Category Archives: Security

Online File Sharing And The Importance Of Security

Online File Sharing And The Importance Of Security

Online File Sharing

Do you have confidential business files stored on your work computer? Maybe it’s a spreadsheet for a report that must be delivered to management tomorrow. If you don’t work on it from home, you’ll be at the office all night. As a trusted member of your company, you are authorized to view this type of data. The question is once you put the data on your laptop and take it home, how secure is it?

Computer-Virus-Statistics

Lost and Stolen Equipment

The Ponemon Institute conducted a survey of 329 organizations that had 86,000 laptops lost or stolen over a one-year period. While physically replacing a laptop is certainly expensive, Ponemon explained that the value of the lost hardware represented only a small portion of the estimated cost. Much more expensive was the value of intellectual property on these laptops and the fees associated with data breaches and statutory notification requirements. The average cost to replace the data on the laptop was $49,246.

Spyware

After working in the IT industry for a number of years, I’ve heard many examples of spyware. Many times, this is a result of, “I let my child use my laptop for a little while, and now it’s infected.

This problem frequently occurs when someone borrows your laptop and accidentally goes to a compromised site that is infected with spyware or maybe a virus. As a result, the laptop can become unstable and has to be rebuilt. According to BrandonGaille.com, 53% of all computer users have had some kind of experience with malware infection. Important files should not become a victim of this catastrophe.

Is Encryption The Answer?

Some businesses see encryption as a way to store confidential business data and protect files. This secures data so that only individuals with the proper software and decryption key can access the information. While this may sound like a great solution, encryption can be difficult to work with in a collaborative professional environment.

Proper decryption tools must be installed on computers in order to decrypt and access the data. Additionally, it becomes very difficult to share files externally as even after the encrypted data has been transmitted; the remote company must have the appropriate decryption tools in order to access the file. This can take time and ultimately slow down your file sharing process.

Online File Sharing – Secure & Accessible Data

Online file sharing is a great option for protecting cloud-based files. Since files can only be accessed with a secure login, approved users are the only ones that can access them. Since the files are stored in the cloud, any viruses that affect your hard drive do not affect your securely stored files.

Online file sharing can provide secure data that is independent of hardware failures, loss, spyware, or other mishaps that can happen to business users on a daily basis. Online file sharing can allow your company to easily share your data between employees while providing the security you need to protect your company’s most important asset; it’s data.

By Charles Mount / CEO of Onehub.com

(Infographic Source: BrandonGaille.com)

Coke’s Internal Data Breach – Lessons Learned

Coke’s Internal Data Breach – Lessons Learned

Coke’s Internal Data Breach

Last Friday, Coke announced that sensitive information belonging to roughly 70,000 current and former North American employees was compromised because the data hadn’t been encrypted on company laptops (despite their company encryption policy.)1 The data breach occurred after a former worker stole several company laptops that locally stored employee information, such as social security and driver’s license numbers.

We’ve heard a lot about security breaches lately (Target and Neiman Marcus come to mind), but cases like Coke’s – a major breach of workers’ personal information – happen more than we realize. How can large and small companies alike learn from Coke’s recent internal breach? And what steps can we take to avoid ever experiencing an internal security breach ourselves?

The answer lies in the cloud. Simply put, cloud-stored data offers a highly secure alternative to locally-stored data. When sensitive information is no longer stored on devices that are regularly available to employees and the occasional passersby, the chances of that data being compromised drastically decreases. Cloud-stored data, generally speaking, can be accessed via remote devices over encrypted connections and do not require downloading to a local device. Local devices can enable data encryption, of course, and that certainly lowers theft and data breach risks, but by avoiding housing data locally altogether, consistent and thorough security can truly be maintained.

Another example of the perils of locally-stored data comes to mind right about now. One of the largest settlements for violating the Health Insurance Portability and Accountability Act (HIPAA) occurred when an Alaska Department of Health and Social Services employee left a portable hard drive containing the personal health information of thousands of patients in their car. It wasn’t long before the employee realized that the hard drive had been stolen. This security breach cost DHSS $1.7 million, and could have been entirely avoided if DHSS had stored its sensitive data off-premise and in the cloud.

