Category Archives: Venafi

Weak DevOps cryptographic policies increase financial services cyber risk

Posted on by

Cryptographic security risks are amplified in DevOps settings, where compromises in development or test environments can spread to production systems and applications. This is a particular issue for financial services organizations, which have been early adopters of DevOps technology. According to a study conducted by Dimensional Research, many financial services organizations have fairly strong cryptographic security policies in their production systems; however, they often fail to enforce the same vital measures in their DevOps environments. … More Continue reading Weak DevOps cryptographic policies increase financial services cyber risk

Cryptographic security risks are amplified in DevOps settings

Posted on by

Cryptographic security risks are amplified in DevOps settings, where compromises in development or test environments can spread to production systems and applications, according to a study conducted by Dimensional Research. According to the study, many organizations fail to enforce vital cryptographic security measures in their DevOps environments. These problems are especially acute among organizations that are in the midst of adopting DevOps practices, but even organizations that say their DevOps practices are mature do not … More Continue reading Cryptographic security risks are amplified in DevOps settings

23% of security pros are blind to encrypted traffic threats

Posted on by

According to a Venafi survey conducted at RSA Conference 2017, 23 percent of respondents have no idea how much of their encrypted traffic is decrypted and inspected. “Encryption offers the perfect cover for cyber criminals,” said Kevin Bocek, chief security strategist for Venafi. “It’s alarming that almost one out of four security professionals doesn’t know if his or her organization is looking for threats hiding in encrypted traffic. It’s clear that most IT and security … More Continue reading 23% of security pros are blind to encrypted traffic threats

21% of websites still use insecure SHA-1 certificates

Posted on by

New research from Venafi Labs shows that 21 percent of the world’s websites are still using certificates signed with the vulnerable Secure Hash Algorithm, SHA-1. On February 23, 2017, Google affiliated security researchers announced they cracked the SHA-1 security standard using a collision attack. The incident proved that the deprecated cryptographic secure hash algorithm still used to sign many website digital certificates can be manipulated. Newly issued certificates using the SHA-2 family of hash functions … More Continue reading 21% of websites still use insecure SHA-1 certificates

Global geopolitical changes driving encryption adoption

Posted on by

Recent global geopolitical changes have made more people and organizations than ever worry about the privacy of their data, and consider increasing their use of encryption to ensure their data is kept safe. According to the results of a survey of 918 security professionals attending the 2017 RSA Conference: Almost three-fourths (72 percent) of security professionals say they are more concerned about data privacy; similarly, 71 percent say organizations are more concerned about data privacy. … More Continue reading Global geopolitical changes driving encryption adoption

Questions Mount Around Yahoo Breach

Posted on by

Crypto company Venafi points out potential holes in Yahoo’s processes and policies around cryptography and digital certificates, any of which could have been exploited in the breach to move data off the Yahoo network. Continue reading Questions Mount Around Yahoo Breach