Private, federal, and state investigators are increasing their online presence because more of their work is going online.  For the most part, investigators are not trained in cybersecurity practices.  So, when they are online looking for criminals, there is a high chance that those same criminals are looking back at them.  This puts their organization, investigation, friends, and family at risk.  Most investigators try to separate their work life from their personal life, but the internet blurs the line between personal and work.

For example, in 2018, investigators were researching sex traffickers, specifically massage parlors in Manhattan, using VPNs; however, real estate agents were still able to track down their information and call those investigators on their personal cellphones.  These investigators suddenly became aware that their online presence was able to be tied to their personal lives even with cybersecurity practices.

The separation of work and personal is key, but investigators still need to access the tools and data needed for their job.  The undercover tradecraft needs to be applied to this field to protect legal and legitimate investigations.  So how do we protect investigators?

1st: Investigators need the tradecraft and training in cybersecurity to ensure they can protect themselves.  They also need to understand what will expose them to the digital world.

2nd: They need comprehensive tools to ensure they are not exposed at the seams.  Investigators are currently using multiple tools that are not designed to work cohesively together (VPNs, burner phones, anonymous browsers).  These individual products have a marginal benefit that leaves open cracks which criminals can exploit.  There needs to be a comprehensive solution/product that can combine these disparate tools in a seamless manner and seal the current gaps.

To work towards eliminating these gaps, check out opaque.ai for more information.

Privacy legislation has been on the horizon for almost as long as security legislation. Every year, digital tracking techniques get better (or creepier, depending on your perspective).  What if all these privacy rules/regulations actually came to fruition? What does “controlling your data” really mean – for the end user and corporations alike?

It’s hard to imagine what the internet would be like without advertisement supported projects like the Google search engine. That search engine is good because it uses data from a variety of sources to improve it. Microsoft uses data from Microsoft 365 (formerly Office 365) and its operating systems (e.g. Windows 10) to “improve user experience.” LinkedIn uses data about users to bolster professional networks (and in many cases social networks). What if all the data about your enterprise – including all your users—was configurable by you, and Google, Microsoft, Facebook, Apple, nation states, hackers, data brokers, etc. couldn’t see any of it. Maybe you’ve never thought you could control your enterprise user data to that extent … but we help make that happen.

There are speculations on what the technology landscape could look like when you start to control your own data, including this recent article from CMS Wire. The author mentions that some cookies are on the chopping block (3^rd party cookies specifically). Fortunately for big tech they already have workarounds. Facebook has been allowing 1^st party cookies for a while now but back-end data sharing agreements (which you probably agreed to with the Terms of Service) will continue to be a ripe source of data. Unfortunately for the end users, there’s really no functional change in the data that is exposed, stored, mined and monetized — even with GDPR and CCPA in full effect.

Truly controlling your enterprise data, including effectively masking your external enterprise footprint, is what we at Grey Market Labs enable with our Opaque platform. We expose privacy controls that administrators can understand and integrate with your existing infrastructure. Opaque is your “easy button” for digital privacy to the outside world (i.e. outside your corporate footprint).  Sometimes you need to control what users within and outside your organization have access to. We recently announced a partnership with Virtru to bring their TDF-enabled encryption and access controls to Opaque. Share data from within our platform to a user in another cloud, manage their access as desired, and get full audit of when they access it. If you need more granular controls (such as preventing a user from copying text you shared) you can share the data to have it open within Opaque directly – completely clientless. Our Virtru integration is a welcome layer of our defense in depth strategy.

Even with technological advancements in data processing, machine learning, and other analytics, organizations face challenges when sharing valuable data with collaborators due to a lack of transparency and ownership of data once it leaves its source point. Enterprises and agencies often rely on virtual machines to safely collaborate on their most sensitive information without losing control and giving up access to third parties, but existing solutions restrict the ways in which data can be classified, protected, audited, and shared across different platforms.