Internal Security Measures

It may feel counterintuitive to move sensitive data farther away from you, in an effort to increase your internal security measures. But the fact is cloud hosting providers have extensive experience developing powerful safeguards and monitoring systems such as firewalls, intrusion protection systems, file integrity monitoring systems, encryption algorithms and virtual private networks. Given their decades of experience in managing large datacenters, cloud providers are well accustomed to properly disposing hard drives and backup devices. (In fact, secure data deconstruction has long been a crucial and appealing feature of cloud service providers.) Vulnerability scans serve as another crucial security asset offered by cloud providers, and allow organizations to detect disabled firewalls or any other potential security holes.

From vulnerability scans, to proper data destruction, to a central and secure ‘home’ for sensitive, internal data, cloud providers truly offer the utmost in security and can serve as trusted advisors for mitigating internal data breaches. Rather than joining the growing list of organizations, like Coke, who’ve had to overcome internal security breaches, lets all look to the cloud to maintain consistent and thorough security, both inside and out.

By Scott Walters, Director of Security at INetU

ScottWalters

Scott is the Director of Security for hybrid-cloud hosting provider INetU and has been instrumental in shaping the Company’s client services department, which provides customer onboarding and lifecycle support. Under his tenure as director of client services, Walters expanded the department to meet customer needs as the company introduced new cloud products, enhanced service levels for enterprise customers and most recently released the robust INetU Security Suite.

Cloud Infographic: Personal Data Security

Cloud Infographic: Personal Data Security

Recently, Dashlane released a report that analyzed the password policies of the top 100 e-commerce sites.

The results of this report are staggering. They demonstrate that the majority of the top e-commerce sites fail to comply with the recommended password security principles. In their infographic titled “The Illusion of Personal Data Security in E-commerce”, they provide groundbreaking information to support their stance.

The main findings of their report state that 55% of the top 100 e-commerce sites still accept weak passwords such as “123456” and “password”. Furthermore, 93% of the sites do not offer on-screen password assessments that would tell users the real-time strength level of their passwords. Half of the companies do not block entry after the users provide 10 consecutive incorrect login attempts. As a result, this opens the way for automated password cracking. Lastly, the report states that only 38% of the top e-commerce sites require passwords with at least 1 letter and 1 number.

To summarize the findings of the report, 64% of the top e-commerce sites have highly questionable passwords policies.

personal-data-infographic

Infographic Source: Dashline

Angry Birds And The NSA

Angry Birds And The NSA

The National Security Agency and British Government Communications Headquarters have been working together since 2007 to plant surveillance into mobile phone users’ applications, allowing them to store location information, alongside a slew of other private information users put into applications.  NSA-AngryBirds

Popular app Angry Birds was targeted, alongside more common information hotspots like Facebook, LinkedIn and Twitter. The NSA was able to find out political alignment and sexual orientation, amongst other personal details on app users.

Google Maps was a prime target for the British organisation helping the NSA, being able to track users location to a few yards. The spy agencies are able to download all users data and store it onto their databases, where new information would crop up and show location, age, sex, marital status and even household income.

Using the term “leaky-apps”, the NSA and other spy agencies were capable of exploiting weaknesses on the different mobile platforms, allowing them to check in on apps without strong security. Once the app had been compromised, the spy agencies relentlessly downloaded and monitored users information.

In the leaked reports, provided by Edward Snowden, the agency does detail some success thanks to the mobile surveillance. Teams were able to capture several members of a drug cartel hit squad in Mexico and arrest them for the murder of an American Consulate in Mexico.

This one helpful act and a few others don’t really make up for the immense amount of data procured on every app user. President Obama has forced restrictions on NSA spying activity, but for mobile apps like this there is currently on restrictions and shows even more hidden details we still do not know about the NSA.

