Encryption for DNSSec

We have recently come across a nice check-list for whoever wants to use DNSSec and establish a good security baseline with a hardware security module (HSM), i.e., never get encryption keys compromised.

We will include detailed comparison of our platform to enigmabridge.com a little bit later but here is an initial comparison.

“Read More”

Card Payments and The Cloud

We are now integrating encryption into a corporate infrastructure and it made me think about payments and PCI audits. PCI stands for Payment Card Industry. Anyone who got close enough to e-commerce, or card payments knows what a burden it is on running a business.

Sooo, I have spent some time this week thinking about architectures for “technical security systems”. I could say “cryptography” straight away, I guess. Thinking about protecting sensitive data that may be subject of independent audits.

The scope of PCI audits is given by storage and processing of credit card numbers and PINs (in case of Chip&PIN systems). Once you experience the pain, you definitely want to get “out of scope”. This is true for merchants just as banks.

Screen Shot 2015-09-26 at 00.10.41

“Read More”

HTTPS – what does it stand for?

HTTP stands for hypertext transfer protocol – the universal language of “the web”. HTTPS is a secure variant of this language as it provides tools to verify which website you actually connect to.

tumblr_inline_nugqbt26DH1tc653u_540

“Read More”

“One time passwords” are not passwords

We did a bit of research into what IT start-up companies need in terms of security. I did expect that secure authentication / logons would be at the top but I was surprised that OTP (one time passwords) were at the bottom.

tumblr_inline_nuaqujon1g1tc653u_540

“Read More”