How Defense-In-Depth Helps Protect You From Unexpected Vulnerabilities Like Heartbleed

  • Webcast Aired Thursday, 22 May 2014 1:00PM EDT (22 May 2014 17:00 UTC)
  • Speakers: Jake Williams, Adam Goodman

While the recent Heartbleed vulnerability in OpenSSL may have felt to many like a once-in-a-lifetime internet-scale calamity, it really was just the latest in a long string of failures in SSL/TLS infrastructure: in recent years, there has been a surprisingly long list ofhigh-profile weaknesses discovered in protocols and implementations.

We should expect this. The problem is not that SSL/TLS and its various implementations are inherently bad: humans make mistakes and all software has bugs; any security protocol or system could easily fall victim to a similar fate (perhaps even more easily - SSL/TLS is, at least, widely used and widely studied).

Instead, these failures illustrate the value of a long-held security principle known as \Defense in Depth", which holds that we must buildsecurity at every layer of our systems, such that they can remain secure even if one layer breaks.

Join us for a webcast discussing some of the specific techniques that we - and other industry-leading cloud providers - use to lessen the impact of SSL/TLS failures, and some broader ways in which the principle of Defense in Depth can be applied across your organization.