Mobile phones are more of a problem, on computers users normally do not reveal location and are not mobile, but phones provide a bit of both for spy agencies. While the location tracking may be positive for hunting criminals, both spy agencies cannot consider the vast amount of data collection worth the small rewards in Mexico.

By Walter Bailey

(Image Source: Shutterstock)

21st Century Cybercrime – The Evolution Of Protecting Your Data

“21st Century Cybercrime – The Evolution of Protecting Your Data”

cloud-security-infographic

The relentless development of technology has facilitated an increase in cybercrime, affecting individuals and businesses in different ways and to differing degrees. Since the advent of the internet the protection of data has been of paramount importance, however, the development of various technologies has made the protection of data more and more difficult to ensure. In the UK alone, cybercrime was found to cost organisations on average £2.1million per year with an average of 41 cyber-attacks per week.

Back when the internet age was still young, cybercrime was hacker led, largely committed by individuals hoping to prove the existence of glitches in operating system. An example of such was Moonlight Maze when hackers targeted military information held by the Pentagon. Proving the glitch was an end in itself.

As technology has advanced, however, cybercrime has become the domain of organised gangs seeking financial gain from their crimes. The cybercrime network is today a legitimate and sophisticated business with technical innovators at the top.

Information Theft

Information theft is increasingly common, with gangs infiltrating computer systems in order to extract the personal data of users. One headline grabbing infiltration occurred in 2011 when marketing giant Epsilon had their email lists hacked; those lists comprised customers of large firms such as Citibank and JP Morgan. The criminals used these email addresses for phishing.

The development of third party cloud storage technology has assisted cyber criminals as large batches of data are now so often stored within one cloud. It is essential that companies separate out their data across multiple storage options. Experts have indeed highlighted that cloud data is especially prone to crime due to a lack of security measures. For personal cloud storage it is essential to protect your data by using two-step verification if it is available.

Smart Phones

The continued technological advancement of smart phones also poses an opportunity for cyber criminals. Criminals employ those techniques used on PCs alongside new smart phone specific approaches. In particular, social networking apps which hold a wealth of personal information which are often exploited by cyber criminals. The best protection against this both on smart phones and computers is to remove all personal details from your account and lock down your security settings. Worryingly, anyone can develop and retail an app, even criminals. Some users may ‘root’ or ‘jailbreak’ their smart phones. This is the ability to tamper with a phone’s operating system.

A recent study found that the industry most susceptible to cybercrime is the travel industry. This is largely down to a change in consumer behaviour, with more and more people booking their travel online. Social attitudes today mean that people are far more willing to input bank details online and do not recognise that their details are data easily accessible by criminals. There are simple ways in which consumers can protect themselves such as researching the holiday company to ensure it is reputable and pay for holidays using a credit card.

By Akash Valand

Cloud Computing Round-Up Week 19th-26th Of Jan, 2014

Cloud Computing Round-Up Week 19th-26th Of Jan, 2014

Cloud Computing Round-Up Week 19th-26th of Jan, 2014

data-storage

Here’s a round-up of the 3 top cloud stories making the headlines this week.

Microsoft To Store Foreign Users’ Data Overseas – As the NSA gets grabby with users’ data, when those users happen to be using US based computing services, Microsoft have made a controversial move to begin storing their data overseas, keeping their information out of the reach of the long arm of the American law. Brad Smith, Microsoft’s general counsel, has told the Financial Times that “People should have the ability … to make an informed choice of where their data resides.” The decision, does not, however, keep American users’ data safe, as their information will still lawfully be within the NSA’s jurisdiction and some users may still choose to move their info away from the Redwood, Calif. computer company.

