In 2007, DNA pioneer James Watson became the first person to have his entire genome sequencedmaking all of his 6 billion base pairs publicly available for research. Well, almost all of them. He left one spot blank, on the long arm of chromosome 19, where a gene called APOE lives. Certain variations in APOE increase your chances of developing Alzheimers, and Watson wanted to keep that information private.

Except it wasnt. Researchers quickly pointed out you could predict Watsons APOE variant based on signatures in the surrounding DNA. They didnt actually do it, but database managers wasted no time in redacting another two million base pairs surrounding the APOE gene.

This is the dilemma at the heart of precision medicine: It requires people to give up some of their privacy in service of the greater scientific good. To completely eliminate the risk of outing an individual based on their DNA records, youd have to strip it of the same identifying details that make it scientifically useful. But now, computer scientists and mathematicians are working toward an alternative solution. Instead of stripping genomic data, theyre encrypting it.

Gill Bejerano leads a developmental biology lab at Stanford that investigates the genetic roots of human disease. In 2013, when he realized he needed more genomic data, his lab joined Stanford Hospitals Pediatrics Departmentan arduous process that required extensive vetting and training of all his staff and equipment. This is how most institutions solve the privacy perils of data sharing. They limit who can access all the genomes in their possession to a trusted few, and only share obfuscated summary statistics more widely.

So when Bejerano found himself sitting in on a faculty talk given by Dan Boneh, head of the applied cryptography group at Stanford, he was struck with an idea. He scribbled down a mathematical formula for one of the genetic computations he uses often in his work. Afterward, he approached Boneh and showed it to him. Could you compute these outputs without knowing the inputs? he asked. Sure, said Boneh.

Last week, Bejerano and Boneh published a paper in Science that did just that. Using a cryptographic genome cloaking method, the scientists were able to do things like identify responsible mutations in groups of patients with rare diseases and compare groups of patients at two medical centers to find shared mutations associated with shared symptoms, all while keeping 97 percent of each participants unique genetic information completely hidden. They accomplished this by converting variations in each genome into a linear series of values. That allowed them to conduct any analyses they needed while only revealing genes relevant to that particular investigation.

Just like programs have bugs, people have bugs, says Bejerano. Finding disease-causing genetic traits is a lot like spotting flaws in computer code. You have to compare code that works to code that doesnt. But genetic data is much more sensitive, and people (rightly) worry that it might be used against them by insurers, or even stolen by hackers. If a patient held the cryptographic key to their data, they could get a valuable medical diagnosis while not exposing the rest of their genome to outside threats. You can make rules about not discriminating on the basis of genetics, or you can provide technology where you cant discriminate against people even if you wanted to, says Bejerano. Thats a much stronger statement.

The National Institutes of Health have been working toward such a technology since reidentification researchers first began connecting the dots in anonymous genomics data. In 2010, the agency founded a national center for Integrating Data for Analysis, Anonymization and Sharing housed on the campus of UC San Diego. And since 2015, iDash has been funding annual competitions to develop privacy-preserving genomics protocols. Another promising approach iDash has supported is something called fully homomorphic encryption, which allows users to run any computation they want on totally encrypted data without losing years of computing time.

Megan Molteni

The Go-To Gene Sequencing Machine With Very Strange Results

Sarah Zhang

Cheap DNA Sequencing Is Here. Writing DNA Is Next

Rachel Ehrenberg, Science News

Scrubbing IDs Out of Medical Records for Genetic Studies

Kristen Lauter, head of cryptography research at Microsoft, focuses on this form of encryption, and her team has taken home the iDash prize two years running. Critically, the method encodes the data in such a way that scientists dont lose the flexibility to perform medically useful genetic tests. Unlike previous encryption schemes, Lauters tool preserves the underlying mathematical structure of the data. That allows computers to do the math that delivers genetic diagnoses, for example, on totally encrypted data. Scientists get a key to decode the final results, but they never see the source.

