It’s Data Privacy Day: How To Make Your Business More Secure - Security Boulevard
It’s Data Privacy Day: How To Make Your Business More Secure - Security Boulevard |
- It’s Data Privacy Day: How To Make Your Business More Secure - Security Boulevard
- 12 Essential Apps for Protecting Your Privacy Online - PCMag.com
- Last Week In Venture: Eyes As A Service, Environmental Notes And Homomorphic Encryption - Crunchbase News
- MY TAKE: PKI, digital certificates now ready to take on the task of securing digital transformation - Security Boulevard
| It’s Data Privacy Day: How To Make Your Business More Secure - Security Boulevard Posted: 28 Jan 2020 12:00 AM PST Data privacy is important all year long. But since January 28th is the Data Privacy Day, it can be a good reason to review your current situation and strengthen the protection. Here are five suggestions on how to take better care of your information online. Start With sTr0nG! Password No amount of protection can help you if you lock your accounts with a weak password. You probably have heard this many times before but use sTr0nG! passwords with upper- and lower-case letters, numbers, and symbols. In various breaches discovered passwords show that 123456, "password" and 123456789 are the most popular ones. It doesn't take a genius to crack such passwords. The problem is that not only people are trying to guess your passwords, but computers are doing it too. They use a technique called brute-forcing: they try every possible combination until your password is identified. The possible password combinations are endless, but computers can try thousands of guesses per second. They start guessing with words from the dictionary. Therefore, to be safer, try to be as random as possible. Don't Trust The Default When creating a new account online or installing new software, there are always terms & conditions for it, but have you ever read it? According to the Deloitte survey, 97% of the 18-34 age group agree to conditions without reading them. Sohail Khan warns on Hacker Noon: "Product managers understand this. They spend their lifetimes understanding user behaviors." When agreeing with default settings, you might be giving away more information than necessary. The good thing is that it's not too late to alter your settings. You can check them and share only that data that is significant for the app or account. Encrypt Your Messages Have you ever noticed that you chat about something with your friends on messenger, and then you start to see the same something in your newsfeed? That is not a coincidence. Messenger is actually scanning texts, photos, and links you send or receive. To avoid that, you should use messaging apps that encrypt your messages, such as Telegram, or Signal. Balys Krikščiūnas, CEO of hosting provider Hostinger, says: "Text encryption can help not only to avoid unwanted marketing but also to protect work-related discussions of new products coming to market, sending files with private financial data, or sharing sensitive family information." Take Care Of Your Phone When taking care of your data safety, don't forget your smartphone. If you use your phone on a daily basis, you probably have various accounts logged in – email, social media, bank account. If someone gets their hands on your phone, they can not only access your accounts but also take over them by using email to change passwords. Loss can be even bigger if your bank account gets compromised. To prevent information or even financial loss, always lock your phone. Pew report states that nearly 30% of smartphone owners don't use a screen lock. And this decision can be vital if you leave your phone unattended, or it gets stolen. When possible, use two-step authentication and additional locks for sensitive apps. Take Your Data Back Even though you gave your data away once you created your social media account or registered for some loyalty program, you can try to get your data back. The California Consumer Privacy Act (CCPA) and the European General Data Protection Regulation (GDPR) make it mandatory to delete personal data if the person asks for it. In the New York Times article, Kashmir Hill highlights: "some companies have decided to honor the laws' transparency requirements even for those of us who are not lucky enough to live in Europe or the Golden State." So, you can check your current and previous accounts and logins, and ask to delete your data from their databases. You should be conscious of your personal data all year long. But take this Data Privacy Day as a reason to check and strengthen your privacy. Start with stronger and safer passwords. Check your current accounts and software to alter default settings to your favor. Start using encrypted messaging platforms to secure your personal conversations. Remember to look after your smartphone by using a reliable phone lock. And ask to delete your personal information from old accounts and other no longer relevant places online. *** This is a Security Bloggers Network syndicated blog from Security – TechSpective authored by Ram Kezel. Read the original post at: https://techspective.net/2020/01/28/its-data-privacy-day-how-to-make-your-business-more-secure/  |
