Category Archives: Security

To Migrate or to Not Migrate: In-House vs. Outsourced Cloud Computing

To Migrate or to Not Migrate: In-House vs. Outsourced Cloud Computing

In-House vs. Outsourced Cloud Computing

Through working as an executive in the managed DNS industry for over 15 years, I have become a sort of expert in managing costs while also maintaining high performance and uptime standards. With the recent push the cloud, I have been urged to evaluate the cost efficiencies between operating an in-house or cloud-hosted network. But most importantly, I have been asked to discuss the performance benefits of each, and whether these benefits are worth the price tag.

I have managed networks ranging from a rack in my basement, to a multi-million dollar network that spans over 16 facilities on 5 different continents. When you manage large-scale networks, you have to learn many different skills that venture far beyond network engineering. You have to learn how to pick the right hardware, strike deals with different providers, and of course do all of this while trying to stay cost efficient.

Outsourced Cloud Computing

(Image Source: Shutterstock)

The recent push to migrate to cloud infrastructure has won over the majority of top online retailers. Some converters have gone so far as to move their entire on-premises systems onto the cloud, and are boasting significant performance improvements. Ecommerce giants, like Etsy, are using the cloud to host big data analytics that predict what customers will want to purchase next. Big data analytics require massive amounts of storage and bandwidth, better served with cloud-based solutions.

Organizations who deliver large content loads to international audiences, like Netflix, have moved to the cloud because their on-prem systems couldn’t grow to scale quickly enough. Netflix announced that had finally completed their seven-year migration to the cloud earlier this year. Big moves like Netflix’s are ideal for companies that need to expand at a rapid pace, because the cloud offers a flexible environment engineered for growth.

Costs of Moving to the Cloud

But usually, these decisions all come to down to price. So I’m going to cut to the chase and show you a rough breakdown of how much it costs to move to the cloud, and how that compares to hosting an in-house system.

We host our network from 16 different facilities around the world. Over the years we have dealt with pretty much everything when it comes to hosting your own infrastructure. For this example, I’m going to use a rough average of what our infrastructure requires.

Let’s say that in our environment, eight servers would cost us roughly $25,000. That’s going to be your total upfront cost to purchase and erect your servers. Now you have to think about hosting, which can and will fluctuate. A typical month, requiring a “good” amount of bandwidth would roughly cost $300 per server.

So that’s 8 servers x $300 = $2,400 a month

You also have to take into account the cost of lighting up each server, which requires staff hours and initial setup and administration fees. You will also need a place to store your servers, racks, routers, and switches. Once everything is setup, you will also have to pay for additional staff hours to maintain all of your equipment. All of this together will run you about $450 a month per server.

Now we have 8 servers x $450 cost of initial light-up and maintenance = $3,600 per month

Don’t forget to add the initial $25,000 for servers + $2,400 for hosting + $3,600 for lighting up = $31,000 for your first month. Each subsequent month will cost $6,000 per month to maintain your infrastructure.

On the other hand, let’s take a look at what it would cost to host the same number of servers and bandwidth on cloud infrastructure. It would cost roughly $450 per month for each system alone.

That would be 8 servers x $450 for each system = $3,600 per month

Like an in-house system, you also have to factor in the cost of bandwidth. Depending on your usage, this could range anywhere from $600 to $1000 a month.

That would run you 8 servers x $800 for average bandwidth = $6,400 per month

Add that $6,400 to your $3,600 per system = $10,000 per month

If you look at the cost of each service side by side: an in-house system will cost substantially more up-front ($31,000), but less each following month ($6,000). Moving to the cloud may have a small premium, but the monthly cost ($10,000) is nearly double the cost to maintain an in-house system. Furthermore, the monthly estimation of a cloud system doesn’t account for staff hours for maintenance. While this is on an as needed basis, it could significantly increase monthly costs.

