As a security engineer it's usually difficult for me to endure many of dumb things companies do. It's quite sad when a company that prides itself on creating solutions for building internal solutions to protect customer data actually starts pushing its own data out to Google and other "solution" providers. It's as if they don't actually believe in their own products and actually think that a contract will actually protect their data.
So it's quite refreshing when you run across a group that actually gets information security. Recently, I ran across the information security bulletins at CERN (particle physics is another interest of mine) and was excited to find a group that actually gets it. They provide internal, secure solutions for getting their work done without using outside solutions such as Google, Apple, Microsoft, Amazon, and Dropbox cloud solutions (I wish more of the internal solutions were FOSS but...). In fact, CERN feels externally-hosted solutions are a bad idea for both business and personal uses. I concur.
Here is a sample of their infosec bulletins:
- Don't let your mail leak
- An update on your privacy - or lack of it
- ...and thank you for your mobile data
- Enter the cloud, pay with your password
What about you? Do you care about the security of your information?