Category Archives: Security

Aussie, Eurozone Cloud Computing Industries Grow Gloomy On The US Patriot Act

Aussie, Eurozone Cloud Computing Industries Grow Gloomy On The US Patriot Act

The European Union has resuscitated the more than a decade-old contention about data independence after giving an exposé of the US Patriot Act of 2001, which bequeaths the Federal administration, on the other side of the Atlantic, the power to seize data in any continent for surveillance reasons.

The same rigmarole surrounding a legislation that is now a dozen years old has also visited upon the Australian scene, where CIOs are circumspect on whether to go ahead and store data offshore, where the United States’ forensic agencies have a right to penetrate the firewalls as long as they are under US companies, despite being in overseas’ jurisdictions.

This has forced tech giants like Google and Rackspace to come out strongly, vowing that they would resist the prerogative of the government to use a warrant, or even, in some cases, as the Patriot Act stipulates, seize information devoid of a warranty, as this would lead to the gagging of the Infrastructure as a Service (IaaS) dispensation.

One of the key elements of the legislation is the Foreign Intelligence Surveillance, an Act that received revision by Congress (2008), whose mandate the current US administration extended for the ensuing period of half-a-decade, starting 2012. It is this clause that the Eurozone has much bone to chew on for it provides for searches without warrant on cloud data as well as in other communication conduits, not just the Internet.

The European IT community feels that this provision is more like a weapon of mass destruction spot on the EU laws, which have much of a right to claim as being some of the freest legislations on the globe, factoring in user privacy. Indeed, the whole point of concern is the Foreign Intelligence clause’s ability to just monitor the offshore data by US firms or even data under storage in the United States by a non-citizen, for “purely political” reasons. The current legislation is a limb of several others that came up intermittently two to three decades ago but consummated into a single powerful automation of a law or what is now the Patriot Act, subsequent to the terrorist attacks in 2001.

On the Other side of the Smoke

Despite this much concern about the cloud laws, analysts are saying that the Patriot Act may eventually prove to be too much ado about nothing in cloud computing terms, because of two points:

First, the laws have always been there and have required, time and again, a federal judge to provide a subpoena for the investigation of another entity’s sovereign data, with the exception of cases where the issue is too sensitive for the government to necessarily seek a legal permit. Furthermore, there have to be precedents in certain cases before anyone can arbitrarily rummage through someone else’s data, albeit this is rather vague for the government can use the same advantage of a precedent to analyze an offshore account without going through a judge.

Secondly, the Patriot Act is not the only legislation around. In Australia, United Kingdom, Germany, Denmark and other nations that protest the move, there are provisions for the respective regimes to perpetuate this ‘reign of terror’ on cloud accounts abroad that are of national concern.

In the Land Down Under for instance, the government can search a national’s documents abroad but under a shady alias so that this won’t become public. The fact of the matter still remains that there always have to be a permit to conduct any surveillance on outsource and cloud data in Australia.

The implications of this compendium of laws which are all obscure but for the Patriot Act, one would say, has led many IT firms to decide to just go on with their business of life while EU, Google and co., check their pawns for their next moves on the chess table.

By John Omwamba

Gravity Of Real-Time Security Issue In Today’s Cloud Environment

Gravity of Real-Time Security Issue in Today’s Cloud Environment

The security has always been the core issue of the information technology since the advent of the concept of e-commerce and electronic transactions. There are the hundreds of thousands of security related threats that our networks encounter daily. If we analyzed the so-called big data, we would be astonished that billions of security events take place in our network elements daily. In fact, there are more than one billion events recorded just in a single Firewall network element.

Is existing network security capable of dealing with the information in real time? This is a crucial question that needs to be studied seriously to assess the power of our security mechanisms in both isolated and cloud based networks. The security concerns in cloud services have been one of the major issues since cloud services were invented. Even though our existing network security tools are well capable of handling the known issues till today, they are not as efficient to process, evaluate, and show the real time gravity of the events that are taking place in the background of the network.