| 12 Essential Apps for Protecting Your Privacy Online - PCMag.com Posted: 29 Jan 2020 12:00 AM PST It's easy to feel that personal privacy is a dead issue. Once you go online, your every action is exposed, either through data lost in a breach or misuse by advertisers and online merchants. But don't give up hope. You don't have to go totally off-grid to retain or regain control of your privacy. Smart people around the world have come up with a variety of programs to attack the problem from different directions—embracing apps that range from VPNs to email providers that don't spy on you or share your data. You may have to lay out a little cash, but the alternative is using free services that pay themselves by monetizing your private data. The Email Nightmare, Part 1Like the internet itself, email was invented by optimists and academics who never dreamed that anyone would misuse it. Read someone else's mail? How rude! Fill up inboxes with unwanted junk mail? They had no idea what was coming. One type of privacy app aims to protect the content of your email conversations from snooping and tampering. Private-Mail, ProtonMail, and StartMail let you lock down your communications using a technique called public-key cryptography. They use a protocol called PGP (Pretty Good Privacy) to generate a pair of keys, one public, one private. To send me a secure message, you encrypt it with my public key, and I decrypt it with my private key. Simple! This same technology also lets me send you a message that's digitally signed, guaranteeing it came from me, with no tampering. I simply encrypt the message with my private key. The fact that you can decrypt it using my public key means it's totally legit. ProtonMail and StartMail automate the key exchange process with other users of the same service, while Private-Mail requires that you perform the exchange yourself. With any of these, you can exchange secure messages with anybody who provides a public key. Of course, not everyone has embraced public key cryptography for their email. With StartMail and ProtonMail, you can send encrypted messages to non-users, though you don't get the same level of open-source security. The service encrypts the message using a simple password, and you transmit the password via some avenue other than email, perhaps a secure messaging app. The Email Nightmare, Part 2With the contents of your email conversations encrypted, no hacker can sniff out just what you're saying. However, your email address itself is exposed any time you send a message, buy a product online, or sign up for any kind of internet-based service. That might not sound problematic, but your email address is typically your user ID for many sites. A hacker who finds your email and guesses your weak password now owns the account. And, of course, having your email address floating promiscuously around the web just invites spam. But how can you communicate without giving a merchant or service your email? The solution lies in a simple technology called a Disposable Email Address, or DEA. The DEA service provides and manages these addresses, ensuring that mail sent to them lands in your inbox, and that your replies seem to come from the DEA. If you're done dealing with a particular merchant, or if one of your DEAs starts receiving spam, you just destroy it. Burner Mail, Abine Blur, and ManyMe are among the services offering DEA management. ManyMe is unusual in a couple of ways. First, it's free, which is uncommon. Second, unlike most such services it doesn't make you register a new FlyBy email (as it calls them) before using it. Say someone at a cocktail party asks for your email. You can make up a FlyBy address on the spot, without giving your actual email away. Abine Blur takes the concept of masking your actual identity online to the next level. Besides masking your email address, it offers masked credit card numbers, different for each transaction. You load the masked card with exactly the amount of the transaction, so a sleazy merchant can't overcharge you or use the card again. It even lets you chat on the phone without giving your actual number. It's worth noting that Private-Mail and StartMail also offer a modicum of DEA management. StartMail lets you manage up to 10 permanent DEAs, and an unlimited number of DEAs set to expire within two weeks or less. Private-Mail offers five alternate email identities, without full DEA management. Throw the Trackers Off the ScentAs they say, if you're not paying, then you are the product. You can surf the internet endlessly without paying a fee to visit specific sites, but those sites still work hard to monetize your visits. Advertising trackers plant cookies on your system, taking note when a tracker from an ad on a different website encounters that same cookie. Through this and other tracking methods, they form a profile of your online activity, a profile that others are willing to pay for. Some years ago, the Internet's Powers That Be, recognizing that many users prefer not to be tracked, ginned up a simple Do Not Track message to be sent by the browser. This DNT system never became a standard, but all the top browsers adopted it anyway. It had no effect, because websites were and are free to ignore the header. In place of the ineffectual DNT header, many security companies started devising active systems to identify and block ad trackers and other trackers. You'll find this feature as a bonus in many security suite, and in some privacy-specific products. Abine Blur, Ghostery Midnight, and ShieldApps Cyber Privacy Suite offer active DNT. Unlike most such implementations, Midnight deters tracker requests in any internet-aware application. The trackers, in turn, invented a different technique for identifying individuals across different websites, relying on the ridiculous amount of information supplied to each site by your browser. This ranges from your IP address and browser version down to minutiae like the fonts installed on your system. There's so much information that trackers can create a fingerprint that's almost sure to identify you, and only you. So, what can you do? Make a liar out of your browser, that's what. TrackOff mixes up the data sent from your browser so it's different for each website. Cyber Privacy Suite also scrambled your fingerprint. Important info still reaches the site, but not in a consistent