It’s also important to remember that in-house solutions are not for everyone. These systems demand at least a two-year commitment to earn back the cost of resources. The up-front costs for an in-house system may sound a little daunting, but you will end up earning back your investment quicker than you would with a cloud-based system. You also don’t have to pay a monthly cost for memory, since you will be using existing infrastructure that you paid for in your premium.

On the other hand, if you only require a short-term or temporary commitment, then cloud-based infrastructure is the best solution. If you have an app you need to test for a few weeks or months, then I would recommend looking at the cloud. The cloud is also a great way to see how your application or software would respond to different scalability requirements. You can also use the cloud if you are unsure what requirements you may need for an in-house system.

startups-2016

Startups tend to turn to cloud-based systems, because they don’t require a large premium, and can scale quicker than an in-house system. Cloud-based infrastructure also requires less staff hours, costs less for energy, and is able to offer more redundancy at a lesser price.

However, the cloud should only be used for a finite amount of time. Most VC’s don’t care about this, and will continue to pump money in the cloud. But if you want to be sustainable for the long haul and achieve significantly greater ROI, than an in-house system would be the best solution.

Some organizations continue to stray away from completely moving to the cloud, because they have already made a significant investment into their on-prem systems. It’s rare that companies are able to repurpose any of the equipment in their on-prem systems that they have spent years acquiring and maintaining.

For these organizations, either staying with an in-house system or using a hybrid system would be best. Hybrid infrastructure uses a balance of both cloud-based and in-house systems. This provides organizations with the elasticity of the cloud, while still being able to maintain their own infrastructure. One of the most efficient methods we have seen is a customer will use an on-prem network, but use move some traffic over to the cloud during high traffic periods, like Black Friday.

black-friday-thanksgiving

Whatever solution you choose for your organization, remember that you have to balance performance with cost. Even if you think one solution will help your business grow faster, you might see a lower ROI because the costs for that infrastructure are too high.

By Steven Job

What You Need To Know About Choosing A Cloud Service Provider

What You Need To Know About Choosing A Cloud Service Provider

Selecting The Right Cloud Services Provider

How to find the right partner for cloud adoption on an enterprise scale

The cloud is capable of delivering many benefits, enabling greater collaboration, business agility, and speed to market. Cloud adoption in the enterprise has been growing fast. Worldwide spending on public cloud services will grow at a 19.4% compound annual growth rate to go from $70 billion in 2015 to $141 billion in 2019, according to IDC.

Over the past several years, the software industry has been shifting to a cloud-first (SaaS) development and deployment model. By 2018, most software vendors will have fully shifted to a SaaS/PaaS code base,” said Frank Gens, a chief analyst at IDC.

But the boosts in efficiency and your bottom line that cloud adoption brings are not a foregone conclusion. In order to realize those benefits, it’s vital to find a reliable cloud services provider or integrator. The right partner can provide a platform that enables digital transformation and fosters innovation. As you begin your search, here are some key concepts that should be at the forefront of your mind.

Build trust and security

Security may not be the barrier to cloud adoption that it once was. Almost 65% of IT and security professionals surveyed by Skyhigh Networks agreed the cloud is either as secure or more secure than on-premises software. However, the firm also found that the average organization experiences 19.6 cloud-related security incidents every month. Attitudes may be shifting, but security concerns still loom large for many companies.

It’s important to find a cloud services provider that you can really trust. Seek a partner with proven security expertise, a solid platform for data sovereignty, and an impeccable track record. Ensure that they understand security is an ongoing battle, and have a continually evolving long-term release plan in place to address potential security issues.

Don’t sacrifice flexibility

One of the main advantages of the cloud is the fast scalability and business agility it can provide, so it’s important not to get walled in. Hybrid capability is important, and you want to be able to transition quickly and easily when you see a potential advantage.

The services you adopt should allow you to leverage the public cloud and integrate partner services. You want something that supports the usage of any public cloud, allowing for new service adoption down the line, but also leveraging essentials likeMicrosoft Azure. Consider how to handle peak demand and cater for customer preferences. It’s all about achieving the right balance to enable your business to grow and innovate.

