DrupalCon Seattle 2019: Data Security in Drupal 8

Your website’s data is at risk, but knowing how to protect it can mean the difference between another day in the office and a data breach. By building in encryption from the beginning stages of your site, you will avoid headaches from having to bolt it on after the fact and have more tools at your disposal to keep your users secure.

This session will cover what’s new with security in Drupal, best practices for handling private data (email addresses are they really private), and case studies of real-world examples on how to apply these to your next site.

Drupal 8 Security Improvements and what they mean to you

How Drupal 8 stores data - from form to database
Modules you can use to enhance the security of your site
Encrypt Module
Real AES Module
Contrib modules around encryption
Key Module
Benefits of centralized key management
Limit breaches as a result of poor API or key management
How to leverage and extend the Key for your contrib module
Best practices around creating and storing data

Identifying personally identifiable information (PII) and when to use enhanced security to protect it
E-Commerce best practices
How to properly collect and sanitize user input 
Case Studies in Data Security

E-commerce
Enterprise
Education
The session audience will leave with a greater understanding of Drupal security, best practices in keeping their data safe, and what tools they can use in the process.

Drupal is a registered trademark of Dries Buytaert.