Swiss government bans SaaS and cloud for sensitive info

Swiss government bans SaaS and cloud for sensitive info

Briefly

""Most SaaS solutions do not yet offer true end-to-end encryption that would prevent the provider from accessing plaintext data," the resolution states. Privatim therefore thinks SaaS or hyperscale clouds - especially those subject to the US CLOUD Act - are not appropriate places for Swiss government agencies to place "particularly sensitive personal data or data subject to a legal obligation of confidentiality.""

"The resolution also points out that cloud and SaaS service providers can unilaterally amend their terms and conditions, potentially eroding security and privacy provisions. "The use of SaaS applications therefore entails a significant loss of control," the resolution states. "The public body cannot influence the likelihood of a violation of fundamental rights. It can only mitigate the severity of potential violations by not releasing particularly sensitive data from its sphere of control.""

"Security engineer Luke Marshall has revealed he scanned every public repository he could find on GitLab - all 5.6 million of them - and found 17,000 verified live secrets. As detailed on a post at secret-sniffing service Truffle Security, a GitLab API makes it possible to generate a list of all public repos. Marshall generated that list, and then wrote "A local Python script that sent all 5,600,000 repository names to an AWS SQS queue, which acted as a durable task list.""