Standardization is good

For the sake of clarity and cost, standardized services are desirable. Consider the compatibility, safety, interoperability, repeatability, and quality that standardization can provide. A platform like Office 365 will deliver a consistent experience for all of your customers and employees, regardless of the platform or the device they’re using.

Pick and choose the right blend of standardized software and open source technologies to create bundles that deliver the features you need without sacrificing the flexibility that enables you to stay competitive. Customized solutions are expensive, inflexible, and they lock you in to your partner’s roadmap.

Global coverage and stability

You need to be able to deploy, manage and upgrade your software and applications easily. Look for reliability and a strong history of release stability to minimize disruption. You also want a partner with a good balance between compute workload and location. International coverage can boost performance significantly by delivering compute where the users actually are. A single, centralized location is a major bottleneck.

Set business objectives

Performance reports, resource monitoring and service level agreements are all important, but you need to set tangible business goals at the outset and put metrics in place to test the effectiveness of your cloud services. You should have a deep understanding of the business advantages you’re expecting to achieve, and so should your partner. Look beyond the technical statistics and ask what they can do for your business.

A cloud services aggregator can take advantage of economies of scale to deliver services far more cheaply than you can ever manage internally, but finding the right partner is about more than cost. They need to be trustworthy, security-conscious, reliable and globally distributed. You need to retain the flexibility to adopt the emerging technologies that can drive innovation and creativity in your business.

By Nicholas Lee

DELUSIONS OF ADEQUACY: WHY PRESIDENTIAL POLICY DIRECTIVE 41 FALLS SHORT

DELUSIONS OF ADEQUACY: WHY PRESIDENTIAL POLICY DIRECTIVE 41 FALLS SHORT

Delusions of Adequacy

President Obama’s recent policy directive on cybersecurity was eight years in the making. Unfortunately, its proposed actions are barely adequate to the massive task of defending against the onslaught of daily cyber attacks on U.S. companies and government agencies.

The new document, Presidential Policy Directive 41, is supposed to improve government and private-sector coordination in dealing with major cyberattacks. Among other things, the directive lays out which agencies will handle tasks related to a major cyber breach.

For example, the FBI gets tasked with conducting breach investigations, while DHS has the lead for providing “technical assistance” to breach victims “to protect their assets, mitigate vulnerabilities, and reduce impacts of cyber incidents.”

The White House’s Office of the Director of National Intelligence takes the lead for “intelligence support and related activities.” And of course there will be lots of “coordination” among these agencies through a newly set up Cyber Unified Coordination Group.

New Color Scheme for Cyberattacks

In addition to the directive, the administration released a five-level cyber incident severity schema, setting up a common framework for assessing the severity of cyber attacks, similar to the DHS’s national terrorism advisory system threat-level matrix. There is an attractive color pallet of white, green, yellow, orange, red, and black to categorize everything from an “inconsequential event” to a cyber event that “poses an imminent threat” to critical infrastructure, federal government stability, or to the lives of U.S. citizens.

Unfortunately, the U.S. government has zero credibility when it comes to establishing effective policies and procedures on cybersecurity. Just look at the number and scope of federal agency breaches over the last few years – the Office of Personnel Management, the Internal Revenue Service (twice), the State Department, the U.S. Postal Service, the Department of Commerce, and the Federal Deposit Insurance Corp, not to mention the recent Democratic National Committee email hack and Hillary Clinton’s questionable handling of government email while she was secretary of state.

While highly regulated industries must provide strong data security or face government fines or other regulatory action, no one is keeping the government itself honest; no one is threatening the government with fines or any other actions. Accountability forces the private sector to be proactive about data security, but the government can do anything it wants.

Securing Data Before It Is Breached

But the directive and schemata beg the question: What are you going to do to secure your data before it is breached?

