SCL Security Keeping the Bad Guys Out
SCL Infrastructure Keeping the Good Guys In
SCL CONFERENCE 2015: THE PRICE OF GREATNESS IS RESPONSIBILITY
How do we implement security?
Hardware Software Good processes and procedures
SCL CONFERENCE 2015: THE PRICE OF GREATNESS IS RESPONSIBILITY
Hardware: Firewalls
Web Server
App Server
DB Server
SCL CONFERENCE 2015: THE PRICE OF GREATNESS IS RESPONSIBILITY
Hardware: Firewalls
Web Server
Port Scanning
App Server
DB Server
SCL CONFERENCE 2015: THE PRICE OF GREATNESS IS RESPONSIBILITY
Hardware: Firewalls
Web Server
Intrusion detection/prevention & Anti-virus
App Server
DB Server
SCL CONFERENCE 2015: THE PRICE OF GREATNESS IS RESPONSIBILITY
Hardware: HSM
Hardware Security Module Dedicated security device Used for our Apple iPad Application Data is never transmitted in clear text
SCL CONFERENCE 2015: THE PRICE OF GREATNESS IS RESPONSIBILITY
Secure Socket Layers (SSL & HTTPS)
Stored data encrypted
Software
Secure file transfer Removal of any software that isn’t needed (hardening) Scanning for stored card numbers
SCL CONFERENCE 2015: THE PRICE OF GREATNESS IS RESPONSIBILITY
Documented security processes
Good Processes & Procedures
Security training & reminders for Employees Separation of duties Camera and door entry systems
SCL CONFERENCE 2015: THE PRICE OF GREATNESS IS RESPONSIBILITY
PCI-DSS Level 1 Service Provider
Who tests us?
Annual Audits Network penetration test (at least annually) Application penetration tests Code reviews
Customer Audits Often add to PCI Have industry focus
SCL CONFERENCE 2015: THE PRICE OF GREATNESS IS RESPONSIBILITY
Fault Tolerance Everything has a backup Our design fails over automatically
Infrastructure
Scalability Easy to add capacity (hardware) Automatically add capacity on demand (software)
Monitoring