Authentic8 Blog Category: News

DOD Looks to the Cloud for Browser Security

The US Department of Defense just published its cloud browser strategy. What's yours?

*

On June 5, 2018, the Defense Information Systems Agency released an unclassified request for information (RFI) outlining its intent to procure a cloud browser for 3.1 million Department of Defense (DOD) employees.

The operators of the most-targeted network in the world have concluded that they'd be more secure and efficient if they kept all public web code off the department's network.

This is significant for the entire cybersecurity market, not just the DOD. With this RFI, an arguably niche, disruptive security solution becomes mainstream. Cloud browsers are now something any organization concerned with online security must consider.

DOD personnel use the web for mission-related activities, support and logistics functions, and morale and well-being. With more than 4 million users worldwide, and with many people operating out of sensitive government facilities, the DOD is also a compelling target for cyberattack. The volume of attacks the department must deal with

SSL Certificates Boost Security? Many Don’t.

Massive disruption is coming to websites that use digital certificates issued by Symantec or the brands that it has owned - Verisign, Thawte GeoTrust, and RapidSSL. One third or more of the net’s SSL certificates could be affected.

*

Effective this week, both the Chrome and Firefox browsers will not accept any SSL certificates issued by Symantec that were issued before June 2016. Symantec certificates that were issued after that date will not be accepted by both browsers starting in September 2018.

These drastic measures have been in the making for about a year. In March 2017 Google announced that it had lost all confidence in certificates issued by Symantec.

What had gone wrong? In short, the way how Symantec was issuing the certificates. Its issuance methods could allow untrusted third parties to issue certificates on Symantec’s behalf - without oversight. The rules that Symantec ignored had been decided by the industry standards group, the CA/B Forum, for certificates used

Fed Up? Fire Up This Cloud Browser.

The Facebook/Cambridge Analytica fiasco did not happen overnight or by “mistake”, as Facebook wants users to believe. The price of “free” services and apps online means the loss of data protection, privacy and transparency.

This isn’t a new phenomenon, it’s not limited to Facebook, and it should not be a surprise to anyone. Venture investment in companies building businesses around “eyeballs” and “clicks” had to convert to hard cash at some point, and that point is the monetization of user data.

In contrast, Authentic8’s cloud browser Silo was built on the trust of its users. How do we honor that trust? We think you have a right to know what we do with your data. But first, some background.

*

So Mark has admitted “mistakes” on behalf of Facebook. As did Marissa before him, for Yahoo. And don’t forget Richard (who?), who apologized - kinda, sorta - for Equifax. And so on…

Did it change anything that these

Navy NGEN-R: New Network, Usual Suspects

Later this year, the United States Navy intends to award a contract to upgrade their unclassified network, the Navy Marine Corp Intranet (NMCI).

The new contract, Next Generation Enterprise Network Re-compete (NGEN-R) is a multiple award contract that will absorb global networking efforts into a single vehicle that the Navy will administer. Will the Navy get the network needed to “win” in the cyber-battlespace of the future?

*

While the Navy Program Executive Office for Enterprise Information Systems (PEO EIS) has certainly “leaned forward” in its outreach to industry, it hasn’t yet moved full steam ahead into a total embrace of innovation.

By hosting traditional “Industry Days” and other familiar industry outreach initiatives, PEO EIS has ensured that Federal System Integrators (FSIs), who consistently over promise and under deliver on such large programs, will have significant influence over this procurement.

By allowing the FSIs to influence the scope of work, the Navy has ensured it won’t receive the next-gen network needed

GDPR: A Deadline You Can’t Afford to Ignore

by Steve Durbin, Managing Director, Information Security Forum

If your U.S.-based business deals with customers, employees or contractors in the European Union, the clock is ticking for you. On May 25th, the EU’s General Data Protection Regulations (GDPR) goes into effect.

It will affect you no matter if you have an actual presence in Europe or not.

At the Information Security Forum (ISF), we consider GDPR to be the most extensive overhaul of global privacy law in decades. It fundamentally redefines the scope and application of EU data protection legislation.

GDPR compels organizations worldwide to comply with its requirements — or face stiff fines and penalties. The regulation affects any organization that handles the personal data of European Union (EU) residents, regardless of where the data is processed.

Many US-based organizations are obliged to comply with the new standards. Given the global nature of e-commerce, cloud services, and communications platforms, few organizations will be able to completely avoid the requirements.