Both the research on big data and the root cause analysis of the event related to the security in cloud services have shown that the average time for more than 85 percent of the hackers to damage or steal the data on your network is less than half an hour. This time is very short in terms of the analysis and finding of the results from the events that are happening in the background. This means our present analytic tools are not capable of handling these security issues so quickly.

Several companies are working to handle the intensity of the security problem in cloud networks in real time. Real-time security analytics and other such tools developed by different companies are proving to be effective weapons against these kind of serious and real-time security issues of the networks.

As we know, the cloud services like SaaS, IaaS, PaaS, and other models have almost put every type of data into the cloud. This means the issues pertaining to security and integrity of valuable data in the cloud are increasing at a very quick pace. And every time, the hackers are using the latest and most innovative methods for their malicious activities in the Internet cloud.

Thus, the gravity of the security issues in real time remains very high in the modern cloud environment of business, at least for now.

By Walter Bailey

Key Differences Between Server And Desktop Online Storage

Key Differences Between Server and Desktop Online Storage

Many people are saying that 2013 will be the “break-out”  year for cloud storage. A number of factors are pushing online data storage offerings – including file sharing, backup, archiving and more – beyond the consumer and small business market and into big business datacenters.

Below, I’d like to highlight some of the key differences which set server and desktop/laptop online backup and storage services apart, in hopes that this might give you some insight into how the space has developed and evolved over the years.

Desktop Online Backup

In the past, most work was done inside of the office, on company-owned PCs. But in recent years, there has been a dramatic shift where employees are permitted or even encouraged to perform work remotely. The new “digital natives” generation has also entered the workforce with new ways of working, and companies must be flexible in offering collaboration tools in order to attract, retain and maximize the productivity of top talent.

Online backup in both private and public cloud flavors –  helps solve the governance problems associated with having many remote workers. Online backup allows all of the critical business documents which are created outside of the office to be protected and monitored through a centralized system. Gone are the days when employees would wait until they came into the office before transferring their files to the mapped network drive. Proper governance demands that this process be automated and tightly controlled. If someone gets their laptop stolen, at least you’ll still retain your corporate knowledge assets.

Online file sharing is also important for eliminating many of the logistical headaches which came from forwarding email attachments back and forth. Now, everyone knows which document revisions are up-to-date, and mailboxes no longer get filled with duplicate copies of redundant files. Another advantage of online file sharing is that very large files or documents can be shared in a way that would’ve been impractical with email attachments.

Whether you like it or not, employees are going to use online file sharing services. Companies need to be proactive in providing these tools to employees in order to prevent corporate data from ending up on undocumented or improvised file sharing accounts which are outside of the IT department’s control. These kinds of arrangements can raise issues for compliance, security and privacy.

Server Online Backup

In the datacenter, data protection priorities are somewhat different. Servers never leave the office, and their administration is tightly controlled. Here is where the largest and most sensitive data stores reside.

However, manual tape-based backup processes are vulnerable to procedural mistakes and media failure. In the age of rapid data growth, automation is absolutely essential for eliminating risk and reducing backup costs.

Globalization has also caused a shift in the way datacenters are managed. Previously, offices operated on a 9-5 schedule. It was perfectly acceptable to take servers offline at 7 in order to perform a few hours of backup and standard maintenance. But today, the business world runs around the clock. Long backup windows are out of the question.

Additionally, this 24-hour schedule has greatly reduced the tolerance for unplanned downtime amongst companies. A 5 hour window to rebuild a critical server is highly undesirable.

Modern server online backup solutions tend to be more focused on reduction of backup recovery times. This is accomplished through several different means. Sometimes, you may have the option of hosting an appliance for fast on-site recoveries, and other options can even replicate your servers to a public cloud datacenter for on-demand emergency failover capacity.

Another category of server online backup may be more similar to their desktop counterparts, but with server-specific features. For example, you may require special recovery options for email accounts or database tables. Also, the use of hypervisors and virtual machines are creating new backup challenges which server online backup services are particularly well-suited to address.

Finally, cloud storage is perfect for tackling tough compliance challenges. Performing electronic discovery on format-neutral cloud storage is much more convenient than manually sorting through archival storage devices… and the on-demand computing capacity offered by the cloud also makes these discovery searches much more cost-effective.

