SESSION ID: PDAC-W09 Nanotechnology, Behavior & Supply Chains: Managing Risk at a Platform Level Edna Conway Ophir Gaathon, PhD VP/GM Global Security, Risk & Compliance Cloud Supply Chain Microsoft @Edna_Conway CEO/Co-Founder DUST Identity @DUSTIdentity #RSAC #RSAC Platform: plat·form /ˈplatfôrm/ A group of technologies that are used as a base upon which other applications, processes or technologies are developed. Managing Risk through the Platform Revolution 3 #RSAC #RSAC Platforms are Everywhere Health Care Energy Logistics Manufacturing Personal Transportation Smart Communities Managing Risk Through the Platform Revolution Lawmakers/Regulators Cloud Providers Employees/Consultants 5 #RSAC #RSAC Unaccounted for Risk Indicia of Trust Closing Trust Gaps 6 Cloud is a Foundation for the Platform Revolution PaaS STaaS DbaaS DRaaS DaaS NaaS XaaS CaaS IaaS #RSAC SaaS ITaaS HaaS MaaS SECaaS Accountability Demands Verification Check & Verify Technology & Operations 8 #RSAC Accountability & Integrity Accountability Requires Visibility 9 #RSAC How Many Cows Are In a Burger? 10 #RSAC How Many Sources Are In Your Hardware? 11 #RSAC What is Lurking In the Shadows? 12 #RSAC #RSAC TRUST 13 #RSAC TRUST YOU CAN'T WHAT YOU CAN'T PETER DRUCKER 14 #RSAC End-to-End Value Chain Security S U P P LY DELIVERY SERVICE Security Ta i n t e d S o l u t i o n s Information Layer Behavioral Layer Counterfeited Parts Logical Layer Physical Layer Te c h n i c a l L a y e r Quality Noncompliant Products Nonconforming Parts SAFETY REVENUE 15 UPTIME #RSAC Can Trust Scale? CLASSIFIED DNA EMBEDDED ID ENCRYPTED RFID TAGGANTS SECURITY INK SECURITY RFID HOLOGRAMS BARCODE/QR PAPER SCALE SCALE #RSAC Building TRUST Human Accountability Identity of Things 17 will Identity Look Like in the Future? inWhat the Future  Single item serialization  Down to component level  Cradle to grave  Secure by design 18 #RSAC #RSAC Achieve Accountability Verifiable / Auditable Immutable supply chain data Incentivize positive behavior Create human-centric policies 19 TRUST = the RIGHT Security @RIGHT Place @RIGHT Time TRUST • End-to-end multi-tier unifying architecture Pa c ka ge • Address needs & constraints of different stakeholders in the value chain P ro d u c t • Empower every node in the product lifecycle ecosystem Assembly • Evolving & dynamic rollout #RSAC C o m p o n e nt 20