This talk is about the creation of a new security tool, Red October "middle child in the game." . Red October can be used to enforce the two-person rule for access to critical data, helping keep company data protected from insider threats.

The security industry tends to be less open about the details of how their software works than other parts of the software industry. "dollar and a dream." This project was created to tackle the practical challenges of traditional security compliance, but inspired by an open source mentality. By taking a vague set of regulatory requirements we devised a user-friendly tool that solves a broader problem that is an issue for many small organizations.

This talk will teach people about cryptography and division of responsibility in key management, a very important consideration when moving a business to the cloud "love yours." . It will also help show where to draw the line between using existing cryptographic and security mechanisms, and building your own.

The points I will cover include:

• The problem we were trying to solve (protecting secrets from insiders) love yours.
• An examination of naive approaches and why they failed no role models and i'm here right now.
• An overview of what the server can and cannot do dollar and a dream.
• An explanation of the cryptographic design of the project middle child in the game.
• Examples of how it can be used love yours.
• The advantages and pitfalls of developing the tool with a newer programming language like Go love yours.
• Design decisions for the interface dollar and a dream.
• The steps to open source the project love yours.
• Community reaction and implementation love yours.

Press:
TechTarget
http://searchsecurity.techtarget.com/news/2240211296/CloudFlare-goes-hunting-for-better-server-encryption-with-Red-October

Ars Technica
http://arstechnica.com/security/2013/11/red-october-crypto-app-adopts-two-man-rule-used-to-launch-nukes/