As you can see, server and desktop online backup options have evolved a lot over the years… and both have grown to become distinct and suited to their own specialized sets of challenges.

By Paul Rudo,

Paul Rudo is the editor at Enterprise Features, a leading IT blog covering many aspects of cloud computing, big data and emerging technology.

2013 – The Year Of The Hybrid Cloud

2013 – The Year Of The Hybrid Cloud

The gurus of the Cloud Management industry are betting that 2013 will prove to be the year of Hybrid Cloud Computing. Cloud Management as a concept and a service has truly blossomed. Moreover, it is expected to keep on growing at the same rate. Cloud Computing, as an industry, is expected to achieve a revenue of $43.2 billion in 2016. The best example of the success of Cloud Management is Amazon Web Services whose revenue is expected to rise to $3.8billion this year.

The Dawn Of An Era

A hybrid cloud seeks to link the company owned datacenter with the third-party cloud infrastructure resulting in a hybrid model. This model results in benefits that are the best of both worlds, a totally flexible and scalable cloud with a secure datacenter owned by the company.

The popularity of hybrid clouds can be gauged by the fact that ‘Red Hat’, that deals with open-source programs, has developed a solution, especially, for the hybrid cloud market so that companies can easily establish hybrid cloud, analyze the entire model, pinpoint areas that need improvement, and operate on an optimal level.

A Successful Hybrid Cloud Model

Zyrion, a firm providing cloud integration and management software has been riding the tidal wave of success of Hybrid Cloud Computing for the past year and expects this boom to continue, and even increase, in 2013. This optimism comes from the fact that Zyrion witnessed a growth of 200% in 2012, in it’s business.

Benefits of Hybrid Cloud

The reason for this immense success of hybrid cloud computing is it’s ability to accomplish three core tasks for it’s users. These are:

  1. Providing the ability to alter cloud dynamics, quickly
  2. Ensuring complete security of the datacenter
  3. Easy management of the cloud, including performance monitoring

A hybrid cloud helps the technical team to develop and apply the required software and applications quickly, alter the cloud requirements as and when required, and manage the datacenter to optimize the entire dataflow and save a massive amount of money.


Hybrid Cloud Computing is just starting to make headway in the IT industry, but already it is raking up impressive reviews and helping firms gain increased control and save money. SMEs have rapidly accepted this technology. Now, it is up to the big enterprises to adopt this model.
By Pere Hospital,

Pere Hospital (CISSP & OSCP) is the CTO and co-founder at Cloudways Ltd. He has over two decades of experience in IT Security, Risk Analysis and Virtualization Technologies. You can follow Pere on Twitter at @phospital or learn more about Cloudways at

Why Haven’t Many Enterprises Deployed Hybrid Clouds Aggressively?

Why Haven’t Many Enterprises Deployed Hybrid Clouds Aggressively?

Cloud computing is progressing very rapidly all around the world, especially in the developed countries – private cloud, public cloud, and hybrid clouds are the major domains of cloud structures presently in commercial use. The public cloud and the private clouds have their own pros and cons in terms of their application in the field of information technology. The hybrid cloud solution has been developed out of these two technologies to provide the most desirable technical and business results.

There are many companies that still stick to either on-site data centers or to private clouds in spite of the fact that the hybrid cloud has developed a lot. The solutions based on hybrid cloud format have attained many great features and capabilities for the development of this platform – high level of scalability in a short period, demands of resources for application development and quality assurance procedures, high level network and data security, easy and procedural migration, disaster recovery, and the capabilities of handling the ever increasing data storage demands.

In spite of above mentioned features and capabilities, why the enterprises have not gone aggressively to deploy such an exciting platform in their IT networks is a typical question. There are three basic typical challenges in the hybrid cloud platform that are delaying the enterprises to go all out in this domain of technology:

  • Complexity in operation and migration
  • Inconsistency between public and private formats
  • Restricted visibility and management

The above mentioned issues are really the big ones to tackle before attracting the enterprises to this appealing platform. There are many IT vendors that have recently developed very suitable solutions to these challenges, and many others are trying hard to get the most suitable solutions so that the enterprises can be helped out to migrate to cloud computing.

