Vision
Products
SaaS Shield
Data Control Platform
Documentation
SaaS Shield
Data Control Platform
Resources
Blogs and Writing
News
Newsletters
Podcasts
Videos
White Papers
Trust Center
Pricing
Vision
Products
Documentation
Resources
Pricing
Blog Posts and Other Writing
A Checklist to Quickly Evaluate SaaS Security
Large companies have security teams that scrutinize every partner and vendor they use. They put the vendor through the wringer with security…
Read More
Application-Layer Encryption Defined
Let’s Not Overcomplicate It
Definition:
Application-layer Encryption (ALE) is when you encrypt data before sending it to a data store. There…
Read More
The Lack of Security Layers in SaaS
Running applications using a cloud service should be far more secure than running the same apps on your own servers. In theory, the cloud…
Read More
An Unpopular Opinion: Apple's CSAM Detection Is A Net Good
I work in cryptography. I’ve published a paper on the topic and hold patents as well. To undersell a bit:
I care a great deal about privacy…
Read More
How the Cyber Insurance Industry Can Stop Ransomware
Breaches are costly. You have to notify anyone whose data is or might be affected. You need to hire folks to come in and do forensics to…
Read More
Why Your SaaS App Needs Better Encryption
You Can’t Afford To Have Your Customer Data Leak
If you’re building software today, you’re probably planning to run it in AWS, Google Cloud…
Read More
Evaluating Newly Proposed Privacy Regulations
New privacy laws are popping up like mushrooms here in the U.S., which we love to see. But it can be hard to tell whether these proposed…
Read More
SaaS Security: How To Handle Sensitive Data
Why SaaS Companies Should Offer Customer Managed Keys
It costs around two cents per gigabyte per month to store data in the cloud today[1]. But the cost of losing that data is around
150 per record […
Read More
The New Economics of Holding Personal Data in 2021
The Cost of a Breach Will Soon Skyrocket
In the last few years, we’ve seen the rise of nearly 100 new and significant privacy laws around…
Read More
What Ring Got Wrong With End-to-End Encryption
And What They Got Right, Too
We’ll dig into what they did, from usability through to the cryptographic choices they made, but if you’re…
Read More
Opinion: Huge cyberattack shows it's time to fix our failing cybersecurity infrastructure
We live in an age of asymmetric cyber warfare where even small teams of attackers have an advantage over large and well-funded defenders.
…
Read More
Infographic: The Customer Managed Keys Buyer's Guide
More and more enterprises are offering customer managed keys (CMK), having seen the value in giving control to customers as data privacy…
Read More
Privacy Was On The Ballot
And it won. Again.
In the U.S. we just had an election with the highest voter turnout in history. While most people had their eyes on the…
Read More
Free Tool for Startups Getting SOC 2 Certified
IronCore Labs' team developed a SOC 2 internal dashboard tool that’s available for public use.
SOC 2 is a pain, especially for a startup…
Read More
How to Handle EU Data Without the EU-US Privacy Shield Framework
Three Technical Approaches to Handling EU Data Without Privacy Shield
On July 16, 2020, the European Court of Justice invalidated the EU-US…
Read More
The Cloud Needs More Sunshine
We recently learned that
nearly 1 in 4 Twitter employees can access customer accounts
. That access includes the ability to lock and unlock…
Read More
New Ways to Address Modern Privacy Challenges
The last 12 months have been busy ones for IronCore with new products, new features, major leaps in performance, usability, and more.