This is extra important as more and more genetic data moves off local servers and into the cloud. The NIH lets users download human genomic data from its repositories, and in 2014, the agency started letting people store and analyze that data in private or commercial cloud environments. But under NIHs policy, its the scientists using the datanot the cloud service providerresponsible with ensuring its security. Cloud providers can get hacked, or subpoenaed by law enforcement, something researchers have no control over. That is, unless theres a viable encryption for data stored in the cloud.

If we dont think about it now, in five to 10 years a lot peoples genomic information will be used in ways they did not intend, says Lauter. But encryption is a funny technology to work with, she says. One that requires building trust between researchers and consumers. You can propose any crazy encryption you want and say its secure. Why should anyone believe you?

Thats where federal review comes in. In July, Lauters group, along with researchers from IBM and academic institutions around the world launched a process to standardize homomorphic encryption protocols. The National Institute for Standards and Technology will now begin reviewing draft standards and collecting public comments. If all goes well, genomics researchers and privacy advocates might finally have something they can agree on.

Read this article:
To Protect Genetic Privacy, Encrypt Your DNA - WIRED

PUNE, India, August 23, 2017 /PRNewswire/ --

According to a new market research report "Cloud Encryption Market by Component (Solution and Service), Service Model (Infrastructure-as-a-Service, Software-as-a-Service, and Platform-as-a-Service), Organization Size, Vertical, and Region - Global Forecast to 2022", published by MarketsandMarkets, the market size is expected to grow from USD 645.4 Million in 2017 to USD 2,401.9 Million by 2022, at a Compound Annual Growth Rate (CAGR) of 30.1%.

(Logo: http://photos.prnewswire.com/prnh/20160303/792302 )

Browse 64 Market Data Tables and 45 Figures spread through 184 Pages and in-depth TOC on "Cloud Encryption Market"

http://www.marketsandmarkets.com/Market-Reports/cloud-encryption-market-158713019.html

Early buyers will receive 10% customization on this report

The demand for cloud encryption is majorly driven by stringent government regulations and the need to protect mission critical data residing on the cloud. With the rising demand for cloud and virtualization across different industry verticals, the adoption rate of cloud encryption among enterprises is expected to gain a major traction during the forecast period.

The Infrastructure-as-a-Service (IaaS) model is expected to hold the largest market share

The IaaS segment includes the offerings such as servers, storages, and networking infrastructure on-premises private cloud. This infrastructure is used to run the applications on the public cloud. It enables the organizations to reduce the total cost of ownership as the infrastructure is being provided by third-party vendors in the form of cloud-based data centers. However, virtualization introduces new security challenges. Thus, enterprises are adopting cloud encryption solution and services to run business-critical functions securely.

Ask for PDF Brochure @http://www.marketsandmarkets.com/pdfdownload.asp?id=158713019

The telecom and IT vertical is expected to grow at the fastest rate

The telecom and IT vertical involves high usage of cloud-based applications for their business operations and is thus frequently attacked by cybercriminals. Companies in this sector are adopting cloud encryption solutions so as to provide their customers risk-free services. The usage of cloud encryption has allowed users to save the important information on their mobile devices and use that information through the cloud without any risk. Therefore, cloud encryption solutions are helping telecom and IT companies in enhancing their services and providing secure information to customers while complying with regulations.

North America is expected to contribute to the largest market share; Asia Pacific to grow the fastest during the forecast period

North America is expected to have the largest market share and dominate the Cloud Encryption Market from 2017 to 2022, owing to the early adoption of new and emerging technologies and the presence of a large number of players in this region. APAC offers extensive growth avenues in the Cloud Encryption Market, owing to a widespread presence of SMEs that are extensively adopting cloud technology.