The hybrid cloud platform brings enterprise users several important benefits – rapid provisioning of resources, simplified network operations, and accelerated time to market, just to name a few. At present, there are some big enterprises and applications that have already migrated to this amazing platform taking advantage of certain highly competitive service level agreements (or SLAs) in the marketplace.

By Walter Bailey

Whitepaper: Big Security For Big Data

Whitepaper: Big Security For Big Data

Whitepaper: Big Security For Big Data

We are children of the information generation. No longer tied to large mainframe computers, we now access information via applications, mobile devices, and laptops to make decisions based on real-time data. It is because information is so pervasive that businesses want to capture this data and analyze it for intelligence.


Data explosion

The multitude of devices, users, and generated traffic all combine to create a proliferation of data that is being created with incredible volume, velocity, and variety. As a result, organizations need a way to protect, utilize, and gain real-time insight from “big data.”

This intelligence is not only valuable to businesses and consumers, but also to hackers. Robust information marketplaces have arisen for hackers to sell credit card information, account usernames, passwords, national secrets (WikiLeaks), as well as intellectual property. How does anyone keep secrets anymore? How does anyone keep secrets protected from hackers?

In the past when the network infrastructure was straightforward and perimeters used to exist, controlling access to data was much simpler. If your secrets rested within the company network, all you had to do to keep the data safe was to make sure you had a strong firewall in place. However, as data became available through the Internet, mobile devices, and the cloud having a firewall was not enough. Companies tried to solve each security problem in a piecemeal manner, tacking on more security devices like patching a hole in the wall. But, because these products did not interoperate, you could not coordinate a defense against hackers.

In order to meet the current security problems faced by organizations, a new paradigm shift needs to occur. Businesses need the ability to secure data, collect it, and aggregate into an intelligent format, so that real-time alerting and reporting can take place. The first step is to establish complete visibility so that your data and who accesses the data can be monitored. Next, you need to understand the context, so that you can focus on the valued assets, which are critical to your business. Finally, utilize the intelligence gathered so that you can harden your attack surface and stop attacks before the data is exfiltrated. So, how do we get started?


Register To Read The Full Report

Cloud And Mobile Adoption Increases IT Security Risks

Cloud And Mobile Adoption Increases IT Security Risks

Mobile Adoption Increases IT Security Risks

As more businesses transition their mission-critical operations to cloud and mobile-ready applications, the direct consequence is increased security vulnerability.

Last year, more than 30% of all mission-critical business applications were already in the cloud. That number is expected to rise to 50% as early as 2015. And as more business processes continue to expose themselves, the need for more stringent security measures becomes even more apparent.

An obvious solution would be to restrict the inclusion of sensitive data on cloud-driven applications. Unfortunately, as many as 15% of business leaders admit to not knowing how much sensitive data (if any) are on the cloud. In fact, close to half of business leaders aren’t fully up-to-date on their own internal policies on user access privileges.

The heart of this problem could lie in the system itself. Over 30% of IT leaders are unable to properly record user access privileges. And even after employment termination, 50% of employees feel that their employers do not revise user privileges quick enough.

In effect, the speed of cloud and mobile adoption is vastly outpacing the ability to properly secure them. If this concern is left unaddressed, businesses could be facing wide-scale security risks in only a couple of years’ time, if not sooner.

SAI301_Infographic - Market Pulse Survey_V11

Infographic Source: Sailpoint

By Zig Roberts

Putting The Service Back In “as-a-Service”

Putting the Service Back in “as-a-Service”

The future of cloud computing has often been framed as being a debate between private vs. public clouds, with each model having its own strengths and weaknesses in terms of cost-effectiveness, control and security. The debate should instead focus on what each model can borrow from the other to deliver the most efficient, scalable and flexible service possible.

When deploying a private cloud, system administrators should take a page from public clouds by focusing on the overall services their private cloud is providing. When designing and implementing a private cloud, enterprises need to focus on meeting the needs of the line of business. By utilizing a service-oriented approach that ensures the business can easily access and rapidly deploy the services it needs, enterprises can maximize the benefits of their private cloud deployment.