way that could be fingerprinted. Steganos Privacy Suite once included a component to foil fingerprinting, but the latest edition has dropped that feature, along with its active Do Not Track component. Using a Virtual Private Network, or VPN, disguises your IP address but leaves plenty of data unchanged for the fingerprinters. Even so, keeping your internet traffic encrypted and having your IP address hidden are valuable ways to protect your privacy. In addition to their other privacy components, Ghostery Midnight and Cyber Privacy Suite include VPN protection. Passwords Protect PrivacyPasswords are terrible, but we don't yet have a universal replacement. For security, you must use a different non-guessable strong password for every secure site. The only way anybody can accomplish that feat is by relying on a password manager. Unless you use a different strong password for every website, a data breach on one site could expose dozens of your other accounts. In a perfect world, you already have an effective password manager in place, and you've taken the opportunity to fix any weak or duplicate passwords. On the chance you aren't already equipped, some privacy products have taken to including password management as a bonus feature. Abine Blur, for one, offers a complete, if basic, password manager. It even rates your passwords, giving extra credit for those logins that also use a masked email address. You can get Steganos Password Manager as a separate program or as part of Steganos Privacy Suite. Either way, it's not a standout. You're probably better off with a top-notch free password manager. Cyber Privacy Suite seeks passwords stored insecurely in your browsers and moves them to encrypted storage, but doesn't do any password management beyond that protective step. Icloak Stik is a tiny, bootable USB device that provides you with an entire private operating system; more about that below. Within that private OS, it offers the One Ring password manager built into the Tor Browser. That's important, because your existing password manager won't work in the Icloak environment. Many Other ModesJust as your private data can be exposed in many ways, software companies find a variety of ways to protect it. One unusual service comes from Abine DeleteMe. Rather than create disposable email addresses, this service attempts to clean up your existing email and other personal data. It searches dozens of websites that legally aggregate public information. Wherever it finds you, it sends an opt-out request to remove your data. This process can't be fully automated, so DeleteMe is relatively expensive. Icloak Stik takes privacy to an extreme. You plug this tiny USB device into any PC, Mac, or Linux box and reboot. The Linux-based operating system that comes up resides entirely on the USB device. If you don't need to copy any files to the device, you can pocket it after booting up. And you can hide your IP address by going online with the Tor Browser. Once you shut down the host device, all traces of your session vanish. If a malefactor steals your laptop or otherwise gains access to your PC, your private data could still be safe, provided you've encrypted it. We've covered numerous products solely devoted to encrypting files, folders, or whole drives. Some privacy products broaden their protection by including encryption. Steganos Privacy Suite, for example, includes the Steganos Safe encryption tool, also available as a standalone product. Private-Mail goes beyond the usual features of encrypted email by giving you an online area to store encrypted files. You can encrypt files using PGP or using a simple password, and you can even share your encrypted files with others. Protect the ProtectorsWhen you set up an encrypted email system or a disposable email address manager, your account password is a potential weakness. If you use an easily-guessed password, or if a stranger shoulder-surfs your login, you could lose control of your own privacy protection. That's where two-factor authentication comes in. The concept is simple. With two-factor authentication, logging requires at least two of the following: something you know (such as a password); something you have (such as an authentication app); or something you are (such as a fingerprint). Quite a few of the privacy tools examined here offer a two-factor option, specifically Abine Blur, Burner Mail, Private-Mail, StartMail, and Steganos Privacy Suite. All these products rely on Google Authenticator or another Time-based One-Time Password generator. To get started, you use your authenticator mobile app to snap a QR code provided by the privacy program. Enter the code generated by the app and you're done. Now, your password alone doesn't grant access to the privacy program. A password thief won't be able to enter the code from your authenticator app, and hence won't get in. These aren't the only programs for protecting your privacy, and this isn't an exhaustive list of privacy-cloaking techniques. However, all these programs do their best to keep you safe from advertisers, spies, and creeps online. Abine Blur Premium