The major vendors providing cloud encryption solutions and services are Thales e-Security (La Defense, France), Gemalto N.V. (Amsterdam, Netherlands), Sophos Group plc (Abingdon, UK), Symantec Corporation (California, US), Skyhigh Networks (California, US), Netskope Inc. (California, US), CipherCloud (California, US), HyTrust, Inc. (California, US), Trend Micro Incorporated (Tokyo, Japan), Vaultive, Inc. (Massachusetts, US), and TWD Industries AG (Unteriberg, Switzerland).

Enquiry Before Buying @http://www.marketsandmarkets.com/Enquiry_Before_Buying.asp?id=158713019

Browse Related Reports

Cloud Security Market by Service Type (IAM, DLP, IDS/IPS, SIEM, and Encryption), Security Type, Service Model (IaaS, PaaS, and SaaS), Deployment Type (Public, Private, and Hybrid), Organization Size, Vertical, and Region - Global Forecast to 2022 http://www.marketsandmarkets.com/Market-Reports/cloud-security-market-100018098.html

Mobile Encryption Market by Component (Solution and Services), Application (Disk Encryption, File/Folder Encryption, Communication Encryption, and Cloud Encryption), End-User Type, Deployment Type, Vertical, and Region - Global Forecast to 2022 http://www.marketsandmarkets.com/Market-Reports/mobile-encryption-market-120317676.html

Know More About our Knowledge Store @http://www.marketsandmarkets.com/Knowledgestore.asp

About MarketsandMarkets

MarketsandMarkets provides quantified B2B research on 30,000 high growth niche opportunities/threats which will impact 70% to 80% of worldwide companies' revenues. Currently servicing 5000 customers worldwide including 80% of global Fortune 1000 companies as clients. Almost 75,000 top officers across eight industries worldwide approach MarketsandMarkets for their painpoints around revenues decisions.

Our 850 fulltime analyst and SMEs at MarketsandMarkets are tracking global high growth markets following the "Growth Engagement Model - GEM". The GEM aims at proactive collaboration with the clients to identify new opportunities, identify most important customers, write "Attack, avoid and defend" strategies, identify sources of incremental revenues for both the company and its competitors. MarketsandMarkets now coming up with 1,500 MicroQuadrants (Positioning top players across leaders, emerging companies, innovators, strategic players) annually in high growth emerging segments. MarketsandMarkets is determined to benefit more than 10,000 companies this year for their revenue planning and help them take their innovations/disruptions early to the market by providing them research ahead of the curve.

MarketsandMarkets' flagship competitive intelligence and market research platform, "RT" connects over 200,000 markets and entire value chains for deeper understanding of the unmet insights along with market sizing and forecasts of niche markets.

Contact: Mr. Rohan MarketsandMarkets 701 Pike Street Suite 2175, Seattle, WA 98101, United States Tel: +1-888-600-6441 Email: rel="nofollow">sales@marketsandmarkets.com

Visit Our Blog @ http://www.marketsandmarketsblog.com/market-reports/telecom-it Connect with us on LinkedIn @ http://www.linkedin.com/company/marketsandmarkets

Follow this link:
Cloud Encryption Market Worth 2401.9 Million USD by 2022 - Markets Insider

When trying to figure out which genetic mutations cause disease and which are associated with healthy individuals, researchers have in the past had to compare whole genomes of thousands of people. But with this work, scientists have shown that a whole genome isn't necessary and there are ways of keeping all of the irrelevant genetic data private. "There is a general conception that we can only find meaningful differences by surveying the entire genome," said Gill Bejerano, an author of the study, in a statement. "But these meaningful differences make up only a very tiny proportion of our DNA. There are now amazing tools in computer science and cryptography that allow researchers to pinpoint only these differences while keeping the remainder of the genome completely private."

What the research team did was create a way for patients to encrypt their genome and report whether their genome analysis showed the presence of particular gene variants. That information was then uploaded to the cloud and researchers were able to reveal only the gene variants that were pertinent to their study. Around 97 percent of the participants' genomes were kept hidden and were only ever viewed in full by the participants themselves. "These are techniques that the cryptography community has been developing for some time," said Dan Boneh, another author of the study. "Now we are applying them to biology."

