Category Archives: Security

Cloud Governance: Moving Into The Cloud

Cloud Governance: Moving Into The Cloud

A lot of planning goes into a proper transition of a company’s resources to cloud computing, and it is a necessary burden that IT managers must take. And an essential part of that planning involves taking care of the system after it has made the transition, which some organizations are still fumbling with or are learning on the fly. Both should not really be treated as options.

The first thing one has to remember about cloud governance is that it should never be static; it should evolve with the environment, the market, especially with the changes in your business needs. Governance is all about taking the necessary steps and actions to ensure that your organization uses its resources and systems optimally in order to achieve its goals. But rarely do you see governance as a core matter; it usually is bumped to the lower priorities.

The best way for cloud transition is to put governance of the system and resources as a priority, and you will find that everything will fit into place. Most organizations will plan for the fastest and cheapest transition not knowing it hurts them in the long run because they are unable to make use of the systems optimally. The key here is to think ahead, align your business requirements with the cloud in mind. You have to understand that not every business process or workload can be converted to the cloud while others need to be transitioned over time to ensure that there is proper compliance to the actual requirement and prevent a lot of other data integrity and sovereignty issues.

With that in mind, make sure to look at all your tools and systems and figure which ones would really benefit you by moving them to the cloud and which ones will not make much difference, you could probably save more money and resources leaving them where they are. And most of all, focus to move your most mature solutions first in order to make sure that they perform optimally before looking at other solutions you could move as well.

Here are some governance-related questions you can ask yourself when planning for a move to the cloud:

  • Will there be changes to your existing reporting and metrics or will they need to be reevaluated and refurbished? Will the same metrics actually apply to the new cloud components? Are you able to maintain visibility of your information architecture and metadata in SharePoint across the cloud platform as a whole or with individual services and sites?
  • Are you able to track storage use and data access and to what degree? How much visibility will you have in terms of content database reports, your entire user base, as well as storage?
  • How will your compliance monitoring and auditing capability be affected? Will you still be aware of all accesses in regards to what, where, and whom?
  • How much visibility and control do you have with the interactions between your users? Is content and resources being used and shared properly, and is collaboration really achieved?
  • Will you be able to setup management procedures and policies across all systems? Will you be able to automate repetitive, responsive, and preventive tasks?

By Abdul Salam

Cloud Storage Security Controls

Cloud Storage Security Controls

Cloud Storage Security Controls

Ask anyone who has fought in a war and they will tell you it’s an experience you can’t emulate. Many people have seen the eyes of their enemies as they fight. But what happens when your enemy is a thousand miles away, yet has all the information they need to know about you; location, strength, response time etc.

The world is run on information. Little 1’s and 0’s sent to the right place can do a lot more damage sometimes than any gun. And it is becoming obvious that the information we keep on our computers is no longer as safe as we’d hope.

Take Cloud storagecloud-storage-providers. This is a current buzzword for information storage, and quite an amazing thing it is too. Networked data centers which negate the need for hard drives and disc drives to a certain extent. Information available 24 hours a day, 7 days a week from any physical location with internet access.

Innovative? Yes. Convenient? Certainly. But how much trust to you put in a system that can be accessed anywhere, and by anyone given the right tools and talent?

People such as Joseph Thomas Colon were able to hack into a secure database (the FBI in this instance.) Is it really such as great idea to keep your files permanently online, transferring them to other servers without considering the security issues?

Before considering putting your information in Cloud storage, consider the levels of control that you will require. The dictionary definition of a security control is thus: ‘ …safeguards or countermeasures to avoid, counteract or minimize security risks.’

Here are 4 examples of such controls:

Deterrent

Ensure the storage has at least some form of warning system that can act as a deterrent to unlawful access.
This is the electronic equivalent of the sign you would put in your window that says “Warning: Guard Dog on Premises.”
Examples of these include:

  • Logon Warning – Ensure that a person is aware of the rights to enter your site or information storage.
  • Creation of appropriate access banner on entry pages
  • A deterrent control tries to stop malicious activity before it even begins.

Preventative

Ensure that any security issues have already been broached. By managing the vulnerable parts of the storage, damage can be limited.

One example of this would be the inclusion of a proxy server.