$39.99 per year Your subscription to Abine Blur Premium brings a veritable smorgasbord of privacy-enhancing features and services. Its masked emails feature automates the process of using a different disposable email address for every transaction. If one of those masked emails starts getting spam, you can just delete it, and you know which merchant sold you out. What's the use in masking your email when you're giving the merchant something even more sensitive—your credit card number? Blur masks card numbers, too, and each masked card only has enough value to pay the particular transaction. No shady merchant can charge you extra, or fake another transaction on your card. You can have all the masked emails you want, but masked cards require a small payment, because Abine expends resources processing the payment. Masked phone numbers are still more limited; you get just one. But when you use that masked phone number, you can be sure your contact won't benefit by selling it to robocallers or text spammers. It's a small step from tracking your disposable email addresses to tracking your logins for all those websites. Blur includes a complete, if basic, password manager. Most password managers praise you for using a different password at each website; Blur gives you extra credit if you also use a masked email address for each. Blur securely syncs your password and payment data across all your PCs, Macs, and mobile devices. Its browser extensions offer full access to program features and include an active Do Not Track component that foils advertisers and other trackers. On top of all that, Blur spells out how it handles your data in clear, simple detail. It's a cornucopia of privacy protection. ProtonMail
Free or $48 per year You use ProtonMail the same way you'd use any web-based email service. The difference is that email conversations with other ProtonMail users are automatically protected using public key encryption. The same is true for any correspondent whose public key you've imported. You can also send encrypted mail to outsiders using a simpler form of encryption. If you don't need more than 150 messages per day and 500MB of storage for email, you can use ProtonMail for free. Even a paid subscription isn't expensive, at $5 per month or $48 per year. The paid edition gets you 1,000 messages per day, along with the ability to create up to four protected email addresses, full tech support, and 5GB of email storage. This is a simple, solid email encryption solution. TrackOFF Basic
$34.95 per year Advertisers really care what you do online. The better they can profile you, the more they can target ads. A nice juicy personal profile is also a commodity they can sell. With the proliferation of active Do Not Track systems, some trackers have switched to a technique called browser fingerprinting. And TrackOFF Basic stands square in their way, ensuring that your browser does its job without painting a target on your back. Every time you visit a website, your browser sends a ton of information. It has to send your IP address, to receive the requested pages. But it also sends the browser version, OS details, even the fonts installed on your PC. Nominally, this information helps the website fine-tune your browsing experience. But there's so much data spewing from the browser that trackers can easily create a unique fingerprint, and thereby recognize you when you visit a different site. TrackOFF doesn't suppress the info coming from your browser, as that could cause problems with some sites. It just mixes things up a little, presenting a slightly different fingerprint to each website. It does cost $34.95 per year, but that's fine for some tracking-sensitive souls. Abine DeleteMe
$129 per year Some DEA services require you to create a new, pristine email account to receive the mail from your disposable addresses, while others feed directly into your existing inbox. The latter approach is more convenient, but it comes with a problem. Your email address, along with other personal information, is already scattered across the interwebs. Completely wiping that information from the web is impossible, but Abine DeleteMe does everything that is possible to minimize your exposure. DeleteMe scans websites for dozens of information aggregating websites. These sites legally collect public information and make it easy to find. They also legally must remove your info if you so request. DeleteMe automates the opt-out process as much as possible. However, automation isn't possible in some cases, so Abine retains a staff of human operators to handle those. Every six months, you get a report of what DeleteMe found, and what was removed. Unlike automated opt-out algorithms, those human operators must be paid. That's why DeleteMe costs more than most privacy services, $129 per year. You can often find discounts, or deals to add a family member. Burner Mail
$29.99 per year In the movies, spies use burner phones to communicate, destroying the phones after an operation. Burner Mail applies the same concept to email. Its browser extension (for Chrome or Firefox) detects pages that prompt for an email address and offers to swap in a burner address instead. Messages still reach your regular email inbox, and your replies seem to come from the burner address. If one of those addresses starts getting spam…burn it! Burner Mail gives you more flexibility than some competitors. As noted, it doesn't require you to create a new email address to receive your messages. You can even change the recipient for a particular burner, or assign more than one recipient. Burner Mail sticks to the task of providing and managing burner addresses and for $29.99 per year, it does that one job well. Icloak Stik
$99 Most privacy products aim to protect your privacy from internet threats or other external forces as you reach out from your secure home devices. The point of Icloak Stik is to allow you privacy even when you must use an unknown, unfamiliar, or even downright dangerous computer. Insert this minuscule, bootable USB device into any Windows, macOS, or Linux device, reboot, and you're running your own private OS, completely separate from the installed operating system. If you need to save files, you save them on the Icloak Stik itself. Don't need any files? Then you can pop it back in your pocket as soon as the foreign computer has fully booted. You do have to deal with the Stik's own OS, which is a modified version of Linux that could use some more pruning of unnecessary features and settings. And you'll have to get used to the built-in password manager, word processor, and other apps, as the host system's programs aren't available. But all that may be well worth the trouble, given that you can boot the device, get online, do whatever you want, and then depart, leaving no trace. Icloak Stik goes for a one-time cost of $99, with unlimited security upgrades. ManyMe
