auxesis

Title

Protecting sensitive data in DynamoDB with searchable encryption

Description

As architects, data security is a non-negotiable attribute of our solution designs. The traditional go-to technique to protect data is to build layers of controls around sensitive data. But there is always a constraint: sensitive data must be stored in plaintext. Why don’t we encrypt it? Because we can’t use it.

But what if we could encrypt it and perform range, match, and unique queries without ever decrypting it? This would allow us to exceed the design principles of the Security Pillar and protect data in transit, at rest, and in-use.

auxesis

require "dotiw"

include DOTIW::Methods

availability = 0.999 # three nines

#                         days per year
#                         |    hours per day
#                         |    |    minutes per hour
#                         |    |    |    seconds per minute

auxesis

AWSTemplateFormatVersion: '2010-09-09'
Description: Deploy CipherStash Proxy to ECS Fargate

Parameters:
  VpcId:
    Type: AWS::EC2::VPC::Id
  SubnetIds:
    Type: List<AWS::EC2::Subnet::Id>
  SecurityGroupId:
    Type: AWS::EC2::SecurityGroup::Id

auxesis

 ~/src/github.com/cipherstash/proxy  (ci/actually-run-tests *+)
 î  CARGO_PROFILE_DEV_BUILD_OVERRIDE_DEBUG=true RUST_BACKTRACE=full mise run proxy
[proxy] $ cargo run
   Compiling proc-macro2 v1.0.92
   Compiling unicode-ident v1.0.14
   Compiling libc v0.2.167
   Compiling autocfg v1.4.0
   Compiling serde v1.0.215
   Compiling version_check v0.9.5
   Compiling typenum v1.17.0

auxesis

DevOps Sydney Code of Conduct

DevOps Sydney is a community meetup intended for networking and collaboration in the developer + operations community.

We value the participation of each member of the DevOps community and want all community members to have an enjoyable and fulfilling experience. Accordingly, all attendees are expected to show respect and courtesy to other attendees throughout the meetups.

To make clear what is expected, all attendees, speakers, organisers and volunteers at any Sydney DevOps event are required to conform to the following Code of Conduct. Organisers will enforce this code throughout events.

The Short Version

auxesis

We meet on the third Thursday of every month, at Pivotal in Sydney.

If you're taking public transport, we recommend you catch the train to Central and make the short walk from there.

Are you a recruiter? Please follow our rules for participating in the community.

Does your company want to give back to the community? Sponsor a meetup!

Talk topics

auxesis

CREATE EXTENSION IF NOT EXISTS pgcrypto;

CREATE TYPE ore_64_8_v1_term AS (
  bytes bytea
);

CREATE TYPE ore_64_8_v1 AS (
  terms ore_64_8_v1_term[]
);

auxesis

 ➔  be rails s
=> Booting Puma
=> Rails 7.0.4.2 application starting in development
=> Run `bin/rails server --help` for more startup options
Puma starting in single mode...
* Puma version: 5.6.5 (ruby 3.1.3-p185) ("Birdie's Version")
*  Min threads: 5
*  Max threads: 5
*  Environment: development
*          PID: 18387

auxesis

DevOps and Data Security: words vs actions

LastPass. Shangri-La. Optus. The last 12 months have seen a reckoning for data security around the world.

But are these examples really that out of step with how we actually do security in our own organisations (not just what we tell ourselves about how we do it)?

What do organisations doing devops actually think about data security? Who do they think they are defending against? What steps are they taking to safeguard customer data?

This talk will explore two years of qualitative interviews with business and government organisations about how they think and act on data security.

auxesis

# default layout (can be bsp, stack or float)
yabai -m config layout bsp

# wild west on space 1
yabai -m config --space 5 layout float

# New window spawns to the right if vertical split, or bottom if horizontal split
yabai -m config window_placement second_child

# padding set to 1px