This is a very interesting development. Encryption generally would solve a lot of problems around data sovereignty. So, encrypting the data, keeping the key and moving the data to the public cloud could basically address a lot of the risks. Today, it comes with a high price as the data which resides encrypted in the Cloud cannot be index (therefore is not searchable) nor can any operation be conducted.

The solution is homomorphic encryption, where a lot of research is done but it is still too slow. People at Microsoft Research now took a now angle on it: They took, what is already here and looked at the scenarios, which are already possible today.

The following article gives an interesting overview, what would be possible based on today’s research: A Cloud that Can't Leak

Roger

A result of a study by Kasperski lab is fairly promising – even though it shows the problem being raising up the stack:

For the very first time in its history, the top 10 rating of vulnerabilities includes products from just two companies: Adobe and Oracle (Java), with seven of those 10 vulnerabilities being found in Adobe Flash Player alone. Microsoft products have disappeared from this ranking due to improvements in the automatic Windows update mechanism and the growing proportion of users who have Windows 7 installed on their PCs.

The article can be found here.

So, I think all application developers should start to use the Security Development Lifecycle.

Roger

An interesting one: Google Threw A Punch, Microsoft Fires Back With A Missile

Roger