Authentic8 Blog Category: Privacy

GDPR Outlook: After First Record Fines, What’s Next?

Posted by: A8 Team
Published on:

Following the record penalties for Google, British Airways and Marriott under the European Union's General Data Protection Regulation (GDPR) by French and British data privacy commissioners, which industry or sector will the EU's privacy watchdogs home in on next?

European GDPR enforcement actions are just getting up to speed. All indications point to more rough waters ahead for large transnationals with a presence in the EU.

In their third conversation on the state of GDPR, Scott Petry, co-founder and CEO of Authentic8, explores with Steve Durbin, Managing Director of the UK-based Information Security Forum (ISF)

  • what impact Brexit may have on GDPR enforcement in the UK
  • how the EU is currently taking aim for the next salvo of sanctions against GDPR violators
  • why apps and tools that touch EU employee data face increased scrutiny.

Will the next headline-worthy penalty hit a US-based company for not sufficiently protecting its EU employee data? Listen to their discussion here:

Did you miss the first two

JavaScript Template Attacks: How Browsers Give Away the Store

Posted by: A8 Team
Published on:

Did you know? Attackers use  your locally installed browser base and JavaScript to draw up intricate exploit roadmaps for targeted attacks on your organization. Listen to our interview with security researcher Michael Schwarz to learn how JavaScript template attacks work and how to prevent them.

*

“Free” browsers boast features and extensions that supposedly enhance security and privacy online. The same settings or plugins, it turns out, can be used by adversaries to achieve precisely the opposite effect.

That’s just one of the eye-opening findings reported in the research paper JavaScript Template Attacks: Automatically Inferring Host Information for Targeted Exploits.

The paper was authored by security researchers Michael Schwarz, Florian Lackner and Daniel Gruss of Graz University in Austria. They describe how JavaScript template attacks help attackers prepare pinpointed zero-day or side-channel attacks against large organizations, by exploiting the ubiquitous data leaks in “free” browsers and their extensions.

The researchers found an abundance of environment-dependent properties in Firefox, Chrome, Edge, and mobile

The Gift of Access

Posted by: Sean Heritage
Published on:

I have spent the bulk of my Navy career working to inspire transformational change both at the unit and enterprise levels. Though my navy career is over, I remain committed to helping others do the same. I recently read Greg Satell’s Cascades: How to Create a Movement that Drives Transformational Change, and was once again reminded that driving change within an organization is both art and science.

Many people think Authentic8’s Silo platform is a browser for the zero trust web. It most certainly is that and so much more.

After serving within the core of the Department of Defense for years, the new collaboration tools I had at my disposal as a member of the Defense Innovation Unit blew my mind. I say ‘new’ not because they were new, as they were the very tools that the private sector has been using for years - webmail, video conferencing, file sharing, and work management platforms. They were ‘new’ to me

Showdown: VPN vs. Cloud Browser

Posted by: Gerd Meissner
Published on:

In many companies, VPN has become a staple of the traditional IT security stack. Annually, mid-sized organizations (<5,000 employees) spend an average of $60 per user on VPN technology and maintenance. Not much longer though, it seems.

While VPN has been around for more than 20 years, it now looks as if its promises of secure and private web access have worn off - many of them unfulfilled. In the words of Patrick Sullivan, Global Director of Security at Akamai, we are witnessing The death of VPN.

In his article for SC Magazine, Sullivan proclaimed: “It’s time to say goodbye.”

Sullivan’s farewell to VPN sounds timely, and he is not alone. Organizations large and small have found a way to cut their VPN costs or eliminated them altogether. In the same step, they attained a level of secure and private web access that VPN has never been able to deliver. What happened?

How Companies Cut VPN Costs

They

VPN: A Big Misunderstanding?

Posted by: Gerd Meissner
Published on:

Most VPN services fail to provide a level of data protection and anonymity that would pass professional-level muster. Part 3 of our VPN miniseries shows how confusion about this 20+ years old technology and its complexities has added new risks and threats.

*

In the first two posts, we focused on the “online privacy” promise of VPN, and on how misconceptions about VPN impact IT security and productivity in the enterprise in general.

In this post, we’ll address the most common misunderstandings about VPN and their ramifications one by one.

A VPN service creates a secure connection (often described as a “tunnel”) between two computers, say between an executive’s laptop at home or on the road and a company server.

This can provide protection, for example when going online via public WiFi networks or consumer-grade home broadband connections. Many services encrypt much of the data transmitted from point to point within the VPN. Others - and that’s the bad news