SCL Conference 2015: Keeping The Bad Guys Out

SCL SecurityKeeping the Bad Guys Out

SCL InfrastructureKeeping the Good Guys In

SCL CONFERENCE 2015: THE PRICE OF GREATNESS IS RESPONSIBILITY

How do we implement security?

Hardware

Software

Good processes and procedures

SCL CONFERENCE 2015: THE PRICE OF GREATNESS IS RESPONSIBILITY

Hardware:Firewalls

App ServerWeb Server

DB Server

SCL CONFERENCE 2015: THE PRICE OF GREATNESS IS RESPONSIBILITY

Hardware:Firewalls

App ServerWeb Server

DB Server

Port Scanning

SCL CONFERENCE 2015: THE PRICE OF GREATNESS IS RESPONSIBILITY

Hardware:Firewalls

App ServerWeb Server

DB Server

Intrusion detection/prevention & Anti-virus

SCL CONFERENCE 2015: THE PRICE OF GREATNESS IS RESPONSIBILITY

Hardware:HSM

Hardware Security Module Dedicated security device

Used for our Apple iPad Application

Data is never transmitted in clear text

SCL CONFERENCE 2015: THE PRICE OF GREATNESS IS RESPONSIBILITY

Software

Secure Socket Layers (SSL & HTTPS)

Stored data encrypted

Secure file transfer

Removal of any software that isn’t needed (hardening)

Scanning for stored card numbers

SCL CONFERENCE 2015: THE PRICE OF GREATNESS IS RESPONSIBILITY

Good Processes & Procedures

Documented security processes

Security training & reminders for Employees

Separation of duties

Camera and door entry systems

SCL CONFERENCE 2015: THE PRICE OF GREATNESS IS RESPONSIBILITY

Who tests us?

PCI-DSS Level 1 Service Provider Annual Audits

Network penetration test (at least annually)

Application penetration tests

Code reviews

Customer Audits Often add to PCI

Have industry focus

SCL CONFERENCE 2015: THE PRICE OF GREATNESS IS RESPONSIBILITY

Infrastructure

Fault Tolerance Everything has a backup

Our design fails over automatically

Scalability Easy to add capacity (hardware)

Automatically add capacity on demand (software)

Monitoring