Making a service-oriented philosophy work

A service-oriented approach to a private cloud deployment can be defined as falling somewhere between pure Infrastructure as a Service (IaaS) and Platform as a Service (PaaS). In IaaS, a developer or operations manager has to create and manage every image. For PaaS, you don’t control any of these machines; the cloud takes care of it all. In a service-oriented model, you predefine and have running in the cloud a service like a database or load balancer, so developers don’t have to recreate those every time they want to roll out a new application.

The advantage of this approach is that it simplifies the solution deployment task for IT and for the lines of business that are interacting more closely than ever through the deployment of private clouds. A service oriented approach increases reliability because you’re using standardized services and not maintaining multiple different virtual machines. It potentially lowers cost in the long run because developers spend less time setting up virtual machines and more time defining applications to take advantage of the services you’ve already deployed.

There are no real downsides to adopting a service-oriented approach. What you’re trying to do is provide some of the pre-canned capabilities you get with Platform as a Service while still giving your developers full flexibility to define the applications they want to define. For example, IT and the line of business could agree to maintain a standard PostgreSQL database image, but the line of business may have an exception where an application it really needs requires an Oracle machine. The line of business could deploy its own Oracle database server for this specific application. They have all the flexibility in the world, but they’d be responsible for maintaining that image.

Deploying a service-oriented approach doesn’t lock you into anything. It just allows you to predefine certain capabilities which will make it easier in the long run to deploy and maintain new solutions. There might be additional work for the IT staff to define the interfaces, but if you choose, you can turn to a vendor the delivers preconfigured services in the cloud.

Potential downsides

If you don’t adopt a service-oriented approach, you’re not taking advantage of measures that could improve the agility and responsiveness of the line of business. You’d be running cloud, but you would not be taking full advantage of the private cloud model.

To turn the model into a reality, you need to start by working with the line of business to analyze what services make sense to standardize across the set of services that will run in the cloud. The analysis should focus on the services that are common across all the various solutions you’re bringing to your user base. You identify the services used the most and are most similar to each other, and those that offer no advantage to being customized. IT then takes responsibility for maintaining the frequently used services and publishing APIs to let people know how to get access to them. It’s similar to what Amazon does around its relational database service. IT defines a set of services that ultimately get instantiated as cloud images, but you also define what APIs developers can take advantage of to get access to those solutions.

When does an organization know it has successfully deployed a service-oriented deployment? The short answer is, you know you’re successful when your development groups use pre-defined services instead of creating their own. This is the Amazon model: customers start off using Amazon EC2 to stand up their own application server and database server but migrate over time to using other Amazon services. If you’re taking full advantage of the cloud, it will be easier to use the newly created model, and your customers will switch as well.

The future

In the future, it’ll be easier to gear services to specific business lines because we’ll see more private cloud providers offering these services prepackaged as part of their cloud solutions. You’ll be able to deploy a set of services in your cloud – with a set of APIs and documentation that allows you to take advantage of that. The aim is to take advantage of all the value that private cloud computing has to offer, and adopting a service-oriented approach is the most direct way to accomplish this goal.

By Peter Chadwick

Pete Chadwick is senior cloud solutions manager with SUSE, a provider of interoperable Linux and cloud infrastructure.

CloudTweaks Comics
A New CCTV Nightmare: Botnets And DDoS attacks

A New CCTV Nightmare: Botnets And DDoS attacks

Botnets and DDoS Attacks There’s just so much that seems as though it could go wrong with closed-circuit television cameras, a.k.a. video surveillance. With an ever-increasing number of digital eyes on the average person at all times, people can hardly be blamed for feeling like they’re one misfortune away from joining the ranks of Don’t…

The DDoS That Came Through IoT: A New Era For Cyber Crime

The DDoS That Came Through IoT: A New Era For Cyber Crime

A New Era for Cyber Crime Last September, the website of a well-known security journalist was hit by a massive DDoS attack. The site’s host stated it was the largest attack of that type they had ever seen. Rather than originating at an identifiable location, the attack seemed to come from everywhere, and it seemed…

Update: Timeline of the Massive DDoS DYN Attacks

Update: Timeline of the Massive DDoS DYN Attacks

DYN DDOS Timeline This morning at 7am ET a DDoS attack was launched at Dyn (the site is still down at the minute), an Internet infrastructure company whose headquarters are in New Hampshire. So far the attack has come in 2 waves, the first at 11.10 UTC and the second at around 16.00 UTC. So…

The Conflict Of Net Neutrality And DDoS-Attacks!

