Author Archives: Chetan Soni

WordPress Hosting Security Tips

WordPress Hosting Security Tips

WordPress Hosting Security Tips

If you have a WordPress website, you may be concerned about the security of your website. In the following article, I will supply you with some tips you can use to ensure your website is secure. Nothing is more important to website management than security. If you haven’t taken steps to secure your WordPress website yet, this task should be at the top of your to-do list.

Be Ready with Backup

The first thing you should consider for your website is managing proper backup schemes. Even if you consider your website 100% secure, you should still create backups, just in case. Not much is worse than losing your important data. Here are a few things to remember while creating backups:

  • Backup at a Remote Location: Always store your backups on a different server than the one on which your website is hosted. If you don’t diversify your servers, one attack could wipe out all your data. You can use WHM for storing backups away from your production server, or you could use R1Soft for this purpose.
  • Remote Backups of Database: At the very least, you should maintain complete backups of your WordPress database. Only secure FTP like FTPS or SFTP should be allowed on your website. Unencrypted FTP should be disabled by default.
  • Using Redundant RAID Array: For hosting your website, you should use a host that provides a redundant RAID array for storing important information like RAID1 and RAID10. Hard drives have a tendency to fail and are not a reliable resource. Therefore, using RAID can get your data mirrored across multiple locations, which will significantly reduce the risks of data loss.

Search for Secure Hosting Providers

Do not just select the cheapest web hosting provider, as you often get what you pay for. It is recommended that you thoroughly research your hosting options before actually placing your website online. You should research hosting providers to determine which ones have the lowest frequency of attacks. But having the lowest number of attacks does not necessarily mean the host is more secure, it might just not be popular. Find the least vulnerable provider by conducting online searches.

Don’t Ignore Updates

Most of the updates launched by WordPress, for versions and for plugins, address important security vulnerabilities. These updates are patches for discovered security flaws. So, keep an eye on your WordPress dashboard for new updates, and make sure to update whenever prompted. Failing to do so will leave you vulnerable to known web attacks.

Use Strong Passwords

Even after completing all the steps listed above, there are still ways your website can be compromised. All it would take is a sophisticated brute forcing attack to hack your website if you have a weak password for your admin panel. Never set up the username of your admin panel as “admin”. This is the most common username guessed by hackers for SQL injection attacks. Also, reset your passwords on a regular basis to avoid having your password captured through keyloggers on public computers.

Select a Secure Hosting Server

Before migrating your website to a server, ensure security of that server. Research the history of attacks on each server you consider. Also, decide what kind of server mode you want. For example, you will have to choose between a dedicated or shared server.

  • Dedicated Server: A dedicated server will host only your website and cannot be easily backdoored if your website is secure. The drawback is dedicated servers cost a significant amount of money.
  • Shared Server: A shared server is one on which many websites IE: (often thousands of websites) are hosted on a single server, depending on the capacity of the server. There is a certain level of risk associated with hosting on shared servers. Even if you have completely fool-proofed your website, you can still be attacked through the vulnerabilities of the server you are using.

Access your Website Securely

It’s not just your website that requires security. You also need to securely connect to your dashboard. If you do not secure your method of connecting, then you might fall victim to session hijacking or cookie stealing attacks. Never use public Wi-Fi to connect to sensitive networks, because these are generally unsecured and often monitored by hackers. Use secure connections at your home or office with proper encryption schemes. Use proper firewall, antivirus, and antispyware solutions to keep your system protected from malicious hackers.

In recent years, cyber-attacks have been on the rise. Keeping your website secure is the only way of dodging such attacks. Therefore, choosing a secure hosting provider for hosting your website will go a long way toward protecting you from attacks.

By Chetan Soni

WordPress Security Plugin Recommendations

WordPress Security Plugin Recommendations

WordPress Security Plugin Recommendations

WP-logo

WordPress is a widely used website platform used by millions of people around the world. WordPress is popular because it provides an extremely easy platform for application developers to use to create convenient layouts. But because of its popularity, WordPress is frequently the target of attacks by hackers.

