A capable colleague passed on a request from their client. They want to know if... - Cybersecurity - Infosec news & discussion

stefano, 2 months ago

A capable colleague passed on a request from their client. They want to know if the VM disks are encrypted at rest, if the keys are rotated periodically, and if there's a key retention procedure in place. Ironically, the client's VPS runs on Ubuntu 18.04, which has been out of updates for a year, and despite numerous notifications to upgrade, they believe it can wait. 😄

#CyberSecurity #Encryption #DataProtection #Ubuntu #VPS #TechSupport #InfoSec

reply

report

activity

copy /kbin url

copy original url

open original url

Loading...

+ oblomov

Image

Image alternative text

ParadeGrotesque, 2 months ago

@stefano

Somebody got a letter from their client, asking what their security level was...

"Oh yeah, remember that old server we store everything on?"

reply

report

activity

copy /kbin url

copy original url

open original url

Loading...

stefano, 2 months ago

@ParadeGrotesque I think so...

reply

report

activity

copy /kbin url

copy original url

open original url

Loading...

ParadeGrotesque, 2 months ago

@stefano

I guarantee it.

Some big client of theirs wants to be iso 9001 certified, which requires their suppliers to provide security guarantees.

Lawyers write boilerplate letters, send letters to all suppliers. And they contact their IT guys and ask the questions that were in the letter. About that Ubuntu 18.04 servers.

reply

report

activity

copy /kbin url

copy original url

open original url

Loading...

Add comment