Protecting Sensitive Data in Drupal

Session Speaker(s): 
Saturday, November 8 2014
Room: Mushroom Kingdom
Time: 5:00pm - 6:00pm

The slides from this presentation are here:

Recent high-profile breaches have shown that data security is more important than ever.  As clients are becoming aware of the devastating consequences of a data breach and compliance requirements are becoming increasingly stringent on what is considered sensitive information, it is up to Drupal developers to ensure that the web sites and applications that they are building are using security best practices and have proper controls in place. We will cover best practices in securing your Drupal site from attacks and intrusion as well as how best to handle and encrypt sensitive data.

Attend this session to learn about:

  • What is Sensitive Information?
    • What is considered sensitive data?
    • Meeting compliance requirements (PCI DSS, HIPAA/HITECH, FISMA, FERPA, etc.)
    • What am I responsible for in handling sensitive information?
    • Examples from sites on what is and isn’t considered sensitive information
  • Encryption
    • An overview of the Encrypt Module for Drupal
    • Encryption best practices
    • What is key management and how it applies to your site
    • Encrypt sub-modules and how to use them
    • Examples of how to encrypt and store sensitive data
  • Clients and Encryption
    • What tools can you use to bring on clients in regulated industries
    • Real examples of how client’s demands for data security can affect the overall scope and effort of a project