Allow Ssn Field with airSlate SignNow

Allow ssn field

so hello and welcome to reinvent I'm Alina smart and the chief information security officer at MongoDB I'm absolutely delighted to be here I am gonna stick to my scripts otherwise I'll end up telling jokes and you don't want to hear my jokes I have about three jokes I might tell one later we'll see so you're here to learn about running MongoDB securely on AWS using field level encryption I am NOT here to be a sales person and the sales person on the planet but if you do want to learn more about our products which are absolutely amazing I go to a booth and you can get socks because I have socks they are awesome socks and also tattoos which I was told after I almost put one in my face that they last about two weeks so I'm glad I didn't do that so we've got a really packed agenda they've given me this which I will break oh there we go it works I just keep hitting buttons there we go so we really have a packed agenda and I'm gonna get started quickly so I'm gonna introduce Ken onto the stage in a few minutes but first of all I'm gonna give a very quick introduction to our security practices and compliance I'm also responsible for a compliance at MongoDB and I'm going to briefly go over a cloud database or a cloud-based database Atlas and there'll be questions at the end so let's face it there's that there always has to be a privacy slide when it comes to security that's just what we do and our CTO Ilya Horowitz my boss mentioned in his MongoDB world keynote earlier this year that some data is considered so sensitive that people are scared to put data in the cloud to be honest I think people are scared to boot most data in the cloud I think that the things like field level encryption airlie get really going to change that for a lot of people and field level encryption is going to help you mitigate the risk of putting data in the cloud it happens entirely on the client-side field of encryptions built into every MongoDB driver and can all talk more about that and it's transparent to developers the MongoDB API doesn't change an additional it's going to help your privacy program so everyone is always looking to mature the privacy program it's not the easiest thing in the world to do but having field level encryption will definitely definitely help you with that well I just got really load okay sorry one of the most powerful features a field level encryption is how you select the encryption key you have many options you can have an encryption keeper collection or per field my personal favorite is an encryption key per user and this is particularly powerful it means that if I get fired if I don't do this speech very well the admin can search for all of my data very quickly throw away that encryption key which is kind of you know tripped or shred and then it makes my data unreadable and every replica set and backup so let's hope that doesn't happen right so we have a lot of regulations and certifications as I'm sure many of you have to go through before I worked at MongoDB I worked in fin tech and before that I worked for the power industry so both very heavily regulated industries so I brought that knowledge 20 plus years knowledge into MongoDB and we are definitely working to mature a compliance program so we just aligned our entire compliance program with the NIST cybersecurity framework I think it's important that you pick something that's got a common language that everyone can understand I always find that you know it's dry enough subject as it is compliance and risk management so if you bring in something like the the the the cybersecurity framework it's just a commonality of language that you can use with a whole bunch of people from developers to security people to marketing people to whoever you need to talk to your board they all understand what you're talking about so some of the different qualifications and regulations that we follow GDP are you know what GDP are is do we have anyone from the UK in the room apart from me oh one person yeah we can talk later probably over a large drink we are HEPA ready where this enables us to offer two covered entity entities and their business associates the use of a secured cloud database environment to process maintain and store pH I protected health information so that's really important unless you're sure health information that has to be secured the big one that we go earlier this year that I'm particularly proud of is ISO 27001 that was a lot of control that we had to go through over 300 which would I have to maintain as well PCI DSS for those of you who process credit card information you'll know about that one our cloud service has been validated as PCI compliant as I mentioned earlier we are compliant with the NIST CSF we've aligned account compliance program to the Ness CSF and then finally obviously we work with the federal government and these federal agencies must evaluate the data that they hold and they have to watch for the presence of sensitive data and then provide mechanisms to secure that data and our tool sets help them with that task so obviously these compliance certifications there's probably over 500 controls know that we have to meet and maintain and it really does feel a bit like a root canal without novocaine so apology so if there's any auditors in the room I used to be one so I feel your pain but with a managed solution using field level encryption and Atlas helps our customers meet a lot of these legal and regulatory obligations as well so we have a comprehensive monitoring feature and auditing capability and our customers can gather all the evidence that they have to get to keep their controls up today by using our software so let's get very quickly acquainted with MongoDB Atlas if this works there we go first thing is it self-service and it's elastic you can deploy modify and upgrade on demand you are in control of your database destiny its global we're available in 18 AWS regions covering the whole globe and this is a great option for geolocation to comply with GDP are for example some of you were just at the talk the previous talk on stitch and we