Free In one sense, you get most free webmail services by paying with your privacy. It only makes sense that if you want to preserve your privacy, you'll have to shell out cash. Not with ManyMe. At present, the DEA service is entirely free, with plans to make money on a feature-enhanced paid edition. As noted, ManyMe differs from many competitors in that it doesn't require you to register DEAs (which it calls FlyBy addresses) before using them. Start with your account name, append a period and any phrase, and you've got a FlyBy, something like [email protected]. The service does have a few limitations. In testing, we found that its security precautions prevented communication with certain email systems, including PCMag's own. Your main account email address can never be changed after the initial signup. And it doesn't offer two-factor authentication. Still, you can't beat the price! Private-Mail
$69.99 per year You don't have to pay to encrypt your email using Private-Mail, but if you really get into it you're likely to run into the limit of 100MB storage for messages. No problem; when that happens, it's clearly time to spring for the paid edition, which gives you 10GB of message space. Private-Mail relies on public-key cryptography, specifically using OpenPGP to generate public / private key pairs. Where most competing products automate the process of key exchange with other users of their service, Private-Mail makes key exchange a hands-on operation. In addition, where others can send encrypted messages with rich formatting, Private-Mail strips all formatting when it encrypts. This service does have the unique ability to store and sync encrypted files for you, up to another 10GB of file storage. In addition, you can share encrypted files, using public key cryptography for those with whom you've shared keys, and simple password-based encryption for others. At $69.99 per year, Private-Mail costs a bit more than StartMail and more than twice as much as ProtonMail. But if you need both encrypted email and encrypted file sharing, it can be a good bet. StartMail
$59.95 per year We've talked about protecting the content of your emails using encryption, and keeping your email address private using Disposable Email Addresses. StartMail handles both tasks, though there are limits on its DEAs. You can exchange PGP-encrypted mail with other StartMail users, or with anyone whose public key you've recorded. A secondary password-based encryption system lets you converse securely with those who haven't signed up for public key cryptography. And your messages can include formatting, images, even attachments. As for disposable email addresses, which it calls email aliases, you can create and use an unlimited number of temporary ones. Temporary aliases expire after a fixed time, no more than two weeks. Permanent aliases are also available, but only 10 at a time. You pay $59.95 per year for the whole StartMail package. At present, the service is in transition to a new, improved user interface, with some features still available only through the old interface. That confusion should settle going forward. Ghostery Midnight
$59.95 per year Ghostery has long offered ad and tracker blocking in the form of browser extensions. The new Ghostery Midnight works below the browser level. In fact, it can block ads and online trackers for any internet-aware application. Midnight also incudes a basic VPN, with no configuration settings and a very limited set of server locations. It costs significantly more than any of our Editors' Choice VPNs. In our speed testing, it had a massive effect on latency but didn't slow downloads much. And it has the unusual advantage of no cap on the number of simultaneous connections. ShieldApps Cyber Privacy Suite
$77.99 per year ShieldApps Cyber Privacy Suite includes many features aimed at protecting your privacy. Among other things, it moves exposed passwords from your browsers into encrypted storage, finds and deletes personal information stored in your browsers, and cleans up browsing history and cookies. If it finds documents containing sensitive personal data, it lets you move those to storage. Real-time protection includes active Do Not Track for browsing, as well as a component to scramble browser fingerprints. A component devoted to steering you away from malware-hosting websites works for any browser, but proved ineffective in testing. While a tech-savvy user could perform some of this suite's tasks by hand, it's a convenient collection for the user with more interest in privacy than tech ability. This suite also incudes a basic VPN, with no configuration settings and a somewhat limited set of server In our speed testing, it had a larger than usual effect on latency but didn't slow downloads much. Note that you just get three simultaneous connections, where most standalone VPNs give you five, and many give you even more. Steganos Privacy Suite
