Symphony Blog


Developing Mobile Apps? Ask Yourselves These Security Questions

Developing Secure Mobile Apps

Recent reports have surfaced about the significant rise in cyber attacks targeting mobile devices. The year 2014 alone saw a 500% growth in mobile software-based attacks. Many companies, consumers, and mobile developers are now left wondering, “How can I be sure my mobile apps and devices are secure?”

Read More

Data Security at our Core: A Layered Approach

Recently, the security of digital communication platforms has been under fire and questioned by many who are using these tools to talk with colleagues, friends and family. Here at Symphony, security is part of our DNA – and while no system is bullet proof, we know that any growing network will become a target for hackers. With security as the foundation of our platform, we plan to always stay one step ahead of our potential threats.

Read More

Security as the Foundation

The numerous (and public) security breaches in 2014 have clearly illustrated the need for everyone to improve their data security and privacy practices.  Gigaom has even declared 2015 as “The Year of Encryption,” focusing on what companies such as Apple and Google are doing this year to make improvements. And finally, governments and businesses of all sizes are beginning to take action by improving their cybersecurity practices.

Read More

It Isn’t Always Good to Be Popular

According to SplashData’s annual list of the 25 most common passwords found on the Internet, “123456” maintains the top spot. And as the most popular, it’s also the worst!

Read More

Click here if you agree: Demystify the Privacy Policy

We’ve all had this experience: You’ve found an exciting new website / tool / service that you can’t wait to use. It’s going to make your job – no, your life! – that much simpler, better, more exciting. And just after you’ve picked the perfect screen name and password (a strong one, of course!), that little Privacy Policy checkbox appears.

Read More

Symphony and Security: What You Should Know

Symphony is built with security at its core. The content our enterprise customers exchange using our service is some of the most valuable information in the world, and we accept the responsibility to protect that data. To make this happen – while not making Symphony clunky and difficult to use – has taken focus and resolute commitment by our team.

Read More

One in Three Healthcare Customers Will Have Records Breached in 2016 – Are You Ready?

On a recent visit to a new doctor, I arrived the requisite 15 minutes early, expecting to be greeted with the usual clipboard of grainy photocopied forms to fill out.

Read More

Forward security: what it means, why you should care

Much has been said about Symphony’s layered security model, which couples end-to-end encryption with client-controlled key generation and storage. And of course, there is the debate about encrypted messaging currently occurring on the international stage. But what the team here talks a lot about is how we can build an adaptable system with the ability to recover from whatever the world throws at us.

Read More

Symphony: Making the Impossible a Reality

As the Chief Security Officer at Symphony, I occasionally overhear comments that the security model of Symphony is so powerful that the promises we’ve made are probably not achievable.

Read More

Humans, Still Our Greatest Security Challenge

You’ve seen it before: an email from your manager telling you take urgent action, file attached. Even if the project doesn’t ring a bell, it’s your boss telling you to do it, so everything’s in order right? Maybe not.

Read More

Symphony joins the EU-U.S. Privacy Shield framework

It’s June 2015.

Your company, PrivacyCo, has offices in the U.S. and the bulk of its clients are located in Europe. PrivacyCo routinely transmits employee personal data from Europe to the U.S. for storage, analysis — whatever is needed to get the job done.

Read More

Symphony and “Responsible Encryption”

The FBI has raised the alarm that cutting-edge encryption technologies enable criminals and terrorists to shield their wrongdoing from detection and investigation. To prevent wrongdoers from “going dark,” they have urged those who manufacture digital systems to engineer mechanisms to ensure law enforcement access to encrypted records.

Read More

Wrestling with GDPR Compliance?

The General Data Protection Regulation (GDPR) is a new data security and privacy regulation for enterprises conducting business in the European Union. It requires strengthening of controls on how enterprises protect, use, and share their customers’ data.

Read More

Do You Know Who has Access to Your Company’s Collaboration Data?

Your most widely used business tool – your collaboration platform – may be putting your business at risk.  No one wants to experience a data breach.  What is the cause of this risk?

Read More

Why Slack’s Customers Really Do Need End-to-End Encryption

Earlier this month, Slack’s CSO made public comments stating that its customers aren’t interested in end-to-end encryption, so it’s not a priority for the company. For a company which claims to be the platform "where work happens,” this decision to dismiss such a powerful tool to protect their customer data is concerning, especially when it comes from their top security executive.

Read More

Don’t be Slack on Security

It seems like Slack may finally be realizing the importance of security, despite their CSO’s recent public comments dismissing end-to-end encryption. While we found this comment puzzling, Slack’s quick backtracking is even more so.

So is security a priority for Slack, or is it not? Let’s take a look...

Read More

Slack Gets A Little More Security, But Is a Little More Enough?

As security and privacy become increasingly important concerns for businesses and consumers alike (see Facebook’s recent strategic pivot), it’s not surprising that collaboration vendors are busy adding new security measures to their products.

Case in point: on Monday, Slack announced GA of Enterprise Key Management (EKM), a feature which they pre-announced last September, and of which we wrote about in our blog at the time.

Slack’s blog post announcing EKM provides a bit more detail about the service, and directly calls out use cases for "high-regulated industries like financial services" in their messaging. Clearly, Slack is noticing that its service doesn’t cut it for large enterprises who are concerned about compliance or security. But let’s take a closer look at Slack’s EKM offering and what it does - and doesn’t - offer.

Read More