Ultimately, this means that patients' genetic data can remain private while also being used for study. "We now have the tools in hand to make certain that genomic discrimination doesn't happen," said Bejerano. "There are ways to simultaneously share and protect this information."

Read the original here:
Researchers use encryption to keep patients' DNA private - Engadget - Engadget

Despite early reports, experts agree that the leak of the iPhone Secure Enclave Processor firmware encryption key should not pose a security risk and may even ultimately improve user security.

When a hacker/researcher going by the handle "xerub" released the firmware encryption key, the initial reaction was one of panic because the iPhone Secure Enclave is responsible for storing and processing highly sensitive data, as described by Mike Ash, software engineer and fellow at Plausible Labs, in response to the debate around the FBI wanting backdoor access to Apple's encryption:

"The Secure Enclave contains its own [unique ID] and hardware AES engine. The passcode verification process takes place here, separated from the rest of the system. The Secure Enclave also handles Touch ID fingerprint processing and matching, and authorizing payments for Apple Pay," Ash wrote in a blog post about iPhone Secure Enclave last year. "The Secure Enclave performs all key management for encrypted files. File encryption applies to nearly all user data."

While most iPhone system apps use Secure Enclave, and all third-party apps use it by default since iOS 7, Ash wrote, "The main CPU can't read encrypted files on its own. It must request the file's keys from the Secure Enclave, which in turn is unable to provide them without the user's passcode."

While this sounds bad, David Schuetz, senior security consultant at NCC Group, said in his own analysis that the encryption key xerub released was specific to the GSM model of the iPhone 5S -- the first Apple device with the Secure Enclave Processor -- running iOS 10.3.3.

Apple reportedly told TechRepublic that decrypting the iPhone Secure Enclave firmware "in no way provides access" to user data and that Apple does not have plans to patch affected devices.

Xerub also told TechRepublic the encryption key would not impact user security but said the "public scrutiny" around the release could improve the security of the iPhone Secure Enclave.

Schuetz added that modifying the iPhone Secure Enclave firmware would not be possible because "the firmware is also signed by Apple, and the attacker would need to be able to forge the signature to get the phone to install the hacked firmware."

"I think this is a good thing, in the long run. This should have very little practical effect on the security of individual iOS devices, unless a very significant flaw is uncovered. Even then, the potential scope of the finding may be limited to only older devices," Schuetz wrote. "If the security of the Secure Enclave is in any way directly reduced by the disclosure of the firmware, then it wasn't truly secure in the first place."

Learn whether or not Apple's Touch ID is ready for enterprise adoption.

Find out why IT pros are confident in Apple's Apple's data protection and encryption.

Get info on undetectable encryption backdoors in crypto keys demoed by researchers.

See the article here:
iPhone Secure Enclave firmware encryption key leaked - TechTarget

Ambulance organizations are worried that the pending encryption of police radio transmissions in Lancaster County will compromise the safety of medics racing to dangerous calls, LNP reported last Wednesday. Emergency medical service leaders asked the county commissioners to revise their June approval of police radio encryption to allow their crews to listen to police calls. The commissioners have not made a decision on the request.

Encryption is a bad idea. Words like transparency and accountability should mean something. Their significance diminishes every time we erect another barrier between government and the public.

We want our police officers to be as safe as they can possibly be. We also believe in the importance of public access to information. These values are not mutually exclusive.

Practically speaking, theres no evidence that encrypting police transmissions will make policing safer or easier. Part of the rationale for encryption is to prevent an ambush or to keep the media from reaching a crime scene before law enforcement, which, by the way, is very rare.

We know police officers would rather not have to deal with media at a crime scene. But the media has a job to do. Weather events, fires, gas leaks the media monitors police transmissions to help keep the public informed. Thats the medias job. Weve asked for proof that media or public access to police transmissions has ever compromised a crime scene or an investigation, or violated the privacy of a victim. Were still waiting.