This can act as a ‘bouncer’ between your information and the person(s) wishing to access it. Requests for your information can pass through this server, reducing the risk of a security breach.

Corrective

These security issues can be resolved after an attack or damage has taken place. Real time security is important.

An example might include the changing of passwords and usernames as soon as you are alerted to the security breach. Another might be a limitation of the time spent on your Cloud storage, to minimize potential breaches.
The downside to corrective controls is that often, a breach must have taken place, allowing you to see where you need to plug the holes as it were, in your system security.

Detective

These controls will detect any unlawful users, slaving itself to the corrective and preventative controls to ensure a minimal amount of damage. This might include a complete listing of possible ‘what if…’ scenarios. Using a plan of development, you can often stop an attack before it begins.

An example might be hiring or yourself trying to unlawfully access your information in an attempt to test the defenses.

Try to keep these four controls in mind when requesting, using or accessing information in Cloud storage. By using one or all of these controls, you can really limit the potential damage that may occur when keeping your sensitive information completely online.

By Susie Francis

This post was written by Susie Francis a content writer for HANDD, the secure file transfer specialists. When Susie isn’t surfing the web and writing great content she likes to build things.

Cloud Infographic: 94% Of Healthcare Organizations Breached

Cloud Infographic: 94% Of Healthcare Organizations Breached

Cloud Infographic: 94% Of Healthcare Organizations Breached

Greg Arnette, CTO of Sonian, a company that creates cloud-based technologies for businesses says that the healthcare industry has needed a more resilient network that is more up-to-speed than the average hospital’s IT network can offer. The most enticing part of a cloud computing system is the consistency in speed, uptime and its price tag.  “Cloud storage,” says Arnette, “can cost as little as 10 cents a month for ‘fast’ storage.”

However, as promising as it may be, there are still a number of risks involved…

healthcare-data

Infographic Source: Backgroundcheck.org

Heroes Of The Cloud – Part 9

Heroes Of The Cloud – Part 9

Heroes of the Cloud – Part 9Cloud Heroes

A study of Cloud Computing should include not only the companies and entrepreneurs who have raised the Cloud from a concept to “the next big thing” in Information Technology. The study should also include those who have come to depend on the power of the Cloud.

Earlier in our look at the pioneers of Cloud Computing… (1 2 3 4 5 6 7 8) we partially defined “The Cloud” as a metaphor for the Internet. Another very workable definition would be that the Cloud is a tool for handling Big Data. Big Data is loosely defined as data sets that include from a few dozen terabytes to several petabytes. How much information is that? If you carry your contacts, pictures, music, games and files on an 8G microSD card in your smart phone, then 131,072 of your friends would need to combine their phones to equal a single terabyte.

Spy movies and James Bond gadgets aside, the national intelligence services are built around information, that is to say data. To perform their mission, a huge amount of information must be gathered, stored, analyzed, and eventually disseminated to the proper parties. At every stage, the information must also be protected ion the interest of national security.

While all of the intelligence services are in the information business, perhaps the most data intensive is the National Reconnaissance Office. The NRO develops and operates “overhead reconnaissance systems”. In other words, the NRO runs spy satellites.

The NRO is a hybrid organization composed of military members, Central Intelligence Agency staff, and DoD Civilian personnel. The NRO’s Chief Information Officer, , was recently awarded a Life Time Achievement “Legacy” Award from CloudNOW.

CloudNOW (Network of Women) is a non-profit consortium of leading women in Cloud Computing. The award was announced in conjunction with the March 2013 Women’s History Month Celebration.

Ms. Singer has held a number of Senior IT Leadership positions in the Federal Government. Previous to joining the NRO, she was Deputy CIO with the CIA, responsible for ensuring that the Agency had the Information Infrastructure necessary to accomplish its mission. Ms. Singer also served the State Department as the Director of Diplomatic Telecommunications Services.

With her background in the Intelligence service, Ms. Singer is intimately familiar with Cloud Security concerns. She writes Recent trends in cloud computing demonstrate the architecture has matured and offers distinct advantages for cyber security defense.

By Peter Knight

Want More Efficient Employees? Let Them Play With Their Own Toys

Want More Efficient Employees? Let Them Play With Their Own Toys

Want More Efficient Employees? 

