Useful Skepticism Only Comes With Knowledge
Cybersecurity professionals must keep track of what’s going on. There’s no way you can do it yourself, so e-mail newsletters are a vital tool. But just how much credence should we give the latest scary story? I ran into a recent example of a cybersecurity bulletin that started out interesting but quickly included enough red […]
For Compliance, Keep Control of Your Encryption and Don’t Lose Your Head (Or Your Header)!
Cloud providers tend to be quite good at data integrity and availability. For confidentiality, not so much. IaaS services may provide you with good tools, but you will need to take advantage of them to achieve confidentiality in ways that will satisfy compliance audits. As I mentioned recently, Google’s new “by default” storage encryption isn’t […]
Google’s “By Default” Cloud Storage Encryption Means very Little
Last week I passed along Google’s announcement that they now encrypt all cloud storage by default. I mentioned how this was following Amazon’s offerings of encryption for their S3 storage service. We have been comparing Amazon’s client-side and server-side encryption in Learning Tree’s Cloud Security Essentials course for some time, and now Google’s new service […]