To maximize security of your website, here is a list of recommended plugins you can install in WordPress to reinforce security among users. But first, you should know how to install a plugin. Simply go to the Plugins > Add New page through your dashboard and find the required plugin from the Search tab. Select your plugin, then click Install Now and Activate it.

Better WP Security Plugin

This plugin offers a way to put your WordPress in secure mode with just one simple click. The one-click protection feature will allow you to switch to a host of WordPress security features. This will protect your website from a variety of threats without involving any sort of complicated setup. Just one click and you have your basic security needs covered. Also, this is freeware and can be easily installed by following the instructions mentioned above.

All you need to do is click on “Secure my website from basic attacks” and you will see a list of attacks you are now protected from. Some of these protections are listed below:

  • Preventing non-admins from accessing administered content, like updates
  • Default usernames with the vulnerable string “admin” are replaced
  • Login screen is provided protection from brute force attacks
  • Scanning of your website is disabled, which prevents attackers from scanning your website for vulnerabilities.

Limit Login Attempts

If you have not limited the number of login attempts in your wp-admin panel, then it is possible for someone to use brute force techniques to discover your admin password. To rule out this possibility, simply install the “Limit Login Attempts” plugin to your WordPress to enhance the protection level of your admin accounts. This will block any IP which tries to log in again and again. This plugin can be found as a default in the plugin library.

Bullet Proof Security

This plugin protects your website through the .htaccess file. This is known to protect your valuable content against RFI, XSS, CSRF, CRLF, Base64, and Code injection hacking attacks. It features security logging and HTTP error logging capability with additional website security checks. Unlike other similar plugins, it does not overwhelm your website with excess database MYSQL queries. Basically, by working on .htaccess, which is a distribution access file, this plugin does a lot to enhance security.

All in One WordPress Security Plugin

Easy in design and implementation, this plugin is written to take your website to a whole new level of security. It constantly checks for vulnerabilities and enforces latest security practices for improving the overall security of your website. The security features of this plugin are divided among “basic”, “intermediate”, and “advanced” levels which enable you to optimize functionalities of your website accordingly.

Wordfence Security

This is a free security plugin, falling into the enterprise class, and its features include firewalls, antivirus, two factor authentication (cell-phone sign in), and malicious URL scanning. This is the only plugin with the feature of verifying and repairing your website’s core, themes, and files, even if you haven’t created any backups. This is a multi-site compatible plugin, providing your content security real time protection from malicious attackers. It also monitors your DNS server for any kind of unauthorized activity, and regularly monitors your disk space to avoid Denial of Service attacks.

Website Defender WordPress Security

This free and comprehensive security plugin assists in WordPress security installation. This security tool provides various suggestions for securing passwords, customizing files for more security, database security, and hiding version. Some of its features include maintaining complete backups of your files and hiding core update information from non-administrators.

Conclusion

WordPress itself is considered a secure platform to create web apps on. But hackers tend to keep searching for new security loopholes and they will exploit any information they can get. Therefore, in this dynamic environment, there is a constant need for maintaining consistent security for your websites. Plugins provide a good way of attaining high levels of security. The bottom line is using plugins will greatly improve the performance of your website, while also protecting it from hackers with malicious intent.

By Chetan Soni

Concerns With Cloud Security

Concerns With Cloud Security

Cloud security is an evolving sub-domain of information security dedicated to the protection of data, applications and infrastructure values associated with cloud computing. It incorporates a broad set of policies that are driven by the security procedures for providing maximum level of assurance for customers of cloud services.

Concerns with Cloud Security

Cloud computing is providing new horizons for maintaining organizational assets. But with ease and the convenience also comes the challenge to secure enterprise data. The biggest reason that raises concerns for security is involvement of third parties, i.e. cloud service providers who can access data stored at remote locations.