$59.95 When a privacy product must continuously offer its services, whether to encrypt email messages, manage disposable addresses, or store passwords online, it makes sense that users pay a yearly subscription. Steganos Privacy Suite does include a password manager, but its encryption solution resides and works entirely on your local PC. It's no big surprise, then, that you pay a one-time fee for this suite, rather than an ongoing subscription. The most impressive component of this suite is Steganos Safe, a multi-faceted file encryption system. It used to include an active Do Not Track browser extension, and the ability to tweak the information sent by your browser to prevent tracking via browser fingerprinting. However, those two features are absent in the current edition, and we weren't terribly impressed with the password manager. Other privacy elements that have been dropped include: a shredder utility to securely delete files beyond the possibility of recovery; a tool to hide encrypted files within image or video files; a simple webcam privacy system that just disables the webcam; and an all-or-nothing ad blocker. Further ReadingMore Security ReviewsMore Security Best Picks |
| Posted: 21 Feb 2020 02:03 PM PST Hello, and welcome back to Last Week In Venture, the weekly rundown of deals that may have flown under your radar. There are plenty of companies operating outside the unicorn and public company spotlight, but that doesn't mean their stories aren't worth sharing. They offer a peek around the corner at what's coming next, and what investors today are placing bets on. Without further ado, let's check out a few rounds from the week that was in venture land. Be My EyesI don't know how you're reading this, but you are. Most of us read with our eyes, but some read with their ears or their fingers. Blind people frequently have options when it comes to reading, but there's more to life than just reading. Imagine going to a grocery store and stepping up to the bakery counter. You might be able to read a label with your eyes, but if there's no label you could still probably figure out what type bread you're buying based on its color and shape. But what if you couldn't see (or see well)? What are you going to do, touch all the bread to figure out its size and shape? Get real down low and smell 'em all? (Which, for the record, sounds lovely, if a little unhygienic.) You'd probably ask someone who can see for some help. That's the kind of interaction a service like Be My Eyes facilitates. Headquartered in San Francisco, the startup founded in 2014 connects blind people and people with low vision to sighted volunteers over on-demand remote video calls facilitated through the company's mobile applications for Android and iOS. The sighted person can see what's going on, and offer real time support for the person who can't see. The company announced this week that it raised $2.8 million in a Series A funding round led by Cultivation Capital. In 2018, Be My Eyes launched a feature called "Specialized Help," which connects blind and low-vision people to service representatives at companies. Microsoft, Google, Lloyds Banking Group and Procter & Gamble are among the companies enrolled in the program. Be My Eyes initially launched as an all-volunteer effort. The company says it has a community of more than 3.5 million sighted volunteers helping almost 200,000 visually impaired people worldwide. According to Crunchbase data, the company has raised over $5.3 million in combined equity and grant funding. WildnoteThe environment is, like, super important. It's the air we breathe and the water we drink. Regardless of your opinion on environmental regulations, most come from a good place: Ensuring the long-term sustainability of life on a planet with finite resources by putting a check on destructive activity. Where there's regulation, there's a need to comply with it, and compliance can be kind of a drag. There is a lot of paperwork to do. Wildnote is a company based in San Luis Obispo, California. It's in the business of environmental data collection, management and reporting using its eponymous mobile application and web platform. Field researchers and compliance professionals can capture and record information (including photos) on-site using either standard reporting forms or their own custom workflows. The company's data platform also features export capabilities, which produce PDFs or raw datasets in multiple formats. The company announced $1.35 million in seed funding from Entrada Ventures and HG Ventures, the corporate venture arm of The Heritage Group. Wildnote was part of the 2019 cohort of The Heritage Group's accelerator program, produced in collaboration with Techstars, which aimed to assist startups working on problems from "legacy industries" like infrastructure, materials and environmental services. EnveilEncryption uses math to transform information humans and machines can read and understand into information that we can't. Encrypted data can be decrypted by those in possession of a cryptographic key. To everyone else, encrypted data is just textual gobbledegook. The thing is, to computers, encrypted data is also textual gobbledegook. Computer scientists and cryptographers have long been looking for a way to work with encrypted data without needing to decrypt it in the process. Homomorphic encryption has been a subject of academic research and corporate research and development labs for years, but it appears a commercial homomorphic encryption product has hit the market, and the company behind it is raising money to grow. The company we're talking about here is Enveil. Headquartered in Fulton, Maryland, the company makes software it calls ZeroReveal. Its ZeroReveal Search product allows customers to encrypt and store data while also enabling users to perform searches directly against ciphertext data, meaning that data stays secure. Its ZeroReveal Compute Fabric offers client- and server-side applications which let enterprises securely operate on encrypted data stored on premises, in a large commercial cloud computing platform, or obtained from third parties. Enveil raised $10 million in its Series A round, which was led by C5 Capital. Participating investors include 1843 Capital, Capital One Growth Ventures, MasterCard and Bloomberg Beta. The company was founded in 2014 by Ellison Anne Williams and has raised a total of $15 million; prior investors include cybersecurity incubator DataTribe and In-Q-Tel, the nonprofit venture investment arm of the U.S. Central Intelligence Agency. Image Credits: Last Week In Venture graphic created by JD Battles. Photo by Daniil Kuzelev, via Unsplash.  