Our friends at VMware have been looking at the way work gets done in the post-PC work environment. For some time we have been looking at how Cloud Computing is effecting the business world (and vice versa), Vmware’s “New Way Of Life 2013” study raises some intriguing conclusions. Tech Has Come A Long Way

When I was a kid, the big thing at school was when the cool kids would bring their electronic football games to class. These devices were so pre-GameBoy that they seem quaint now, but there was no denying the pleasure of manipulating the red lights across the display (these ancient games didn’t even have a screen!) The level of tech available today is almost blinding. What the report shows is that workers are using their personal tech for more than just passing the time. The 2012 study was conducted in the Asia Pacific region, so the results are based on answers from workers in Australia, China, Hong Kong, India, Indonesia, Japan, Malaysia, Philippines, Singapore, South Korea, Taiwan and Thailand. Approximately 2,100 workers were surveyed, and all of the participants work for organizations that employ at least 1000 people globally.

Reasons For Increased Production

Unlike the LED football games of my youth, personal tech devices appear to be increasing worker productivity. The study found that when they were allowed to use their personal devices at work, 80% of workers felt they were more efficient, even when they were working outside the office. 83% of respondents said that they bring their own devices to work, and of those, 93% say that the IT department knows about it. Company IT is the big sticking point in the deal. Security is the biggest issue, along with interfacing with the employer’s IT infrastructure. Only 50% of the participants said that they received IT support for their personal devices. When problems occurred, 63% resolved the problem by Google-ing, and 69% were able to fix it themselves. (This experience would seem to increase the user’s level of tech savvy; whether this is a good thing or not for traditional IT is not determined.)

Workers Prefer Their Own Tools

Employees cite several reasons they prefer to use their personal devices at work. 41% said that clients often contacted them using their personal phones, and 35% said their jobs were mobile in nature. Being more familiar with the software of their personal devices was sited in 28% of replies, 26% felt more engaged on their own devices, and 39% sited greater functionality of their personal devices. 23% simply felt less stressed using their own devices.

By Peter Knight

Cloud Security Issues And The Role Of Managed Cloud Services

Cloud Security Issues And The Role Of Managed Cloud Services

Managed Cloud Services

The changing demands of business operations have made Cloud Computing rise in popularity in the last few years. Cloud Computing has become one of the fastest growing segment of IT by providing promising business concepts and economic viability. The prevailing recession has also led organizations to seriously ponder over the attributes of Cloud environment that offer best-of-breed business applications and infrastructure resources, all at a comparatively negligible cost. However, as more vital proprietary information is being pooled into the Cloud, masses are overwhelmed with concerns regarding their integrity, and if a cloud environment is safe enough to guarantee it.

Cloud Security, is sure to be one of the first question, asked by enterprises, businesses, and institutions as a take-on to move their online applications, assets and data in the Cloud. Although, there is no doubt that Cloud Computing can be a panacea to all of the perceived IT problems, but migration alone is not one issue to be taken lightly. There are complex considerations to be undertaken by organizations whilst first beginning their journey, and security is to be the priority concern that might become a pitfall in achieving entire organizational goals.

Understanding the Security risks of cloud

Some recent attacks of cyber crime targeted on enterprises that were the accustomed users of the Cloud came to be as a catalyst in Cloud security apprehensions.  A series of cyber assaults were made on various banks in the United States which reportedly effected day-to-day transactions by cloaking itself from even some advanced antivirus softwares. As the attacks were traced back to thousands of Cloud data centers, this defiled the infallible reputation of the Cloud. Although, many cyber criminal factions took responsibility of the attack, experts still believe that these incidents occurred more due to some political reasons.

Zendesk too narrated in one of their posts (we’ve been hacked) that they went through a similar situation. Support information of three of their customers was compromised; however, Zendesk was able to quickly take over the situation and make amends. This has been going on for quite some time now, and it seems as if Cloud has become particularly attractive for Cyber Criminals. Feb 2009 also marked Google making an embarrassing apology as its Gmail service went down in Europe while Salesforce.com is still trying to get back on its feet from the attack which hoodwinked an employee into revealing passwords.

