Author Archives: CloudTweaks

Living In A Post-Safe Harbor World: What Your Company Needs To Know

Living In A Post-Safe Harbor World: What Your Company Needs To Know

Living In A Post-Safe Harbor World

With the striking down of the Safe Harbor agreement in October, we have seen the tip of a data privacy iceberg whose global implications will play out well into the new year. In 2016, U.S. businesses can expect a regulatory domino effect that will occur region by region, as more governments will take steps to protect citizen data, preserve national security interests, and build legal fences to protect local businesses. These evolving rules will be determined within various governments, with different privacy concerns driving each set of regulations. It’s likely to produce more chaos before consistency.

As we close out 2015, representatives from the EU Commission and the U.S. have been working on the terms of a new data-transfer framework that will meet the EU court’s requirements. For U.S. businesses, January 31, 2016 will be when things really get interesting. That’s the deadline for the European Commission to agree on new Safe Harbor rules with the U.S. Right now, EU officials are still seeking greater clarity regarding the extent to which U.S. national security services can access European citizens’ data. If no agreement can be hammered out by this deadline, companies are will have to find an alternative to Safe Harbor or face non-compliance fines.

What does this mean for cloud providers and their customers? Consider that Europe’s General Data Protection Regulation (GDPR), legislation that is supposed to be finalized by the end of the year, will govern both data controllers (typically, companies that gather and control how data is used) and data processors (for example, cloud storage providers), no matter where they are based. The GDPR will also restrict and control how EU citizens’ personal data is shared outside the European Economic Area.

From a U.S. business perspective, the GDPR is fraught with compliance risks. The latest draft of the GDPR call for fines of up to two percent of annual revenue for companies that violate the rules, raising the distinct possibility of billion dollar penalties enforced to make examples out of organizations that continue to be careless with private data. To put this into perspective, a company like Monsanto could face fines up to $300 million, and the penalty for a company like GE could be around $2.8 billion.

Cloud structure sea change

What will all of this mean for how U.S. firms do business in the future? In 2016, we will see organizations change their approach to data transport and access. For starters, they will need to localize data policies to comply with the nations and regions where they do business, as well as where their data flows. What this means is that each geographic region will have a set of guidelines specific to handling data, as well as separate guidelines for communicating externally. This is already happening in the EU, with Germany setting more stringent data privacy rules than the rest of Europe.


(Image Source: Shutterstock)

Further, organizations will also no longer be able to rely on centralized datacenters, and instead will need to rely on multiple datacenters, each subject to the specific region’s regulatory oversight. Businesses will also have to ensure that all of its cloud vendors meet the data guidelines set within each region in which it does business. We are already seeing a shift towards this model, with large providers such as Microsoft opening dedicated data centers in locations like Germany, the UK and Australia.

Making room for compliance in the C-suite

One way to handle these regulatory changes is for more private companies to add a new member to their C-suites: the Chief Privacy Officer. The CPO had historically been a role associated with government agencies, but that is changing rapidly. Any organization that collects, processes, or uses personal information across borders will need to implement information security plans to ensure that the personal data in its control is adequately protected. That’s the role of the CPO, and in 2016, it will be in high demand.

Organizations who are proactive and come up with an action plan that aligns with the new regulations will be ahead of the game. This means having end-to-end control over who accesses their data, wherever it travels. Too many companies have been standing on the sidelines, passively waiting for their vendors or the government to solve this. As we race towards the January 31, 2016 deadline, it’s becoming clear that action is needed. Some companies are moving ahead to devise a global solution without depending on the promised Safe Harbor 2.0. Others are taking interim measures such as legal boilerplate language to protect them. The high visibility of some, such as social media or cloud computing vendors, puts them at a higher risk for possible EU regulatory focus. The bottom line, however, is that the EU court decision is forcing all organizations that were part of the Safe Harbor framework to make risk-based—not just legal—decisions.

intralinks-ceo-ron-hovsepianBy Ron Hovsepian

Ron is president, chief executive and director of Intralinks, a publicly-traded provider of beyond-the-firewall collaboration technology solutions for the enterprise. Previously, Ron served as president and chief executive officer of Novell, from 2005 to 2011. He has held management and executive positions at IBM Corporation over a 17-year period, including worldwide general manager of IBM’s distribution industries, manager of global hardware and software development, sales, marketing and services. Ron currently serves as a member of the board of directors of ANSYS, Inc. Follow Ron on Twitter: @RonHovsepian.

