< ciso
brief />
Tag Banner

All news with #encryption in transit tag

48 articles · page 3 of 3

Gmail enterprise users can now send E2EE to anyone

🔒 Gmail enterprise users can now send end-to-end encrypted emails to recipients on any email platform by enabling the Additional encryption option when composing a message. Non-Gmail recipients receive a secure link to view and reply via a guest Google Workspace account, while Workspace-to-Workspace messages decrypt automatically for subscribers. The feature uses client-side encryption (CSE) so organizations can hold keys outside Google's servers to support data sovereignty and regulatory controls. Google began beta testing in April 2025 and will roll the feature out to Enterprise Plus customers with the Assured Controls add-on.
read more →

AWS Direct Connect 100G and 10G with MACsec in Bogota

🔌 AWS expanded 10 Gbps and 100 Gbps Direct Connect dedicated connections with MACsec encryption at the Equinix BG1 data center near Bogota, Colombia. Customers can now provision private, direct network access from this location to all public AWS Regions (except China), AWS GovCloud Regions, and AWS Local Zones. The enhancement delivers more consistent, lower-latency and encrypted connectivity for enterprises and partners in the region.
read more →

Automatic SSL/TLS: Upgrading 6M Domains for Quantum Safety

🔐 Cloudflare's Automatic SSL/TLS now upgrades origin-facing encryption by default, having strengthened over 6 million domains without operator intervention. The system scans origins, verifies content and certificates, then gradually ramps stronger SSL/TLS modes from 1% to 100% of traffic, aborting safely on failures. This prepares sites for the post-quantum era by favoring hybrid key agreements (X25519 + ML-KEM) and will soon automate post-quantum handshakes and ad-hoc rescans.
read more →

Cloudflare WARP Adds Post-Quantum Key Agreement Support

🔐 Cloudflare's WARP client now supports post-quantum key agreement across both consumer (1.1.1.1) and enterprise (Cloudflare One Agent) offerings, tunneling traffic over MASQUE with hybrid post-quantum/classical ciphersuites. The upgrade provides immediate protection against harvest-now-decrypt-later attacks by wrapping user traffic in post-quantum MASQUE tunnels even when individual connections inside the tunnel are not yet PQ-protected. Cloudflare staged the rollout with temporary downgrades, phased population enablement, and an MDM override to balance robustness and downgrade-resistance while meeting FIPS/FedRAMP constraints.
read more →

Amazon CloudFront Adds Post-Quantum and TLS1.3 Policy

🔐 Amazon CloudFront now supports hybrid post-quantum key establishment across all existing TLS security policies for client-to-edge connections, enabling quantum-resistant key exchange without customer configuration. CloudFront also introduces a new TLS1.3_2025 policy that enforces TLS 1.3 only. Both features are enabled by default at all edge locations and incur no additional charges. These updates help organizations strengthen long-term in-transit protection and simplify compliance planning.
read more →

Under Lock and Key: Strengthening Business Encryption

🔒 Encryption is a critical layer in modern data protection, safeguarding sensitive and business‑critical information both at rest and in transit. The article outlines key drivers — remote/hybrid work, explosive data growth, device loss, third‑party risks, ransomware and insider threats — that make encryption essential. It recommends robust algorithms such as AES-256, centralized management and solutions for disks, files, removable media and email, alongside minimal end‑user friction. The piece also warns that regulators and insurers increasingly expect strong encryption as part of compliance and underwriting.
read more →

Amazon RDS for Oracle adds ECC384 CA and ECDSA ciphers

🔒 Amazon RDS for Oracle now supports an ECC384 Certificate Authority and two new ECDSA cipher suites for SSL and OEM Agent options on Oracle Database 19c and 21c. The added cipher suites — TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 and TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 — offer security comparable to RSA with shorter keys and lower CPU usage. To enable them, select rds-ca-ecc384-g1 as the CA for your DB instances and follow the documented steps to add SSL or modify OEM Agent settings.
read more →

Tech industry must resist weakening end-to-end encryption

🔐 The UK government's proposal to require access to end-to-end encrypted data—intended to combat terrorism and child sexual abuse—would effectively demand backdoors that major vendors refuse to build. Apple removed Advanced Data Protection for UK users after a non-public notice under the Investigatory Powers Act reportedly sought access, and WhatsApp has supported Apple's stance. The article argues such per-country mandates are technically unenforceable and easily circumvented, creating border chaos and disproportionate privacy harms. ESET recommends preserving strong encryption and using court-backed, oversightable access mechanisms rather than backdoors.
read more →