This month's thoughts are around:
Fixing your smart egg carton* or smart toilet much? Thought not. However, with the recent news of software like youtube-dl being removed from GitHub, there is a future where it could be illegal to do just that. Obviously, most of us won't care much about these things but what if it was other items which you own - like your car - or if you're a professional investigating a problem which you're responsible for. Could you be liable?
As advocates and publishers of open source software, myself and Mesoform are watching this space carefully. The EFF has a great video describing the future risk. What's your thoughts? https://youtu.be/ck7utXYcZng
*Yes, smart egg cartons are a real thing. See 6.15mins into the video.
Distributed Denial of Service (DDoS) can cost companies huge amounts in revenue and ruin reputations. This is a great article from Google Cloud on what it means and how they protect against it. Some of what Google can do is beyond reach of most companies but we all need to protect our services so at Mesoform we draw on decades worth of experience working within ISPs and other large, global organisations to ensure optimum protection against various types are attacks at all layers.
https://cloud.google.com/blog/products/identity-security/identifying-and-protecting-against-the-largest-ddos-attacks
Security is paramount to most companies journey on Cloud Computing and over the last few years, providers have introduced new and ever more accessible ways to make your workloads safe.
One of those ways is a secure enclave. A secure enclave is a secure space (often hardware-based) for storing sensitive credentials (like a key) that’s isolated from the main processor. When a key is stored there, it's done so without a developer or user ever seeing it, making it difficult for the key to become compromised.
The article below links to a study on the subject from the University of Birmingham which highlighs an important point (SGX is a special bit of code used by Intel-based enclaces) that 'cloud providers with SGX support, such as Microsoft Azure, state that SGX “safeguard[s] data..."' and '...SGX allows you to run applications on untrusted infrastructure (for example public cloud) without having to trust the infrastructure provider'.
When you run software on The Cloud, it runs on a server in one of your provider's data centres, and those servers occasionally need to be opened for repairs, so being as an "adversary can connect two wires" to very simply bypass the security, trust in the providers processes WILL be needed for highly sensitive data.
To be clear, the chances of this are extremely slim; and for the vast majority of cases it shouldn't be an issue, but as a best practice, Mesoform helps teams get set-up early on with things like encryption-in-transit (for when you're sending information) and encryption-at-rest (for when you're saving information). Have a look to see if your cloud provider offers customer managed or customer supplied encryption keys with a key management store or hardware security module.
https://www.theregister.com/AMP/2020/11/14/intel_sgx_protection_broken
If you would like to discuss any of these topics in more detail, please feel free to get in touch