BSides Austin - Verizon DBIR, cloud security and the importance of randomness

Filed Under: Cryptography, Data loss, Featured

Greetings from BSides Austin. The first talk of the day I was able to attend was delivered by Jay Jacobs of Verizon.

Jacobs presented "Digging into Data from the 2012 DBIR", where he gave us an in-depth look at Verizon's latest report. It was clear that Jay was intimately involved and was able to answer every question thrown at him.

Jay Jacobs at BSides Austin

There is a lot of fantastic information in this year's report, and Jacobs was very helpful explaining the methodologies used. This is important as it is easy to draw incorrect conclusions when awash in a sea of statistics and data.

Cloud buttonI had the pleasure of sitting on a panel on cloud security with Jack Daniel, Michael Gough, Jarret Raim, Ganesh Padmanaghan, Michael Wilde and Eddie Garcia.

We discussed a lot of the challenges of migrating to the cloud and the importance of getting out in front of the desire for instant-on application availability.

The conclusion? We mostly agreed that IT must be an enabler and find a way to say yes, while maintaining a modicum of control. User agility is essential to being competitive and we must find a way to securely embrace it.

At the end of the day I sat in on David Ochel's talk "Is your randomness predictable?". Ochel discussed how random and psuedo-random streams are created and the importance of high quality randomness in cryptography.

The cloud is particularly vulnerable to predictable randomness and extra care must be taken to generate as much entropy as possible. Ochel's talk was a good introduction to randomness and shed some light on doing it in the cloud.

, , , , ,

You might like

2 Responses to BSides Austin - Verizon DBIR, cloud security and the importance of randomness

  1. peter · 1232 days ago

    The advice, wisely calculated and conferred, on randomness and the cloud, like many a deep thought confined quickly to two dimensions, might raise a tittle or two.

    Of course it is all Health and Safety, when you get down to it.

  2. Alexis Gil · 1211 days ago

    And we wonder what Cloud Providers are doing to improve this ? Nothing new seems to emerge.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

About the author

Chester Wisniewski is a Senior Security Advisor at Sophos Canada. He provides advice and insight into the latest threats for security and IT professionals with the goal of providing clear guidance on complex topics. You can follow Chester on Twitter as @chetwisniewski, on as Chester, Chester Wisniewski on Google Plus or send him an email at