3. Future Bets 2015:
Forcing Functions
• Social + Mobility + Cloud
• Traditional Controls Are Lacking
• Analytics
4. Netflix
Business
• World’s largest TV network
• 33 million members in 40 countries
• Over a billion hours streamed per
month
• Supported on 1000+ device types
• 1/3 of evening Internet traffic
(c) 2011 Sandvine
5. Our
Culture
• High Performance, • Some core values:
Engineering-Focused
• “Freedom &
• Fail Fast, Learn Fast ... Responsibility”
Get Results
• “Loosely-Coupled,
• Data- and Metrics-Driven Highly-Aligned”
• Take Smart Risks • “Context not control”
10. Key
Management ::
HSMs
• Motivation:
• Decouple DC and Cloud
• Trust our Cloud more fully
• Others probably want this too
• Challenges:
• Need crypto keys near the Cloud
• HSMs are in the data center
• Can’t entirely trust our CSP
• Solution:
• A real HSM: FIPS 140-2 certified
hardware
• Keys stay in hardware
• “HSM as a Service”
12. Future
Bets
2015:
Org
Demands
• Fluid, Virtual Teams of
specialists / specialties
• Dynamically form &
dissolve to address
opportunities, challenges
• Emphasis on
collaboration, roaming
• Analytic, data-driven
13. Future Bets
2015: Team
Dynamics, Skills
•Teams will
•Be Risk/Security Advisors,
coaches, business analysts
•Speak their language
•Skill sets will become
•Less: people clicking on GUIs
•More: analytics, automation,
gluing systems together (APIs)
15. Future Bets 2015:
Data, Application
Security
• Business Forcing Function: Third-party cloud apps will
innovate faster than your IT department can
• Cloud/SaaS will be IT tools, not competitors
• Data will be encrypted automatically off-network, off-device
• Automated, continuous assessments of your controls
16. Future
Bets 2015:
Device
Security
•All-wireless office, Gigabit Wireless
•Smartphone building badges
•MDM layers: managed VPN,
device- and app-wrapping
17. Future
Bets 2015:
Network
Security
• You will be breached –
Not “if” but “when”?
• How fast can you
respond, contain?
• Mix of trust: corporate,
vendor, employee
owned devices
• Verify every device, user
18. Future
Bets 2015:
Automated
protection
• We will no longer talk about BYO[everything]
• Zero-Trust / NAC will be common
• Networks will dynamically quarantines, inspects, tests
• Large-scale event correlation, analytics => reaction
19. Future
Bets 2015:
What about
the users?
• Awareness Training will
• Be automated
• Be context-relevant, bite-
sized
• Phish your employees
before they do!
• Actively test for
vulnerabilities, quarantine
• Gamifiy, (“peer pressure”) on
compliance, activity
• Be developed collaboratively
20. Future Bets: Areas
of Focus Today
The best way to predict the future
is to invent it. – Alan Kay
The future is already here - it's just not
evenly distributed. —William Gibson