Wednesday 25-November-2015 // 6:00 – 9:00 PM
Building : Metro Hall, 55 John Street, Toronto, ON
Room : Room 308/309 (Go up escalator, door is just as you step off)
Speaker: Cheryl Biswas, Assistant Chief Security Office and InfoSec Analyst, JIG Technologies
Topic: What Lurks in the Shadow: The Growing Risks of Shadow Data/Shadow IT
Welcome to the Mordor of security, where the eye of BYOD reigns supreme, and the proliferation of easy-to-use devices is creating an unprecedented level of end user entitlement. A little knowledge has become a very dangerous thing by letting people “help themselves” to data and network access. This is the world of Shadow Data/Shadow IT, where rules are known but not observed; where risks are taken regardless of known consequences; and where “keep it secret” definitely does not keep IT safe. What happens when users or employees take it upon themselves to decide what tech they want to use and how they want to implement it? As the IoT proliferates, and human nature takes its course, we cannot out-engineer human failings and susceptibility. Because that device, and the freedom to use it as the user sees fit, continue to override anything we currently put in place.
Speaker: Sergey Gorbunov, PhD, CEO & Founder at Aikicrypt
Topic: The Science and Art of Modern Crypto or How to Protect Data in Use
Cryptography has been around for thousands of years. Today, most notably, it serves as the fundamental building block for protecting the Internet. Financial, medical and personal information is secured in transit and at rest by strong encryption algorithms. However, conventional wisdom says that to compute or use the data, one must decrypt it first. As a result, all cloud computing systems require knowledge of our secret keys to perform its duties. For example, suppose Alice stores Gigabytes of encrypted emails on a cloud server. To perform searches over encrypted emails in the cloud, she must first send the secret key to the cloud, losing control over her data!
In this talk, I will survey new visions in cryptography that can help protect data in use. I will cover tools such as homomorphic encryption and functional encryption that can be used to compute over encrypted data in the cloud, without sharing the secret key.