Being a form of distributed computing, cloud computing is still waiting for proper standardization. While migrating to cloud services , there are a number of factors to be considered by organization. The organizations need to understand the key benefits along with the risks associated with adopting a particular solution or a service provider. As an evolving security and technological arena, the assessment of risks and benefits keeps on varying depending upon the advancements that are brought by new technological implications.

Cloud security is a shared responsibility model between cloud service provider (CSP) and clients associated with the same. It is important to note that not all cloud service providers provide equal amounts of security measurements and other operational and managerial functions. This should be clearly agreed , defined and discussed between service providers and customers.

More and more organizations are migrating towards the cloud and enjoying the benefits of various service providers. Enterprises are embracing economic and operational advantages of cloud for extending their business to larger scales. But cloud providers like AWS need to meet key security requirements for organizations to be able to trust them with their most confidential data. As malicious attackers are becoming more sophisticated, they are finding new ways to target applications and that data of enterprises. The attacking intentions are fed by the fact that cloud has some architectural flaws inherited from its parent applications that can be easily exploited for one’s own gains. At an unprecedented rate, enterprises tend to shift their resources to cloud. There are many security threats that cloud data is vulnerable to.

Some of them are listed below.

security-workforce

  • Data Breaches: One of the most dangerous shortcoming of having data in the cloud is the possibility of compromised data.
  • Data Loss: Data in the cloud is physically stored on third party servers and given virtual access to the customers. Therefore, there is a good possibility that the data on the remote servers can be lost due to any kind of damage or server hacking.
  • Account Hijacking: Physical access to data is given to clients through user accounts. So all of the data can be accessed only through these accounts on cloud hosting services. In case, any of such accounts are compromised or hijacked by any hacker, all of the important data comes under the risk of being compromised. There is also the possibility of privilege escalation attacks that accounts for exploitation of user level access rights.
  • Insecure API’s: Cloud data is called and managed through Application Protocol Interface (API). The API calls can be spoofed or hijacked for infected data transmission.
  • Denial of Service: Cloud is basically an interface between a user and an application server. If the cloud server is vulnerable or not properly protected from DOS attacks, then it can be a target of Denial of Service attacks. In this attack, legitimate user is deprived of getting services like data access etc. of the server.
  • Malicious Insiders: Sharing data with a third party requires a fair amount of trust to invest. Organizations may be secure from certain attacks from outside the company. However,  it needs to be aware from attacks within the organization as well.
  • Abusing Cloud Services: Legitimate cloud services can be abused by malicious intents for their own monetary or other gains.
  • Shared Technology Issues: Most of the security issues emerge due to shared resources technology adapted by the cloud. All data within one cloud can be attacked by hackers that would render all data on that cloud to be compromised.
  • Insufficient Due Diligence: Paying less attention to diligence can also cause substantial amount of threat to data in the cloud.

At an unimaginable rate, cloud computing is transforming and revolutionizing the way business and government are managing their data. Cloud service development has shown more evolution in terms of service model, creating new security challenges on the way for security researchers. The shift from server to service-based thinking is revolving the terms in which technological departments deal with. The design of the architecture is subsequently affected and governed by the computing technology and applications. But these advances have created substantial new security vulnerabilities, including critical security issues whose impact is emerging and still processing with each passing day.

By Chetan Soni

10 Useful Cloud Security Tools: Part 2

10 Useful Cloud Security Tools: Part 2

10 Useful Cloud Security Tools: Part 2

Cloud services like Amazon Elastic Cloud and IBM SmartCloud are revolutionizing the way IT organizations deal with online infrastructure. There are many benefits to cloud computing, but there are also serious security concerns. Yesterday, I revealed 5 helpful tools for enhancing cloud security.

Here are 5 more tools to round out my top 10 list:

Metasploit

metasploit

Complied in the Ruby programming language and developed by H.D. Moore, Metasploit framework has made significant contributions to the pen testing tools community. It gives you the capability of adding your own modules. By default, Metasploit is embedded in popular pen testing distributions with a streamlined user interface.

