Is RSA really less than a week away? It feels like just a few short months ago that the team at Fornetix was lamenting the fact that we'd have to wait until mid-April for the one event we all look forward to year-after-year.Read more
Securing Virtual Environments Shouldn't be an Afterthought
Portability, versatility, efficiency, and cost effectiveness — these are just a few of the advantages of moving to virtualized environments. Virtualization allows enterprises to shift datacenters full of equipment down to a just a few servers. A smaller footprint means less power consumption, lowered cost of ownership, and less overhead. Too often, though, enterprises neglect security when it comes to implementing virtualization. Securing virtual environments has become an afterthought.Read more
Fornetix secures position as trusted VMware security partner for providing customers with easy-to-implement encryption solutions.
March 2018 — Fornetix® today announced that its enterprise key management system, Key Orchestration™, has achieved VMware Ready™ status. This designation indicates that after a detailed validation process, Key Orchestration has been awarded VMware’s highest level of endorsement and is supported on VMware vSphere 6.5 and vSAN 6.6 for production environments.
The Fornetix team wants to congratulate Kian Bradley, client developer, after he earned first place in the cryptocurrency capture the flag (C3TF) at this year’s BSidesNoVA hacking conference. The competition focused on real world challenges related to crypto currencies such as smart contract exploits, forensics, wallet exploits, and more issues unique to this growing industry.Read more
“Smart” Doesn’t Mean “Secure”
Prior to 1975, there was no such thing as a smart home. Prior to 1985, all radio systems were analog. Prior to 1990, all phone systems were analog. Prior to 1974, all utility metering was analog. But all of that has changed; we now live in a digital world. 1’s and 0’s “run” our lives, and picking up an analog landline phone (POTS) is virtually a thing of the past. The new “hotness” is smart everything. Smart cars, smart phones, smart TVs, smart homes, and now smart grids.Read more
When considering automotive IoT, it’s logical to focus on the supply chain that makes the car possible. In reviewing the application of key management to the automotive IoT landscape, it becomes apparent that the provenance of car components, from tires to telematics, is absolutely critical. Any poorly-built component can cause a systemic failure of the vehicle delivered to the consumer. When one typically thinks of applying encryption, it is focused on protecting the confidentiality of data at rest, in motion, or even while being processed. However, what about measuring whether the data should be trusted instead how whether it needs to be protected?Read more
Starting in late December, the Linux kernel development lists started buzzing about some commits going into the kernel without the usual documentation that adjoins such code changes. When an AMD developer added some code on December 26th with the following comment, security researchers started zeroing in on the problem:Read more
How Auto Makers Are Working to Secure Connected Cars
Last week, I attended the inaugural Auto-ISAC summit. "ISAC" stands for Information Sharing and Analysis Center. There are several long-standing ISACs for other industries including aviation, electricity, natural gas, and financial services. You can find the full list here if you are curious.Read more
In a digital world, everything is a 1 or a 0. Those 1’s and 0’s can range from the lifeblood of an organization down to a simple message from one person to another. In most cases, those 1’s and 0’s can be jostled around: enter encryption. Tight encryption standards can make even the most significant, sensitive data appear to be indecipherable to the naked eye. Multiple firewalls, strong antivirus software, enterprise-wide encryption… these are all techniques utilized to strengthen our security posture to prevent bad actors from accessing sensitive data. Bolstering a strong perimeter security defense, coupled with constantly rotating encryption keys inside and outside of the perimeter, and always having the latest antivirus definitions will lead to a stronger aggregate security posture.Read more
Thank you to Cyphre for contributing this guest post to our blog as we focus on GDPR compliance!
Now that European Union’s General Data Protection Regulation (GDPR) is set to become law, companies must establish policies and technology controls to securely store and transfer personal data of any person residing in the EU. Data that can be used to identify a person, such as physical address, IP address, and more, as well as genetic data, information about religious and political views, sexual orientation, and more must be encrypted or made anonymous. Individuals have the right to erase their personal data by withdrawing consent or when it is no longer being used for its original purpose.Read more