Home
Contribute Contact Us Browse all meetings
Home Contribute Contact Us Browse all meetings
Red Hat OpenShift / OpenShift Commons Gathering: Los Angeles 2021 / 3 Nov 2021
Red Hat OpenShift / OpenShift Commons Gathering: Los Angeles 2021 / 3 Nov 2021
Previous Meeting Next Meeting
Add meeting Rate page Subscribe
youtube image
From YouTube: Fast Trusted Development with Thales HSMs Alexander Hanway (Thales)OpenShift Commons Gathering 2021

Description

OpenShift Commons Gathering 2021
Lightning Talk: Fast, Trusted Development with Thales HSMs
Speaker: Alexander Hanway (Thales)

https://commons.openshift.org/index.html#join

A

Hi everyone, my name, is alex hanway, I'm from talus cpl business development director and I'm here today to share with you a little bit why hardware security modules are important and what they mean for you in developing on a trusted foundation.

A

um So starting off, I know, there's an entire day today around uh cloud native uh security uh development, uh but just sharing. So why are we talking about security? Everyone kind of comes to this from from a different vantage point uh for us at dallas tell us we focus purely on the data right. What does that mean to keep your data safe and secure, and for us, the measure by which we see someone secure or not is whether they're breached and what are the impacts of those breaches?

A

We collect data on this year over year we publish a report annually and for the last eight years, we've seen that the number of breaches are increasing year over year and correspondingly the severity of those breaches have also increased. So this is a prevalent problem. That's really here to stay right, so this is the the first reason why we talk about security, and the second is that this is intimately tied with compliance.

A

um I earlier today, kirsten newcomer gave a presentation where she shared some of the survey results from red hat, whereby 67 of enterprises that respond to their survey said that compliance is a must-have for their organization. It doesn't really matter what industry you work in. What your geography is, there's some rule or regulation out there that governs how you secure your data right. It can be as prescriptive as pci that says encryption key management is mandatory or it can be something as generic as gdpr.

A

That says, you must demonstrate control of your data, but either way that's there right. It's a requirement is something that organizations, especially large enterprises, which I'm sure most of the people here in the or the audience today is, uh is tied to right and with the the greater adoption of devops methodologies. No longer is security, just that last step before the application goes to production right. It's now included in every single step along the development pipeline.

A

So it's all of our jobs and we at talus want to help uh instill that early in the application development process and to help you bring trust to those conversations.

A

So that's why we're intimately partnering with red hat as strategic security partners to help in the address those challenges, and we do this through application. Encryption, tokenization uh file encryption, but what I'm going to focus on today are hardware security modules or what we lovingly call hsms.

A

What is an hsm, well, quick question show of hands how many of you are familiar with? What a hardware security module is?

A

Okay, all right about about 40 of the the audience for those of you that don't know an hsm is a physical appliance, whose sole purpose is the logical and physical security of your cryptographic material. Your encryption keys, your certificates, so you can think of it. Like a bank vault with the guard in front, once you put a key in the hsm, it's never coming out, it's designed, so you can't extract it.

A

Why this is relevant. Is that once that key is in there, it's entirely trusted! You know! No one else has access to it. You can demonstrate its provenance, so every time you build cryptography into your application using that key. You can trust that cryptography and this matters at scale when you think about what you do in in your enterprises and what you develop all right in addition to that, there's an entropy engine. So if you were to generate your own encryption, uh you can trust the the roots of that as well.

A

So you bring a robust performant uh solution to what you're doing. um Why that matters? Why how we work with openshift, we have containerized our clients for you to use in your pods near development, so that your applications spin up and down whether it's ephemeral.

A

You know, wherever you move those containers, it will always call back to your key securely stored in our hsm. So if your application needs to demonstrate its identity, if you need to sign a container, if you need to incorporate encryption directly into your application, you can do all of that as you develop, and when it's running in production, it can always call back to your hsm, irrespective of where you're deploying that application on-prem in cloud or across multiple clouds.

A

So, in closing, what you get is the ability to develop in a secure way across any industry, any environment, any application so that you can keep your data safe, secure and you yourself compliant so with that at the end of my lightning lightning talk. If you have questions you can find me after the talk today I'll be around all week or you can find us on our social media channels uh for more information all right. Thank you.

A

You.