Weve also asked the county commissioners to reconsider. Now, were not alone.

As LNPs Jeff Hawkes reported, medics need to hear what the first officers on the scene are saying to each other and dispatchers about the nature of a crash, shooting or other emergency requiring an ambulance. They can start to prepare before they arrive if they have more information. Is the crime scene secure? Are flood waters too deep? Are there downed wires?

These are legitimate concerns and questions. And how were the EMS officials received when they spoke up at a meeting with the commissioners last week? Not well.

Police departments, I dont think, would ever come in here and ask you to put some regulation on the fire departments, said Chief Kevin McCarthy of East Earl Township, representing a county police chiefs group. We actually thought the matter was finished.

Its not. Nor should it be. And McCarthys comment misses the point by a wide margin.

The entities that rely on police transmissions should be working together to keep the public safe and informed. Radio transmissions help the media communicate to the public. EMTs use the information to get to people who need help. This is a debate about openness in government and access to information. Once it degenerates into an argument over stepping on toes or whos dictating policy to whom, were in real trouble.

As we wrote when the decision to encrypt was announced, if a lack of public trust and faith in government institutions is a real problem, this law only serves to exacerbate mistrust.

And now you have a group of first responders saying it makes no practical sense either and will make their jobs more difficult.

To lose that ability to communicate or at least monitor (police transmissions) is a real danger to people in EMS, Dr. Michael Reihart, the medical director of a regional emergency health services federation, told LNP.

This should be more than enough for the commissioners to reconsider.

It should be, but apparently, it isnt.

Commissioners Chairman Dennis Stuckey, after hearing from EMS officials, said that hes not inclined to change anything.

Darrell Fisher, president of the Lancaster County EMS Council, told LNP that he will continue to push this issue, and we commend him for doing so.

Its pretty clear that the commissioners and everyone else who favors encryption want Reihart and Fisher to lose interest and go away. We hope they dont.

Commissioner Craig Lehman may represent the last hope for preserving transparency and public accessibility. Lehman opposed blocking media access to police radio, and told LNP that hes sensitive to the medics request and worries about other unintended consequences of encryption that could put police at risk.

We hope the police who requested encryption and the commissioners who voted for it will reopen this discussion. We still believe a compromise can be reached. As LNP Executive Editor Barbara Hough Roda wrote in July, we seek a compromise that will allow law enforcement to do its work, and enable those of us in the news media to do ours.

That doesnt seem like too much to ask. And its the least the public has a right to expect.

Follow this link:
Additional proof that Lancaster County Commissioners should reconsider encrypting police transmissions - LancasterOnline

This documentation is archived and is not being maintained.

We are in the process of combining the SharePoint Server 2013 and SharePoint Server 2016 content into a single content set. We appreciate your patience while we reorganize things. See the Applies To tag at the top of each article to find out which version of SharePoint an article applies to.

Applies to: OneDrive for Business, SharePoint Online

Topic Last Modified: 2017-07-31

Summary: Learn how encryption of data security works in OneDrive for Business and SharePoint Online.

Understand the basic elements of encryption for data security in OneDrive for Business and SharePoint Online.

Office 365 is a highly secure environment that offers extensive protection in multiple layers: physical data center security, network security, access security, application security, and data security. This article specifically focuses on the in-transit and at-rest encryption side of data security for OneDrive for Business and SharePoint Online.

For a description of Office 365 security as a whole, see Security in Office 365 White Paper.

Watch how data encryption works in the following video.

In OneDrive for Business and SharePoint Online, there are two scenarios in which data enters and exits the datacenters.

Client communication with the server Communication to OneDrive for Business across the Internet uses SSL/TLS connections. All SSL connections are established using 2048-bit keys.

Data movement between datacenters The primary reason to move data between datacenters is for geo-replication to enable disaster recovery. For instance, SQL Server transaction logs and blob storage deltas travel along this pipe. While this data is already transmitted by using a private network, it is further protected with best-in-class encryption.

