Symphony Blog

Posts by Lawrence Miller

Encryption Isn’t Just About Confidentiality, But Integrity

People typically think about encryption as the best way to ensure that communications are confidential. But there’s another use that’s equally important and often overlooked - protecting data at rest, which includes the integrity of records where they are stored.

Read More

Symphony and “Responsible Encryption”

The FBI has raised the alarm that cutting-edge encryption technologies enable criminals and terrorists to shield their wrongdoing from detection and investigation. To prevent wrongdoers from “going dark,” they have urged those who manufacture digital systems to engineer mechanisms to ensure law enforcement access to encrypted records.

Read More

Wrestling with GDPR Compliance?

The General Data Protection Regulation (GDPR) is a new data security and privacy regulation for enterprises conducting business in the European Union. It requires strengthening of controls on how enterprises protect, use, and share their customers’ data.

Read More

Do You Know Who has Access to Your Company’s Collaboration Data?

Your most widely used business tool – your collaboration platform – may be putting your business at risk.  No one wants to experience a data breach.  What is the cause of this risk?

Read More

Why Slack’s Customers Really Do Need End-to-End Encryption

Earlier this month, Slack’s CSO made public comments stating that its customers aren’t interested in end-to-end encryption, so it’s not a priority for the company. For a company which claims to be the platform "where work happens,” this decision to dismiss such a powerful tool to protect their customer data is concerning, especially when it comes from their top security executive.

Read More

The Inherent Problem with Data

No one should be surprised about the recent news that Facebook gave some companies special access to user data, allowing them access even after the company had made policy changes restricting it for others. This is the inherent problem with giving control over your data to any technology provider.

Read More

Balancing Security and Business Continuity

In an effort to protect against certain security risks, companies can inadvertently create new ones

One of the more curious news items circling on the internet recently includes this story about a young crypto trader who passed away sadly and suddenly - and with his death, the password to $190 million worth of his clients’ money was lost.

Because of the nature of the cryptocurrency industry, many companies use offline wallets and secure messaging tools to keep data safe. Companies sometimes turn to consumer security solutions for good reason: the cloud can be an unsafe place to store things like millions of dollars, and consumer tools have historically provided stronger and more robust end-to-end encryption than enterprise solutions. In this case, however ironic, it’s exactly because QuadrigaCX’s CEO used personal consumer encryption tools that millions of dollars are now unrecoverably locked away.

Read More

Slack Gets A Little More Security, But Is a Little More Enough?

As security and privacy become increasingly important concerns for businesses and consumers alike (see Facebook’s recent strategic pivot), it’s not surprising that collaboration vendors are busy adding new security measures to their products.

Case in point: on Monday, Slack announced GA of Enterprise Key Management (EKM), a feature which they pre-announced last September, and of which we wrote about in our blog at the time.

Slack’s blog post announcing EKM provides a bit more detail about the service, and directly calls out use cases for "high-regulated industries like financial services" in their messaging. Clearly, Slack is noticing that its service doesn’t cut it for large enterprises who are concerned about compliance or security. But let’s take a closer look at Slack’s EKM offering and what it does - and doesn’t - offer.

Read More