offer a service platform service stitch which shows database and authentication triggers to react to changes in real time this is particularly so for customers who are looking for audit control audit trail all that kind of good stuff to keep with together security program up to date and also just maintain that compliance control we also have comprehensive monitoring or frisee offers deep visibility into 100 plus key performance indicators everyone loves KPIs you can link miss to something like Splunk and have the single pane of glass so your visibility with your data in real time we have managed backups with appointment time data recovery and my all-time favorite enterprise-grade security is built-in with rule based access control LDAP integration the whole nine yards so now that I've set the scene I am going to introduce Ken white onto the stage cane as a security principal at MongoDB and as a senior member of my security team so thank you Thank You Lina hopefully that you get a glimpse from Lina's introduction on some of the work we've been doing the last few years to meet some of the most demanding requirements of some of the largest systems in the world I think people may not necessarily be aware but the largest healthcare companies Pharma retail banks investment banks consumer tech automotive sort of you name the industry they're folks that are running critical workloads in our platform and so as important is the compliance and regulatory standards are in fact they're table stakes and in some respects we want to take a little bit of time to kind of think about how what our mental model is of database security alright so there's lots of different ways we could carve this up but sort of three core pillars of security that we tend to think about around authentication and authorization so access controls the way that we protect data on networks and the way that we protect data at rest so I think people are probably familiar with the term encryption in motion or encryption in transit and an encryption at rest those are the last two and then identity and access we'll kind of dive into a bit here so lots of different ways that we sort of demonstrate we're either the person or the service account that we claim to be there can be credentials simple passwords signet biometrics bearer tokens in the case of ntlm in the windows world ad Kerberos and so forth these are effectively contracts that say I can present a certain piece of information and a system that I'm trying to get access to identifies me is that you know as having an authorized role for that we have Hardware supplements to that so around the u2f and Fido key standards that have kind of evolved and then hardware mobile enclaves right so on our mobile phones there's been a lot of evolution in terms of the protections that can be afforded for additional two-factor authentication of course all these things as people are evolving systems are moving towards federated role based access controls and single sign-on and so forth all those are important the network itself so I think people know that sort of in the in the earliest form and actually in some ways there are still architectures that make sense to have data that are transferred between nodes within a system that are just using wire protocol plaintext right we evolved to SSL and as we found protocol flaws that kind of the constructions and the protocol techniques themselves were sort of enhanced and generally speaking now when people make rest calls or web services calls we're using TLS with forward secrecy so the idea is that if an attacker or an adversary were to capture Network you know information and somehow got ahold of keys the time window around the period where those data can sort of be reversed or decrypted is going to be limited storage encryption so there exists obviously hardware level mechanisms on on disks on physical media most of the time though when we're talking about an encrypted database what people actually mean is storage level encryption right so in the case of Windows this is BitLocker in the case of most Linux deployments it tends to be VM crypt and Lux in the Apple world file vault and so forth so those are important protections there do exist databases that allow you to do either table or collection level in the no sequel world down to individual fields and so some of these in some respects have been around for a while in fact I was talking to someone that I guess there were early versions of Lotus Notes that had a type of field level encryption but it's critical to understand where that encryption happens when we think about adversaries when we think about attacks and breaches the mental model that a lot of people have is well there's an outside you know there's an outside attacker there's an outside adversary the source of trust though for encrypted databases is a central model the idea is that the people who are operating this system consider DBAs system admins infrastructure providers themselves the notion is because of either performance reasons doing backups patches security you know patches and so forth or by nature of the role of people's positions they need to have access to certain information and it can be a confidential payloads right in the case of infrastructure providers if you have access to the hypervisor if you have access to the key management if you have access to to the compute node itself at some level you're saying well we trust that to compute data right let's take a mobile app right so I've got some sense of financial information I send to the database the database is encrypted I'm meeting some compliance standards so we're good well what are some of the implications of having a central model like this there's a whole digital sort of breadcrumb or a ecosystem around here County data store right there logs we do snapshots we do backups right there are temporary files that get built up over time and then fundamentally the process memory at some level at most encrypted databases are operating on plaintext so what happens if you're in a privileged position to view into these well you can get quite a bit of confidential