It can pen test with just an IP address. Therefore, if you have your data on the cloud then all you need is your actual cloud IP address to test security. Just be sure that the IP you are using actually belong to your assets, because in many cases vendors will change IP addresses. If you are using cloud services from Amazon, then using Metasploit Pro will provide you with additional Amazon Machine Images. You can install the available Metasploit package on Amazon EC2 like other packages and run it normally. You cannot receive updates until you get it registered, though.

Nessus

Nessus is an open source, comprehensive vulnerability scanner developed by Tenable Network Security, and has the designation of being the most popular vulnerability assessment tool. In its most recent update in March, it added cloud management and multi support through the Nessus Perimeter Service.

infographic-host-cloud

This scanner is capable of controlling internal and external scanners through the cloud. According to Ron Gula, CEO of Tenable Network Security, the multi-scanning management capability will allow users to benefit from the robust capabilities of Nessus to manage internal and external scanners from a single point, which will save time and resources.

Nmap

Nmap stands for “Network Mapper”; this tool is the gold standard for network scanning. Originally written by Gordon Lyon (Fyodor Vaskovich), it is a must have in any pen testers arsenal. Use it to scan networks, even if congestion or latency has been occurring on these networks.

Nmap can be effectively used for scanning cloud networks. The only condition is that your cloud network is on an OS supported by Nmap. These include Unix, Linux, Solaris, Windows, Mac, OS X, BSD and some other environments. Also, you would want to scan your original IP instead of that hidden behind NAT or firewalls. Be sure to have permission from the IaaS provider before scanning the networks, because it is prohibited to scan without authenticity, for obvious reasons.

Kismet

Freely distributed as an open source program, Kismet uses 802.11 standard layer 2 tools which can be used for packet sniffing, network detection and also as an intrusion detection system. It supports any wireless card which is capable of raw monitoring.

Kismet is capable of scanning public, private or hybrid cloud servers. Its distinguishing feature is that it leaves no logs of scans done in victim machines. It accomplishes this by working passively and sending no traceable packets to the victim network. Due to stealth functionality, it is the most widely used wireless scanning tool to date. On a cloud server, Kismet can be used for preventing any active wireless sniffing programs like Netstumbler through its IDS capability. Kismet supports channel hopping that aids it in finding as many networks as possible through non sequential functioning.

Wireshark

Wireshark has been around for ages and has proven to be an excellent cloud monitoring tool. Although it can help network administrators in scanning enterprise networks, it cannot be used as a stand-alone tool in large environments like cloud servers. In cloud networks, Wireshark is used for scanning a single entity of the whole infrastructure. It can be aided by other tools, or multiple instances can run to serve the purpose.

Wireshark can apply to the cloud the same way it applies to any home network. It is used for troubleshooting network issues by digging through the weeds of the network. Wireshark can also be applied for analyzing packets between cloud service provider and the end user. But as Wireshark is basically a desktop based network monitoring tool, QA Café has developed “CloudShark” for making captured files accessible on cloud environments.

On Conclusion

Traditional network monitoring tools are now being used as cloud monitoring tools. This is due to the fact that the cloud is also a network with larger boundaries and more complications than standard networks. Today, organizations can buy an online service by instantiating any image service on the cloud. Cloud computing has emerged as a pay-as-you-go service, which organizations can use without having to go deeper into the details how cloud infrastructure works.

As cloud networks are providing more and more to IT services, its security has been a chief concern for most customers. For ensuring security and privacy of your data, there are tools and methodologies through which you can pen test your cloud provider. Using the aforementioned tools will enhance reliability in cloud service.

By Chetan Soni

10 Useful Cloud Security Tools: Part 1

10 Useful Cloud Security Tools: Part 1

10 Useful Cloud Security Tools: Part 1

Cloud computing has become a business solution for many organizational problems. But there are security risks involved with using cloud servers: service providers generally only take responsibility of keeping systems up, and they neglect security at many ends. Therefore, it is important that clouds are properly penetration (pen) tested and secured to ensure proper security of user data.