Cloud Is Changing The Game For Retailers On Cyber Monday

Cloud Is Changing The Game For Retailers On Cyber Monday

Cloud Computing, Retailers And Cyber Monday

In 2014 Cyber Monday sales shattered previous records, increasing by 17% year-over-year from 2013 for a record $2.04B. This year sales are expected to continue trending upwards. This means more shoppers, more transactions, more data, and less bandwidth.

Retailers all over the country have been preparing for this day for months, looking to maximize revenue. From releasing marketing and advertising materials to optimizing bandwidth for consumers, retailers must make sure nothing slows sales or jeopardizes the optimal window of time they have to capture shopper’s attention. Thankfully with the advancement of cloud technology and data analytics, retailers have become more efficient during these business-critical times.

There are three major areas where data analytics in the cloud are helping businesses during the holidays:

Enabling Sales Agility 

Thousands of retailers are competing to give the best deals possible and drive the most traffic to their respective sites. Deep discounts and offers for free shipping are all tactics used to lure consumers in and lead them to purchase. In order to execute them effectively, businesses need to be able to communicate with in-store employees and customer service agents simultaneously, across all of their store locations. With the use of the cloud businesses are able to ensure the have the latest materials in all of their locations, keeping every part of the organization in sync and up to date.


If a retailer plans to run a special to offer a TV at $199, it is likely that the TV will fly off the shelves and inventory will become depleted very quickly. It is important for the company to be able to communicate with their teams on the ground when the next possible shipment will be available and also provide comparable alternatives. The cloud allows companies to keep their employees armed with up to the minute updates to keep customers happy. This will not only help current sales but it will also create a positive experience for the customers which can lead to future sales.

Securing Customer Data

With sales activity at its peak, protecting customer data is paramount. Retailers are responsible for securing thousands, possibly even millions, of personal bits of information that usually includes financials like credit cards, social security numbers or bank accounts. With recent security breaches at major big box stores it is important for retailers to ensure proper protocols and procedures so consumers can confidently shop online. By leveraging the cloud and data analytics, as well as encryption, retailers will be better equipped for potential threats.

Some retailers choose to store customer data in the cloud. There may suddenly be an abnormal increase in download activity, which may put data at risk. With a visual view of data analytics, IT can easily spot abnormal activity in real-time and react quickly, halting all activity within their cloud environment. This will stop any threat in its tracks and ensure the safety of their information

Creating Actionable Intelligence

Naturally, with the exponential increase in web traffic and sales, retailers need to make sure they can handle a sudden influx of data. If a business cannot handle traffic efficiently and they experience an outage on Cyber Monday, it can result in a significant hit to their revenue – just ask Best Buy.

By leveraging the cloud and data analytics, businesses can make room for all the new data and build their infrastructure to handle the volume of traffic.


Sales Volume

Beyond handling volume, Cyber Monday retailers receive a massive spike in actionable data they collect from their customers buying patterns. With data analytics they can determine exactly what people are shopping for, what deals are the most effective, which locations need more attention, etc. This kind of information has been hard to analyze in the past, but with the technology available to them today they have this actionable intelligence at their fingertips – giving them more control over their business than ever.

While the cloud has proven to be valuable for retailers all year round, it has become increasingly valuable during the holiday season – specifically the Black Friday & Cyber Monday shopping period. However, this season businesses will need more than just the cloud to maximize their efforts. Data and analytics will be the new “must haves” for optimal performance during this historically busy time. Understanding data, visualizing analytics, and creating actionable intelligence will create massive improvements in operations and security this year. Businesses will now be able to focus on generating sales and maximizing profits, versus fighting fires.

Rajesh-RamBy Rajesh Ram

Rajesh is the Chief Customer Officer and Co-Founder of Egnyte. As Chief Customer Officer, his charter is to maximize customer acquisition, satisfaction and retention. Rajesh works with Egnyte’s customers and internal teams to ensure that the comprehensive voice of the customer is reflected in the company’s corporate strategy and execution. Previously, Rajesh held executive roles within Egnyte’s Product Management and Engineering functions. 

Is Your Office 365 Data Properly Protected?

Is Your Office 365 Data Properly Protected?

 Office 365 Data Security

As more and more people collaborate and access data from outside the office and across multiple devices, the potential for SaaS data loss increases dramatically, and the damage can be catastrophic. A staggering 60 percent of companies that lose critical data shut down within six months of the loss incident, according to research from Boston Computing Network.


saasOne productivity tool – Microsoft Office 365 – has become the talk of the town recently, and is a great example to illustrate the importance of proper data protection. Over the last 12 months, Microsoft has seen an uptick in companies of all sizes signing up. A notable example is General Electric, which announced it will be implementing the platform across its business. It’s easy to see why so many organizations are moving toward cloud-based SaaS applications like Office 365 – they are secure, convenient and easy to set up and manage. Moreover, they enable a workforce to move faster, collaborating across offices around the world and other remote locations, all while reducing operational costs.