information and let me be a problem so we shouldn't just think about at outside adversaries we should also consider what are the implied controls around our encrypted database one approach that people have taken and that we've looked at as well is client-side encryption the basic idea being that while data is in use it's encrypted at the application level before it gets to the server before it gets in maybe some context to a third party or some other provider or maybe even on-premise where you have high privileged administrators or DBAs that because of the nature of their job they need to have access to information but maybe they don't need to have access to say the entire HR database may I need access to all medical records on a system to do to do their work and so the notion of client-side encryption is encrypting it similar to the way that encrypted messengers work on your phone right so it doesn't matter who's intercepting and it doesn't matter who's hosting it it's been encrypted at the point of contact and by the time he gets to the third party it's already protected we started this project about two years ago so one of the things that we did was we had several conversations with clients and this this idea came up several times where we had customers that said we're running large workloads and and so to give you a sense of that I mean we have some financial customers that are doing sixty billion dollars a day a day on MongoDB we host some of the biggest gaming platforms in the world but sometimes those are lines of business sometimes their analytic sites sometimes their other maybe their mission systems but they're not necessarily you know running like super confidential workloads consider a record like this social security number street address maybe a phone a mobile phone maybe a healthcare record that can be kind of scary to think about being sort of shipped to a third party that you trust but how about if it looks like this what if all those digital breadcrumbs and kind of the ecosystem around a data store looked like this well then it opens up a huge number of use cases right because there are areas where it's not a matter of trust in the sense of I don't trust you as a person it's from an institutional perspective we can't tolerate a risk threshold for third-party providers working on these kind of sensitive data you know payloads but as soon as you sort of dip your toes into the water of encryption you're faced with well may we have really sophisticated and experienced software engineers but it doesn't take long to look at forums and you see things like this I've got a software development framework I'm gonna do something with AES right AES is good encryption I'm gonna use I don't know 256 bit AES now I've got 27 different options of how I do that and I don't know what it means so maybe I'll just pick first one or maybe I've read a few chapters into the book and so I know that we should be using a certain type of authentication of that payload so that if someone tampers with it you know we'll be able to detect it or we'll be able to reject that data but if I do this on one patent platform like Python and then I do it on Java and I'm getting different results these are tricky problems one of the best quotes I've seen on this is from the founder of this social bookmarking site called pinboard and people may know it but the it's a great quote because what he gets to is we've seen protocols where in the last few years and we're not talking about timing attacks or side-channel attacks because those are kind of academic I'm talking about single bit level biases in decryption individual bits were enough to kind of unravel the thread to completely deconstruct and undermine the confidentiality of data it's it's as if it's a fragile complicated endeavor where yeah maybe there are software frameworks maybe there SDKs maybe there plugins but it's hard to get things right and it's hard to know the right choices we don't want developers having to face that what does this mean encryption is a first-class service in some respects MongoDB client-side fill level encryption isn't new I mean the fundamental building blocks have been around in some cases for two decades if you have a web app now or a web service where you've got really confidential information sort of going back and forth right now today in most languages you can get some kind of software development kit plug it in make some of those choices on the options and do things the problem is when we looked at this and when our customers looked at it they said we've got a lot of code we don't want to have to rewrite our queries we don't have to rewrite our all of our applications and by the way a lot of SDKs allow us to encrypt data and if we pull the entire record back we can sort of decrypt it client-side but we can't search it so I don't really have a database anymore if I can't search if we're doing a new if we're building sort of greenfield if you ask a cryptographer you're going to be running really sensitive payloads on a system how would you build how would you build a client-side encryption you get a lot of different answers then if you're supporting in some cases 14-year old legacy long-term distros if you're supporting things where the system cryptography libraries may have been around for years and they're established and you don't have some of the kind of new or more modern constructions because MongoDB runs everywhere and I mean everywhere so our build system something we call evergreen has something like 36 standard intersections of operating system distro a level you know the hardware platform so arm Intel IBM zseries and longer DB supports 12 different languages officially and in the broader ecosystem of developers there's like 20 languages that are supported moving something from a simple kind of sea based library to something that can work both in Ruby and PHP and C sharp and Java and go and know - I thought that's a little tricky and we wanted to make it as seamless as possible for developers no matter what language they're using so where does it run a MongoDB Atlas if you're doing self-manage if you've got