The Building Blocks for Trusted Internet Services: Openness, Privacy, Security

The Building Blocks

for Trusted Internet Services

Openness, Privacy and Security

Neil Cook, Bert Hubert Open-XchangeMarch 15, 2016

2 | Trusted Internet Services Building Blocks

Trusted and integrated solutions Open-Xchange: Who are we?

• 3.5M mail Server installations globally• 68% worldwide market share • Superior scalability & cost efficiency• Full control back to Service Provider • Fully secure (MAAWG / secure email standard)• Storage backend agnostic (S3, object storage)

• EU market leader Domain Name Services (50%)• Authoritative DNS a must for high performance• Best in class DDoS support • Leading DNSSEC >75% of hosted domains• Excellent scalability• Maximum impact on Retention & Performance

OX App Suite – communication and collaboration suite: Engage more customers.OX-as-a-Service – secure, hosted stack from App Suite through to secure storage: Cloud GTM 2.0.

180M sold seats22 countries

17 languagesTrusted Email Services

The Battle for End-Users: Previously

3

Free Free/Subscription

Great Features

Open-Source

OK FeaturesUS-based Based anywhere

4

Free Free/Subscription

The Battle for End-Users: Now

Great Features Great FeaturesUS-based Based anywhere

The Next Battleground: Trust

• Mass Surveillance• Hackers and Foreign

Governments• Hosters and Service Providers

targeted5 | Trusted Internet Services Building Blocks

Why should I trust you?How can I

trust you?

Do I rely on your word?“Don’t be Evil”

“At Apple, your trust means everything to us.”


Open Source == Trust

• Open Source Software means transparency

• OSS means Open-Standards

• Trust the Openness not the company



Hard to migrate your own dataProprietary means Lock-In

Proprietary Cloud Service

My Data

Other Cloud Service

In-House Data-Centre or Software

Migrate Data


Freedom to choose the right business modelOpen Source means Flexibility

open standards

Run & Host Yourself

Run & Host for others

Use 3rd party service

Security also a new Battleground

Security is an important building block of trust

If I don’t feel secure, how can I trust your services?

Internet security standards make the internet safer

Internet security standards make your users safer

But Google is going big on Security!

DNSSEC

Anything they do… you should do better

DANEOpenPGP/TES

Click on symbol to add a full bleed screenshot


% pdnsutil secure-zone mydomain.com

But DNSSEC is Hard isn’t it?


• Securely Authenticate TLS Certs in DNS• Removes reliance on CAs• Even allows self-signed Certs

• Provides “real security” for any services with optional TLS (STARTTLS)• Prevents MITM Attacks• Prevents DNS Spoofing

• Builds on DNSSEC• Way more secure Google’s Red Padlock• Join Trusted Email Services Initiative

(TES) for more

DANE

Sending MTA

Receiving MTA

EHLO foobar.com

MITM

EHLO foobar.com250 STARTTLS250 example.net

CLEARTEXT CLEARTEXT


OpenPGP and HKP: Real E2E EncryptionI’d like to send an

encrypted message to [email protected]

Mail Client (WebMail, App,

MTA)

DNS

HKP Server for example.com

Query: SRV _hkp._tcp.example.com?

Answer: hkp.example.com:11371

Public Key: [email protected]?Answer: -----BEGIN PGP PUBLIC KEY BLOCK


How do you compete with Free?21st Century Business Model:

“We give you service, you give us your privacy”

Difficult for “Free” to tailor their services

Higher Security

Stricter Privacy

Regulatory Requirements

Locality

Encryption

Special-Needs

Customer Service

People will pay for differentiated services

No need to compromise privacyCan develop relationship with customer

Open and Honest Contract leads to Trust

Can tailor service to customer requirements

Internet Services Building Blocks


Features

Trusted Internet Service

Open Source & Open Standards

Privacy & Security

Tailored and Differentiated

The Building Blocks for Trusted Internet Services: Openness, Privacy, Security

Software

Transcript of The Building Blocks for Trusted Internet Services: Openness, Privacy, Security