But there is a common misconception about SaaS data that mustn’t be ignored: and that is that Office 365 data can’t be lost. The truth is, your Office 365 data is probably not properly protected and may be at risk.

Protecting Data

Microsoft does an amazing job protecting data from any data loss risks on their side – including disaster recovery, server outages, etc. They make sure that your data is available, as long as you have requested them to do so. However, what Microsoft can’t do is protect your data from you. That’s not a typo. They can’t protect users from accidentally deleting data or an administrator from maliciously deleting important docs within Office 365.

Take the move from on-premises Microsoft Exchange to Office 365 as an example. Administrators go from managing basically everything (network, hardware, OS, VMs, etc.) to only overseeing the policies, users and data. In this new environment, the responsibility for data protection is shared between an application administrator and Microsoft. As long as data loss is caused by a hardware or data center availability issue, Microsoft maintains responsibility, but Microsoft maintains responsibility and must adhere to the requests of users. If there is an external hack or internal malicious behavior, like a disgruntled admin deleting files, the responsibility falls solely on the customer. In some ways, this is actually a good thing because if SaaS providers like Microsoft didn’t delete data when requested by users, then there would be major questions regarding privacy.

Mitigation and Litigation


Now, Microsoft does suggest some options to help mitigate damage, like litigation hold for all email, but those are not the best solutions for companies that want to ensure their employees’ data is not only available and safe, but quickly and easily recoverable when a data loss event occurs. With archiving, users don’t usually expect to recover information quickly. On top of this, the process of getting what you want is cumbersome and is not something a busy admin will be able to accomplish as quickly as their end users may expect. To achieve reliable SaaS data protection, you need more than archive software, that’s where backup and recovery software comes in. With a third-party SaaS application backup and recovery solution, data is always available for quick and easy restoration to its original state – giving you the ability to essentially turn back time in no time.

The bottom line: Many of the same best practices that admins used in their on-premises environments must be brought along to the cloud, and they can’t assume that Microsoft will correct every single mistake. Ultimately, organizations need to pay more attention to the fine print and understand that they are responsible for keeping their own data safe in the cloud. So, as you move to cloud-based SaaS applications where someone else is managing the physical infrastructure and the applications on which your production data resides, you still need to have a plan in place to ensure that data can be swiftly accessed and recovered in every scenario.

jeff-erramouspeBy Jeff Erramouspe / CEO / Spanning

Prior to being appointed CEO and president, Jeff was Spanning’s Chief Revenue Officer. He was the founding CEO of Deepfile Corporation (became StoredIQ and sold to IBM in 2012), was VP of Market Development at Digby, and served as Vignette Corporation’s first VP of Marketing. He started his career with NCR Corporation and also held senior management positions at Compaq Computer Corporation.

Juniper Research: Top Ten Tech Predictions For 2016

Juniper Research: Top Ten Tech Predictions For 2016

2016 Top Ten Tech Predictions 

Virtual Reality and Consumer Robots Head This Year’s List

HAMPSHIRE, UNITED KINGDOM–(Marketwired – November 16, 2015) – As 2015 draws to a close Juniper Research has drawn up a list of predictions for the coming year, all neatly wrapped up as the top trends for the technologies industries for 2016. A free report detailing the findings is available to download from the Juniper website today.

2016 — A Watershed Year for Virtual Reality (VR)

Juniper has identified 2016 as the watershed year for VR headsets, both in terms of product launches and consumer roll outs. Oculus, Sony, and HTC are amongst the leading players expected to launch key VR products over the next 12 months. The recent attention to and investment into virtual reality is helping to revitalise the industry and with major brand commercial launches imminent, there is huge potential for rapid market expansion.

As a result, Juniper expects significant VR uptake over the next 5 years as consumers benefit from a combination of improved VR technology allied to immersive applications, as well as reduced prices. Consequently, the technology is now poised to transform the entertainment industry, including gaming and video, over coming years whilst offering the potential to quickly expand into other markets such as industrial and healthcare.

Top Ten Tech Predictions for 2016

The full list of our top ten tech predictions follow below. Further details are available in the free report, Top Ten Tech Predictions for 2016 available to download from the Juniper Research website.

1. Virtual Reality — a watershed year.

2. Consumer robotics becomes a reality

3. Wearables go to work

4. The race for 5G begins

5. Many devices, one platform

6. Blockchain technology embraced by financial institutions

7. Hybrid console & cloud gaming gathers pace

8. eSports delivers significant new revenues for the games market

9. New security models emerge

10. Crowdfunding Fires StartUp Growth

Juniper Research provides research and analytical services to the global hi-tech communications sector, providing consultancy, analyst reports and industry commentary.

