is that automation tool commercial or internal? we built one in house, but are interested in a third party option. could be that internal business rules make this a build over buy option., though.
Would be interested in seeing how the author's position has evolved in a few years when her children are in school, have activities, are with friends and need a pick up.
This is why reserved seating is the best thing to happen to movies. I leave for the theatre almost at the time the movie 'starts', get my popcorn/soda, and sit down as the last trailer begins.
This failed me once where for some odd reason the movie actually started on time, but 1-2% failure rate is mostly acceptable.
A friend of mine REALLY wanted to see Transforms, when it was first released. He had it all planned out, we'd met up and get the ticket, 90 minutes before the movie started, go in, and wait, because he didn't want to miss anything. My girlfriend and I was less thrilled with that idea, so we went to get the tickets, got ours and went to dinner. We showed up at our seats 20 minutes after the movie was scheduled to start and didn't miss anything. The rest of the group had waited for almost two hours for a stupid action movie that isn't even all that good.
Wikipedia states FTX had 300 employees total. How many were in the inner circle?
SBF: pled not guilty, 25 years.
Ryan Salame, co-CEO: pled guilty, 90 months.
Gary Wang & Nishad Singh, co-founder & engineering director: pled guilty, awaiting sentencing later this year.
Caroline Ellison, Alameda CEO: guilty, two years.
That's five high ranking folks 'in the know'. Likely others who knew but they didn't have enough evidence for an airtight case.
> The latest preview update for Windows 11 version 24H2 contains a little surprise for those who don’t trust the software giant. It allows you to remove Recall, the coming AI-based timeline feature that will help Copilot+ PC users find things they did in the past.
The Copilot meeting summary features in Teams are actually pretty good. It's far more likely that someone will quickly skim the meeting summary than sit through an hour long meeting recording. Costs extra, though.
This I do agree with. While AI feels like it has been shoved in many places it doesn't fit so well, it is amazing when it comes to quickly summarizing meetings.
I don’t know anything about operations management, securitization, etc. What’s the difference between these two? Also, I work for a very large HW company, and we’re locked down. From my point-of-view “operations” just works. What does this look like for a small not-in-computers company? Like, how could the Seattle Public Library have secured itself from ransomware with a turnkey, reasonably priced solution?
At a high level, disaster recovery can often be "how do we get back to the way we were doing business?" A BCP is "what do we do if the way we did business before is not an option?"
So in this case, a DR plan might be "how do we restore our CDK data if something important gets deleted?" A BCP might be "what do we do if CDK no longer exists?"
Markup aside, your description of what Salesforce is offering is what the article is saying should be done. Encryption of the disk at rest doesn't do anything for data exfil situations; it protects against physical theft or improper disposal - only.
Sorry, still reading so having gotten there yet. How does Salesforce offering a "light" version of encryption at rest improve security? Or are you saying it's a better balance of performance / security by only selectively encrypting specific data points?
Anyways, the improved security comes from the fact that even when the server itself is improperly accessed (maliciously or not), the data you aren't currently accessing remains encrypted.
With (just) full disk encryption, you aren't protected when the (running) server is accessed. All of the data can be exfiltrated in plaintext.
Gotcha... so basically encryption of disk at rest prevents someone from walking out with a drive...
Encryption "at rest" in the database prevents someone with server or direct db connection from pulling the data.
I had never really thought of those as two different vectors, but of course they are. Thanks for clarifying!
With Salesforce and how a lot of these companies manage their security model, I'm still confident that investing in securing unauthorized user access is still orders of magnitude more useful than putting time and effort into this vector.
>I'm still confident that investing in securing unauthorized user access is still orders of magnitude more useful than putting time and effort into this vector.
These are addressing two different scenarios, so they should be mitigated separately. In one case, you are mitigating against unauthorized access. In the other, you are mitigating the damage that can be done when someone has already gained unauthorized access (however that occurred). After all, the only system immune to unauthorized access is the one that doesn't get powered.
"Defense in-depth" is thrown around a lot, but it really is important. I do agree though, when it comes to priority of implementation, I would start with protecting against unauthorized access first.
I don't disagree on a conceptual level, but on a regular basis I deal with companies completely lacking any real access model, users without MFA, blanket admin level access, etc... getting sold on this particular product and something spending 7 figures to adopt it.
It sounds like they are using/implementing something similar to SQL Server Always Encrypted[0]. This basically works by encrypting specific fields using a certificate that needs to be supplied by the connecting SQL client (application). Obvious limitations is that you can't use the fields for sorting in queries (ORDER BY), and depending if deterministic encryption is not enabled, you can't use it in filters (WHERE) either. Same applies for any T-SQL logic on the data fields - because the encrypted blob is opaque to SQL Server - it is decrypted client-side. There is no workaround, except for pulling the data locally and sorting client-side.
> Obvious limitations is that you can't use the fields for sorting in queries (ORDER BY), and depending if deterministic encryption is not enabled, you can't use it in filters (WHERE) either. Same applies for any T-SQL logic on the data fields - because the encrypted blob is opaque to SQL Server - it is decrypted client-side. There is no workaround, except for pulling the data locally and sorting client-side.
It sounds like it is in addition to full-disk encryption, not instead of it.
Encrypting each field with a distinct key that an attacker cannot glean by simply exfiltrating all the data on disk and/or all the data in RAM protects against online attacks in a way that full-disk encryption cannot.
The real question is: does Salesforce do this properly?
It’s certainly possible that there’s a valid oversight here, but Salesforce has a rather talented security team, and the company truly lives by “Trust is our #1 value”^1
I can’t speak for the implementation, but my guess is that it’s been very thoroughly vetted by both internal security and external pen tests. They wouldn’t market a high profile security feature without that.
