21
© 2014 PayPal Inc. All rights reserved. Confidential and proprietary. Can Security and Agility Co-Exist? Arizona Technology Summit 2014 Scott Carlson – PayPal – September 17, 2014

Can Security & Agility Co-Exist

Tags:

Embed Size (px)

DESCRIPTION

Can Security & Agility Co-Exist Presentation given at the 2014 Arizona Technology Summit by Scott Carlson, PayPal @relaxed137

Citation preview

Page 1: Can Security & Agility Co-Exist

© 2014 PayPal Inc. All rights reserved. Confidential and proprietary.

Can Security and Agility Co-Exist?Arizona Technology Summit 2014Scott Carlson – PayPal – September 17, 2014

Page 2: Can Security & Agility Co-Exist

26CURRENCIES SUPPORTED

152MACTIVE REGISTERED ACCOUNTS

203MARKETS OFFER PAYPAL

80LOCALIZED MARKETING SITES

GLOBALLY

EUROPEAN UNIONEURO

AUSTRALIANDOLLAR

CANADIANDOLLAR

NEW ZEALANDDOLLAR

HUNGARIANFORINT

MALAYSIANRINGGIT

UNITED KINGDOMPOUNDS STERLING

HONG KONGDOLLAR

UNITED STATESDOLLAR

TAIWANNEW DOLLAR

CHINESERMB

SWEDISHKRONA

SINGAPOREDOLLAR

PHILIPPINEPESO

BRAZILIANREAL

RUSSIANRUBLE

NORWEGIANKRONE

JAPANESEYEN

MEXICANPESO

TURKISHLIRA

SWISSFRANC

CZECHKORUNA

ISRAELINEW SHEKEL

DANISHKRONE

THAIBAHT

POLISHZLOTY

Page 3: Can Security & Agility Co-Exist

$1.95B850M

$40.4B $14.7B

152M$55B

Revenue Total20% YoY

TotalTransactions

Merchant Services Payment 35% YoYVolume

Active Accounts

Net Total Payment29% YoYVolume

Volume

Marketplaces Payment

Q2 2014 Results

Page 4: Can Security & Agility Co-Exist

© 2014 PayPal Inc. All rights reserved. Confidential and proprietary.

Compliant with PCI-DSS 2.0 StandardsCompliant with local country regulations

4

Compliance Statement: http://www.visa.com/splisting/viewSPDetail.do?coName=PayPal

Page 5: Can Security & Agility Co-Exist

5© 2014 PayPal Inc. All rights reserved. Confidential and proprietary.

secureIn safe custody or keepingassured; sure; certain; free from or not exposed to danger or harm; safe.

agilequick and well-coordinated in movement; marked by an ability to think quickly; intellectual acuity

http://www.dictionary.com

Page 6: Can Security & Agility Co-Exist

© 2014 PayPal Inc. All rights reserved. Confidential and proprietary.

6

@ http://xkcd.com used with permission under Creative commons License

Page 7: Can Security & Agility Co-Exist

7© 2014 PayPal Inc. All rights reserved. Confidential and proprietary.

secureIn safe custody or keeping assured; sure; certain; free from or not exposed to danger or harm; safe.

preventBe patched, be compliant, be hardened, be layered, don’t let data leave your network

detect Log it all; parse it all; sesame street logic; leave no stone unturned

respondQuarantine; active defense; mitigate; high priority patches; bug fixes; block ports; kill data streams; sever connections

Page 8: Can Security & Agility Co-Exist

© 2014 PayPal Inc. All rights reserved. Confidential and proprietary.

8

@ http://xkcd.com used with permission under Creative commons License

“Cyber Attack”

http://www.digitalattackmap.com

http://www.digitalattackmap.com/
Page 9: Can Security & Agility Co-Exist

© 2014 PayPal Inc. All rights reserved. Confidential and proprietary.

9

“Cyber Attack”

http://www.digitalattackmap.com

http://www.digitalattackmap.com/
Page 10: Can Security & Agility Co-Exist

© 2014 PayPal Inc. All rights reserved. Confidential and proprietary.

10

Page 11: Can Security & Agility Co-Exist

© 2014 PayPal Inc. All rights reserved. Confidential and proprietary.

11

http://hackmageddon.com/2014/07/07/june-2014-cyber-attacks-statistics/

Page 12: Can Security & Agility Co-Exist

© 2014 PayPal Inc. All rights reserved. Confidential and proprietary.

12

http://www.geekherocomic.com used with permission under Creative commons License

http://www.geekherocomic.com/
Page 13: Can Security & Agility Co-Exist

13© 2014 PayPal Inc. All rights reserved. Confidential and proprietary.

agilequick and well-coordinated in movement; marked by an ability to think quickly; intellectual acuity

washConsider everything dirty; examine it; spray the bad parts; clean it; use machines to do the dirty work

rinseRun traffic over it; verify assumptions; send it back to the wash if needed; deliver to customer; use it yourself

repeatCheck you work; check new versions; talk to new people; find all of the new and exciting ways people are doing things

Page 14: Can Security & Agility Co-Exist

© 2014 PayPal Inc. All rights reserved. Confidential and proprietary.