A plant-based approach is really solid for optionality, but how do you create a situation where you're not just adding an item to a menu? On the basketball court, three-time NBA champion Andre Iguodala is known for his versatility and ability to play multiple positions. Off the court... Marcy Venture Partners, the VC firm co-founded by Jay-Z, Jay Brown and Larry Marcus, raised $85 million for its first fund, according to a new filing. Which places are set to be the next growth centers of startup action? We perused our country-by-country funding data to pinpoint which nations are...  |
| Posted: 21 Feb 2020 06:03 AM PST Just five years ago, the Public Key Infrastructure, or PKI, was seriously fraying at the edges and appeared to be tilting toward obsolescence. Things have since taken a turn for the better. Related: Why PKI is well-suited to secure the Internet of Things PKI is the authentication and encryption framework on which the Internet is built. The buckling of PKI a few years back was a very serious matter, especially since there was nothing waiting in the wings to replace PKI. Lacking a reliable way to authenticate identities during the data transfer process, and also keep data encrypted as it moves between endpoints, the Internet would surely atrophy – and digital transformation would grind to a halt. The retooling of PKI may not be sexy to anyone, outside of tech geeks. Nonetheless, it is a pivotal chapter in the evolution of digital commerce. One of several notable contributors was DigiCert, the world's leading provider of digital certificates and certificate management solutions.
I had a chance to interview Brian Trzupek, DigiCert's senior vice president of emerging markets products, at the company's Security Summit 2020 in San Diego recently. For a full drill down on our discussion, please give the accompanying podcast a listen. Here are a few key takeaways: PKI's expanding role PKI revolves around the creation, distribution and management of digital certificates issued by companies known as certificate authorities, or CAs. In the classic case of a human user clicking to a website, CAs, like DigiCert, verify the authenticity of the website and encrypt the data at both ends. Today, a much larger and rapidly expanding role for PKI and digital certificates is to authenticate devices and encrypt all sensitive data transfers inside highly dynamic company networks. We're not just talking about website clicks; PKI comes into play with respect to each of the millions of computing instances and devices continually connecting to each other – the stuff of DevOps and IoT. It can be as granular as a microservice in a software container connecting to a mobile app, for instance. Each one of these digital hookups requires PKI and a digital certificate to ensure authentication. Much like the Internet, PKI evolved somewhat haphazardly in the first two decades of this century to enable website activity – and it has come a long, long way since. PKIs core components derive from open source, corporate and entrepreneurial beginnings. By 2015 or so, the early pioneer PKI services companies had made their profits and had gotten themselves swallowed up by tech conglomerates in a wave of consolidation. In late 2017, DigiCert announced it would acquire Symantec's PKI division for $1 billion. At the time, Symantec very much wanted out of having anything to do with PKI; Google had just announced plans to distrust all Symantec-issued certificates, after a long tussle with the security vendor for failing to meet industry standards. DigiCert took the best of what Symantec had and combined it with tech that DigiCert did well, and worked feverishly to modernize PKI.  Trzupek "Symantec just didn't spend a whole lot of time actually integrating those businesses," Trzupek told me. "They had acquired all of these PKI systems, order-entry systems, e-commerce systems, validation systems. . . it was like a million tiny freestanding companies and we had to try to figure out how to consolidate all of that." Platform challenges A lot has transpired over the past two years. The CA/Browser Forum, an industry standards body founded in 2005, accelerated initiatives to drive better practices and guidelines. Outside of the CAB Forum, many industries, from healthcare to automotive to manufacturing, have created standards and implemented digital certificate protections through global PKI practices that strengthen device security Taken together these efforts have brought a semblance of order to the topsy-turvy world of enterprise PKIs. Companies had come to rely on a hodge podge of systems to authenticate remote workers and contractors, while at the same time delving deeper into DevOps, and also pressing forward with wider use of IoT systems. "What we saw across all of that was a platform problem," Trzupek says. "People were trying to use PKI and certificates in many different kinds of ways and all of this was being jammed through very old legacy tools." For its part, DigiCert responded by sending Trzupek on the road to visit 70 PKI customers in 12 nations and listen closely to what was on their minds. DigiCert used that feedback as the basis to design leading-edge PKI deployment and management tools and services, built on a flexible, scalable platform for speed and efficiency.