mission workloads that because of regulatory requirements you've got to run on go cloud we can do it there if it's on Krim use cases it works there we also made a lot of work to make sure that if you're a developer you shouldn't have to have any internet connection you should be able to be doing lots of development you know really sophisticated kind of work without having to touch the internet at all in an offline mode so usually systems have a limited amount of confidential information let's say you're storing three or four hundred different kinds of field records within a system maybe you want a single key maybe you want lots of keys maybe to have on a per-user basis in per application user maybe multiple keys per feels depending on the use case what you don't want to do is you don't want to have a full round-trip sorry you don't have a full round-trip to a key management service so one of the best practices that Amazon advocates and it's sort of generally accepted in the field is the idea of envelope encryption we'll get to that in just a second from a developer's perspective we took the json schema which is a it's existed for quite a while but i'm not sure a lot of developers are aware of this the basic idea is that within a flexible schema you can say I've gotten certain high data fidelity needs and so for this field it's got to be a date and it's always gonna be date or this has to be a string or maybe this is a number and that's got to be between 1 and 100 so the JSON schema has existed for a while it's not widely used but it's sort of been there and it's sort of a first-class citizen we extended that with an encrypt property what it means is that any field in the collection can be locked as as encrypted keys can be done on a per field or per document basis so there are some trade-offs that write if the database is suddenly oblivious or blind to the data that is it's computing you can't do things like geospatial you can certainly encrypt a longitude and latitude and retrieve it back that's fine but you can't ask an encrypted database give me everything within 5 kilometers of this encrypted field it just doesn't work because it doesn't know the first the underlying sort of actual data for that first coordinate and it also doesn't know the you know the plaintext for those you know nearby neighbors range queries so you can't say give me a through m of customers who have encrypted their last name so there are some trade-offs that way will offer different reference architectures on how to deal with that it turns out there's lots of different options you can use and and some have really better performance profiles you could do arrays but you have to do it at a top level so it's it's a little in the weeds but arrays are similar to sub doc in the sense of you can have multiple addresses multiple properties multiple contact members that sort of thing and so within the context of a sub document its fully supported arrays not so much unless you encrypt at the top level there are certain types of aggregation pipeline filters again generally around things like you know limits of indexes on encryption where the database is kind of oblivious in general though about 80 percent in the use cases we're seeing from customers this fits really well so the use cases you can imagine span everything from PII to HIPAA controlled systems some of our first beta adopters on this program we're dealing directly with patient care records and insurer data it's a financial data as well you can literally encrypt card data and search for that and use indexes on those so you can you can say I want this social security number or I want this credit card number there are lots of things in in the industry now that sort of work around this by proxy and other things if you've ever had to deal with a tokenization system or talk to the architect who has they can be pretty painful we didn't want to have to do that we want to be able to make it a first-class citizen in the query itself easy to use if you've got queries that are sort of optimized for credit applications you know there's simple insert update delete operations you should be able to run that unmodified we want strong security guarantees as I mentioned there's lots of different options and encryption and there's classic kind of performance and sort of usability trade-offs with this customer manage keys so it's crucial to understand those keys only live on the application side they're never seen by the database they're never seen in the DBAs or the admins or in the case of MongoDB Atlas by our staff as well the contents opaque to the server and the server operator how do we do it so the key building blocks are I am kms itself and then within the system we use key stores so the idea is that you can have maybe one or a hundred or a thousand or a million local that are part of your collection and I'll show you how that works in just a second kms I think folks are probably familiar in general with the service its high availability there's a couple different options but effectively it's a global service it's backed by excuse me certified Hardware where in certain regulated contexts that really is crucial maybe if FIPS certification or the kind of things that the use cases where you need Cloud HSM for example so as I mentioned envelope encryption I don't want to making a lot of round trips the key management service the database should keep data as local as possible as long as possible to the extent that I know it's fresh so what we use is this notion of envelope encryption the ideas I've got a master key or multiple master keys and they encrypt other keys they encrypt data keys then we can store those keys in mass in your own collection now why would you want to store data keys if you just told me you don't trust the database they're encrypted data keys if you trust a DES to protect your data you should trust AES to protect your keys I am so lots of different ways to combine I am policies both for service accounts and for people accounts rules can be inherited and combined so within the context of kms there's lots of different options you can do directories indexes