Encryption at rest includes two components: BitLocker disk-level encryption and per-file encryption of customer content.

BitLocker is deployed for OneDrive for Business and SharePoint Online across the service. Per-file encryption is also deployed in OneDrive for Business and SharePoint Online in Office 365 multi-tenant and new dedicated environments that are built on multi-tenant technology.

While BitLocker encrypts all data on a disk, per-file encryption goes even further by including a unique encryption key for each file. Further, every update to every file is encrypted using its own encryption key. Before theyre stored, the keys to the encrypted content are stored in a physically separate location from the content. Every step of this encryption uses Advanced Encryption Standard (AES) with 256-bit keys and is Federal Information Processing Standard (FIPS) 140-2 compliant. The encrypted content is distributed across a number of containers throughout the datacenter, and each container has unique credentials. These credentials are stored in a separate physical location from either the content or the content keys.

For additional information about FIPS 140-2 compliance, see FIPS 140-2 Compliance, and for AES with 256 bit see, Keep Your Data Secure with the New Advanced Encryption Standard.

File-level encryption at rest takes advantage of blob storage to provide for virtually unlimited storage growth and to enable unprecedented protection. All customer content in OneDrive for Business and SharePoint Online will be migrated to blob storage. Heres how that data is secured:

All content is encrypted, potentially with multiple keys, and distributed across the datacenter. Each file to be stored is broken into one or more chunks, depending its size. Then, each chunk is encrypted using its own unique key. Updates are handled similarly: the set of changes, or deltas, submitted by a user is broken into chunks, and each is encrypted with its own key.

All of these chunksfiles, pieces of files, and update deltasare stored as blobs in our blob store. They also are randomly distributed across multiple blob containers.

The map used to re-assemble the file from its components is stored in the Content Database.

Each blob container has its own unique credentials per access type (read, write, enumerate, and delete). Each set of credentials is held in the secure Key Store and is regularly refreshed.

In other words, there are three different types of stores involved in per-file encryption at rest, each with a distinct function:

Content is stored as encrypted blobs in the blob store. The key to each chunk of content is encrypted and stored separately in the content database. The content itself holds no clue as to how it can be decrypted.

The Content Database is a SQL Server database. It holds the map required to locate and reassemble all of the content blobs held in the blob store as well as the keys needed to decrypt those blobs.

Each of these three storage componentsthe blob store, the Content Database, and the Key Storeis physically separate. The information held in any one of the components is unusable on its own. This provides an unprecedented level of security. Without access to all three it is impossible to retrieve the keys to the chunks, decrypt the keys to make them usable, associate the keys with their corresponding chunks, decrypt any chunk, or reconstruct a document from its constituent chunks.

Follow this link:
Data Encryption in OneDrive for Business and SharePoint Online

Encryption services are becoming a focus for organisations and decision makers as new data protection laws such as the GDPR come in but when faced with a market flooded by various products and little time to make the right choice, it can be difficult to find the one that best fits individual needs, ESET says.

The company has assembled a list of the five questions organisations should ask before buying encryption.

1.Which laptops present the biggest risk; on-site or off-site?

This might seem like a pointless question with an obvious answer; systems are more liable to loss or theft when away from the office, but making this distinction and keeping it in mind is the right place to start and when you have settled on a solution, be sure to test its effectiveness at managing problem scenarios for your remote users.

2.Does the system offer full remote control of off-site endpoint encryption that fits your IT department?

All major Endpoint Encryption products offer the means to manage remote systems, but look carefully at the requirements. Most need either an open incoming connection to a demilitarized zone (DMZ) on your Server, or a VPN connection. All involve a higher level of IT skills and additional costs and may require the user to initiate the connection to function; not much use with a rogue employee or stolen laptop. A well-designed product will give you the remote management necessary without creating additional security problems, requiring specialist knowledge or adding expense to the project.

Why is this important?

