For Compliance, Keep Control of Your Encryption and Don’t Lose Your Head (Or Your Header)!
Cloud providers tend to be quite good at data integrity and availability. For confidentiality, not so much. IaaS services may provide you with good tools, but you will need to take advantage of them to achieve confidentiality in ways that will satisfy compliance audits. As I mentioned recently, Google’s new “by default” storage encryption isn’t […]
How Can You Tell If Your Secrets Are Really Secret?
Last week I mentioned that Availability was the odd member of the CIA triad, because it lacks the mathematical tools (and thus the solid numbers) of Confidentiality and Integrity. But that doesn’t mean that C and I both work the same way! Confidentiality tools like ciphers are preventative. You choose the best cipher, manage keys […]