There are many tools available that can be used to automate the process of pen testing. Most of them can be found with pen testing distributions like Backtrack or Blackbox. Here is a list of recommended tools for pen testing cloud security:

Acunetix – Web Vulnerability Scanner

acunetix 

This information gathering tool scans web applications on the cloud and lists possible vulnerabilities that might be present in the given web application. Most of the scanning is focused on finding SQL injection and cross site scripting vulnerabilities. It has both free and paid versions, with paid versions including added functionalities. After scanning, it generates a detailed report describing vulnerabilities along with the suitable action that can be taken to remedy the loophole.

This tool can be used for scanning cloud applications. Beware: there is always a chance of false positives. Any security flaw, if discovered through scanning, should be verified. The latest version of this software, Acunetix WVS version 8, has a report template for checking compliance with ISO 27001, and can also scan for HTTP denial of service attacks.

Aircrack-ng – A Tool for Wi-Fi Pen Testers

This is a comprehensive suite of tools designed specifically for network pen testing and security. This tool is useful for scanning Infrastructure as a Service (IaaS) models. Having no firewall, or a weak firewall, makes it very easy for malicious users to exploit your network on the cloud through virtual machines. This suite consists of many tools with different functionalities, which can be used for monitoring the network for any kind of malicious activity over the cloud.

Its main functions include:

  • Aircrack-ng – Cracks WEP or WPA encryption keys with dictionary attacks
  • Airdecap-ng – Decrypts captured packet files of WEP and WPA keys
  • Airmon-ng – Puts your network interface card, like Alfa card, into monitoring mode
  • Aireplay-ng – This is packet injector tool
  • Airodump-ng – Acts as a packet sniffer on networks
  • Airtun-ng – Can be used for virtual tunnel interfaces
  • Airolib-ng – Acts as a library for storing captured passwords and ESSID
  • Packetforge-ng – Creates forged packets, which are used for packet injection
  • Airbase-ng – Used for attacking clients through various techniques.
  • Airdecloak-ng – Capable of removing WEP clocking.

Several others tools are also available in this suite, including esside-ng, wesside-ng and tkiptun-ng. Aircrack-ng can be used on both command line interfaces and on graphical interfaces. In GUI, it is named Gerix Wi-Fi Cracker, which is a freely available network security tool licensed to GNU.

Cain & Abel

This is a password recovery tool. Cain is used by penetration testers for recovering passwords by sniffing networks, brute forcing and decrypting passwords. This also allows pen testers to intercept VoIP conversations that might be occurring through cloud. This multi functionality tool can decode Wi-Fi network keys, unscramble passwords, discover cached passwords, etc. An expert pen tester can analyze routing protocols as well, thereby detecting any flaws in protocols governing cloud security. The feature that separates Cain from similar tools is that it identifies security flaws in protocol standards rather than exploiting software vulnerabilities. This tool is very helpful for recovering lost passwords.

In the latest version of Cain, the ‘sniffer’ feature allows for analyzing encrypted protocols such as SSH-1 and HTTPS. This tool can be utilized for ARP cache poisoning, enabling sniffing of switched LAN devices, thereby performing Man in the Middle (MITM) attacks. Further functionalities have been added in the latest version, including authentication monitors for routing protocols, brute-force for most of the popular algorithms and cryptanalysis attacks.

Ettercap

Ettercap is a free and open source tool for network security, designed for analyzing computer network protocols and detecting MITM attacks. It is usually accompanied with Cain. This tool can be used for pen testing cloud networks and verifying leakage of information to an unauthorized third party. It has four methods of functionality:

  • IP-based Scanning – Network security is scanned by filtering IP based packets.
  • Mac-based Scanning – Here packets are filtered based on MAC addresses. This is used for sniffing connections through channels.
  • ARP-based functionality – ARP poisoning is used for sniffing into switched LAN through an MITM attack operating between two hosts (full duplex).
  • Public-ARP based functionality – In this functionality mode, ettercap uses one victim host to sniff all other hosts on a switched LAN network (half duplex).

