Posts by Lawrence Miller
Encryption Isn’t Just About Confidentiality, But Integrity
People typically think about encryption as the best way to ensure that communications are confidential. But there’s another use that’s equally important and often overlooked - protecting data at rest, which includes the integrity of records where they are stored.
Symphony and “Responsible Encryption”
The FBI has raised the alarm that cutting-edge encryption technologies enable criminals and terrorists to shield their wrongdoing from detection and investigation. To prevent wrongdoers from “going dark,” they have urged those who manufacture digital systems to engineer mechanisms to ensure law enforcement access to encrypted records.
Wrestling with GDPR Compliance?
The General Data Protection Regulation (GDPR) is a new data security and privacy regulation for enterprises conducting business in the European Union. It requires strengthening of controls on how enterprises protect, use, and share their customers’ data.
Do You Know Who has Access to Your Company’s Collaboration Data?
Your most widely used business tool – your collaboration platform – may be putting your business at risk. No one wants to experience a data breach. What is the cause of this risk?
Why Slack’s Customers Really Do Need End-to-End Encryption
Earlier this month, Slack’s CSO made public comments stating that its customers aren’t interested in end-to-end encryption, so it’s not a priority for the company. For a company which claims to be the platform "where work happens,” this decision to dismiss such a powerful tool to protect their customer data is concerning, especially when it comes from their top security executive.
The Inherent Problem with Data
No one should be surprised about the recent news that Facebook gave some companies special access to user data, allowing them access even after the company had made policy changes restricting it for others. This is the inherent problem with giving control over your data to any technology provider.
Balancing Security and Business Continuity
In an effort to protect against certain security risks, companies can inadvertently create new ones
One of the more curious news items circling on the internet recently includes this story about a young crypto trader who passed away sadly and suddenly - and with his death, the password to $190 million worth of his clients’ money was lost.
Because of the nature of the cryptocurrency industry, many companies use offline wallets and secure messaging tools to keep data safe. Companies sometimes turn to consumer security solutions for good reason: the cloud can be an unsafe place to store things like millions of dollars, and consumer tools have historically provided stronger and more robust end-to-end encryption than enterprise solutions. In this case, however ironic, it’s exactly because QuadrigaCX’s CEO used personal consumer encryption tools that millions of dollars are now unrecoverably locked away.
Slack Gets A Little More Security, But Is a Little More Enough?
As security and privacy become increasingly important concerns for businesses and consumers alike (see Facebook’s recent strategic pivot), it’s not surprising that collaboration vendors are busy adding new security measures to their products.
Case in point: on Monday, Slack announced GA of Enterprise Key Management (EKM), a feature which they pre-announced last September, and of which we wrote about in our blog at the time.
Slack’s blog post announcing EKM provides a bit more detail about the service, and directly calls out use cases for "high-regulated industries like financial services" in their messaging. Clearly, Slack is noticing that its service doesn’t cut it for large enterprises who are concerned about compliance or security. But let’s take a closer look at Slack’s EKM offering and what it does - and doesn’t - offer.