"The first step is to take a very manual inventory of what the parent company is doing with PKI, and what all of the sub-entities and subdivisions are doing with PKI, just figuring out who manages those projects and what PKI is being used for," Trzupek says. "Then there's an organizational component where you can consolidate management of PKIs and do things like standardizing tools." Future use cases Innovations to help companies more efficiently manage sprawling PKI deployments continue to advance, and none too soon. Large and mid-sized enterprises are stepping up their use of DevOps and embracing philosophies like "fail fast," the notion of quickly deploying minimumally viable software to learn where it works or fails, and then iterating and remediating the shortcomings. This is how dynamic services are getting spun up; such services are capable of scaling up to serve high volume demand, cheaply and very quickly, and then wind down just as quickly. DigiCert is focusing on putting PKI at the nerve center of these types of scenarios, where short-lived certificates, with low latency and high availability, come into play. "A lot of places need dynamic scale related to consumption, and they need that environment to be trusted, and that's where PKI comes in," Trzupek says. "As we look to the future, it's all about getting more dynamic so we can interoperate with that world and produce certificates as they need them." It's encouraging that PKI is once again on solid footing, we're certainly going to need it, going forward. Data is the new oil, futurist and theoretical physicist, Dr. Michio Kaku, told attendees of DigiCert Security Summit 2020. Following the mainstreaming of steam power, then electricity and then the Internet, we're today on the brink of the fourth wave giant technical leaps forward, observes Kaku, author of The Future of the Mind: The Scientific Quest to Understand, Enhance, and Empower the Mind.
Kaku argues that silicon chip-based computing has maxed out and will very soon be replaced by quantum computers which manipulate atoms to make massive calculations. Quantum computers can rather easily break the strongest encryption we have today. The good news is that the tech community has factored this into long term planning for the care and feeding –and future viability—of PKI. A major public-private effort is underway to revamp classical cryptography, and ultimately replace it with something called post-quantum-cryptography, or PQC. DigiCert happens to be in the thick of this effort and has already begun offering strategies for companies to future proof sensitive systems for the coming of quantum computing. "Devices being put into service today, like cars and airplanes and IoT systems that have embedded sensors have long term life cycles," says Avesta Hojjati, DigiCert's head of research and development. "We're striving to protect those devices, right now, against threats that are coming in the next five to 10 years." In an environment where fail fast is the philosophy ushering us into the quantum computing era, there is a huge role for robust, reliable and continually improving PKI. We appear to be on that path. I'll keep watch.
Acohido Pulitzer Prize-winning business journalist Byron V. Acohido is dedicated to fostering public awareness about how to make the Internet as private and secure as it ought to be. (LW provides consulting services to the vendors we cover.) *** This is a Security Bloggers Network syndicated blog from The Last Watchdog authored by bacohido. Read the original post at: https://www.lastwatchdog.com/my-take-pki-digital-certificates-now-ready-to-take-on-the-task-of-securing-digital-transformation/  |
| You are subscribed to email updates from "best encrypted cell phone,best mobile encryption,what can you encrypt" - Google News.
| Email delivery powered by Google |
| Google, 1600 Amphitheatre Parkway, Mountain View, CA 94043, United States | |
Comments
Post a Comment