John the Ripper

The name for this tool was inspired by the infamous serial killer Jack the Ripper. This tool was written by Black Hat Pwnie winner Alexander Peslyak. Usually abbreviated to just “John”, this is freeware which has very powerful password cracking capabilities; it is highly popular among information security researchers as a password testing and breaking program tool. This tool has the capability of brute forcing cloud panels. If any security breach is found, then a security patch can be applied to secure enterprise data.

Originally created for UNIX platforms, John now has supported versions for all major operating systems. Numerous password cracking techniques are embedded into this pen testing tool to create a concise package that is capable of identifying hashes through its own cracker algorithm.

Cloud providing vendors need to embed security within their infrastructure. They should not emphasize keeping high uptime at the expense of security.

By Chetan Soni

Challenges Faced By Cloud Security

Challenges Faced By Cloud Security

Challenges Faced By Cloud Security

Cloud Infographic_001

Cloud computing has revolutionized the way businesses manage their data. The amount of data produced by the corporate sector has increased at a rapid rate over the past few years. In order to handle this exponential need for storage space, organizations need a reliable and secure approach with which they can use to optimize their operations, which in turn will reduce costs. Cloud computing provides suitable development environments, rapid resources for operating platforms, application environments and backup and storage of data at low costs. But, some of the factors that make cloud computing such a convenience for managing resources also raise considerable security concerns.

Challenges Faced by Cloud Security

Cloud computing inherits the security issues pertaining in the technologies that it uses, which consists chiefly of the risk of a breach in the integrity or confidentiality of information. One security measure is encrypting stored data, but there are drawbacks with encryption and it does not always protect data. This presents a very challenging situation for cloud security professionals. Seven of these challenges are discussed below:

1) Breach of Trust

In cloud services, it is very important that the service provider has the trust of his customer and he does not exploit this in any way. There is no way to be 100% sure of your cloud service providers being trustworthy. There are certain legal issues entangled with cloud security as well, because there are certain laws that cloud service providers should comply with and these laws vary from country to country. Users have no idea or control over where or in what jurisdiction their data is being physically stored over the cloud.

2) Maintaining Confidentiality

Preventing improper disclosure of information is maintaining confidentiality of data. Service providers have full access to your data, so they have the opportunity to misuse this information. This issue requires proper attention from an information security analyst in order to ensure your data is not being shared without your permission.

3) Preserving Integrity

Integrity is preventing illegal modification of data or its instances. Users with privilege to your data can easily modify it unless it is encrypted. One entity with such privilege is a cloud service provider. Preserving integrity of data over the cloud is a viable challenge to security researchers.

4) Authenticity and Completeness

In a cloud, there may be multiple users with varying levels of access privilege to your data. A user with limited access may have access to a subset of data, but he needs to be assured that this subset is valid and verified. Digital signatures are used for providing a validation, proof of authentication for access to a superset of data. Certain approaches inspired by Merkle trees and signature aggregation are used for digital validation of data. But still there are vulnerabilities for this issue in cloud security.

5) Risk Factors Associated with Virtual Machines

In a typical cloud model application, processes are run from within virtual machines. These virtual machines are on a shared server with other virtual machines running as well, some of which may be malicious. Security researchers have proved that attacks from one virtual machine to another is possible. Therefore, cloud security experts consider this a serious issue.

6) Vulnerabilities from Shared Resources

Cloud data running on multicore processors is vulnerable to application data being compromised, because, as researches have shown, applications can communicate through the cores and may exchange data as well. With the multi tenancy architecture of a cloud server in which many applications are stored on the same server, it is always possible for malicious users to intercept data from the network channel.

7) Issues with Encryption

Although encrypting data seems like the solution for preserving confidentiality, integrity and authenticity on the cloud, this approach does have shortcomings. For one, this is not a cost effective method because to decrypt data, an enormous amount of computational time is added to the processing time. Each time a query runs in the database, both the cost and time increases dramatically, especially if the amount of data is very large. Encryption algorithms are subject to get tracked down as well. Cloud security professionals have the challenge of continuing to reinforce this technique.

