By John Zakour
We’ve written about the international cloud markets a number of times on CloudTweaks and it makes for some interesting discussion. A number of our 12/12 contributors have touched on some of the key points as to why there are such cloud adoption challenges.
Roger Strukhoff discusses: “There are significant issues of data sovereignty and security entangled in distributed cloud infrastructures that cross international borders, to be sure. But inter-governmental organizations from the European Union (EU) to the Association of Southeast Asian Nations (ASEAN) to the East African Community (EAC) and many more are stocked with serious-minded people working to address and solve the political issues so that the technology may flow and improve the lives of their people…”
Gary Gould continues that: “Businesses within the EU are not adopting cloud-based systems as quickly as expected. Do data protection laws and restrictions play a role in Europe’s slow uptake? Despite the fact that cloud computing now plays a vital role in the development of our businesses, use of the Cloud amongst businesses in the European Union did not increase in 2014…”
While Johan Christenson has an interesting take: “The competitive mentality in the US poses a stark contrast. Researchers even identified a gene in those that once emigrated from Europe to the US, which allows for higher tolerance of risk. Starting a company in the US is a given. Most Europeans are still asking what job they should get, not what company they will start. Europe also does not have the force from the society to be as competitive. Equally most European struggle with diverse markets and different languages which overall does not help…”
To help shed some additional light on the international cloud market, we’ve come across an interesting and helpful BSA Global Cloud Computing Scorecard. The scorecard ranks 24 countries based on seven policy categories that measure the countries’ preparedness to support the growth of cloud computing.
See the full list here.
For some of the good news, it appears that the European cloud market is expecting positive growth over the next 4 years in the areas of: Public, Private and Hosted Private Cloud services. Included is an infographic provided by IDC titled “The Wonderful World Of The Cloud“.
A recent whitepaper on cyber security in the US government reveals that that the increasing number of mobile phones being used within federal agencies is escalating the risk of cyber threat from inside agencies. It also cites employees as the key to insider threats, and recommends that more money be spent addressing this issue.
Titled Cybersecurity in the Federal Government, the report commissioned by management software company, SolarWinds tackles the many challenges IT professionals currently face trying to prevent both external and internal IT security threats and attacks. It also suggests ways that government and the private sector can help to mitigate the growing risks of cyber attack.
Based on a study undertaken by the North American communications company, Market Connections, the whitepaper explores growing “insider threats” within the Federal IT community, acknowledging that this type of threat is the most damaging, and currently creating the greatest concern within government. It looks at the impact of mobile devices as an increasing insider threat; and examines investment trends that are moving toward attempting to mitigate insider threats. It also considers insider threat prevention techniques and tools cyber security managers within government are able to implement.
The increasing use of mobile technology was cited as “the top obstacle for preventing insider threats” within federal agencies. A total of 56 percent of participants in the study believed the mobile devices were an obstacle when it came to preventing accidental cyber threats; and 44 percent said it was an obstacle for preventing malicious threats. A third of those involved in the study believed that agency data on government-owned mobile devices was most at risk. By comparison, only 29 percent were worried about contractor- or employee-owned devices.
According to Joel Dolisy, CIO of SolarWinds, the concerns regarding mobile devices are likely to increase as federal agencies implement more bring-your-own-device programs. “This shift in technology at work will likely contribute to the increased risk from insiders,” he said. Further, because federal agencies generally see external threats as a greater risk, internal threats don’t attract the same resources as external threats, he said.
The study was commissioned in December last year (2014) to assess just how much hacking comes from malicious outsider attacks and how much is due to insider threats. While federal agencies spend a vast amount of money preventing attacks from outside – especially those identified as originating in other countries including China and Russia – those managing cyber security within US federal agencies have been concerned for some time about insider threats.
It followed a previous study earlier in the year, which revealed that because people are so unpredictable, whether through malicious intent or human error, they pose a “damaging threat” to government agency cyber security defenses.
According to the US Defense Contract Management Agency (DCMA)’s director of operations, the Department of Defense has positioned itself quite strongly against external cyber threats, but malicious or accidental insider threats have caused more problems. This was largely because people within agencies largely “do what they want” and see security as a form of interference, he said. Additionally, some of the younger employees have “skills to successfully work around security protocols.”
