You are viewing content from a past/completed QCon -

SESSION + Live Q&A

Reconciling Performance and Security in High Load Environments

Most perceive security fixes and improvements as a necessary evil, because security is much “less tangible” than primary product functionality in terms of potential revenue. On top of not bringing any “meaningful” value to the overall system, security comes at a cost of potential performance degradation, as it steals precious CPU cycles and memory from the overall resource pool.

Because of the above in a performance-driven environment product and infrastructure security are either heavily avoided altogether or forcibly imposed by security teams, excusing themselves with numerous legal and compliance requirements. The fear of potential performance penalty and the need to balance performance vs security often leads to insecure architectures and designs or unnecessary complexity.

All this usually makes the rest of the organisation dislike and distrust security in the long term. But what if we can show that security actually improves performance? This presentation explores how to drive security in a high performance environment and make it a welcome and natural part of the product lifecycle.


Speaker

Ignat Korchagin

Cryptographer, & Security Software Engineer @Cloudflare

Ignat is a systems engineer at Cloudflare working mostly on platform and hardware security. Ignat’s interests are cryptography, hacking, and low-level programming. Before Cloudflare, Ignat worked as a senior security engineer for Samsung Electronics’ Mobile Communications Division....

Read more
Find Ignat Korchagin at:

From the same track

SESSION + Live Q&A Architecture

Designing Secure Architectures the Modern Way, Regardless of Stack

This talk aims to attack two typical conflicts any security architect is well familiar with: 1. Most of the design thinking for preventing security incidents and performance bottlenecks focuses on avoiding known risks in a known way. However, most of the time this approach leads to...

Eugene Pilyankevich

CTO @cossacklabs, Building Applied Cryptographic / Data Security Tooling

SESSION + Live Q&A London

Keep Calm and Secure Your CI/CD Pipeline

Shifting left significantly reduces costs and diminishes release delays. Continuous security validation should be added at each step from development through production to help ensure the application is always secure. We can then switch the conversation with the security team from approving each...

Sonya Moisset

Lead Security Engineer @Photobox / Tech Lead @PrideInLondon

SESSION + Live Q&A Interview Available

Security Vulnerabilities Decomposition

In most companies security is driven by compliance regulations. The policies are designed to contain the CWEs each company is interested to comply with. The result of this approach is a high number of insecure applications are still produced and injection is still King. Is there another way...

Katy Anton

Principal Application Security Consultant @Veracode

SESSION + Live Q&A Security

The Quantum Risk & Future Post-Quantum Standards

This talk will describe the risk of quantum computing to cryptography, in a way suitable to an audience without quantum physics nor cryptography background.  We will present the mitigations available today thanks to research in the field of post-quantum cryptography, and we'll...

Jean-Philippe Aumasson

Author of "Serious Cryptography", Designer of Hash Functions BLAKE3 and BLAKE2

View full Schedule