Authentic8 Blog Category: Policy

ISPs & Privacy: Why it Matters, and How to Cover Your A$$

Illustration: ISPs & Privacy: Why it Matter, and How to Cover Your A$$NEWS, POLICY

Both the US Senate and the House of Representatives have cleared the way to remove privacy rules for internet service providers (ISPs) like AT&T, Charter, Comcast and Verizon. The President  signed the executive order to repeal these rules, which were originally put in place by the FCC in 2016 to protect consumers on the web. 

While the nation’s largest ISPs have pushed hard for this move, most internet users in the U.S. are only now learning that their entire web browsing history may be collected, sold, and/or used for marketing purposes - no  “opt-in” or other permission required.

This is a good time to take a step back and assess what it all means. The privacy rules were fairly recent and had not yet been enacted.  And, it's not back to the old state - the lawmakers went a step further, issuing a joint resolution that aims to ensure that the FCC will be barred

Personal Email at Work - the "Hillary Factor"

Illustration: Personal Email at Work - the Hillary Factor (blog post)Security, Policy

Hillary Clinton’s personal email workarounds during her term as Secretary of State have received much scrutiny in Washington and in the media.

All the political rhetoric aside, a question remains:

Why was she allowed to run her own email server? How could an employee dictate email security policy to IT?

Ready for the answer? Special treatment isn’t reserved only for senior politicians. Personal email workarounds could come back to haunt your organization, too.


Whatever happened (or not) on the privately hosted server that Hillary Clinton used to keep her personal email apart from official missives while she was serving as Secretary of State, one issue deserves more attention:

Why was she allowed to set up her own server in the first place?

Until today, nobody had really asked that question.  Cybersecurity pioneer Gene Spafford (Purdue University), whose interview with Bank Info Security I highly recommend, highlights the fact that policies are out of sync with users.

Like any

Smart Nation. Dumb Move.

Image: Singapore SkylineSECURITY, POLICY

Singapore is awesome. Since starting Authentic8, I haven’t been back, but I was lucky enough to visit regularly in previous jobs. The island city-state is known for taking care of business and of its citizens, as well as for its “Smart Nation” technology initiative.

But now Singapore has announced that it plans to block internet access for 100,000 government workers, in the name of cybersecurity.  It’s not clear that this approach is a practical way of ‘taking care of business’.

It doesn’t look like the smartest move to me. And Singapore’s Prime Minister already seems to have second thoughts, too. I wonder why?


According to the Gallup organization, 84% of Singapore’s residents have expressed confidence in the pragmatic and speedy approach their government takes to steering the affairs of the nation.

But that’s from a survey that was taken a while back, long before this week’s announcement by the nation’s Infocomm

It sucks to be caught in the middle, but there’s a way out.



That was my big takeaway from last week’s ILTACON hosted by the International Legal Technology Association. My team and I came to the annual event to talk to InfoSec pros who work at law firms. Just about all our conversations centered around to the same theme:

Law firm IT departments feel trapped.

That’s because they face two opposing demands: On the one hand, clients want their law firms to implement robust network security measures -- like blocking access to personal web content -- in order to protect privileged information. On the other hand, attorneys and staff demand access to the web in order to maintain a work-life balance.

To satisfy clients, legal IT teams are considering every option.

In one conversation, the firm was planning to turn off Web mail altogether. We’ll see how popular that decision is when it goes into effect. Another firm was playing whack-a-mole at the firewall by blocking access to some sites and

The Real Security Risks of Running Finance Apps in the Cloud (Business Finance Magazine)

img_2013-11-01_Business-Finance-MagazineNEWS | SECURITY | POLICY

Read the full article at Business Finance Magazine.

When using sensitive accounting and financial systems in the cloud, worry less about where data lives and more about how users access it.

Finance teams have been relying on web services since before the cloud was the cloud. Tasks such as banking, payroll processing and benefits administration have been online for several years. These days, though, CFOs are embracing web apps more widely, including accounting, budgeting, ERP, bill pay and more. This shift is happening for many reasons, not least of which is the effectiveness of cloud apps to support flexible and decentralized workforces, including outside consultants and temporary workers.

Nonetheless, some CFOs remain fearful about the security of their data in the cloud. But where do the risks really lie, and what can CFOs do to embrace the cloud while containing their exposure?

Let's start somewhere incontrovertible; in terms of access to sensitive information, finance teams have the keys to

Two CFOs walk into a bar…



Who can blame them? Now they’re being asked to deal with data security.

When we started to develop Silo, we had a gut feeling that centrally securing and policy-enabling the browser would have profound implications, though we weren’t sure where it would resonate first. But over the past few months, we’ve uncovered numerous business situations that depend on browser-based apps to handle sensitive data and delegate access and trust to a wide variety of users. When we talked to finance leaders, they immediately took notice because this describes their situation to a tee. Here’s how:

Our recent survey of CFOs uncovered three main shifts that are impacting finance teams: a greater dependence on cloud based applications, the explosion of users and devices that require access, and the CFO’s shared responsibility for data security.

The first two are unsurprising and reflect the need for finance to be nimble, cost efficient, and support flexible working models. Firstly,

Don't sync: centralize



Our last two posts have focused on the business use case for Authentic8. Namely the ability for organizations to secure and control access to web apps by delivering them via a sandboxed and policy-wrapped browser in the cloud. But the end-user experience is another piece of the story that we haven’t talked about much. The more I use the service, the more I appreciate the convenience of having a truly portable web experience, and our early beta users realize this, too.

Every time I connect, Authentic8 builds a fresh browser in the cloud, but it’s wrapped with my specific profile and preferences. That means wherever I go and whichever computer I’m using, I get my browser -- account shortcuts with associated logins, bookmarked sites, pinned tabs, relevant cookies, certificates and (in the future) verified plugins for popular tools. What’s more, I can even restore the tabs I had open during my previous session with a single