14

http://www.lynnecazaly.com - used with permission

http://www.lynnecazaly.com/
Page 15: Can Security & Agility Co-Exist

© 2014 PayPal Inc. All rights reserved. Confidential and proprietary.

15

@ http://xkcd.com used with permission under Creative commons License

Page 16: Can Security & Agility Co-Exist

© 2014 PayPal Inc. All rights reserved. Confidential and proprietary.

16

Compliant≠

Secure

Page 17: Can Security & Agility Co-Exist

© 2014 PayPal Inc. All rights reserved. Confidential and proprietary.

17

Agile≠

Risky

Page 18: Can Security & Agility Co-Exist

© 2014 PayPal Inc. All rights reserved. Confidential and proprietary.

18

Secure is nota permanent

state

Page 19: Can Security & Agility Co-Exist

© 2014 PayPal Inc. All rights reserved. Confidential and proprietary.

19

Security can not work effectively unless you

have Agility

Page 20: Can Security & Agility Co-Exist

© 2014 PayPal Inc. All rights reserved. Confidential and proprietary.

20

debate… decide…deliver

secure

Page 21: Can Security & Agility Co-Exist

© 2014 PayPal Inc. All rights reserved. Confidential and proprietary.

For more information, please contact:

Scott Carlson@[email protected]


Tufin Secure Cloud Hybrid Cloud Security –without Compromise · slows business agility. Maintain security without compromising agility. Tufin SecureCloud • Platform API Automate

Tufin Secure Cloud Hybrid Cloud Security –without Compromise · slows business agility. Maintain security without compromising agility. Tufin SecureCloud • Platform API Automate

Documents
Multi-Dimensional Security!ukmsecurity.co.uk/wp-content/uploads/2020/01/Agility-4_Multi... · Multi-Dimensional Security Agility™4 provides complete protection against intrusion

Multi-Dimensional Security!ukmsecurity.co.uk/wp-content/uploads/2020/01/Agility-4_Multi... · Multi-Dimensional Security Agility™4 provides complete protection against intrusion

Documents
“True individual freedom cannot exist Franklin Delano ... · “True individual freedom cannot exist without economic security and independence.” ... the core values that the

“True individual freedom cannot exist Franklin Delano ... · “True individual freedom cannot exist without economic security and independence.” ... the core values that the

Documents
DevSecOps – Agility with Security€¦ · 6 DevSecOps – Agility with Security Figure 1 - "DevOps Done Well" - Murray Goldschmidt The need to identify issues and resolve them quickly

DevSecOps – Agility with Security€¦ · 6 DevSecOps – Agility with Security Figure 1 - "DevOps Done Well" - Murray Goldschmidt The need to identify issues and resolve them quickly

Documents
Formality, Agility, Security, and Evolution in Software Development Cody Ronning 2/16/2015

Formality, Agility, Security, and Evolution in Software Development Cody Ronning 2/16/2015

Documents
Agility Americas Help Customers Manage F5 … Customers Manage F5 Security and ADC with ... Cisco APIC Cloud ... Agility Americas_Help Customers Manage F5 Security and ADC with BIG-IQ

Agility Americas Help Customers Manage F5 … Customers Manage F5 Security and ADC with ... Cisco APIC Cloud ... Agility Americas_Help Customers Manage F5 Security and ADC with BIG-IQ

Documents
Agility - Security Products

Agility - Security Products

Documents
Murray Goldschmidt – DevOps, a How To for Agility with Security

Murray Goldschmidt – DevOps, a How To for Agility with Security

Documents
PHYSICAL SECURITY - Ingram Micro · 2019-07-15 · PHYSICAL SECURITY IngramMicroAdvancedSolutions Unrivaled agility. Deep market insights. Dependable expertise. If this describes

PHYSICAL SECURITY - Ingram Micro · 2019-07-15 · PHYSICAL SECURITY IngramMicroAdvancedSolutions Unrivaled agility. Deep market insights. Dependable expertise. If this describes

Documents
DevSecOps – Agility with Security · 4 DevSecOps – Agility with Security In summary, DevSecOps aims to be a movement that extends all of the organisational benefits achieved through

DevSecOps – Agility with Security · 4 DevSecOps – Agility with Security In summary, DevSecOps aims to be a movement that extends all of the organisational benefits achieved through

Documents
Agility meets Control meets Security

Agility meets Control meets Security

Documents
Security Change Management: Agility vs. Control

Security Change Management: Agility vs. Control

Technology
The Value Proposition for Cyber Security: Does it exist ... · The Value Proposition for Cyber Security: Does it exist and how can we create it? Larry Clinton, ISAlliance Chief Operating

The Value Proposition for Cyber Security: Does it exist ... · The Value Proposition for Cyber Security: Does it exist and how can we create it? Larry Clinton, ISAlliance Chief Operating

