Cloud Encryption: How to not suck at securing your encryption keys

Cloud Encryption: How to not suck at securing your encryption keys – Marie Fromm

Abstract

Common Cloud Data Encryption patterns are not preventing data breaches because many are doing encryption key management wrong. There is a tendency to apply “compliance checkbox” encryption, which does nothing to protect data against common threats. In many cases, it’s like buying a strong FIPS140-2 certified deadbolt but leaving the key in the door.

We’ll roll up our sleeves and take a deep dive at the problem and explore practical, actionable ways a security practitioner can get better control of encryption keys used in cloud solutions. Finally, we’ll discuss new ways of detecting when Bad Things are happening, and ways of using cloud automation to stop the bleeding.

Bio

Marie leads a Cryptography team in a large global company, helping to design encryption solutions for I.T. as well as specialized cryptographic designs used in products and systems. Marie is passionate about both coffee and computer security and has 20 years experience in a variety of Infosec roles. Marie is a happy #RealLiveTransAdult