From Security Weekly Wiki
Jump to navigationJump to search
= InterviewTopic: Protecting Data in Apps and Protecting Apps from Data =<!-- Apps must protect the data they collect. How can DevOps teams apply effective controls like strong authentication and authorization? How do cloud services help or hinder encrypting data?* Envelope encryption uses multiple keys to protect data. It's a scalable pattern for protecting data and is nicely documented for [[Filehttps:HillelSolow//docs.jpg|right|250px|thumb|<center>''' AWS], [ Hillel Solowen-us/azure/storage/blobs/storage-encrypt-decrypt-blobs-key-vault Azure]'''is the CTO of , and [ Check Pointkms/docs/envelope-encryption GCP]<. Be warned that each provider uses slightly different terminology for the same principle components. Kubernetes [>docs/tasks/administer-cluster/encrypt-data/ also supports]] -this pattern. Data is also an attack vector that apps must protect themselves against. How relevant is the security recommendation of "use input validation" for modern apps? How can apps that rely on user->generated content or microservice architectures handle data securely?


Navigation menu