Application Layer Cryptography: Purpose and Threat Modeling

What’s the point of application layer cryptography? What does encrypting sensitive data actually buy us, in terms of threat modeling? Why bother with encrypting data, if we need to decrypt it to realize the data’s value? If we don’t trust the software that’s handling the data, why trust the software to handle the keys? Is there a business case to actually encrypt more (or less) data? If we have to encrypt data, how are we actually supposed to do that, in practice? What algorithms should we use to encrypt? Where do these keys come from? Oh no, I have to expire the keys old keys and start using new encryption keys to provide forward secrecy, over time? !@#$ How do I do that without losing backward compatibility with software I’ve already shipped to customers that uses the old encryption scheme? Should I lock into Google KMS or AWS KMS or buy an $50k HSM from Thales integrating with PKCS11, or just build my own system? Wait. What's peacemakr.io?

If you’ve every wondered about these questions, you’re not alone. We’ll explore where business requirements come from, how product security engineering teams typically respond to these requirements, and discuss the future of application layer cryptography.

Bio:
Jon has 10+ years industry experience, and 4+ in academia experience, in Product Security that spanned everything from 2 person bootstrapped startup to large companies. He's secured both consumer and enterprise products, across large (Apple), medium (Pure Storage), and small sized companies. Today, he is a Product Security Engineer at Pure Storage by day, and, a Founder and CEO of Peacemakr.io nights and weekends.