Cloud computing can be used for carrying out various IT functions, and providing security to the cloud is not an easy task for cloud security professionals as there are various security concerns.

There are many benefits to cloud computing. Cloud computing provides a viable means for building cost effective solutions which are substantially flexible. By using virtual servers on internet, cloud computing provides easy delivery platforms for serving business and eases out more expensive consumer IT services.

However, there are serious risks of integrity and confidentiality for data shared on a cloud. This is because required services are often outsourced from a third party, which makes it difficult to ensure security and privacy of data.

Security professionals still need to deal with the architectural flaws of the cloud computing model so that cloud computing can be made more reliable and trustworthy.

By Chetan Soni

CloudTweaks Comics
Do Small Businesses Need Cloud Storage Service?

Do Small Businesses Need Cloud Storage Service?

Cloud Storage Services Not using cloud storage for your business yet? Cloud storage provides small businesses like yours with several advantages. Start using one now and look forward to the following benefits: Easy back-up of files According to Practicalecommerce, it provides small businesses with a way to back up their documents and files. No need…

Cloud Computing Checklist For Startups

Cloud Computing Checklist For Startups

Checklist For Startups  There are many people who aspire to do great things in this world and see new technologies such as Cloud computing and Internet of Things as a tremendous offering to help bridge and showcase their ideas. The Time Is Now This is a perfect time for highly ambitious startups to make some…

5 Surprising Ways Cloud Computing Is Changing Education

5 Surprising Ways Cloud Computing Is Changing Education

Cloud Computing Education The benefits of cloud computing are being recognized in businesses and institutions across the board, with almost 90 percent of organizations currently using some kind of cloud-based application. The immediate benefits of cloud computing are obvious: cloud-based applications reduce infrastructure and IT costs, increase accessibility, enable collaboration, and allow organizations more flexibility…

Cloud Infographic – Interesting Big Data Facts

Cloud Infographic – Interesting Big Data Facts

Big Data Facts You Didn’t Know The term Big Data has been buzzing around tech circles for a few years now. Forrester has defined big data as “Technologies and techniques that make capturing value from data at an extreme scale economical.” The key word here is economical. If the costs of extracting, processing, and making use…

Infographic: IoT Programming Essential Job Skills

Infographic: IoT Programming Essential Job Skills

Learning To Code As many readers may or may not know we cover a fair number of topics surrounding new technologies such as Big data, Cloud computing , IoT and one of the most critical areas at the moment – Information Security. The trends continue to dictate that there is a huge shortage of unfilled…

5 Ways The Internet of Things Will Drive Cloud Growth

5 Ways The Internet of Things Will Drive Cloud Growth

5 Ways The Internet of Things Will Drive Cloud Growth The Internet of Things is the latest term to describe the interconnectivity of all our devices and home appliances. The goal of the internet of things is to create universal applications that are connected to all of the lights, TVs, door locks, air conditioning, and…

The Questions of Privacy In The Internet of Things Revolution

The Questions of Privacy In The Internet of Things Revolution

Privacy in the Internet of Things Revolution The Internet of Things (IoT) has been promising a lot to consumers for a few years and now we’re really starting to see some of the big ideas come to fruition, which means an ever-growing conversation around data security and privacy. Big data comes with big responsibilities and…

Choosing IaaS or a Cloud-Enabled Managed Hosting Provider?

Choosing IaaS or a Cloud-Enabled Managed Hosting Provider?