While more than half of respondents in the study believed that insiders were the biggest security threat to federal agencies, 38 percent were convinced that whether from external or external sources, malicious threats were the most damaging breach suffered. A total of 23 percent said malicious insiders were the biggest cyber security threat of all.
When asked where data was most at risk, 47 percent said personal computers, and 42 percent said removable storage media.
Ultimately, the study cited a simple solution to addresses insider threats. Agencies must know what devices are used on their networks as well as who is using them and when they are using them. They also need to establish what is being used in the network operation, and whether it is virtual, mobile or desktop based.
“Internal threats will continue to exist as long as agencies continue to employ people, so agencies need to make at least an equal investment in addressing insider threats,” the report states.
(Image Source: Shutterstock)
By Penny Swift
The majority of cloud consumers don’t understand what cloud is let alone what the implications of transacting in the cloud or of having their data and digital assets stored in the cloud. As a result most consumers are their own worst enemy when it comes to putting themselves at risk in the cloud. The ramifications of not understanding the risks can result in anything from consumer data exposure or loss of digital assets, to online reputation damage or worse still, incurring the same for their children. The good news is with a few tweaks consumers can better protect themselves.
Most explanations of cloud are geared at technical business users and very few are aimed at consumers. In fact, Katie Couric’s very recent The Cloud Explained is one of the very few pieces that I have seen that describes cloud in its simplest incarnation as a network of computers and in a way that most non-tech, savvy consumers can easily digest. I strongly encourage consumers to find a starting point on the web that they can easily digest and over time to gain as much knowledge as they can of the cloud services they use.
Cloud is something that become an increasing part of our reality and may have sprawled into a number of different, though very useful services. In fact, we have reached the inflection point where it would be difficult to opt out of having some aspect of one’s life in the cloud. Some consumers may have been initially conscripted into a cloud service without their explicit consent. It may have happened, for example, as their utility company moved its infrastructure to the cloud, or through their doctor’s office now using online appointment settings or through their mobile phone synching settings, even for those who may not necessarily opt to have their information backed up to the cloud. Then there are those who have opted to use cloud storage services knowingly. It may have started with backing mobile phone or computer storage settings to the cloud for assets like songs, photos, videos and documents or even using online applications and sharing tools such as Facebook. However, consumers started out in the cloud it’s probably a good time to mentally audit their cloud services to understand which services are storing, transacting or have access to their data or other digital assets.
The proliferation of cloud services has resulted in many cloud providers, especially storage providers who have differentiated their services on security. For those using cloud services to store photos, documents and other personal assets there are providers who offer encryption services or those that allow for a layer of encryption to be easily added. Such a layer of security could protect against personal digital assets being hacked into or even accessed accidentally by others.
Many consumers find managing passwords a nightmare and despite the well publicized dangers associated with using “password” or sequences of letters and numbers, too many consumers often resort to just that. Consumers need to find something that is memorable to them that others would find extremely difficult to guess. A password phrase like “IstartedskatingwhenIwas15” might be difficult for both friends and hackers to guess but personal enough for the consumer to remember. Consumers also often don’t understand the risks of sharing passwords with family and friends but they need to treat their passwords as a penultimate secret. It is careless password management or lack of a strong password that create the biggest vector for hackers looking for credit card data or other sensitive personal information.
Where possible consumers should also connect using two-factor authentication to cloud services.
Included is an image provided by https://twofactorauth.org which offers a nice list of sites currently offering 2FA.
Two-factor authentication provides stronger identification of users by requiring two different identity components. A good everyday example is the identification banks require for withdrawing money from a cash machine – the correct combination of a bankcard and a personal identification number (PIN).
Most consumers don’t associate social media sharing tools as a cloud service but it is. Oversharing on social media has also become a problem also for businesses who often find that workers blur the lines between their work and their private lives. My guidance to consumers is to only share on social media what they don’t mind sharing about themselves publicly. This advice even goes for photos for which one’s settings may be only family and friends, but over time through other people’s shares may be more broadly circulated.
Cloud is our new digital reality and for the most part the convenience benefits outweigh the risks. The tweaks that I have suggested above are a starting point and by no means a comprehensive list. Finally, remember that different consumers will have different thresholds for data security and privacy so there isn’t a single blueprint that applies equally to everyone.