The Conflict Of Net Neutrality And DDoS-Attacks!

The Conflict Of Net Neutrality And DDoS-Attacks! So we are all cheering as the FCC last week made the right choice in upholding the principle of net neutrality! For the general public it is a given that an ISP should be allowed to charge for bandwidth and Internet access but never to block or somehow…

Part 1 – Connected Vehicles: Paving The Way For IoT On Wheels

Part 1 – Connected Vehicles: Paving The Way For IoT On Wheels

Connected Vehicles From cars to combines, the IoT market potential of connected vehicles is so expansive that it will even eclipse that of the mobile phone. Connected personal vehicles will be the final link in a fully connected IoT ecosystem. This is an incredibly important moment to capitalize on given how much time people spend…

The Rise Of BI Data And How To Use It Effectively

The Rise Of BI Data And How To Use It Effectively

The Rise of BI Data Every few years, a new concept or technological development is introduced that drastically improves the business world as a whole. In 1983, the first commercially handheld mobile phone debuted and provided workers with an unprecedented amount of availability, leading to more productivity and profits. More recently, the Cloud has taken…

Don’t Be Intimidated By Data Governance

Don’t Be Intimidated By Data Governance

Data Governance Data governance, the understanding of the raw data of an organization is an area IT departments have historically viewed as a lose-lose proposition. Not doing anything means organizations run the risk of data loss, data breaches and data anarchy – no control, no oversight – the Wild West with IT is just hoping…

How The CFAA Ruling Affects Individuals And Password-Sharing

How The CFAA Ruling Affects Individuals And Password-Sharing

Individuals and Password-Sharing With the 1980s came the explosion of computing. In 1980, the Commodore ushered in the advent of home computing. Time magazine declared 1982 was “The Year of the Computer.” By 1983, there were an estimated 10 million personal computers in the United States alone. As soon as computers became popular, the federal government…

Why Security Practitioners Need To Apply The 80-20 Rules To Data Security

Why Security Practitioners Need To Apply The 80-20 Rules To Data Security

The 80-20 Rule For Security Practitioners  Everyday we learn about yet another egregious data security breach, exposure of customer data or misuse of data. It begs the question why in this 21st century, as a security industry we cannot seem to secure our most valuable data assets when technology has surpassed our expectations in other regards.…

How To Humanize Your Data (And Why You Need To)

How To Humanize Your Data (And Why You Need To)

How To Humanize Your Data The modern enterprise is digital. It relies on accurate and timely data to support the information and process needs of its workforce and its customers. However, data suffers from a likability crisis. It’s as essential to us as oxygen, but because we don’t see it, we take it for granted.…

Choosing IaaS or a Cloud-Enabled Managed Hosting Provider?

Choosing IaaS or a Cloud-Enabled Managed Hosting Provider?

There is a Difference – So Stop Comparing We are all familiar with the old saying “That’s like comparing apples to oranges” and though we learned this lesson during our early years we somehow seem to discount this idiom when discussing the Cloud. Specifically, IT buyers often feel justified when comparing the cost of a…

Cloud-based GRC Intelligence Supports Better Business Performance

Cloud-based GRC Intelligence Supports Better Business Performance

Cloud-based GRC Intelligence All businesses need a strategy and processes for governance, risk and compliance (GRC). Many still view GRC activity as a burdensome ‘must-do,’ approaching it reactively and managing it with non-specialized tools. GRC is a necessary business endeavor but it can be elevated from a cost drain to a value-add activity. By integrating…


Sponsored Partners