(Image Source: Shutterstock)

Verizon Reveal Figures of NSA’s Data Requests – Thanks to Edward Snowden’s now infamous work to shed light on the NSA’s data dealings, we now know that more than a handful of companies have been subject to data trading with the American group, as a result of the NSA’s counter-terrorism operations. However, despite being required to in many cases, the reputations of many of these companies has taken a hit, with Verizon being one of them. As a result, they’ve revealed that they have received over 300,000 requests (approximately) to aid US law enforcement, including subpoenas, warrants and even NSLs (National Security Letters) from the FBI. While some have said that there needs to be more transparency, it is also important to note that some information (specifically Foreign Intelligence Surveillance Act orders, or FISAs) is required to be kept from the public by Verizon due to the law.

Yahoo Search Gets Automatic Encryption – Also in a move to save face with the tech-using public, Yahoo have now chosen to encrypt the searches that their users conduct via their popular Yahoo search engine. The move by Yahoo comes after it was revealed that there are more than a few ways that hackers can and have made their way into Yahoo’s servers, even leading the company to offer monetary rewards to users who could identify flaws and issues in their security in an effort to discover security problems that Yahoo themselves may have missed. It has also been suggested that this is another way to keep the NSA out of their users’ data. However, the search encryption does not seem to be available in the UK or Japan just yet, with only US users’ searches being encrypted.

By Jennifer Livingstone

Cloud Infographic: Going To The Cloud

Cloud Infographic: Going To The Cloud

Cloud Infographic: Going To The Cloud

Over the past few years, we’ve covered the importance of cloud computing in the classroom and its defining nature as something to adopt and accept moving forward. Some of our coverage has been flippant while other discussions have been more serious in nature. Nevertheless we can all agree that cloud based education will be universal and the accepted method of teachings by many in the next little while. Massive cloud based classrooms will exist, and it will be just a matter of time before older generations start sharing stories of the good old days when classrooms were built with chalkboards and desks. In the meantime, cloud based educational services will be a hot topic for many years to come…

Attached is an excellent infographic provided courtesy of onlinecolleges.net .

education-cloud-infographic

Infographic Source: onlinecolleges.net

Why Reliability Is The Buzz Word For Cloud In 2014

Why Reliability Is The Buzz Word For Cloud In 2014

Why Reliability Is The Buzz Word For Cloud In 2014

Any discussion of cloud adoption primarily boils down to two important concerns – data security and cloud reliability. A study conducted by Tata Consultancy Services sometime back revealed some interesting insights – while customers in Europe and Asia-Pacific saw data security as the most important parameter while picking a cloud vendor, their counterparts in the US and Latin America wanted reliability more than security. It is very likely that this scenario may have changed quite drastically over the past year after the NSA revelations.

While concerns about data security have definitely made businesses jittery about migrating to the cloud, it is reliability where the concerns just wouldn’t go away. With respect to security, it is relatively easier for a cloud vendor to showcase their infrastructural capabilities – has your provider deployed the necessary standards to make data hack-proof and tamper-proof? Are proper firewalls and intrusion detection mechanisms in place? If the answer to these questions is a ‘yes’, then you could be rest assured that your data is safe and secure in the servers of your cloud provider.

cloud-up

The same however cannot be said of reliability. Can your vendor promise a 100% or even 99.5% uptime guarantee for the next year? Are you absolutely sure your services would not go down tomorrow? Contracts often tie downtimes with financial compensation. So while you may get monetary credits for unforeseen downtimes, none of this will ensure your customers shall be able to access your service with 100% reliability. Cloud technology will continue to face questions till these concerns are put to rest.

This is exactly why I believe 2014 could be the year of cloud reliability. We are already seeing signs for this happening. Late last year, IBM unveiled the wraps on their ‘cloud of clouds’ toolkit based service called InterCloud Storage that could go a long way in ensuring service reliability. Put simply, InterCloud Storage makes it possible for customers to store their data in a multi-vendor setup so that their data can be made available from an alternate server even if their primary vendor is facing a downtime. In essence, IBM’s patent pending technology makes the vendor’s performance-guarantee independent of their server availability. With this, a 100% uptime assurance could actually be a reality!