3 Steps To Ensure Third-Party Security With Your IoT Providers

3 Steps To Ensure Third-Party Security With Your IoT Providers

Third-Party Security IoT Providers

When you decide to partner with a third-party provider for your Internet of Things solution, you also partner with that third party’s security vulnerabilities.

Fair or not, your customers will hold you accountable for any security breach related to your company, especially when your brand is the face of the partnership. Companies that must maintain security compliance — like those that have to maintain The Payment Card Industry Data Security Standard — can be found legally liable for their partner’s security deficiencies, so more than your brand will suffer if you trust the wrong firm with your business.


The 2013 Target security breach demonstrated the potential scale of damage that businesses can suffer when third-party providers don’t practice proper security. After stealing credentials from a third-party heating, ventilation, and air conditioning contractor, attackers accessed Target’s systems and stole the credit card data of millions of customers.

Despite the security vulnerability resting with the third party, Target received all the bad press that accompanied the breach. Even today, we refer to the attack as the “Target security breach,” so don’t expect your customers to be understanding and place the blame elsewhere if your partner makes a mistake.

As the IoT becomes more mainstream, attacks like the one on Target will become more common while hackers attempt to use backdoor entrances into company networks and systems. More interconnectivity means more opportunities for breaches, so you must be vigilant when it comes to security standards.


(Image Source: Shutterstock)

Follow these three steps when vetting potential partners to prevent breaches and maintain the trust of your customers:

  1. Do your research. Don’t trust what someone else tells you. Perform your own security audit of potential partners by visiting their data centers, meeting with their IT security teams, and reviewing their security controls. If you don’t have the expertise to conduct a thorough audit, hire a specialist and don’t cut corners. By spending some money now, you could save yourself from losing much more down the road.
  1. Set high standards. Know what security controls you require from your partners. If a company doesn’t meet your standards, don’t just negotiate a smaller contract; refuse to work with it until all the necessary controls are in place.
  1. Continue to monitor. Once you find the right third-party business, don’t sit back and assume everything will be fine moving forward. Meet with its security team at least once a year to ensure your partner continues to follow and improve the security controls identified in the initial audit. If ownership changes or you notice a lot of organizational turnover, perform another audit to identify deviations and make sure the security you need doesn’t take a backseat to other initiatives.

The IoT will only continue to grow. You must prioritize security within your company and your vendors to ensure that dangerous vulnerabilities don’t accompany that expansion. Be diligent, stay up-to-date on the latest in data security, and demand a partner that takes security as seriously as you do.

Alex-BrisbourneBy Alex Brisbourne

Alex is president and CEO of KORE Telematics, the world’s largest wireless network provider focused exclusively on the rapidly expanding machine-to-machine communications market. He is a prolific speaker and opinion leader and is frequently sourced as an expert on machine communications.

Understanding The Benefits Of Cloud Collaboration

Understanding The Benefits Of Cloud Collaboration

Cloud Collaboration

The ability to collaborate—across functional boundaries, time zones or even beyond organizational borders—is becoming an ever more critical determinant of success.” – Forbes Insights: Collaboration in the Cloud

Cloud services have reached a place where they have become an integral part of our day-to-day work lives. Modern entrepreneurs are using cloud services to build and run their small businesses and work with people from different parts of the globe. And why not? It is effective and affordable.

In fact, collaboration based on cloud technology has already proved its ability in bringing your most diverse and distributed teams together, thus bringing an end of faceless employment.

employment byod

Cloud collaboration allows your team members to work together and collaborate on both on-site and off-site files and documents alike, meaning you can even access, share and edit files and documents outside of the company firewall.

It is fast becoming a permanent feature of the contemporary workplace, thanks to the growing practices of the BYOD (Bring Your Own Device) and remote employment. Today’s workforce wants to move and communicate seamlessly between various devices and cloud collaboration helps them to do that.

Despite the widespread trend toward cloud collaboration for enhanced productivity, many small businesses are yet to fully understand its benefits. According to a report published by Endurance International Group, many small businesses fail to leverage the significant advances in cloud collaboration technology and are also “unfamiliar with some of the most advantageous online tools.”

The study also found that almost a third of respondents aren’t sure what cloud-based computing means, although they have heard the term. Just 11 percent of respondents said they rely on cloud collaboration while 67 percent of them said they are yet to invest in such technology for their business.

If you too are thinking why invest in the cloud for collaboration, here are top three benefits of cloud collaboration for startups and their teams.