Being able to quickly vary security policy, encryption keys, features and operation of endpoint encryption remotely, means that your default policy can be strong and tight. Exceptions can be made only when and where they are needed, and reverted just as easily. If you can't do this you'll be forced to leave 'a key under the doormat' - just in case, tearing holes in your policy before deployment is complete.

3.Does the solution allow you to remotely lock or wipe keys from laptops?

The answer might be crucial if a company computer with full-disk encryption gets stolen while in sleep mode or with operating system booted up, not to mention those systems with the pre-boot password affixed on a label or tucked in the laptop bag. If a remote lock or wipe function is not available, then the system is either unprotected or secured only by the OS password, with the encryption being bypassed in either case.

Similarly, it is important to know whether the solution has been designed to accommodate the typical use-cases that would otherwise unravel a well-designed security policy.

4.Does the solution secure removable media without having to whitelist each item?

With an array of writeable devices that people use for their everyday work, it is almost impossible for the admins to whitelist each and every one of them and decide if they can be read from or written to.

It is much easier to set a file-level policy-- distinguishing between files that need encryption and those that don't-- and keep these protected every time they move from workstation or corporate network to any portable device.

In other words, if you connect your own USB stick, it won't force you to encrypt your private data, however anything coming from the company system will be encrypted without the keys being held on your device. A simple idea, but one which makes any device safe, without the need for whitelisting.

5.Is the solution easy to deploy?

If the setup of the solution takes hours or even days and needs additional tools for its operation, it might cause new headaches for company admins and create new security risks. Aim for an easy-to-deploy solution that doesn't require advanced IT expertise, preserving your finances as well as human resources. If the user-experience mirrors that easy deployment, then IT staff won't be further taxed by user-lockouts, lost data and other frustrations.

Closing remarks: The security was there a long time ago; what will make or break your deployment is flexibility and ease of use.

All validated, commercial encryption products have been more than strong enough for many years, yet a significant proportion of the recorded data breaches involving lost or stolen laptops and USB drives happened to organizations who had bought and deployed encryption products. Reading the case notes for these incidents reveals being able to fit the solution your environment and working practices and making encryption easy for everyday users as the real challenges.

See original here:
ESET reveals what to watch out for before you buy encryption - SecurityBrief NZ

Your DNA is some of the most intimate information out thereencoded in it is information about your health, your personality, your family history. Its not hard to imagine how such sensitive details could be damaging should they fall into the wrong hands. And yet, the privacy practices of the people and programs handling that information isnt exactly up to snuff.

Researchers at Stanford, though, say they may have a fix for the lagging privacy protocols putting anyone whos ever done a DNA test at risk of indecent exposure. In a study published Friday in Science, researchers say that they have developed a genome cloaking technique that makes it possible to study the human genome for the presence of disease-associated genes without revealing genetic information not directly associated with the information being sought.

The hope, they wrote, is to lessen the concerns of genomic privacy violations and genetic discrimination that taint DNA testing.

Applying the principals of cryptography to human biology, researchers were able to correctly identify gene mutations in groups of patients responsible for causing four different rare diseases, as well as the likely cause of a genetic disease in a baby by comparing his DNA to his parents. They could also determine which out of hundreds of patients shared gene mutations. In doing all this, though, they also managed to keep 97 percent or more of the participants unique genetic information completely hidden from anyone other than the owners of the DNA.

To do this, they had each participant encrypt their genome using a simple algorithm on their computer or smart phone. The encrypted information was then uploaded into the cloud, and the researchers used a secure, multi-party computation to analyze it, revealing only the genetic information important to the investigation. They were able to do so within a matter of minutes.

In 2008, Congress passed the Genetic Information and Nondiscrimination Act, but both loopholes in the law and multipleCongressional actions threaten to erode protections that already exist, making people wary of the consequences of genetic testing. The protections of GINA, for example, do not apply to life insurance, long-term care, or disability insurance, meaning those companies are free to ask for genetic information and reject people deemed too risky. Some scientists have said that fears of genetic discrimination could impact the health of patients, if they refuse testing that could help doctors treat them, and could stymy medical research if patients wary of testing opt not to participate in studies.

