![]() ![]() LastPass also allows you to share passwords with other LastPass users, so it’s ideal for using in teams that need to share passwords. It also stops you re-using passwords, which is not good practice if one account is compromised it could compromise all accounts that you have that use that same password. The advantage of using a password manager is that you only ever have to remember one password, instead of dozens for all the individual accounts that you have. This service is currently available to UCL staff only. We would love to have an architectural discussion to understand your software and security goals.LastPass is a password manager that allows you to store all your passwords encrypted in one place. EdgeBit makes it simple to utilize confidential computing to operate on encrypted data. Wherever you fall on this spectrum, you can secure your SaaS and protect your customers data without extensive refactoring of your data model. In a B2B world, an enterprise can effectively control their security and collaborate using any SaaS, without having to fully give up control. The combination of secure enclaves + their key + access locked to the enclave(s) allows for a full data plane where the SaaS provider can operate on data but never have it disclosed to attackers or insiders. Privacy-sensitive customers frequently request the ability to bring their own encryption key for their data. ![]() Full E2E security with Bring-Your-Own-Key Even an insider or a cloud admin can steal data. This stops the attack we saw from LastPass. Isolating the handling of this data into secured microservices (running in enclaves) and having a verifiable audit trail about their usage. Customer data is handled by secured microservicesĮncrypting most or all of your customer data with per-customer encryption keys and derived data keys. As a provider, you never see the plaintext credential, ever. Secure your most prized data - credentials for partner integrations - by ingesting it directly into an enclave, and then only decrypting and using those credentials in a secure enclave. Of course, other SaaS services exist to use your data - that’s what you pay them for! How is this accomplished if data is secured end to end? We believe that secure enclaves will be the differentiating factor for B2B SaaS providers that want to operate on encrypted data.Įvery business is different, but a sliding scale for E2E security might look like: 1. LastPass has a great stance for your actual passwords, which they have no business reading. It’s never been more clear that all customer or user data needs to be encrypted and protected while it is being handled. This LastPass incident proves why Okta should be worried about the attacks to come derived from the inside knowledge. The attack vector here is chained to the previous security incident in August 2022, in which a development environment was breached and contained enough technical detail to retarget LastPass production, this time successfully.Įarlier this week in December 2022, Okta’s GitHub accounts were accessed by unauthorized parties. LastPass recently updated details on it’s latest security incident, in which cloud storage was accessed that stored unencrypted customer details as well as certain unencrypted data like website URLs that was stored adjacent to the encrypted fields: username, password, secure notes, etc. ThreatVector is an ongoing series where we break down recent security incidents in the news to understand how they happened, how they spread and what the ramifications are for companies as they evolve their defenses. ![]()
0 Comments
Leave a Reply. |