System Vulnerabilities: Unpatched software, outdated systems, and misconfigured security
As a National Geographic Explorer and paleoanthropologist, I have had the privilege of traveling to some of the most remote and rugged regions of the world in search of lost relics and artifacts that can help us better understand our past. These expeditions take us places like the temperate rainforests of British Columbia or the deserts of Abu Dhabi, and every day brings new surprises and discoveries.
- System Vulnerabilities: Unpatched software, outdated systems, and misconfigured security settings all open the door for sensitive data to slip through the cracks.
- Weak or Inconsistent Access Controls: When access control frameworks are brittle or applied haphazardly, it introduces risk of the wrong people gaining access to sensitive information.
- Lack of User Verification: Identity and access management (IAM) tools like Okta that guard access to systems and apps by continuously verifying users’ credentials are foundational to network security.
Confidential computing and homomorphic encryption
“FHE is the software aspect of protecting data in use”, explained Yale Fox. “It lets users work on data in the cloud in encrypted form, without actually having the data”, said Fox, CEO of research and development firm Applied Science, and IEEE member.
“We’re always thinking about what happens if a hacker or a competitor gets your data, and [FHE] provides an opportunity for companies to work on aligned goals with all the data they would need to achieve it without actually having to give the data up, which I think is really interesting”, said Fox.
“The technologies are not just relevant for CISOs, but CIOs, who oversee the people responsible for infrastructure”, he said. “They should work together and they should start experimenting with instances available to see what [confidential computing] can do for them.”
Not just ‘plug and play’
The differences in hardware and the ways in which it is used in tandem with software, “make for a great difference in the robustness of the security provided”, said Fox.
IaaS providers will not all have the same level of protection. He suggests that companies determine those differences and familiarized themselves with the risks — and the extent to which they can mitigate them.
That’s because confidential computing is “not plug and play”, said Fox. Interacting with secure enclaves requires considerable specialized technologies.
“Right now, the biggest risk … is in implementation because, depending on how you structure [a confidential computing environment], you’re basically encrypting all your data from falling into the wrong hands — but you can lock yourself out of it, too”, he said.
While confidential computing services exist, “FHE is a little too bleeding edge right now”, said Fox. “The way to mitigate risk is to let other companies do it first and work out the bugs.”
“In confidential computing, both the data that is being computed and the software application can be encrypted”, he said.
“What that means is, if I’m an attacker and I want to get into your app, it’s much harder to reverse-engineer it”, said Fox. “You can have pretty buggy code wrapped in [confidential computing] and it’s very hard for malware to get in. It’s kind of like containers. That’s what’s interesting.”
Read more relevant content
The article explains how RSS readers can help individuals access and manage a large amount of information from various sources, such as news websites, YouTube channels, and podcasts, and provides tips to avoid feeling overwhelmed by information overload.
Technology is revolutionizing archaeological investigations, providing new ways to explore and uncover hidden treasures in the depths of the sea.
Technical and scientific due diligence is crucial during an acquisition or merger. A thorough evaluation of intellectual property, technology stack, security, financials, talent, and integration can help ensure a successful outcome.