It is a fact that Cloud service providers and the users too, need to take a lot of adhesive precautions whilst their data centers get rich. They need to make sure that their data travels in secure channels and when stored, it observes encryption both on the provider and users end. Cloud Security Alliance also recommends users to be aware of the interfaces and provider APIs that interact with Cloud services, as well as integrating security modules throughout their service and activity monitoring policies.

Besides other methods, Managed Cloud Services can also be the key in improving the security barriers of a user’s Cloud environment, but as their data is accessible to the employees of CSPs, they should have an open ground to know and in-trust a particular person who manages and monitors their Cloud environment.

Role of Managed Cloud Services in securing your data

Managed Cloud service is a form of Cloud Computing service that has a sole purpose to save the user’s time. This model of Cloud offers you help to build, architect and manage your Cloud environment. With managed Cloud, you are relieved of the system administrative activities which are then performed by the Cloud experts from your CSP. This means that all your concerns regarding resource provisioning, resource metering, acquiring high security modules, encryption, firewalls,  monitoring and more becomes the first take-over priority by your Cloud Provider.

Managed Cloud services have a multitude of advantages. Experts say that many enterprises, that were dependent upon Cloud Computing managed to cut down more that 50% of their IT expenditures by switching to Managed Cloud Services. They also were able to minimize the Security risks that are more than often prevalent in Cloud, and achieved hardened security protocols that went iron hide on their infrastructure.

As its experts, who look after you, your Cloud infrastructure undergoes timely audits, patches, maintenance, integrations and Security QAs so that you can garner a worry-less Cloud experience. In addition to that, managed Cloud service providers place their Cloud experts by your side 24/7 so that you may get a non-stop uninterrupted support.

The comprehensive security features that Managed Cloud services provide you are:

  • Protection from unauthorized access

  • High level encryption that guaranteed via industry leading technology

  • Connections to enable secure remote accesses

  • High level integrations to protect any unauthorized hindrance and intrusion

Electing cloud services via a managed Cloud service can grant you way more benefits that you need to keep your business afloat; however, it is essential to think and shop carefully while you are on the aisle that has managed Cloud service provider labeled on every other package. Once you get your perfect Cloud service provider its necessary that you should address these security issues with them, but this should not be a deal breaker. After all, Cloud Computing offers each trait way too many benefits to miss.

Cloud Security Issues - Pere Hospital

By Pere Hospital,

Pere (CISSP & OSCP) is the CTO and co-founder of Cloudways Ltd. He has over two decades of experience in IT Security, Risk Analysis and Virtualization Technologies. You can follow Pere on Twitter at @phospital, orlearn more about Cloudways at www. Cloudways.com

Cloud Infographic: How A Data Breach Happens

Cloud Infographic: How A Data Breach Happens

Cloud Infographic: How A Data Breach Happens

While we are all very happy about the entire cloud data storage concept and feel that it’s a breath of relief from the constant battle against malware, key loggers, PC monitoring software, and whatnot, we tend to forget that there are steps which we need to take to ensure security even after we have shifted all our digital luggage to the cloud. 10 tips on how to protect yourself?

Here is an informative infographic reviewing data breaches as well as another one (below) created by the group at: cloudhance.com

Data Breach

Infographic Source: cloudhance.com

Online VMware Forum 2013: Get Real Benefits From Virtualization

Online VMware Forum 2013: Get Real Benefits from Virtualization

“Virtual” is usually a poor substitute for “real” – would you prefer playing Guitar Hero instead of rocking on stage? However, there’s one field where “virtual” can actually be better than “real” – Information Technology (IT). Applicable to hardware, software, memory, databases and networks, virtualization allows simplification of IT by making user experience independent of underlying infrastructure. However, the benefits of virtualization are not only limited to improved user experiences; they have multiple implications for the enterprise as well.

The benefits of virtualization include:

1. Cost savings
2. Mobility
3. Scalability
4. Disaster recovery
5. Resource optimization
6. Security
7. Environment-friendliness

However, one cannot just buy “virtualization” off the shelf; it takes specialized knowledge to truly leverage its power. As one of the pioneers in this field, VMware is well positioned to teach IT practitioners. Moreover, it’s offering to do so for free.

At the Online VMware Forum 2013, participants can immerse themselves into a virtual world where they learn how to deliver IT services efficiently and effectively, and from anywhere at a low cost.

