 2020.

40 40 Impact of those things Economic value-add by vertical in 2020 (total value-add $1.9 Trillion) Source - The Internet of Things, Worldwide Forecast (Gartner Nov 2013)

41 41 Problems are we trying to solve Establishing trust between distributed entities Mutual authentication of devices, processes and users Credential creation, management, provisioning, validation and revocation Validating integrity of remote systems Secure configuration Secure communications between systems and devices Network and message level encryption Message signing and validation non-repudiation Protection of data at rest and in use in command/control systems Storage, file, database and application level encryption and tokenization Multi-platform support for multiple application environments Datacenter, cloud, mobile and embedded systems (e.g. Internet of Things) Support for a wide range of scale and assurance levels

42 42 The Automobile the Ultimate Connected Thing While a lot of the discussions surrounding connected vehicles focus on safety and anti hacking measures, several industry strategic positions are clear: Autonomous vehicles are Job One Infotainment systems will converge with mobile phones The connected car will become a payments platform

43 43 There is an App for that! Unlock and Lock Doors Track status of vehicles systems Schedule automated commands Control the heater/ air conditioner Open the sunroof Gather GPS data And its an OPEN SOURCE APP! Thales e-security CONFIDENTIAL

44 44 What about Paying Cars? BumperPay Announces $100 Million Series A Funding High Speed P2P payments Drive Through Services Thales e-security CONFIDENTIAL

45 45