User Focused Security at Netflix: Stethoscope

Presented at ShmooCon XIII (2017), Jan. 14, 2017, 5 p.m. (60 minutes)

User Focused Security is an approach we are using to address employee information security at Netflix. If we provide employees with the right information and low-friction tools, we believe they can get their devices into a more secure state without heavy-handed policy enforcement.

Letting people retain control over their devices means that they can maintain flexibility and productivity and address security recommendations as appropriate to their levels of access. This approach will only be successful, though, if we can provide clear and specific action, and make it easy to do the right thing.

Stethoscope is a web-based tool that gives Netflix employees a view into the security state of their devices, with specific recommendations regarding disk encryption, firewalls, and other device settings. The website, in conjunction with email alerts, gives Netflix employees a straightforward way to see what actions they should take to remain safe.

Presenters:

• Jesse Kriss
  Andrew holds a PhD in Computer Science from the University of North Carolina at Chapel Hill and a B.S. in Computer Science and B.A. in Mathematics from the University of Richmond.
• Andrew White
  Andrew White and Jesse Kriss are both members of the Information Security team at Netflix, where they work on designing and building software tools that help people make good decisions around corporate security.

Links:

• https://infocon.org/cons/ShmooCon/ShmooCon 2017/User-focused Security At Netflix.mp4

Similar Presentations:

• AppSec USA 2014 / Project Monterey or How I Learned to Stop Worrying and Love the Cloud
• ShmooCon XI (2015) / The Joy Of Intelligent Proactive Security
• AppSec USA 2016 / Cleaning Your Applications' Dirty Laundry with Scumblr