So, what exactly can you do at VMware Forum 2013? You can:

  • chat and make connections with VMware experts and your IT peers
  • learn about the software-defined data center and NEW VMware offerings
  • attend live breakout sessions, technical deep dives and discussions
  • navigate in a 3D virtual environment with interactive booths staffed by VMware industry-leading partners

If you have been intrigued by all the news coverage “cloud computing” is getting lately, you must attend this event. After all, cloud computing and virtualization are closely related, and this forum can tell you how. Also, you can learn about what cloud strategy (public vs. private vs. hybrid) and service model (IaaS vs. PaaS. Vs SaaS) will work best for your organization.

So, what are you waiting for? Sign up today and be better-equipped to face tomorrow’s IT challenges.

By Sourya Biswas

Sponsored by VMWare and Online VMware Forum 2013

CloudTweaks Comics
The Rise Of BI Data And How To Use It Effectively

The Rise Of BI Data And How To Use It Effectively

The Rise of BI Data Every few years, a new concept or technological development is introduced that drastically improves the business world as a whole. In 1983, the first commercially handheld mobile phone debuted and provided workers with an unprecedented amount of availability, leading to more productivity and profits. More recently, the Cloud has taken…

Containerization: The Bold Face Of The Cloud In 2016

Containerization: The Bold Face Of The Cloud In 2016

Containerization And The Cloud “Right now, the biggest technology shift in the cloud is a rapid evolution from simple virtual machine (VM) hosting toward containerization’’ says the CTO of Microsoft Azure, Mark Russinovitch, a man who deals with the evolving cloud infrastructure every day. In his words, containerization is “an incredibly efficient, portable, and lightweight…

Cloud Computing – The Good and the Bad

Cloud Computing – The Good and the Bad

The Cloud Movement Like it or not, cloud computing permeates many aspects of our lives, and it’s going to be a big part of our future in both business and personal spheres. The current and future possibilities of global access to files and data, remote working opportunities, improved storage structures, and greater solution distribution have…

Cloud Security Risks: The Top 8 According To ENISA

Cloud Security Risks: The Top 8 According To ENISA

Cloud Security Risks Does cloud security risks ever bother you? It would be weird if it didn’t. Cloud computing has a lot of benefits, but also a lot of risks if done in the wrong way. So what are the most important risks? The European Network Information Security Agency did extensive research on that, and…

Cloud Infographic – The Internet Of Things In 2020

Cloud Infographic – The Internet Of Things In 2020

The Internet Of Things In 2020 The growing interest in the Internet of Things is amongst us and there is much discussion. Attached is an archived but still relevant infographic by Intel which has produced a memorizing snapshot at how the number of connected devices have exploded since the birth of the Internet and PC.…

The Future Of Work: What Cloud Technology Has Allowed Us To Do Better

The Future Of Work: What Cloud Technology Has Allowed Us To Do Better

What Cloud Technology Has Allowed Us to Do Better The cloud has made our working lives easier, with everything from virtually unlimited email storage to access-from-anywhere enterprise resource planning (ERP) systems. It’s no wonder the 2013 cloud computing research IDG survey revealed at least 84 percent of the companies surveyed run at least one cloud-based application.…

Unusual Clandestine Cloud Data Centre Service Locations

Unusual Clandestine Cloud Data Centre Service Locations

Unusual Clandestine Cloud Data Centre Service Locations Everyone knows what the cloud is, but does everybody know where the cloud is? We try to answer that as we look at some of the most unusual data centre locations in the world. Under the Eyes of a Deity Deep beneath the famous Uspenski Cathedral in the…

Cloud Infographic – The Data Scientist

Cloud Infographic – The Data Scientist

Data Scientist Report The amount of data in our world has been exploding in recent years. Managing big data has become an integral part of many businesses, generating billions of dollars of competitive innovations, productivity and job growth. Forecasting where the big data industry is going has become vital to corporate strategy. Enter the Data…

Digital Marketing Hubs And The Cloud

Digital Marketing Hubs And The Cloud

Digital Market Hubs Gartner’s recently released research, Magic Quadrant for Digital Marketing Hubs, recognizes the big four marketing cloud vendors as leaders, but also points to many challengers. Adobe, Marketo, Oracle, and Salesforce inhabit the leader’s block of the Magic Quadrant, reflecting both their growing capabilities as well as marketing technology platform scopes. Gartner believes…

