PLUS: Exercise app tells spies to stop mapping; GitLab scan reveals 17,000 secrets; Leak exposes Iran’s Charming Kitten; And more!

Infosec In Brief Switzerland’s Conference of Data Protection Officers, Privatim, last week issued a resolution calling on Swiss public bodies to avoid using hyperscale clouds and SaaS services due to security concerns.

“Most SaaS solutions do not yet offer true end-to-end encryption that would prevent the provider from accessing plaintext data,” the resolution states. Privatim therefore thinks SaaS or hyperscale clouds – especially those subject to the US CLOUD Act – are not appropriate places for Swiss government agencies to place “particularly sensitive personal data or data subject to a legal obligation of confidentiality.”

The resolution also points out that cloud and SaaS service providers can unilaterally amend their terms and conditions, potentially eroding security and privacy provisions.

“The use of SaaS applications therefore entails a significant loss of control,” the resolution states. “The public body cannot influence the likelihood of a violation of fundamental rights. It can only mitigate the ...