searches all kinds of operations we wanted to make it so that it's possible to have a key is narrowly scoped as possible just a read or oh sorry just an encrypt or decrypt operation only you can combine these together as I said to get a number of kind of sophisticated flexible access policies so I am effectively protects kms and there are lots of different ways to control that of course there's the cloud trail auditing capabilities you can do origin whitelist on the key itself so you can say don't even allow a web service request to kms to do an incredibly cryptic less its originating from this IP address you can also do 2fa programmatically on KMS request i think a lot of folks may not be familiar with that we've got some example code up on on github links back to our Docs the service ID feature rather I should say is still in beta we've been previewing it for probably four and a half months or so now but effectively the flow is this you create a master key with mental permissions you create an IM role you assign the master key role to a service account and then if you have people account so for example maybe you have a web service that calls KMS but you've also got analysts where you want to individually you know manage their credentials or their time window for access to a project you can do that as well so let's consider say a billing system an app server we've got two service accounts different identities in the case of people those can be set at the top level so maybe I only have access to billing records Bob's got lab results patient results and so forth in this healthcare application and then we've got a power user Alice who can see everything let's say we have a sensitive healthcare application it's going to send PII type data to MongoDB when it sends it to the application the MongoDB driver will intercept that and say well this collections been marked as encrypted so I need to do something with it I need to go to the key store I need to bring that back if it's not already cached if I don't have it this the first time it's been requested then I make it to kms and I come back now that I've got that I encrypt the data and then I've had passed that on to the database if you're looking at this as an administrator so this is the expedite Explorer view within a MongoDB Atlas but it would look the same if you were doing you know another kind of graphical admin tool you'll just see binary data so the underlying primitive data type is been data and so what that means is all your existing replication tools so things like backups imports snapshots all those things will continue to work because these are already known primitives within MongoDB so in the earlier example we had different people roles that were tied to these different iam policies you can also modify those on the fly and so when that happens not only sorry not only are you limiting what is possible by policy or by procedure you're technically eliminating the - you cannot decrypt that data if the person with that I am role doesn't have access to the system quick note about cryptography we'll be doing a couple of papers coming out probably in the next two weeks I'll leave this here mostly for review and happy to talk to folks kind of in depth later but the basic notion is we're calling out to the native operating system libraries for the crypto primitives we didn't want to roll anything ourselves if you trust Windows and the Windows domain if you trust maybe red hat that has some kind of hip certification run open SSL you can continue to use those if you have a job application in SS or some other crypto provider you'll continue to use these are authenticated encryption techniques which means the slightest alteration and the decryption fails they're tamper resistant they're both abuse resistant and misuse resistant and more to say about that soon one of the things I should say on this final bullet here we think we're pretty good at building distributed systems we've got like five or six hundred engineers at MongoDB a lot of them are really specialized capable seniors you know software engineers but they're not cryptographers they're not professional cryptographers so one of the decisions we made very early on was we wanted to work with some of the best people in the field who break database encryption we wanted to work with people who break authenticated encryption and want to work with people who who work at the intersection of software security and cryptography so things like buffer overflows things like the way the keys are managed the way that plaintext leaks might happen the way that third-party libraries might have some kind of you know network profile or something to be aware of and so we actually of working with three different teams one group in out of Brown University I'm not sure folks familiar but Seneca Mara and his team they've done some pioneering work around encrypted search and they've done a formal quick analysis of our client-side fill level encryption implementation we worked with Kenny Patterson in the you who's been a co-author on some of the standards for authenticated encryption and then lastly JP Amazon and his firm who did the crypto audit for Facebook's Libre crypto coin has worked with this from the very beginning on the design phase understanding the security properties and then doing as I said a formal crypt analysis so we'll be publishing those probably the next two weeks or so so I'm gonna develop our what does this mean there's basically four steps you create a data key you create a JSON schema that says for this particular field it should be a string and the key associated with it is this you can create that JSON schema either on the client or the server you could do it on the server to make administration easier and do change control a little bit easier but if you're really unsure or the security profile of the payloads that you're running our such that you have to have the strongest security guarantees possible then you want to run that client-side you do a MongoDB client connection the way you always have whether it's in the shell or through this language and then you do your