Low Cost Cloud Computing Gives Rise To Startups

Low Cost Cloud Computing Gives Rise To Startups

Balancing The Playing Field For Startups According to a Goldman Sachs report, cloud infrastructure and platform spending could reach $43 billion by 2018, which is up $16 billion from last year, representing a growth of around 30% from 2013 said the analyst. This phenomenal growth is laying the foundation for a new breed of startup…

Three Tips To Simplify Governance, Risk and Compliance

Three Tips To Simplify Governance, Risk and Compliance

Governance, Risk and Compliance Businesses are under pressure to deliver against a backdrop of evolving regulations and security threats. In the face of such challenges they strive to perform better, be leaner, cut costs and be more efficient. Effective governance, risk and compliance (GRC) can help preserve the business’ corporate integrity and protect the brand,…

Lavabit, Edward Snowden and the Legal Battle For Privacy

Lavabit, Edward Snowden and the Legal Battle For Privacy

The Legal Battle For Privacy In early June 2013, Edward Snowden made headlines around the world when he leaked information about the National Security Agency (NSA) collecting the phone records of tens of millions of Americans. It was a dramatic story. Snowden flew to Hong Kong and then Russia to avoid deportation to the US,…

Cloud-Based Services vs. On-Premises: It’s About More Than Just Dollars

Cloud-Based Services vs. On-Premises: It’s About More Than Just Dollars

Cloud-Based Services vs. On-Premises The surface costs might give you pause, but the cost of diminishing your differentiators is far greater. Will a shift to the cloud save you money? Potential savings are historically the main business driver cited when companies move to the cloud, but it shouldn’t be viewed as a cost-saving exercise. There…

3 Keys To Keeping Your Online Data Accessible

3 Keys To Keeping Your Online Data Accessible

Online Data Data storage is often a real headache for businesses. Additionally, the shift to the cloud in response to storage challenges has caused security teams to struggle to reorient, leaving 49 percent of organizations doubting their experts’ ability to adapt. Even so, decision makers should not put off moving from old legacy systems to…

Are Cloud Solutions Secure Enough Out-of-the-box?

Are Cloud Solutions Secure Enough Out-of-the-box?

Out-of-the-box Cloud Solutions Although people may argue that data is not safe in the Cloud because using cloud infrastructure requires trusting another party to look after mission critical data, cloud services actually are more secure than legacy systems. In fact, a recent study on the state of cloud security in the enterprise market revealed that…

Moving Your Email To The Cloud? Beware Of Unintentional Data Spoliation!

Moving Your Email To The Cloud? Beware Of Unintentional Data Spoliation!

Cloud Email Migration In today’s litigious society, preserving your company’s data is a must if you (and your legal team) want to avoid hefty fines for data spoliation. But what about when you move to the cloud? Of course, you’ve probably thought of this already. You’ll have a migration strategy in place and you’ll carefully…

The Cloud Is Not Enough! Why Businesses Need Hybrid Solutions

The Cloud Is Not Enough! Why Businesses Need Hybrid Solutions

Why Businesses Need Hybrid Solutions Running a cloud server is no longer the novel trend it once was. Now, the cloud is a necessary data tier that allows employees to access vital company data and maintain productivity from anywhere in the world. But it isn’t a perfect system — security and performance issues can quickly…

Cloud Security Risks: The Top 8 According To ENISA

Cloud Security Risks: The Top 8 According To ENISA

Cloud Security Risks Does cloud security risks ever bother you? It would be weird if it didn’t. Cloud computing has a lot of benefits, but also a lot of risks if done in the wrong way. So what are the most important risks? The European Network Information Security Agency did extensive research on that, and…

Maintaining Network Performance And Security In Hybrid Cloud Environments

Maintaining Network Performance And Security In Hybrid Cloud Environments

Hybrid Cloud Environments After several years of steady cloud adoption in the enterprise, an interesting trend has emerged: More companies are retaining their existing, on-premise IT infrastructures while also embracing the latest cloud technologies. In fact, IDC predicts markets for such hybrid cloud environments will grow from the over $25 billion global market we saw…