Once upon a time, there was a General who was entrusted with maintaining the security of state secrets. In the same state, there also lived an Engineer, who was responsible for developing new technologies using the information controlled by the General. These two individuals, who needed to work together for the benefit of their fellow citizens never trusted each other.

The information held by the General was vital to the success of the state and could never be shared, for fear that it may fall into the hands of an adversary. Any leak or misuse of this information while it…


The most important principle in engineering any complex system is abstraction. In software engineering this is a very widely used mechanism. Programmers think in terms of services that are provided to them from a lower layer and services that they provide to a higher layer. Take the operating system as an example. It provides an abstraction of the hardware used. A browser running on top is oblivious to whether it runs on an Intel or AMD processor. Its only concern is rendering web pages correctly. These kinds of abstractions enable us to build extraordinarily complex systems. Unfortunately, imperfections in these…


The past year has had an unprecedented impact on business technology strategies as organizations scrambled to adapt to operating in the COVID-19 pandemic. However, there have also been some seismic shifts in the realm of data privacy and security. In July 2020, the Court of Justice of the European Union (CJEU) gave its judgment on Schrems II, a case with profound consequences for any organization in or dealing with EU data in the United States (US). In normal times this would have dominated the headlines, but instead it’s been overshadowed by the extraordinary disruption of COVID-19.

So, what is Schrems…


2021’s SANS Cloud Security Survey has been released and is an important read for security stakeholders within an organization. It is also worth tuning into the panel discussion recording that presented and analyzed the findings if you missed it live. In the panel discussion, Dave Shackleford, SANS analyst and CEO of Voodoo Security, and David Greene, Chief Revenue Officer, Fortanix, discusses the findings and share some security best practices. This blog highlights some of the findings of the survey and analysis from the panel discussion.

The goal of the SANS 2021 Cloud Security Survey is to provide insight into how…


The data driven world of finance

How financial firms handle, and store finances and data are a far cry from what it used to be about a decade back. For example, in today’s competitive world banks need to be more data-driven than ever before. This is critical to acquire more customers and deliver the best experiences.

“Data-driven organizations are 23 times more likely to acquire customers, six times as likely to retain those customers, and 19 times as likely to be profitable as a result.”
-

Becoming nimble, accelerating revenues, and improving customer experiences have been the primary drivers for financial firms to implement digital transformation…


For the last decade, smart devices have become increasingly integrated into our society. But as our reliance on these devices grows, so does the probability and potential impact of security breaches. In a move towards improving platform security, smart device manufacturers have started integrating Trusted Platform Modules (TPM) into their products. These modules are small, low-cost crypto-processors that, amongst other security features, provide secure storage of cryptographic keys. TPMs operate in isolation from the main CPU and can only be accessed via a standardized, safe API, set out by the Trusted Computing Group (TCG). Whenever a cryptographic operation is to…


The amount of data that organizations handle is growing exponentially, and an increasing proportion of this data is sensitive in some way. Whether it is personally identifiable information (PII) covered under GDPR, CCPA, HIPAA, or other regulations, valuable intellectual property, or other confidential company data, encryption provides strong protection that renders the data useless should it be stolen by cyber criminals.

Every time you encrypt a piece of data, you need to use an “encryption key”. This encryption key is similar to a password — if you have this key, then you can decrypt the data. Therefore, the key acquires…


Any data that can be used by itself or in combination with other pieces of data to uniquely identify a specific individual is considered as Personally Identifiable Information (PII). Traditionally, some of the common examples that have been considered most sensitive PII data are Social Security numbers, mailing addresses, email addresses, and phone numbers since each can be used to identify an individual uniquely. However, with an exponential rise in the volume of data collected from social media, mobile devices, websites, and various user tracking technologies, a lot of other secondary data that may not seem like PII data by…


The tech industry is known for a lot of things when it comes to employment within it. Great salaries, amazing benefits, relaxed working atmospheres, cutting edge ideas, the works! Across the globe millions are clamoring to join in on the tech boom and find a career in the most fun industry on the planet.

Finding a job in the tech industry can be rather easy if you have the credentials. But finding the right job is quite a bit more difficult. You see, far too often companies and start-ups advertise certain amenities, salaries, and workplace environments that are contradictory to…


On 6 April 2021, the data security world took a giant leap forward with the launch by Intel® of its 3rd Generation Intel® Xeon® Scalable Processors — code-named Ice Lake — for use in the next generation of server platforms. As expected, the new processors can handle a range of workloads across networks, cloud, and edge. It offers flexible architecture for a wide-range of applications and built-in hardware acceleration that delivers improved capabilities when executing more complex and diversified workloads.

Of more direct interest, however, Ice Lake is a processor built for security today and for the new demands of…

Fortanix

Fortanix™ has created the world’s first runtime encryption solution. Enterprises get provable, portable, and preventive security for their applications!

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store