Another interesting process is being built by Microsoft. A recent patent application from the company has revealed their work on a new performance-based pricing system for cloud. Today, customers pay for cloud services without any assurance of how reliable the network could be. Consequently, customers pay the same price for an hour of service regardless of how much downtime their services could face in that period. Microsoft’s technology makes it possible for vendors to charge customers based on performance metrics like uptime, I/O rate, etc. instead of merely paying for the duration of consumption.

The technologies announced by IBM and Microsoft could go a long way in securing the future of the cloud. Cloud is already seeing terrific growth rates in industries that have traditionally served on-premise solutions. According to Mary Ellen Power, the Vice President of Marketing at Silanis; a company that offers electronic signature technology to the US Army among other organizations, the cloud based solutions in their sector are seeing a 50% annual growth rate of late.

For such businesses that serve solutions to customers in regulated industries (banking, insurance, military, etc.), reliability and security are of utmost importance. Technologies like InterCloud and performance based pricing would ensure the reliability of their solutions. In turn, this is likely to help in furthering the proliferation of cloud through the next few years. What are your thoughts?

By Anand Srinivasan,

Anand is a writer and technology consultant based out of Bangalore, India. He may be reached at anand.srinivasan@gorumors.com

CloudTweaks Comics
Big Data – Top Critical Technology Trend For The Next Five Years

Big Data – Top Critical Technology Trend For The Next Five Years

Big Data Future Today’s organizations should become more collaborative, virtual, adaptive, and agile in order to be successful in complex business world. They should be able to respond to changes and market needs. Many organizations found that the valuable data they possess and how they use it can make them different than others. In fact,…

Cloud Infographic: The Explosive Growth Of The Cloud

Cloud Infographic: The Explosive Growth Of The Cloud

The Explosive Growth Of The Cloud We’ve been covering cloud computing extensively over the past number of years on CloudTweaks and have truly enjoyed watching the adoption and growth of it. Many novices are still trying to wrap their mind around what the cloud it is and what it does, while others such as thought…

The Cloud Above Our Home

The Cloud Above Our Home

Our Home – Moving All Things Into The Cloud The promise of a smart home had excited the imagination of the movie makers long ago. If you have seen any TV shows in the nineties or before, the interpretation presented itself to us as a computerized personal assistant or a robot housekeeper. It was smart,…

A New CCTV Nightmare: Botnets And DDoS attacks

A New CCTV Nightmare: Botnets And DDoS attacks

Botnets and DDoS Attacks There’s just so much that seems as though it could go wrong with closed-circuit television cameras, a.k.a. video surveillance. With an ever-increasing number of digital eyes on the average person at all times, people can hardly be blamed for feeling like they’re one misfortune away from joining the ranks of Don’t…

5 Reasons Why Your Startup Will Grow Faster In The Cloud

5 Reasons Why Your Startup Will Grow Faster In The Cloud

Cloud Startup Fast-tracking Start-ups face many challenges, the biggest of which is usually managing growth. A start-up that does not grow is at constant risk of failure, whereas a new business that grows faster than expected may be hindered by operational constraints, such as a lack of staff, workspace and networks. It is an unfortunate…

5 Ways The Internet of Things Will Drive Cloud Growth

5 Ways The Internet of Things Will Drive Cloud Growth

5 Ways The Internet of Things Will Drive Cloud Growth The Internet of Things is the latest term to describe the interconnectivity of all our devices and home appliances. The goal of the internet of things is to create universal applications that are connected to all of the lights, TVs, door locks, air conditioning, and…

Cloud Infographic – The Future (IoT)

Cloud Infographic – The Future (IoT)

The Future (IoT) By the year 2020, it is being predicted that 40 to 80 billion connected devices will be in use. The Internet of Things or IoT will transform your business and home in many truly unbelievable ways. The types of products and services that we can expect to see in the next decade…