By Evelyn de Souza
Virtualization, a foundational element of cloud computing, makes computing environments autonomous from their physical infrastructure. It makes it possible to run many operating systems and applications on one server at the same time and helps businesses increase efficiency, flexibility, and utilization while reducing IT costs. Cloud computing delivers the shared software, computing resources, or data made available through virtualization.
Virtual machine monitor (VMM) or virtual manager separates the computing environments and physical infrastructure. Virtualization is the process of splitting the hardware layer and software layer of a computer and placing this new layer between the two as a go-between. It allows you to run an operating system on a computer without that OS being aware of the hardware it is running on, and further supports the pooling of network, storage, and computing resources which can then be distributed as required.
(Infographic Source: SolarWinds)
Virtualization lets your organization maintain and secure its own data, systems, and resources. It can help maximize resources by reducing the number of physical systems required, and giving greater value out of the servers by ensuring maximum use of hardware investment and proper utilization. Multiple applications and operating systems can be run off the same physical infrastructure, and management and administration of infrastructure can be integrated directly into your IT budget. Data and energy savings of virtualization also allow organizations to reduce their carbon footprint.
Virtualization does require higher up-front costs and not all servers and applications are virtualization-responsive. Certain application vendors do not support virtualization. Your organization will also have to invest in new skills and management tools to properly take advantage of virtualization solutions. Furthermore, because the addition of new servers can be very easy, virtualization sometimes leads to server sprawl, and instead of managing 10 servers, you may suddenly find you’re handling 30. The risk of physical failure is also magnified with virtualization, and though VMs can be quickly restored to another host, this may require investment in redundant software.
Deciding whether virtualization is a beneficial solution for you will require a thorough analysis of your organization’s needs. Total cost should be evaluated, and organizations must be aware of whether the required skills will be available in-house or will need to be outsourced. Generally businesses with small IT departments will find cloud computing more suitable while those requiring a high level of control of integration and security may benefit from virtualization.
For more details around virtualization, download Top Trending Virtualization Resources for Summer 2015.
This kit gives you access to videos and eBooks discussing data center virtualization management, building a home lab for VMware vSphere 6.0, powering the hybrid enterprise, and virtualization in manufacturing. All the latest information, coverage of important developments, and expert commentary is available to help with your virtualization related decisions.
By Jennifer Klostermann
State media in China today revealed that its parliament has published a draft law that will “safeguard national cyberspace sovereignty,” as well as “security and development.” It is widely agreed that once accepted, the new law will consolidate government control over digital data and consequently have significant consequences for international and multinational companies doing business in China, as well as Internet service providers operating within the country.
According to an article released by Reuters this morning, the European Union Chamber of Commerce in China is “worried” about the development, in spite of the fact that the law has been a subject of discussion and debate for months. The main concern is, says Chamber president, Joerg Wuttke, that the language used in the draft legislation is so vague it isn’t clear how the law will be enforced.
Reuters also states that the East Asia director of Amnesty International, Nicholas Bequelin believes the law will “institutionalize censorship practices” that have never been previously formulated in an explicit manner. For instance, it will give the government legal power to instantly cut Internet access in the event of “sudden” incidents if authorities felt order needed to be maintained. This is exactly what it did for ten months after about 200 people died in Urumqi in ethic riots during 2009.
It is understood that the draft law will be far-reaching, and will not only improve privacy protection from cyber attack and hackers, but will also increase the power of the government to secure records and prevent publication and distribution of information that is seen as illegal in Chinese law. This will effectively enable the authorities to regulation information flow to the people.
The draft legislation, dated Monday July 6, 2015, aims, amongst other things, to ensure that anyone using messaging apps via the Internet in China must use real names. It states that all network equipment must be approved according to government testing standards, and all data collected by Internet service providers within China must be stored on Chinese territory. It also states that data stored in other countries for business purposes must be approved by the Chinese government. This will undoubtedly affect moves by Chinese e-commerce companies like Aliyun to expand their cloud services out of China.
According to a report in the South China Morning Post today, the Chinese government has identified cybersecurity as “a particularly irksome” element when it comes to certain economic partners, including the US that is opposed to many proposed rules as unfair to Silicon Valley companies.
The Chinese parliament has said government agencies will provide guidelines that will help network security, particularly for those “critical industries” like energy, finance, transport and telecoms, as well as national military and defense, and government administration. It has also announced that it will accept feedback on the draft legislation until August 5, 2015.
