The NSA has been in the news a lot lately for apparently working to snoop on data moving between Google data centers as well as the data centers of Microsoft, Yahoo and others.
The leaked documents depicting this work were actually quite dated. Many firms have been moving aggressively to encrypt data to protect it from prying eyes.
There are several important steps that should be taken:
- Encrypt data center links
- Support HTTPS (SSL) encryption
- Enable HTTP Strict Transport Security (HSTS)
- Leverage perfect forward secrecy for encryption keys
- STARTTLS for email transfer
These are industry best practices for encryption and protect data from falling into the wrong hands. The nonprofit that leads the efforts to protect civil rights in the digital world is the Electronic Frontier Foundation. Umzuzu has been a proud supporter of the EFF since our founding and if you'd like to support their efforts as well, you can learn more here.
The EFF has released a report detailing how companies are protecting our data. Google and Dropbox have followed all 5 encryption best practices, check out this infographic to see how others are doing. Regardless if you are a business of 1 or 1,000's - your data deserves to be protected.