There is a Difference – So Stop Comparing We are all familiar with the old saying “That’s like comparing apples to oranges” and though we learned this lesson during our early years we somehow seem to discount this idiom when discussing the Cloud. Specifically, IT buyers often feel justified when comparing the cost of a…

The Business of Security: Avoiding Risks

The Business of Security: Avoiding Risks

The Business of Security Security is one of those IT concerns that aren’t problematic until disaster strikes. It might be tomorrow, it could be next week or next year. The fact is that poor security leaves businesses wide open for data loss and theft. News outlets just skim the surface, but hackers cost business up…

Cloud Computing Offers Key Benefits For Small, Medium Businesses

Cloud Computing Offers Key Benefits For Small, Medium Businesses

Cloud Computing Benefits A growing number of small and medium businesses in the United States rely on as a means of deploying mission-critical software products. Prior to the advent of cloud-based products — software solutions delivered over the Internet – companies were often forced to invest in servers and other products to run software and…

Maintaining Network Performance And Security In Hybrid Cloud Environments

Maintaining Network Performance And Security In Hybrid Cloud Environments

Hybrid Cloud Environments After several years of steady cloud adoption in the enterprise, an interesting trend has emerged: More companies are retaining their existing, on-premise IT infrastructures while also embracing the latest cloud technologies. In fact, IDC predicts markets for such hybrid cloud environments will grow from the over $25 billion global market we saw…

The Future Of Cloud Storage And Sharing…

The Future Of Cloud Storage And Sharing…

Box.net, Amazon Cloud Drive The online (or cloud) storage business has always been a really interesting industry. When we started Box in 2005, it was a somewhat untouchable category of technology, perceived to be a commodity service with low margins and little consumer willingness to pay. All three of these factors remain today, but with…

Despite Record Breaches, Secure Third Party Access Still Not An IT Priority

Despite Record Breaches, Secure Third Party Access Still Not An IT Priority

Secure Third Party Access Still Not An IT Priority Research has revealed that third parties cause 63 percent of all data breaches. From HVAC contractors, to IT consultants, to supply chain analysts and beyond, the threats posed by third parties are real and growing. Deloitte, in its Global Survey 2016 of third party risk, reported…

Why Security Practitioners Need To Apply The 80-20 Rules To Data Security

Why Security Practitioners Need To Apply The 80-20 Rules To Data Security

The 80-20 Rule For Security Practitioners  Everyday we learn about yet another egregious data security breach, exposure of customer data or misuse of data. It begs the question why in this 21st century, as a security industry we cannot seem to secure our most valuable data assets when technology has surpassed our expectations in other regards.…

How To Humanize Your Data (And Why You Need To)

How To Humanize Your Data (And Why You Need To)

How To Humanize Your Data The modern enterprise is digital. It relies on accurate and timely data to support the information and process needs of its workforce and its customers. However, data suffers from a likability crisis. It’s as essential to us as oxygen, but because we don’t see it, we take it for granted.…

Three Tips To Simplify Governance, Risk and Compliance

Three Tips To Simplify Governance, Risk and Compliance

Governance, Risk and Compliance Businesses are under pressure to deliver against a backdrop of evolving regulations and security threats. In the face of such challenges they strive to perform better, be leaner, cut costs and be more efficient. Effective governance, risk and compliance (GRC) can help preserve the business’ corporate integrity and protect the brand,…

Adopting A Cohesive GRC Mindset For Cloud Security

Adopting A Cohesive GRC Mindset For Cloud Security

Cloud Security Mindset Businesses are becoming wise to the compelling benefits of cloud computing. When adopting cloud, they need a high level of confidence in how it will be risk-managed and controlled, to preserve the security of their information and integrity of their operations. Cloud implementation is sometimes built up over time in a business,…

3 Keys To Keeping Your Online Data Accessible

3 Keys To Keeping Your Online Data Accessible

Online Data Data storage is often a real headache for businesses. Additionally, the shift to the cloud in response to storage challenges has caused security teams to struggle to reorient, leaving 49 percent of organizations doubting their experts’ ability to adapt. Even so, decision makers should not put off moving from old legacy systems to…

Four Recurring Revenue Imperatives

Four Recurring Revenue Imperatives

Revenue Imperatives “Follow the money” is always a good piece of advice, but in today’s recurring revenue-driven market, “follow the customer” may be more powerful. Two recurring revenue imperatives highlight the importance of responding to, and cherishing customer interactions. Technology and competitive advantage influence the final two. If you’re part of the movement towards recurring…