1. It is Cost Effective

Much of the benefits of cloud collaboration are related to its cost-effectiveness. Unlike traditional on-premise software, you don’t have to invest in an expensive infrastructure with cloud-based collaborative tools. They also eliminate the need for costly customization and heavy IT involvement.

Cloud collaboration, is indeed a cost-effective solution that allows for a pay-as-you-go pricing model.


(Image Source: Shutterstock)

Under this utility computing billing method you need to pay for procured, instead of actual and computing resources. This means instead to an entire infrastructure you need to pay for just the used services or number of users you need in a given month. You can actually cut office overheads as cloud-based collaboration allows employees to work from other remote locations, making it especially beneficial for startups and small businesses who usually have a limited budget.

You can therefore mitigate project risk and also use collaboration technology to your advantage minus the upfront and extensive capital expense. There is no time-consuming installation, system configuration or maintenance as well. Everything is on the cloud, i.e. web-based. Thus, you really don’t have to bother about updates or server maintenance.

2. It Enhances Your Project Management Process

The key benefit of cloud collaboration is perhaps its ability to connect people to share information and ideas when it’s needed most. Besides, it helps businesses keep all project related documents and information within the same workspace in order to streamline the process, allowing them to manage everything in the cloud.


With these collaborative project management tools, you don’t have to worry about tracking old emails and various versions of documents as these tools retain archived versions of all your documents and update them in real time. Better yet, your team members can even add tasks and comments to each file, giving you a complete audit trail of all projects related interactions. You can even create and manage task lists and team calendars, making your overall project management much simpler and faster.

A 2014 Software Advice study that interviewed thousands of buyers who were shopping for the right project management tool revealed that around 46 percent of small-business buyers were using manual methods like Excel, email and pens and papers. But businesses that have a deployment preference voted for web-based (cloud) solutions over on-site deployment. And around 88 percent of them preferred ‘integrated suites’ that come with two or more applications instead of the stand-alone solutions. In fact, 98 percent of businesses looked for project management as one of the integrated services in their cloud collaboration tools.

The reason behind such preferences is quite obvious as it is rather challenging to projects across various stand-alone platforms. However, the key is to find a collaborative tool that helps you create and manage milestones, goals and deadlines seamlessly to keep your project on track.

3. It is Scalable

Cloud-based technologies are known for their scalability and flexibility. Using a cloud-based collaboration tool you can start small and add on resources as demand increases. For startups and small businesses, it is often the case that the volume of contributions and number of participants increase rapidly and steeply in-between projects. With cloud collaboration, it becomes easier to cater to such growing demands without adding much cost.


Most importantly, cloud collaboration allows you to scale for users, workload and adoption. You can therefore accommodate the growth seamlessly. All you need to do is pay for additional storage and users as you need them, without making any infrastructure investment.

Better yet, you can even manage peaks in demand by automatically allocating capacity and managing team performance when facing data intensive periods. This helps you achieve greater organizational agility.


The nature of cloud collaboration is such that it serves the mobile workforce and companies with multiple locations and remote employees better than on-premise solutions. It allows remote workers to access information seamlessly across devices, helping them to become more productive at work. And since everything is stored in the cloud, you can access them from anywhere and at any time. When you understand the benefits of cloud collaboration, you will also realize that its goal is to provide a natural experience of working together with your team members, even when that’s not the case.


sebastienBy Sebastien Boyer

Sebastien is the Director of Products at Nutcache, a smart and simple collaborative project management tool for all sizes of businesses with time tracking, invoicing and expenses.

Cisco Announces New Threat Awareness Service

Cisco Announces New Threat Awareness Service

Threat Awareness Service Gives Organizations the Upper Hand in Securing the Network

SAN JOSE, CA, November 3, 2015 – Cisco today announced it is advancing its Security Everywhere strategy deeper into the cloud, network, and endpoints with new security products and features, and a threat awareness service as organizations execute on their digital transformation.

Companies are banking on digital initiatives to provide new avenues of financial growth and reduce operational complexity. As data becomes more pervasive, so do attacks by threat actors which often leave companies scrambling to secure their assets. They are faced with a complex array of point solutions, which by design often are not interoperable, leaving security teams with limited visibility into potential threats and compromises on their networks. The value of Cisco architecture is its emphasis on embedding security spanning the extended network – including routers, switches and the data center – closing gaps across the attack continuum and significantly reducing time to detection and remediation.

Specifically, Cisco is adding Cisco® Cloud Access Security (CAS), which provides visibility and data security for cloud-based applications; Identity Services Engine (ISE) enhancements, extending visibility and control for network and endpoints with new location access controls; and Threat Awareness Service, which provides organizations with threat visibility into their networks.