Documents
Agility and security

Agility and security

Technology
Security Without Compromise with Unprecedented Agility · PDF fileSOLUTION RIEF FORTINET VMWARE READY™ FOR NFV SOLUTION Security Without Compromise with Unprecedented Agility INTRODUCTION

Security Without Compromise with Unprecedented Agility · PDF fileSOLUTION RIEF FORTINET VMWARE READY™ FOR NFV SOLUTION Security Without Compromise with Unprecedented Agility INTRODUCTION

Documents
Agility of Cloud Infrastructure with Software Defined Network and … · 2013-07-27 · Agility of Cloud Infrastructure with Software Defined Network and Security Ganesh Iyer

Agility of Cloud Infrastructure with Software Defined Network and … · 2013-07-27 · Agility of Cloud Infrastructure with Software Defined Network and Security Ganesh Iyer

Documents
Agility and its Role in Increasing Your Organization’s ...€¦ · Agility and its Role in Increasing Your Organization’s Resilience 1 ... Behaviors that exist in a climate marked

Agility and its Role in Increasing Your Organization’s ...€¦ · Agility and its Role in Increasing Your Organization’s Resilience 1 ... Behaviors that exist in a climate marked

Documents
DevSecCon London 2017: Permitting agility whilst enforcing security by Alina Radu

DevSecCon London 2017: Permitting agility whilst enforcing security by Alina Radu

Technology
Compatibility, Security & Performance: Finding a Balance With SSL / TLS That Doesn't Exist

Compatibility, Security & Performance: Finding a Balance With SSL / TLS That Doesn't Exist

Engineering
Agility Quality Integrity · Agility Quality Integrity A Marshall Land Systems Company. Marshall SDG (MSDG) ... Ground Penetrating Radar, security and safety such as fire prevention

Agility Quality Integrity · Agility Quality Integrity A Marshall Land Systems Company. Marshall SDG (MSDG) ... Ground Penetrating Radar, security and safety such as fire prevention

Documents
Cyber Security Planning Rubric 006 - CoSN Cybersecurity rubric.pdflaw enforcement and community representative. ... Security Plan Security practices exist without a formal security

Cyber Security Planning Rubric 006 - CoSN Cybersecurity rubric.pdflaw enforcement and community representative. ... Security Plan Security practices exist without a formal security

Documents
Making Security Agile - DigiCert€¦ · What can enterprises do to balance agility with security? How can they integrate security into DevOps to achieve faster, more predictable

Making Security Agile - DigiCert€¦ · What can enterprises do to balance agility with security? How can they integrate security into DevOps to achieve faster, more predictable

Documents
DevSecOps – Agility with Security - Sense of Security · 4 DevSecOps – Agility with Security www ... Apart from the people and tools used in ... The Feedback loop is also enhanced

DevSecOps – Agility with Security - Sense of Security · 4 DevSecOps – Agility with Security www ... Apart from the people and tools used in ... The Feedback loop is also enhanced

Documents
Security and Agility in the API Economy - ViewDS and Agility in the API Economy ... services available over the Internet by using standard web technologies, ... Microsoft Word - Security

Security and Agility in the API Economy - ViewDS and Agility in the API Economy ... services available over the Internet by using standard web technologies, ... Microsoft Word - Security

Documents
A New Security Architecture to Improve Business Agility · A New Security Architecture to Improve Business Agility An organization s ability to learn, and translate that learning

A New Security Architecture to Improve Business Agility · A New Security Architecture to Improve Business Agility An organization s ability to learn, and translate that learning

Documents
SPENT NUCLEAR FUEL Options Exist ToFurther Enhance Security

SPENT NUCLEAR FUEL Options Exist ToFurther Enhance Security

Documents
Physical Security - Ingram Micro · Physical Security Unrivaled agility. Deep market insights. Dependable expertise. If this describes your ideal physical security partner, you’re

Physical Security - Ingram Micro · Physical Security Unrivaled agility. Deep market insights. Dependable expertise. If this describes your ideal physical security partner, you’re

Documents
GEOTRUST ENTERPRISE SECURITY CENTER: ACHIEVE AGILITY AND VALUE IN

GEOTRUST ENTERPRISE SECURITY CENTER: ACHIEVE AGILITY AND VALUE IN

Documents
AWS re:Invent 2016: Embracing DevSecOps while Improving Compliance and Security Agility and Posture (HLC303)

AWS re:Invent 2016: Embracing DevSecOps while Improving Compliance and Security Agility and Posture (HLC303)

Technology
Micro Focus Presentation Template - custom.cvent.com · Enterprise DevOps Hybrid IT Management Security, Risk & Governance Predictive Analytics Speed Security Insights Agility Enabled

Micro Focus Presentation Template - custom.cvent.com · Enterprise DevOps Hybrid IT Management Security, Risk & Governance Predictive Analytics Speed Security Insights Agility Enabled

Documents