query the driver will intercept those inserts updates deletes and modify it on the fly using the associated keys and using the Associated schema maps to do that translation it happens seamlessly kind of underneath the hood that's on well if you can imagine the left side said find patients with a certain social security number you can't actually ask the database for that right I can't ask the database where social security number 901 etc because well one it wouldn't match because they're encrypted but - you don't want that information in the logs so you actually have to do real-time translation from this is the plain text - this is the encrypted value although with this you kind of got the bonus of both here I guess about performance so I think folks are probably familiar with the TPC benchmarks it's kind of a you know a standard that's been used for two decades Ostia spent quite a lot of time over the last year porting TPC to a no sequel kind of model using a document and sort of approach but we wanted to come up with kind of a standardized way to do that and that's been published in the ACM proceedings we've got a couple peer-reviewed papers that look at that and so we decided that actually make sense to understand relatively when for the level encryptions turn on and when it's off and depending on different query profiles how that looks and so we've got some benchmark data coming out pretty soon on that the why CVS benchmarks this is the Yahoo Cloud benchmarks so Python on the top and then Java on the bottom in a nutshell if most of your operations are read write heavy that's sort of optimal if you're doing we had one customer that had an on-site consult they were generating about 10,000 keys per second because of their particular use case and it turns out that there is a performance hit we save them about 600 percent you know speed up with some optimization but then we look at the wall clock it was only like 2 milliseconds so yes if you go from Microsoft you know milliseconds to a few milliseconds then you know in a batch context you're probably not that sensitive to it we really are trying to optimize a cache to limit the cost both in terms of network cost and performance but also just cost of the service calls to kms interestingly most Linux distros have a fairly moderate level of the s aclinic SPRO file or sort of the equivalent in different distros we do this we do this operation where when the driver sends a query we analyze we basically parse that that the this the no sequel structure for that so there's a there's almost like a I wouldn't say a formal grammar but there's a formal parsing tree that we we walked through one of the biggest engineering efforts we did we we thought like 90% of the work was gonna be around encryption and stuff like the the core cryptography that was probably a fraction like 5 or 10% of the work what was a huge amount of work was to take the the no sequel parsing engine our query engine moving it from a sequel codebase to all these different languages that's what took a lot of work and so one of the ways that we do that is we make local domain socket calls it turns out that on some distros those are logging more aggressively than database itself the fact that you've asked for a local host lookup gets logged so we're we're still working on some of our performance guidelines around that what's the road map look like going forward we're looking at cloud age of sims and came up integration we've got some additional query features so there's some things that are just fundamentally limitations of an encrypted system there are other things that just need some additional engineering to sort of enable so there's certain limitations on materialized views and things of that sort but we feel we've these are all published on a documentation site the vast majority of crud operations are fully supported from v1 we've had a lot of customers ask about key rotation so that's sort of built into kms when you create a master key you can say automatically rotate it like you know once a year or however many months we had customers that came to us and said yeah but we want to be able to not only rotate keys but rekey you know data that's encrypted within these larger collections and so we're putting some improved tooling around that effectively you could do it in about ten lines of Python but you know we wanted stronger security guarantees and integrity guarantees enhanced encryption search options so most of the engineering over the last two years was taking the the parsing engine and making it abstract Abul but part of that process was also taking the encryption capability as a plug-in so we offer deterministic we offer a randomized encryption I'll show you that in just a second but more importantly we've got a pluggable encryption option now for mungus data stores so lena talked about some of the advantages of the MongoDB cloud our Atlas service stitch some of our other platforms I don't think most people in the room need to be convinced too much about the advantages of cloud these are our capabilities security practices protecting the company chill update it while it's in use is the key part of doing client-side encryption you can leverage kms and I am with these local P stores client-side encryption allows it to be done as seamlessly as possible and transparent as possible to the developers we think that's really powerful lots of different use cases it's available in MongoDB 4.2 we've got some links here QuickStart guides I think we've got Java node c-sharp Go Python and others are coming we're literally updating sample code and Doc's each day so please take it for a spin try it out we've been in beta as I said for about three and a half four months so we'll be releasing this to GA very very soon and I should also mention all the core crypto framework is Apache license so it's all up for review on github you can take a look you can understand what we're doing inspected give us feedback we we invite that and we welcome it so we've been working really hard for last two years we're thrilled to show this to the world and happy to open it up for questions [Applause]