Cloud Visibility and Control

According to the Cisco Cloud Consumption Services trend data, the number of unauthorized cloud applications used by employees in the enterprise is 15 to 20 times higher than CIOs predicted due to Shadow IT. The new Cisco Cloud Access Security (CAS) offering allows organizations to address this complexity as well as increase visibility and control over data in cloud applications.

Partnering with Skyhigh Networks and Elastica, CAS delivers increased visibility into “hidden” applications that employees might bring onto the network; detection of malicious behavior; and the ability to set security policies that tailor application usage and user behavior to align with corporate policies. To protect cloud-based applications, such as Dropbox and, CAS prevents the uploading of sensitive information and inappropriate sharing of data in the applications, to limit data exposure breaches.

Cisco Cloud Web Security now integrates with CAS and provides branch offices secure direct Internet access with Integrated Services Router 4K router integration, saving on bandwidth costs.

Safeguarding Endpoint Connections and Data Access

As businesses open their networks to the IoT and mobile devices as well as third-party applications, they are faced with balancing access and protection with accelerating how quickly they can make security changes to map to their business requirements. Over 68 percent of enterprises find that employees’ use of mobile devices on their networks has significantly increased endpoint risk.

The Cisco Identity Services Engine (ISE) is extending software-defined business policies for control over more granularly segmented endpoint, user and geographical access. ISE now integrates with the Cisco Mobility Services Engine, so IT can create and enforce location policies that define access to data down to a specific room. This reduces the overall attack surface, containing network threats, and securing wired, wireless and remote network access across the entire attack continuum.

ISE also is extending its security coverage through its pxGrid partner ecosystem with nine new partners – including Check Point, Infoblox, Invincea, E8 Security, Hawk Defense, Huntsman Security, LogRhythm, SAINT, and SOTI – bringing the total number of partners to 30 in its first year of deployment. Ecosystem partners can now share security telemetry bi-directionally between pxGrid partners. A new feature of the pxGrid Adaptive Network Control allows partners to leverage ISE to rapidly investigate and contain attacks using the network as an enforcer.

Threat Awareness Protection

Often organizations do not have visibility of potential vulnerabilities in their network. What they can’t see, they can’t protect.

Leveraging the power of Cisco’s threat intelligence telemetry, Cisco Threat Awareness Service enhances threat visibility of inbound and outbound network activity and highlights potential threats that may require additional attention. A base offer is included with purchases of the Cisco SMARTnet™ Total Care™ Service, while a premium offer, with additional functionality, is available as a yearly subscription.

Enhancing Protection for AnyConnect, AMP Everywhere

Rounding out the new security offerings are the addition of the Network Visibility Module to AnyConnect® VPN to provide traffic flow and contextual data regarding users, applications, devices, locations, and destinations. Also, AMP (Advanced Malware Protection) Threat Grid now provides broader contextual information across the full AMP portfolio, extending protection for ASA with FirePOWER™ Services and AMP for Networks. Both put more visibility and control into the hands of businesses to rapidly address cyber threats.

OpenDNS Umbrella

Newly acquired OpenDNS uses its unique view of global Internet activity to provide cloud-delivered network security and threat intelligence solutions that provide advanced threat protection for any device, anywhere, anytime. With this latest update, the OpenDNS Umbrella threat enforcement platform prevents system compromise and data exfiltration over any port or protocol for both DNS and IP-initiated connections. Additionally, the OpenDNS Investigate global threat intelligence product now features a new search functionality that can uncover shared attacker infrastructure, find newly registered domains that are used to impersonate brand websites, and identify other patterns in phishing or targeted attacks.

Extended Security for Partners

The advancement of the Cisco Security Everywhere strategy creates new profitable business opportunities for partners by further addressing customers’ security challenges across their entire IT infrastructure and extended network. This expanded portfolio provides greater visibility, context and control further into the cloud, the network and endpoints. It provides an end-to-end security platform that covers the entire attack continuum, while reducing complexity for the customer and driving growth for partners. Cisco has made significant investments to help partners profitably grow their Cisco Security business through a joint go-to-market approach, training, and skills development workshops.

Supporting Quotes

Organizations that are seizing the digital opportunity need security everywhere – from the network to the endpoint and from the cloud to every corner of their operations – to limit the risk of sensitive data compromise. Our integrated approach minimizes security risks and exposure versus point solutions that can leave gaps as they lack a holistic view. Today’s product, solution and services enhancements provide our customers with visibility, protection and control to address a broader cross-section of issues. This will allow them to focus on growing their businesses.”