Earlier this month, on July 1, China’s parliament passed another sweeping national security law that has tightened control by government through the broad spectrum of life as it relates to culture, politics, the economy, the environment, technology, and the military. Essentially this law aims to ensure that all key information and infrastructure systems are both controllable and secure. The new draft legislation is the next step.
By Penny Swift
Whether due to a lack of time, need or simply because email started at such an advanced stage, digital data-transfer systems have not progressed as far as physical delivery system. Centuries ago, Greek soldiers carried messages across great distances by foot. Today, delivery systems handle daily mail with a network of transportation modes, even looking forward to services like drone delivery.
The same sense of progress is absent from digital systems. This is not to suggest that the state of digital delivery is unimpressive, or that advancements are not being worked toward. Technologies, such as email, are particularly striking in their ability to handle digital transfers, especially considering their more recent adaptation across new devices (ie. mobile). However, email is often the furthest frontier.
As companies consider the modern digital landscape and develop new ideas, many wonder – is there a better system to attract this email-dependent consumer base?
One popular answer to this question is data transfer. While still using an account with an email service provider, data transfers overcome many of email’s most common limitations. As users demonstrate a preference for convenience and speed, data transfers could change how users engage with an email service provider. In particular, data-transfer systems greatly improve file-sharing features like security, file size and platform usability.
It’s yet to be determined if data transfer systems will ever completely replace email subscriptions. Email still holds a great deal of value for its users, and it’s unlikely that the service will be phased out soon.
However, modern data transfer systems do offer users a number of useful features:
One of data transfer’s biggest draws is security. This is interesting because many email users send important information across the web with little consideration for its safety. From credit card data to signed contracts, users hardly ever think twice about where their files are going, and who might unknowingly have access to them. Like a website or database, email servers are hackable.
With data transfer systems, user data is well protected. The best data transfer systems offer military-grade encryption upon transfer, which gives users complete control over safeguarding their data. First, users create their own encryption passwords. Second, users are responsible for choosing who to share their password with. And third, some systems even allow users to add optional messaging that can only be seen post-decryption. Even if a data transfer ends up in the wrong hands, these three features ensure that the most private information remains protected.
Not every file needs this type of encryption. For example, a user may choose not to encrypt their vacation photos or family recipes. However, as email users become more educated on the safety of their data, this heightened security is especially important when sharing highly personal information.
When sending an email, users experience restrictions in the files that they can send. For example, when working from a computer, Gmail users can only send files that are 25 megabytes in size or less. The same is true for other popular providers like Yahoo and Microsoft Outlook. With such a small file maximum, email users are very limited in what they can send one another.
Data transfer systems allow users to send files up to five gigabytes in size. As devices become capable of housing more data, users need to be able to send larger files. For example, email providers make sending a group of high-resolution photos frustrating because they often exceed 25 megabytes. Users can overcome this limitation through a data transfer, sending more data all at once.
An email inbox can be a confusing and cluttered place. Necessary information can too easily get lost within long chains of emails, and users can unintentionally delete important files. Moving forward, data transfer can clean up this process.
Data transfer systems have engineered easy-to-use platforms that make sharing systematic. Users can share files instantly, around the world and to multiple recipients at the same time. From friends to family to coworkers, data transfer systems send users email containing a link that pulls them to an external website. This single link can contain multiple files. This keeps inboxes organized and makes locating older files easier, as they are all stored on a single platform in a uniform way. Links are also often only available for a short period of time, increasing the security of every exchange.
As an added feature, certain data transfer systems alert users to when their shared files have been viewed or opened. Confirmation notifications are an easy way for users to stay informed when sending important documents to a large number of people.
Perhaps the gap between email and data transfer is not so drastic as the one between foot and drone delivery, but the same principles apply. Just as new inventions improve the security, size and usability of physical delivery systems, data transfer systems are helping users find similar value across a digital landscape.
As technology advances and users continue to turn toward their devices, it’s likely that data transfer systems will popularize. Email will remain an important tool for users, but one thing is for sure – digital transfer systems are evolving how users approach email.
