scl conference 2015: keeping the bad guys out
DESCRIPTION
A look at SCL's security and infrastructureTRANSCRIPT
SCL CONFERENCE 2015: THE PRICE OF GREATNESS IS RESPONSIBILITY
How do we implement security?
Hardware
Software
Good processes and procedures
SCL CONFERENCE 2015: THE PRICE OF GREATNESS IS RESPONSIBILITY
Hardware:Firewalls
App ServerWeb Server
DB Server
SCL CONFERENCE 2015: THE PRICE OF GREATNESS IS RESPONSIBILITY
Hardware:Firewalls
App ServerWeb Server
DB Server
Port Scanning
SCL CONFERENCE 2015: THE PRICE OF GREATNESS IS RESPONSIBILITY
Hardware:Firewalls
App ServerWeb Server
DB Server
Intrusion detection/prevention & Anti-virus
SCL CONFERENCE 2015: THE PRICE OF GREATNESS IS RESPONSIBILITY
Hardware:HSM
Hardware Security Module Dedicated security device
Used for our Apple iPad Application
Data is never transmitted in clear text
SCL CONFERENCE 2015: THE PRICE OF GREATNESS IS RESPONSIBILITY
Software
Secure Socket Layers (SSL & HTTPS)
Stored data encrypted
Secure file transfer
Removal of any software that isn’t needed (hardening)
Scanning for stored card numbers
SCL CONFERENCE 2015: THE PRICE OF GREATNESS IS RESPONSIBILITY
Good Processes & Procedures
Documented security processes
Security training & reminders for Employees
Separation of duties
Camera and door entry systems
SCL CONFERENCE 2015: THE PRICE OF GREATNESS IS RESPONSIBILITY
Who tests us?
PCI-DSS Level 1 Service Provider Annual Audits
Network penetration test (at least annually)
Application penetration tests
Code reviews
Customer Audits Often add to PCI
Have industry focus
SCL CONFERENCE 2015: THE PRICE OF GREATNESS IS RESPONSIBILITY
Infrastructure
Fault Tolerance Everything has a backup
Our design fails over automatically
Scalability Easy to add capacity (hardware)
Automatically add capacity on demand (software)
Monitoring