— David Goeckeler, Senior Vice President and General Manager, Security Business Group

Attacks are no longer simply a network or endpoint concern. Today, we share industry concerns that attackers pose significant risks to how we conduct business, looking for any possible entry point. Wherever we have a digital presence – whether that’s mobile, cloud, branch office or our corporate network – the only way to effectively combat these attacks is with protection that reaches from the foundational network to the cloud, device and remote locations. Cisco’s Security Everywhere concept increases our ability to not only leverage existing infrastructure to deploy new protection in near real-time, but also allows us to streamline our efforts, helping reduce complexity and costs.”

— William Dugger, Senior Manager, Network Engineering, Beachbody, LLC

About Cisco Capital

Cisco Capital® is a wholly owned subsidiary of Cisco. Its mission is to help enable business outcomes for customers and partners by providing tailored financing solutions for Cisco products and services in more than 150 countries. For more information, please visit

About Cisco

Cisco (NASDAQ: CSCO) is the worldwide leader in IT that helps companies seize the opportunities of tomorrow by proving that amazing things can happen when you connect the previously unconnected. For ongoing news, please go to

Salesforce Gets Serious About Its Security Ecosystem

Salesforce Gets Serious About Its Security Ecosystem

Salesforce Gets Serious About Its Security Ecosystem With New Event Monitoring API

Salesforce is one of the fastest growing enterprise software companies in history and while security is a major roadblock for many cloud projects, the company’s extensive security investments appear to be paying off. Salesforce is one of just 9.4% of cloud providers that store data encrypted and they support a wide range of security controls including IP address whitelisting, device pinning, and multi-factor authentication. If there’s a concern about data going to Salesforce’s cloud, it’s a concern about how users treat that data, not the integrity of the platform.


Under a shared responsibility model, Salesforce takes care of platform security, while customers are responsible for taking precautions to ensure their users don’t expose that data to risk. That means the end customer is responsible for ensuring their salespeople don’t download all the company’s sales contacts before quitting to join a competitor, or that users have appropriate application permissions that don’t give them access to data they shouldn’t be able to access based on their role at the company.

One of the primary concerns of companies with large Salesforce deployments is a rogue employee taking sales contacts when leaving the company for a competitor. One study found that half of employees took data with them when they left their job and 40% planned to use that data at their next job. Key indicators that something is amiss can include an employee downloading an unusual amount of data. Let’s say this employee typically views 50-100 opportunities each day, and then downloads a report with 1,500 opportunities. That could indicate there’s a problem.

Another threat faced today is the possibility that a user or administrator will sell sensitive data. A shocking survey recently found that 25% of employees would sell company data for less than $8,000. Many companies store a vast amount of sensitive data in Salesforce including customer credit card numbers, Social Security numbers, patient information, and other sensitive or regulated data. Even if a rogue employee is at fault, a company can still be fined and sued if this data is stolen.

Such “insider threats” are increasingly common. Skyhigh recently analyzed data across its customers and found that companies, on average, experience 9.3 insider threat incidents each month. Not all of these events are malicious, they also include users mistakenly sharing data when they shouldn’t. All told, 89.6% of companies experience at least one insider threat each month on average. Salesforce recognizes these concerns and is making investments to support the development of security solutions that help address these concerns.

To help support customers in identifying these types of negligent or malicious activities, Salesforce has made available new event monitoring APIs that provide a record of user and administrator activity within Salesforce. The volume of these events is enormous. In the most recent quarter, Salesforce’s core platform processed 234 billion transactions, including logins, edits, and downloads. That’s an average of 3.7 billion events each business day – quite the haystack to search for a few needles.

API Connect

For customers looking for unusual user or account activity, the sheer number of events in Salesforce would be impossible to manually review. In making these new APIs available, Salesforce is making a significant investment to support its security ecosystem to build solutions that help Salesforce customers understand and manage user activity. Also, these APIs provide a near real-time feed of events that can be captured by security solutions and archived, rather than forcing customers to go to their Salesforce account manager and request logs for a post-incident investigation.

Salesforce is already one of the most secure cloud services available. Owing to its investment in platform security, Salesforce is one of the 8.1% of cloud services that meet the security standards of enterprises today. With the introduction of new APIs to support third party security solutions that give greater visibility into usage and the ability to detect threats, the company is well positioned to continue its leadership position in the cloud market.

By Harold Byun

CloudTweaks Comics
Cloud Infographic – DDoS attacks, unauthorized access and false alarms

Cloud Infographic – DDoS attacks, unauthorized access and false alarms

DDoS attacks, unauthorized access and false alarms Above DDoS attacks, unauthorized access and false alarms, malware is the most common incident that security teams reported responding to in 2014, according to a recent survey from SANS Institute and late-stage security startup AlienVault. The average cost of a data breach? $3.5 million, or $145 per sensitive…

The Conflict Of Net Neutrality And DDoS-Attacks!