This directive does nothing to help CIOs, whether in the government or in the private sector, prevent these breaches in the first place. The guidelines are too focused on what to do after an attack – there is no mention of any type of preventative measures improving user behavior.

Instead, public and private entities should be asking: What kind of sensitive data do we have, and who needs to access it? What is our plan for controlling who has access to data? What are more secure ways people can share this sensitive data other than email? Does our current security plan have provisions for data at rest and data in motion?

Most companies have strong protection of data at rest when it is stored on their servers. But when data is in motion, within the company or to outside individuals or vendors, protections are often weak. The weak link in your data security plan is when data is in motion and/or outside of your control.

Instead of expecting the federal government to do something, it is up to the private sector to take action to protect data at rest and in motion before the data is stolen by cyber criminals or nation-states.

By Daren Glenister

Modern Artificial intelligence Solutions

Modern Artificial intelligence Solutions

Artificial Intelligence

The field of Artificial Intelligence (AI) is perhaps one of the more exciting tech arenas today, due not least of all to the outlandish visions of science fiction films and novels. However, the gap between imagination and reality is steadily diminishing, and we already see the likes of KITT Car in today’s AI controlled driverless cars. Moreover, though the AI robots hitting the market aren’t quite as sophisticated as those of I, Robot (nor as alluring as Austin Powers’ Fembots) the potential of personal humanoid robots is swiftly progressing. However, these sensational advents are only one aspect of AI; Big Data, data analysis, and machine learning are the less glamorous but invaluable disciplines significantly intertwined with AI. Thanks to the rapid progress of AI technology, many of these tools are becoming available to small and medium organizations too.

The Cloud & AI

DimensionalMechanics is one startup putting AI to work with the launch of NeoPulse™, their cloud-based enterprise artificial intelligence platform.

Consisting of solutions NeoPulse Profile, NeoPulse Expert, and NeoPulse 3D, their product makes use of deep learning techniques when tackling complex data analysis, the collection of content, and simulation challenges through the integration of ‘human-like intuition’ into existing systems. In an exclusive with CloudTweaks, Rajeev Dutt, co-founder and CEO of DimensionalMechanics, say, “The feedback, insights and excitement we hear from development partners tell us that our new AI solutions are addressing real market challenges. Right now we’re working with a major broadcast media company to analyze online news content, images and video, identifying characteristics that help with curation and drive engagement, including clicks and readership, among key audience members. We’re also working with a major fashion and apparel design technology company to develop an application for designers, enabling them to create highly realistic 3D images at a quality suitable for detailed design, display, and analysis. The 3D simulation translates to gaming development, virtual reality and augmented reality as well.

A Targeted Approach

Delivering their platform and product offerings to development partners, DimensionalMechanics is initially focusing on fashion and retail technology, the broadcast media, and interactive entertainment gaming industries. Says Dutt, “We are squarely focused on horizontal artificial intelligence for enterprise users, using AI to solve wide-ranging market challenges, rather than address a single problem. With that in mind, we built NeoPulse as a cloud-based, fully extensible platform so that it would be flexible and developer-friendly. NeoPulse has the potential to make AI a scalable centerpiece of enterprise operations, lowering barriers and expanding access so that businesses can readily incorporate the power of AI into their existing systems and decision-making processes.

Currently working with development partners on use cases, DimensionalMechanics is collaborating with a leading broadcast media company in the analysis of online news coverage, identifying features which lead to the highest levels of engagement. Concurrently, an advanced 3D design simulation applications is being built for a large fashion design technology company, allowing designers to input pattern specs, fabric, and body types with resulting visualizations of the end product.

Artificial Intelligence for Business

The role of AI in business is expanding, and Gartner predicts that by 2018, more than 3 million workers globally will be supervised by a “robo-boss,” while 20% of business content will be authored by machines. We can expect to see many more business-focused and practical AI assimilations in the coming years. States Dutt, “From the start, we’ve been driven to take artificial intelligence from the abstract into the tangible and provide real solutions to pressing enterprise concerns. It’s like the early days of the airplane – you can try replicating the bird, or you can focus on flying. We’re less interested in recreating the human brain itself than in leveraging AI technology’s human-like intuition in innovative, useable ways.”

