Protecting data vs systems: practicality, performance, and problems...
Dan Draper
BSidesSF 2024 · Day 1
This talk, presented by Dan Draper, Founder and CEO at CyStash, delves into the critical distinction between protecting systems and protecting data directly. Draper argues that traditional security approaches, which focus on applying controls to systems like databases, are inherently limited. These controls are often system-specific, operationally inefficient, and fail to protect data once it moves or is exfiltrated from its original context. The core premise of the presentation is to explore how **encryption** can be leveraged as a universal, granular, and deny-by-default mechanism to protect individual data values, regardless of their location or the system they reside in.
AI review
This talk presents a compelling and technically sound approach to universal data protection, moving beyond system-level controls to granular, encryption-based policies. The speaker effectively outlines the challenges of traditional methods, introduces a clever application of envelope encryption with key commitment for access control, and critically evaluates the performance implications of querying encrypted data, ultimately advocating for auto-revealing encryption (ORE) as a practical solution. It's a solid piece of work that addresses a fundamental problem in modern data security.