You must unlearn what you have learned the
- Slides: 44
“You must unlearn what you have learned. ”
“…the process of encoding a message or information in such a way that only authorized parties can access it. ” Access read view process compute use a key
> Well? Shoes fit well. RIP Fred. Well? >Shoes fit well. RIP Fred.
> Well? Shoes fit well. RIP Fred. Well? >Shoes fit well. RIP Fred.
“You must unlearn what you have learned. ”
Saa. S Software as a Service Software Application
Software as a Service Processes user data. Platform as a Service May or may not process user data. Infrastructure as a Service Does not process user data.
BYOK Bring Your Own Key HYOK Hold Your Own Key CYOK Control Your Own Key best response What I have learned is that when folks use those terms there is an underlying business problem that they assume it might solve. Let’s define the business problem and then we can see how encryption might be used
Business Problems
Define the business problem.
“If I own the encryption keys for my Saa. S service, I’m safe from legal demands. ” What’s implied? That Saa. S can work without seeing customer data. Violates the fundamentals of Saa. S
“I have a regulatory and compliance obligation to have sole control of encryption keys. ” Regulatory mandates are very, very rare Regulators want to lower risk, and sole ownership increases risk
How did this get so misunderstood? Let’s look at some examples.
http: //www. slate. com/blogs/future_tense/2014/04/03/box _is_working_on_a_feature_that_would_let_companies_keep _their_own_encryption. html
BOX “BYOK” https: //blog. box. com/blog/box-keysafe/ https: //www. box. com/legal/termsofservice
How does trust work in commerce?
enforceable at law as a binding legal agreement
Trust Current events Historical record Public statements Motivation Capabilities / Audit Contract
Technology follows contract.
We’ve learned…
Software as a Service processes user data Contracts determine Saa. S privacy Seek encryption truth, not hype Define your business problem
Microsoft Online Service Terms Getting started with Office 365 Customer Key FAQ Encryption in the Microsoft Cloud Whitepaper International Cryptography Regulation and the Global Information Economy Revised Banking Supervision Guidelines on Cloud Computing Design for and implement security controls for cloud services US Do. D Cloud Computing Security Requirements Guide
Title Session info Saa. S Encryption: lies, damned lies, and hard truths Session Code BRK 2392 Manage and control your data to help meet compliance needs with Customer Key Session Code BRK 3104 Implementing Bring Your Own Key with Azure Information Protection and Azure Key Vault Hands on Labs Room Encryption key management strategies for compliance Session Code BRK 2000 Protect and control your sensitive emails with new Office 365 Message Encryption capabilities Session Code BRK 2203 Taming the Beast - How We Secure the World's Largest Enterprise Cloud Service Session Code BRK 2141 Understanding best practices in classifying sensitive data Session Code BRK 3385 Configure and use Microsoft Office 365 security and compliance features Session Code HOL 3105 Session Type Hands-on Lab Level Advanced (300) Azure security in four steps Session Code THR 2143 Learn about enterprise security and compliance with Microsoft Teams Session Code BRK 4000
https: //myignite. microsoft. com/evaluations https: //aka. ms/ignite. mobileapp
“Encryption is a technical tool. Let’s establish a clear business problem first. Then we can see if encryption is an appropriate solution. ” “I think when you want to talk about encryption you are really talking about data protection and privacy – let’s get to the root of your data protection and privacy concerns. ” “In my experience, encryption and the law are always intertwined. We need to focus on contractual representations because those are legally binding. Let’s ensure we are clear how our service provider will handle legal demands for data. ” “To avoid disaster, follow industry best practices and ensure that operational procedures are documented and regularly tested. ” “Let’s keep in mind that encryption can be a weapon for data destruction and choose a Saa. S provider that helps safeguard both keys and data!”
- You must unlearn what you have learned
- From your previous lesson
- Cause and effect linking words
- Aprender future tense
- Consequent passion example
- In the previous lesson you have learned
- In the previous lesson i learned that
- Contaminar subjunctive
- What is something you have learned lately
- Neutralization formula
- They have not rejected you but me
- Adjectives for friendship
- Once upon time gabriel okara
- Character traits of an ant
- What have you learnt from the story
- Gabriel okara once upon a time
- Lessons in life of pi
- I have already learned
- Have we learned from the past
- The most important thing in life essay
- 6 faces 8 vertices
- He must become greater; i must become less
- Always wear your safety goggles
- If you love god you must hate evil
- When you finish your homework
- Truffula tree the lorax coloring pages
- Lifting mechanisms
- In this unit, you learned to...
- In this unit you learned to talk about home maintenance
- Hát kết hợp bộ gõ cơ thể
- Slidetodoc
- Bổ thể
- Tỉ lệ cơ thể trẻ em
- Chó sói
- Chụp phim tư thế worms-breton
- Chúa yêu trần thế alleluia
- Môn thể thao bắt đầu bằng từ chạy
- Thế nào là hệ số cao nhất
- Các châu lục và đại dương trên thế giới
- Công thức tính thế năng
- Trời xanh đây là của chúng ta thể thơ
- Mật thư tọa độ 5x5
- 101012 bằng
- độ dài liên kết
- Các châu lục và đại dương trên thế giới