Blogs

Key Management R Hard

Providing advanced encryption to all your customers is a win-win.

Forbes: We're Living Through A Digital Privacy Catastrophe: It’s Past Time For A Serious Nationwide Privacy Law

Companies can do almost anything they want with our digital data, including selling it to the U.S. government.

How To Be Crypto-agile: Building Cryptographic Resiliency In The Age Of Quantum Computers

Crypto-agility is an approach that allows you to pivot quickly when post-quantum computing becomes a reality.

Forbes: The Rise Of Encryption In A Schrems II World

Companies can do almost anything they want with our digital data, including selling it to the U.S. government.

What You Need To Know About The New Trans-Atlantic Data Privacy Framework

How U.S. companies should think about this new proposed replacement for the EU-U.S. Privacy Shield Framework.

The Trouble With FIPS: Encryption Standards Need a Makeover

FIPS 140 sets the standard for cryptography used in the United States, but it's got problems. Because of FIPS, we all have problems.

Announcing Our Startup Program

Why It’s Important for Startups to Build Right From the Beginning

A Contrarian's 2022 Tech Predictions

Once again, we'll see a huge rift between the hype and what the press covers versus where the real momentum is building.

AppSec Fails and the Incredible Durability of Application Vulnerabilities

As companies mature, they often look to increase their application security. But more often than not, they ignore one critical piece.

Infographic: How to Get Started With Application-layer Encryption

Application-layer encryption (ALE) is the best way to keep the data you hold safe, but there are a lot of pitfalls to doing it yourself from scratch, which is why few companies have historically used ALE. Thankfully, that's changing as it becomes more accessible.

Solving Search Over Encrypted Data

Encrypting data turns it "dark", but data is most useful when you can find it. And that's where encrypted search comes in.

An Open Letter to Apple: Please, Please Replace Objective-C with Rust

Your iOS 15.1 update fixes 22 vulnerabilities. Thank you. But here’s the thing: of those twenty-two, at least sixteen of them were due to memory bugs.

A Checklist to Quickly Evaluate SaaS Security

You don't need extensive infosec reviews to gauge the relative maturity of a SaaS company's security. You just need their website.

Application-Layer Encryption Defined

It's a simple concept made complicated by security vendors. We dispel the fog of B.S. in this mini-blog.

The Lack of Security Layers in SaaS

SaaS apps are systemically under-protected with laughably few layers to prevent a catastrophic breach.

An Unpopular Opinion: Apple's CSAM Detection Is A Net Good

I don't agree with the "slippery slope" and "backdoor" arguments

How the Cyber Insurance Industry Can Stop Ransomware

Cyber Insurers can help the tech industry level-up their security. If they want to.

Why Your SaaS App Needs Better Encryption

You can't afford to have customer data leak

Evaluating Newly Proposed Privacy Regulations

New privacy laws are popping up like mushrooms here in the U.S., which we love to see. But it can be hard to tell whether these proposed laws are meaningful or not.

SaaS Security: How To Handle Sensitive Data

Why SaaS Companies Should Offer Customer Managed Keys

The New Economics of Holding Personal Data in 2021

Hidden penalties buried in CCPA will radically change the cost of the next big data breach.

What Ring Got Wrong With End-to-End Encryption

We'll dig into what they did, from usability through to the cryptographic choices they made.

Opinion: Huge cyberattack shows it's time to fix our failing cybersecurity infrastructure

We live in an age of asymmetric cyber warfare where even small teams of attackers have an advantage over large and well-funded defenders.

Infographic: The Customer Managed Keys Buyer's Guide

More and more enterprises are offering customer managed keys (CMK), but not all CMK are created equal. This infographic compares CMK available from different companies.

Privacy Was On The Ballot

The voters have spoken and they want laws protecting their privacy. Four states made progress this cycle.

Free Tool for Startups Getting SOC 2 Certified

IronCore Labs' team developed a SOC 2 internal dashboard tool that's available for public use.

How to Handle EU Data Without the EU-US Privacy Shield Framework

Three Technical Approaches to Handling EU Data Without Privacy Shield

The Cloud Needs More Sunshine

Twitter is just the most recent reminder of how broken the cloud remains

New Ways to Address Modern Privacy Challenges

An IronCore Labs Product Update

Rally Software Leads the Industry in Data Privacy With Customer Managed Keys

Customers want data control, and with IronCore Labs, that's what Rally offers

Deidentifying Data: The Fool's Trap

Re-identification is trivial by joining other data sets

SaaS Trust Models for Security and Data Privacy

You can't compare the privacy of SaaS offerings until you understand their trust model.

Insights From Slack and Salesforce: Grow Your SaaS With Premium Data Privacy

Early adopters of premium data privacy are doing well. Here's one reason why.

Warning: SaaS Privacy Debt Will Crush Your Roadmap

An open letter on why kicking the can down the road is catastrophic for the future of software

How SaaS Companies Avoid Compelled Access With Encryption

A Look at Trust, Corporate Data, Government Prying, and Practical Defenses

Welcome to the Revolving Door of Personal Data

Why Clearview AI even exists: U.S. government sells data to industry and then buys it back using a warrantless search loophole

Highlights From Real World Crypto 2020

Things that made us go, "hmmmmmm"

Agile Approaches to Privacy and Security for SaaS Vendors

Highlights From the Agile Amped Podcast With Rob Pinna and Leslie Morse

IronHide: Better Team Encryption

A few months ago, we quietly released a little utility that brings the power of proxy re-encryption to the command line. Proxy…

Military Grade Encryption

And other security marketing bullshit

CCPA: What You Need to Know

The California Consumer Privacy Act takes effect on January 1st, 2020. If you're a dev or work for a software company, this affects you.

IronCore Is Now SOC 2 Certified

We are proud to announce that we have successfully completed the Service Organization Control audit known as SOC 2 Type 1. SOC 2 is a…

Policy-Based Client-Side Encryption in Angular

And How To Fix It

DoD's Distributed Data Problem

And How To Fix It

IronCore Labs Proxy Re-Encryption Library Audit by NCC Group

We believe there's a right way to do things. With cryptography, that's even more important than almost any other area of software, save…

IronCore's Privacy Platform Helps Developers Unlock Enterprise Sales

Today, security and privacy scandals flood the news, and customers are demanding to know who can access their data, who that data is shared…

Mastering Emotion in Marketing Copy

A tale of three books with an unexpected intersection

How Not To Handle a Breach

Equifax Shows the Way

Audit Your S3 Storage Immediately

A Quick and Dirty Guide

The Proliferation of Under-protected OAuth Tokens

The Hidden Cost of Cloud Management Services and Integrations

Announcing "Customer-Controlled Data"

A big step for Customer Managed Keys and a giant leap forward for cloud software

How the 4th Amendment Is Bypassed

The U.S. Constitution doesn't pull any punches. The Government does not have the right to sift through the communications or property of…

Baby Steps with NY's New Financial Cybersecurity Regs

Banks, insurance companies and other financial services companies in New York will soon be subject to new, stronger regulations around…

Quantum is the New Global Arms Race

China Takes the Lead

Bits, Banks and Burglars

What Happens When Digital Currency Is Stolen

The Worsening State of Application Security

At the Defcon conference last year, I was struck by the simplicity of most of the hacks that were being described. Five years ago, most of…

The Inevitable Demise of Perimeter Security

Computer security today follows classic real-world military approaches: make a perimeter; fortify that perimeter; ensure that only…