Grey Market Labs^® and Virtru solve this problem by enabling data owners to maintain full lifecycle control over their sensitive information and securely share it for approved analysis. Grey Market Labs^®’ Opaque platform offers patented secure virtual environments in which individuals can view and manipulate their TDF-protected data without ever having to expose this sensitive information.

Virtru’s Trusted Data Platform (TDP) is powered by the Trusted Data Format (TDF)—an open standard for object-level encryption created by Virtru Co-Founder and CTO, Will Ackerly, that keeps data protected and under the owner’s control. This technology ensures that companies can send information in a secure way that limits exposure risks.  Combined with the Opaque platform collaborators can have the assurance that content will always remain under their ownership, protected from misuse or unauthorized access.

Together, Virtru and Grey Market Labs^® provide the ability to:

• Share data more securely by adding persistent protections and attribute-based access control (ABAC). The Opaque platform uses TDF protections to ensure the integrity of sensitive data as it is shared from its original owner, so it can be trusted to inform business decisions and remain protected regardless of how it is analyzed or manipulated. Data owners can revoke, expire, or audit access to information at any point in its lifecycle, making it easier to share and collaborate with multiple parties. With ABAC, data created by different organizations in different applications can carry the same protections and access policies—whether the content is being collaborated on within a secure enclave, shared in transit, or brought outside of Opaque for offline consumption.
• Improve performance with expanded access to analytic tools. By enabling granular audit of users and data activity, Opaque makes it easy for organizations to provide assurances that information can securely travel across environments and systems it might not otherwise be permitted to reach. As a result, end-users can ingest and analyze their most sensitive data using a broad array of collaboration and analytic tools, whether desktop, web-based, or cloud-based. Each Opaque virtual environment can be preloaded with the applications needed for an individual data analyst to perform his or her work and since each environment is isolated, owners are granted administrative rights to their virtual environments enabling them to safely configure instances on-demand.
• Increase data transparency and accountability. By increasing transparency into where and how data is being shared, organizations can enhance trust and ensure they are safeguarding private information while providing the defensible audit of data to ensure regulatory compliance or third-party audits.

For more information, please contact Kris Schroeder, CEO at Grey Market Labs.

If you are a mid-size or larger business, you have an overworked security team. Those teams have responsibility across dozens of business areas, from executive protections, to cyber defense, to insider threat and more, many with competing priorities. Increasingly, security practitioners recognize that protecting customer or individual privacy is the most proactive way to protect the most important and sensitive activities of an organization (Apple Declines new API’s Due to Privacy Concerns).

The challenge is in the implementation – some companies with in-house engineering skill, or the resources to hire consulting firms, have tried to enact “enterprise privacy” by cobbling together integrations of “no track” VPN providers, isolated browsers, and imposing increasingly strict firewall and application rules. The end result is an increasingly costly environment to maintain and, in the end, a net decrease of the end user productivity with restrictions on internet services. In fact, these environments can be so brittle they actually increase the chance of compromise, since failure of one piece in this puzzle. For example, last month seven ‘no log’ Hong Kong VPN providers were accused of leaking 1.2TB of user logs onto the internet via unsecured Elasticsearch cluster (“No track” UFO VPN exposes user data). If any company or individual employees used those servers during that time, they were exposed and were ripe targets for hacking. Whether this was a misconfiguration or something worse, exposed VPNs are just one example of the fragility that comes with home-grown privacy solutions.

The goal should be to isolate external-facing internet activity and implement an architecture that enables zero-trust. While that sentence is buzzword heavy, the isolation approach limits exposure of any one component of a system, so if a VPN is compromised it doesn’t necessarily mean the company will be impacted. Also, when you bring in zero-trust concepts to a completely controlled environment, a company can increase the level of data sharing that is available while at the same time increasing data protection and privacy. Expect and ask more from the tech industry.

Grey Market Labs is a Public Benefit Corporation founded with the social mission to protect life online. We build revolutionary software and hardware products, and partner with like-minded industry leaders, to create a future with “privacy-as-a-service”.

Simply: we prevent data from being compromised and protect our customers work, online.

Contact us to see how we can work together.