If you…
Read More
Rally Software Leads the Industry in Data Privacy With Customer Managed Keys
Rally Software, an agile lifecycle management solution that is part of Broadcom, and IronCore Labs teamed up recently to present a webinar…
Read More
Deidentifying Data: The Fool's Trap
Personally identifiable information (PII) is now regulated nearly everywhere in the world. But there’s a way to avoid these laws that…
Read More
SaaS Trust Models for Security and Data Privacy
Zero-trust models are the ultimate in privacy but are rarely an option. But it doesn’t have to be either zero-trust or full-trust. There’s a…
Read More
Insights From Slack and Salesforce: Grow Your SaaS With Premium Data Privacy
The relationship between data privacy and net negative churn
Data privacy and net negative churn — two topics that rarely show up in the…
Read More
Warning: SaaS Privacy Debt Will Crush Your Roadmap
Dear Software Developers,
That list of tech debt you’ve been trying to tackle bit by bit is not your biggest problem. Everything that would…
Read More
How SaaS Companies Avoid Compelled Access With Encryption
This blog takes an in-depth look at compelled access and how to keep it from being applied to data indirectly via service providers. Hang in…
Read More
Welcome to the Revolving Door of Personal Data
The U.S. government requires a warrant to snoop on citizens. Except when they can get that data by asking a commercial entity who willingly…
Read More
Highlights From Real World Crypto 2020
If you’re interested in how research around privacy and security is turning into real-world solutions, this is the best conference of the…
Read More
Agile Approaches to Privacy and Security for SaaS Vendors
Highlights From the Agile Amped Podcast With Rob Pinna and Leslie Morse
Listen to the Agile Amped Podcast
Baking Privacy and Security into the Technical Architecture
above or read our…
Read More
IronHide: Better Team Encryption
A few months ago, we
quietly released
a little utility that brings the power of proxy re-encryption to the command line. Proxy re-encryption…
Read More
Military Grade Encryption
Everywhere I look, companies say they protect data using “military-grade encryption.”
Wow! That sounds fantastic! Sign me up! If it’s good…
Read More
CCPA: What You Need to Know
The California Consumer Privacy Act takes effect on January 1st, 2020. But it has provisions that reach back to January 1st, 2019. If you’re…
Read More
IronCore Is Now SOC 2 Certified
We are proud to announce that we have successfully completed the Service Organization Control audit known as SOC 2 Type 1. SOC 2 is a…
Read More
Policy-Based Client-Side Encryption in Angular
Data is exponentially increasing —
90% of the world’s data was created in just the last two years
. The regulatory climate is shifting —
7…
Read More
DoD's Distributed Data Problem
Information is Power; Stolen Information is Empowering
Data is the currency of the modern age. For business, data is the fuel that propels…
Read More
IronCore Labs Proxy Re-Encryption Library Audit by NCC Group
We believe there’s a right way to do things. With cryptography, that’s even more important than almost any other area of software, save…
Read More
IronCore's Privacy Platform Helps Developers Unlock Enterprise Sales
Today, security and privacy scandals flood the news and customers are demanding to know who can access their data, who that data is shared…
Read More
Mastering Emotion in Marketing Copy
Good books nourish the brain. Really good books reverberate for weeks or months after reading them. I know I’ve read an impactful book when…
Read More
How Not To Handle a Breach
Equifax exposed personal data belonging to nearly every US adult with a credit card, around 145 million people. The entire social security…
Read More
Audit Your S3 Storage Immediately
UPDATES:
more S3 leaks added to the bottom of the article.
In the past month, we’ve seen breach after breach hit huge organizations not…
Read More
The Proliferation of Under-protected OAuth Tokens
There is an exploding number of companies who exist to help companies manage users or data across cloud services. A company that uses…
Read More
Announcing "Customer-Controlled Data"
In 2015, Box released their Customer Managed Keys solution to a great deal of excitement. The promise is huge: an organization gets the…
Read More
How the 4th Amendment Is Bypassed
The U.S. Constitution doesn’t pull any punches. The Government does not have the right to sift through the communications or property of…
Read More
Baby Steps with NY's New Financial Cybersecurity Regs
Banks, insurance companies and other financial services companies in New York will soon be subject to new, stronger regulations around…
Read More
Quantum is the New Global Arms Race
News broke this week that
China has launched a satellite that can communicate using quantum physics
.
This is huge news.
There is a general…
Read More
Bits, Banks and Burglars
Most stolen digital data has really just been copied. A typical digital theft is the stolen emails of the Democratic National Committee (DNC…
Read More
The Worsening State of Application Security
At the Defcon conference last year, I was struck by the simplicity of most of the hacks that were being described. Five years ago, most of…
Read More
The Inevitable Demise of Perimeter Security
Computer security today follows classic real-world military approaches: make a perimeter; fortify that perimeter; ensure that only…
Read More