Ultimately, we will have to strike a balance: A way to share the secrets of our biology with doctors and scientists, while also protecting our privacy.

Visit link:
Encryption Technology Could Protect the Privacy of Your DNA - Gizmodo

General Data Protection Regulation (GDPR) together with the growing number of data breaches are the most pressing reasons why small and medium businesses are implementing data protection technologies including encryption.

However,with limited time and themarket flooded by various products, it can be a difficult task for companies owners and decision-makers to find the right fit for their needs.

If you are faced with the decision yourself, avoid pitfalls in selecting an encryption product by asking the following questions:

This might seem like a pointless question with an obvious answer; systems are more liable to theft when away from the office. But making this distinction and keeping it in mind is the right place to start and when you have settled on a solution, be sure to test its effectiveness at managing problem scenarios for your remote users.

All major endpoint encryption products offer the means to manage remote systems, but look carefully at the requirements. Most need either an open incoming connection to a demilitarized zone (DMZ) on your server, or a VPN connection. All involve a higher level of IT skills that can add additional costs and, in orderto function, may require the user to initiate the connection; not much use with a rogue employee or stolen laptop.

A well-designed product will give you the remote management necessary without creating additional security problems, requiring specialist knowledge, or adding expense to the project.

Being able quickly tovary security policy, encryption keys, features and operation of endpoint encryption remotely, means that your default policy can be strong and tight. Exceptions can be made only when and where they are needed, and reverted just as easily. If you cant do this youll be forced to leave a key under the doormat, just in case tearing holes in your policy before deployment is complete.

The answer might be crucial if a company computer with full-disk encryption gets stolen while in sleep mode or with the operating system booted up. Its even worse if those systems come with the pre-boot password affixed on a label or tucked in the laptop bag. If a remote lock or wipe function is not available, then the system is either unprotected or secured only by the OS password, with the encryption being bypassed in either case.

Similarly, it is important to know whether the solution has been designed to accommodate the typical use cases that would otherwise unravel a well designed security policy.

With an array of writeable devices that people use for their everyday work, it is almost impossible for the admins to whitelist each and every one of them, and decide whether its permissible to read from, write to, or not access the device at all.

It is much easier to set a file-level policy distinguishing between files that need encryption and those that dont and keep these protected every time they move from workstation or corporate network to any portable device.

In other words, if you connect your own USB stick, it wont force you to encrypt your private data; anything coming from the company system, however, will be encrypted without the keys being held on your device.It is a simple idea, but one which makes any device safe, without the need for whitelisting.

In the end you need to figure out if the solution you want to use is easy to deploy. If the setup of the solution takes hours or even days and needs additional tools for its operation, it might cause new headaches for company sysadmins and create new security risks. Aim for an easy-to-deploy solution that doesnt require advanced IT expertise and preservesboth finances and yourhuman resources. If the user experience mirrors that easy deployment, then IT staff wont be further taxed by user lockouts, lost data and other frustrations.

All validated, commercial encryption products have been more than strong enough for many years, yet a significant proportion of the recorded data breaches involving lost or stolen laptops and USB drives happened to organizations who had bought and deployed encryption products.

Reading the case notes for these incidents reveals that being able to fit the solution toyour environment, working practices and making encryption easy for everyday users as the real challenges.

Author Ondrej Kubovi, ESET

Read the original:
Buying encryption? Five good questions to ask before you do - We Live Security (blog)

Windows Central

Beginner's guide to Windows 10 encryption Windows Central Encrypting a drive or a folder or a file generally means you have a single password that must be used in order to decrypt and access. Not only does this stop outside parties from hacking their way into your files, it also protects in the event that you ...

Read the original here:
Beginner's guide to Windows 10 encryption - Windows Central