Category: Security

At its core, the current client-server architecture is broken. In today’s applications, the server is at the center of trust and authority.

To trust the server, you have to trust the millions of lines of code that form these servers and the operating systems they depend on. Far worse, we also have to depend on all the people that maintain the systems, the systems those people depend on, and so on. Internally, you have to trust your own IT staff, admins, and others who have the ability to access data they lack the legal or policy authority to see. In classified spaces, you see an example of this with system administrators being granted special clearances to be able to administer conventional services such as wikis and email.

Any one compromise within the system — from security bugs in the server source code to a compromise with any of the innumerable vendors in use within the modern enterprise, to compromised or malicious internal privileged users, can bring the entire system crashing down. The data in the modern environment is too important to have single points of failure for the entire system.

To learn more, please contact me @ SpiderOak.

A secure software platform for effortlessly building communication and collaboration software in mission-critical environments.

Software for Mission Critical Collaboration

Meeting the mission needs in the modern world requires tools that enable collaboration, communication, and coordination with greater ease and flexibility. These tools need to not just serve individual teams but must be flexible enough to work with mission partners, other companies, and other governmental organizations. No more can one team “go it alone” and expect success, but a wealth of knowledge and communication between a wide variety of actors is necessary.

Traditionally, it has been seen that making communication and collaboration easier has meant making it less secure, or greater security necessarily means decreasing ease of collaboration.

At SpiderOak we believe that the 21st-century mission requires tools enabling both greater collaboration and rock-solid assurances of data confidentiality, integrity, and authority.

This article was originally written in 2017.

We all know the story of the Trojan horse. What we don’t know is why the Trojans didn’t take the horse and lock it in a room for a week, flood it, and then haul it out in the town square once they were sure it was safe. If the Trojans had been less trusting, a smelly wooden eyesore would be the worst of their problems. Instead, they lost everything.

Even though everyone knows this story, we still make the same mistake today: we are too trusting.

It’s now 2017, and data breach is the norm. Over the last ten years, 9 billion records have been compromised, with nearly 2 billion in 2017 alone. Even as we adapt better security practices and spend more money to protect ourselves, attackers are finding new ways to exploit weaknesses in a company’s defenses.

One increasingly common attack is called a supply chain attack, where an attacker slips malware or a rootkit into a software update without the developers noticing. This is the type of attack which caused the massive Target breach of 2013 that gave attackers access to 41 million consumers’ personal information.

The idea that malware is lurking in your software updates is frightening — and it should be. If a supply chain attack succeeds, the hacker gains access to millions of computers all at once. All it takes is one developer making a mistake or not reviewing the code thoroughly, and a contaminated update is released to everyone using the software. These attacks create disruption all the way up to the Executive level — but what can be done to prevent them?

Fortunately, SpiderOak has an answer.

Our Secure Application Updater is based on the platform we created to build our own products. We use blockchain technology to secure every step of the release process, verifying the identify of each developer working on it and ensuring the code is never tampered with. Using cryptography, we can help you be absolutely sure that malicious code will never make it into your updates.

It’s time to change the way we think about protecting our companies. Stop trusting everyone and you can change how history will remember you: not as a tragedy, but as a breach-free company with some questionable taste in horse sculptures.

……

A dangerous threat that takes advantage of the inherent trust between users and their software providers is a growing trend.

“Security researchers from Check Point Software Technologies recently found around 50 malware-infected Android applications hosted on Google Play that had been downloaded millions of times. They determined that the malicious code was actually part of a third-party SDK that app developers had integrated into their apps.”

What can we expect in 2018?

In 2018, we expect to see advanced threat actors playing to their new strengths, honing their new tools and the terrifying angles described above.