The Conflict Of Net Neutrality And DDoS-Attacks!

The Conflict Of Net Neutrality And DDoS-Attacks! So we are all cheering as the FCC last week made the right choice in upholding the principle of net neutrality! For the general public it is a given that an ISP should be allowed to charge for bandwidth and Internet access but never to block or somehow…

Reuters News: Powerfull DDoS Knocks Out Several Large Scale Websites

Reuters News: Powerfull DDoS Knocks Out Several Large Scale Websites

DDoS Knocks Out Several Websites Cyber attacks targeting the internet infrastructure provider Dyn disrupted service on major sites such as Twitter and Spotify on Friday, mainly affecting users on the U.S. East Coast. It was not immediately clear who was responsible. Officials told Reuters that the U.S. Department of Homeland Security and the Federal Bureau…

A New CCTV Nightmare: Botnets And DDoS attacks

A New CCTV Nightmare: Botnets And DDoS attacks

Botnets and DDoS Attacks There’s just so much that seems as though it could go wrong with closed-circuit television cameras, a.k.a. video surveillance. With an ever-increasing number of digital eyes on the average person at all times, people can hardly be blamed for feeling like they’re one misfortune away from joining the ranks of Don’t…

The DDoS That Came Through IoT: A New Era For Cyber Crime

The DDoS That Came Through IoT: A New Era For Cyber Crime

A New Era for Cyber Crime Last September, the website of a well-known security journalist was hit by a massive DDoS attack. The site’s host stated it was the largest attack of that type they had ever seen. Rather than originating at an identifiable location, the attack seemed to come from everywhere, and it seemed…

Cloud-based GRC Intelligence Supports Better Business Performance

Cloud-based GRC Intelligence Supports Better Business Performance

Cloud-based GRC Intelligence All businesses need a strategy and processes for governance, risk and compliance (GRC). Many still view GRC activity as a burdensome ‘must-do,’ approaching it reactively and managing it with non-specialized tools. GRC is a necessary business endeavor but it can be elevated from a cost drain to a value-add activity. By integrating…

How To Humanize Your Data (And Why You Need To)

How To Humanize Your Data (And Why You Need To)

How To Humanize Your Data The modern enterprise is digital. It relies on accurate and timely data to support the information and process needs of its workforce and its customers. However, data suffers from a likability crisis. It’s as essential to us as oxygen, but because we don’t see it, we take it for granted.…

Lavabit, Edward Snowden and the Legal Battle For Privacy

Lavabit, Edward Snowden and the Legal Battle For Privacy

The Legal Battle For Privacy In early June 2013, Edward Snowden made headlines around the world when he leaked information about the National Security Agency (NSA) collecting the phone records of tens of millions of Americans. It was a dramatic story. Snowden flew to Hong Kong and then Russia to avoid deportation to the US,…

Digital Twin And The End Of The Dreaded Product Recall

Digital Twin And The End Of The Dreaded Product Recall

The Digital Twin  How smart factories and connected assets in the emerging Industrial IoT era along with the automation of machine learning and advancement of artificial intelligence can dramatically change the manufacturing process and put an end to the dreaded product recalls in the future. In recent news, Samsung Electronics Co. has initiated a global…

Three Tips To Simplify Governance, Risk and Compliance

Three Tips To Simplify Governance, Risk and Compliance

Governance, Risk and Compliance Businesses are under pressure to deliver against a backdrop of evolving regulations and security threats. In the face of such challenges they strive to perform better, be leaner, cut costs and be more efficient. Effective governance, risk and compliance (GRC) can help preserve the business’ corporate integrity and protect the brand,…

The Importance of Cloud Backups: Guarding Your Data Against Hackers

The Importance of Cloud Backups: Guarding Your Data Against Hackers

The Importance of Cloud Backups Cloud platforms have become a necessary part of modern business with the benefits far outweighing the risks. However, the risks are real and account for billions of dollars in losses across the globe per year. If you’ve been hacked, you’re not alone. Here are some other companies in the past…

Why Security Practitioners Need To Apply The 80-20 Rules To Data Security

Why Security Practitioners Need To Apply The 80-20 Rules To Data Security

The 80-20 Rule For Security Practitioners  Everyday we learn about yet another egregious data security breach, exposure of customer data or misuse of data. It begs the question why in this 21st century, as a security industry we cannot seem to secure our most valuable data assets when technology has surpassed our expectations in other regards.…


Sponsored Partners