Surprising Facts and Stats About The Big Data Industry

Surprising Facts and Stats About The Big Data Industry

Facts and Stats About The Big Data Industry If you start talking about big data to someone who is not in the industry, they immediately conjure up images of giant warehouses full of servers, staff poring over page after page of numbers and statistics, and some big brother-esque official sat in a huge government building…

Disaster Recovery And The Cloud

Disaster Recovery And The Cloud

Disaster Recovery And The Cloud One of the least considered benefits of cloud computing in the average small or mid-sized business manager’s mind is the aspect of disaster recovery. Part of the reason for this is that so few small and mid-size businesses have ever contemplated the impact of a major disaster on their IT…

What the Dyn DDoS Attacks Taught Us About Cloud-Only EFSS

What the Dyn DDoS Attacks Taught Us About Cloud-Only EFSS

DDoS Attacks October 21st, 2016 went into the annals of Internet history for the large scale Distributed Denial of Service (DDoS) attacks that made popular Internet properties like Twitter, SoundCloud, Spotify and Box inaccessible to many users in the US. The DDoS attack happened in three waves targeting DNS service provider Dyn, resulting in a total of about…

Connecting With Customers In The Cloud

Connecting With Customers In The Cloud

Customers in the Cloud Global enterprises in every industry are increasingly turning to cloud-based innovators like Salesforce, ServiceNow, WorkDay and Aria, to handle critical systems like billing, IT services, HCM and CRM. One need look no further than Salesforce’s and Amazon’s most recent earnings report, to see this indeed is not a passing fad, but…

Moving Your Email To The Cloud? Beware Of Unintentional Data Spoliation!

Moving Your Email To The Cloud? Beware Of Unintentional Data Spoliation!

Cloud Email Migration In today’s litigious society, preserving your company’s data is a must if you (and your legal team) want to avoid hefty fines for data spoliation. But what about when you move to the cloud? Of course, you’ve probably thought of this already. You’ll have a migration strategy in place and you’ll carefully…

How Formal Verification Can Thwart Change-Induced Network Outages and Breaches

How Formal Verification Can Thwart Change-Induced Network Outages and Breaches

How Formal Verification Can Thwart  Breaches Formal verification is not a new concept. In a nutshell, the process uses sophisticated math to prove or disprove whether a system achieves its desired functional specifications. It is employed by organizations that build products that absolutely cannot fail. One of the reasons NASA rovers are still roaming Mars…

Data Breaches: Incident Response Planning – Part 1

Data Breaches: Incident Response Planning – Part 1

Incident Response Planning – Part 1 The topic of cybersecurity has become part of the boardroom agendas in the last couple of years, and not surprisingly — these days, it’s almost impossible to read news headlines without noticing yet another story about a data breach. As cybersecurity shifts from being a strictly IT issue to…

The Future Of Cloud Storage And Sharing…

The Future Of Cloud Storage And Sharing…

Box.net, Amazon Cloud Drive The online (or cloud) storage business has always been a really interesting industry. When we started Box in 2005, it was a somewhat untouchable category of technology, perceived to be a commodity service with low margins and little consumer willingness to pay. All three of these factors remain today, but with…

The Rise Of BI Data And How To Use It Effectively

The Rise Of BI Data And How To Use It Effectively

The Rise of BI Data Every few years, a new concept or technological development is introduced that drastically improves the business world as a whole. In 1983, the first commercially handheld mobile phone debuted and provided workers with an unprecedented amount of availability, leading to more productivity and profits. More recently, the Cloud has taken…

Three Challenges of Network Deployment in Hyperconverged Infrastructure for Private Cloud

Three Challenges of Network Deployment in Hyperconverged Infrastructure for Private Cloud

Hyperconverged Infrastructure In this article, we’ll explore three challenges that are associated with network deployment in a hyperconverged private cloud environment, and then we’ll consider several methods to overcome those challenges. The Main Challenge: Bring Your Own (Physical) Network Some of the main challenges of deploying a hyperconverged infrastructure software solution in a data center are the diverse physical…