(Image Source: Shutterstock)
By Tunio Zafer
The news is full of data security breaches. This week, Sputnik International reported that Hacking Team had a 400 GB database stolen and published, and last month Ars Technica discussed in detail the information breach at the U.S. Government’s Office of Personnel Management. MSPmentor‘s current IT security news includes the hacking of databases at Harvard, a data breach discovered at Orlando Health, and 85,000 compromised debit and credit cards during the FireKeepers Casino data breach. Non-profit identity theft organization ITRC reported 400 data breaches this year as of June 30 and believes 2015 could top the charts for data violations.
As if you didn’t have more important things to worry about – so here’s a quick look at how to stay ahead.
We’ve managed to get hold of Jay Jacobs and Bob Rudis’ Data-Driven Security: Analysis, Visualization and Dashboards, and are offering a free download for Cloud Tweaks readers this week. This valuable book discusses how the correct use and understanding of data can positively impact your security levels, covering concepts, tools, and techniques that surpass best practice alone.
By Jennifer Klostermann
The Conflict Of Net Neutrality And DDoS-Attacks! So we are all cheering as the FCC last week made the right choice in upholding the principle of net neutrality! For the general public it is a given that an ISP should be allowed to charge for bandwidth and Internet access but never to block or somehow…
Botnets and DDoS Attacks There’s just so much that seems as though it could go wrong with closed-circuit television cameras, a.k.a. video surveillance. With an ever-increasing number of digital eyes on the average person at all times, people can hardly be blamed for feeling like they’re one misfortune away from joining the ranks of Don’t…
DDoS Knocks Out Several Websites Cyber attacks targeting the internet infrastructure provider Dyn disrupted service on major sites such as Twitter and Spotify on Friday, mainly affecting users on the U.S. East Coast. It was not immediately clear who was responsible. Officials told Reuters that the U.S. Department of Homeland Security and the Federal Bureau…
High Cost of DDoS Attacks Distributed Denial of Service (DDoS) attacks involve the use of multiple compromised systems, often infected with a Trojan, to target a single system. The array of compromised systems flood the resources or bandwidth of their victims, typically one or more web servers, in an attempt to make an online service…
IoT Device Failures I have, over the past three years, posted a number of Internet of Things (and the broader NIST-defined Cyber Physical Systems) conversations and topics. I have talked about drones, wearables and many other aspects of the Internet of Things. One of the integration problems has been the number of protocols the various…
Why Businesses Need Hybrid Solutions Running a cloud server is no longer the novel trend it once was. Now, the cloud is a necessary data tier that allows employees to access vital company data and maintain productivity from anywhere in the world. But it isn’t a perfect system — security and performance issues can quickly…
The True Meaning of Availability What is real availability? In our line of work, cloud service providers approach availability from the inside out. And in many cases, some never make it past their own front door given how challenging it is to keep the lights on at home let alone factors that are out of…
Data Center Protection In April 2015, one of the world’s biggest jewelry heists occurred at the Hatton Garden Safe Deposit Company in London. Posing as workmen, the criminals entered the building through a lift shaft and cut through a 50cm-thick concrete wall with an industrial power drill. Once inside, the criminals had free and unlimited…
Cloud Email Migration In today’s litigious society, preserving your company’s data is a must if you (and your legal team) want to avoid hefty fines for data spoliation. But what about when you move to the cloud? Of course, you’ve probably thought of this already. You’ll have a migration strategy in place and you’ll carefully…
Cloud-Based or On-Premise ERP Deployment? You know how enterprise resource management (ERP) can improve processes within your supply chain, and the things to keep in mind when implementing an ERP system. But do you know if cloud-based or on-premise ERP deployment is better for your company or industry? While cloud computing is becoming more and…
There is a Difference – So Stop Comparing We are all familiar with the old saying “That’s like comparing apples to oranges” and though we learned this lesson during our early years we somehow seem to discount this idiom when discussing the Cloud. Specifically, IT buyers often feel justified when comparing the cost of a…
Infrastructure-as-a-Service Security It’s no secret many organizations rely on popular cloud providers like Amazon and Microsoft for access to computing infrastructure. The many perks of cloud services, such as the ability to quickly scale resources without the upfront cost of buying physical servers, have helped build a multibillion-dollar cloud industry that continues to grow each…
Cloud Native Trends Once upon a time, only a select few companies like Google and Salesforce possessed the knowledge and expertise to operate efficient cloud infrastructure and applications. Organizations patronizing those companies benefitted with apps that offered new benefits in flexibility, scalability and cost effectiveness. These days, the sharp division between cloud and on-premises infrastructure…