By Jennifer Klostermann

How The CFAA Ruling Affects Individuals And Password-Sharing

How The CFAA Ruling Affects Individuals And Password-Sharing

Individuals and Password-Sharing

With the 1980s came the explosion of computing. In 1980, the Commodore ushered in the advent of home computing. Time magazine declared 1982 was “The Year of the Computer.” By 1983, there were an estimated 10 million personal computers in the United States alone.

As soon as computers became popular, the federal government began to legislate their use. In 1986, the Comprehensive Crime Control Act was amended to included the Computer Fraud and Abuse Act (CFAA). The CFAA criminalized trafficking in passwords, distributing malicious code, and other computer-related acts.

The CFAA has been amended five times in four decades (including in 2001 when it was amended by the Patriot Act), and the courts have interpreted it in ways that further extend its scope. The result is a law that Tim Wu called “the worst law in technology.” As part of his article for The New Yorker, Wu wrote:

Orin Kerr, a former Justice Department attorney and a leading scholar on computer-crime law, argues persuasively that the law is so open-ended and broad as to be unconstitutionally vague. Over the years, the punishments for breaking the law have grown increasingly severe—it can now put people in prison for decades for actions that cause no real economic or physical harm. It is, in short, a nightmare for a country that calls itself free.

Wu wrote these words in 2013, and the CFAA is only worse today. It goes far beyond its original intent to target cybercriminals and hackers, and now threatens many normal people, using their computers in harmless and legitimate ways.

Nothing demonstrates this as ominously as the July 5 opinion from the U.S. Ninth Circuit Court of Appeals. In this opinion, the court found that sharing passwords can be grounds for prosecution under the CFAA. Theoretically, this means a husband could be prosecuted for sharing a banking password with his wife, or vice versa.

The court issued this opinion knowing full well the implications of it. They state in their opinion, quoting part of another court’s ruling:

We are mindful… that ill-defined terms may capture arguably innocuous conduct, such as password sharing among friends and family, inadvertently ‘mak[ing] criminals of large groups of people who would have little reason to suspect they are committing a federal crime.’”

Their “mindfulness” will be of cold comfort to Americans who are prosecuted under CFAA. It’s not only innocuous password-sharing that makes someone run afoul of the Act; it has also been used to prosecute the violation of terms of service agreements. Most infamously, the FBI used it to pursue Aaron Swartz. Swartz was a programmer and activist who downloaded research papers from a database at MIT, in violation of its terms of service. The fact that he was a research fellow at MIT, with authorized access to the database, didn’t matter. Swartz committed suicide while under federal indictment.

The July 5 opinion from the Ninth Circuit Court of Appeals will turn many others like Swartz into criminals. The dissenting judge on the case noted this, stating that the majority opinion “… loses sight of the anti-hacking purpose of the CFAA, and despite our warning, threatens to criminalize all sorts of innocuous conduct engaged in daily by ordinary citizens.”

The vagueness of the CFAA and the nuances of terms of service, which vary from company to company, make this ruling dangerous for ordinary corporate and individual citizens. Will sharing a bank or Netflix password with a spouse or child be a federal crime? The only way to know would be to find the terms of service, find any clauses that apply to password- or account-sharing, and work out how it legally applies in each case. It’s not simple or straightforward.

Take the examples of Netflix and HBO Go. Both subscription-based services have limits that prevent too many people from using the same account. Both companies’ CEOs have stated account-sharing is positive. They view it as an excellent way of marketing their services.

Yet this ruling raises many questions about what the government may consider an offense worthy of prosecution, regardless of what Netflix or HBO thinks about it. Is it a violation of the CFAA if a Netflix account owner enters the password to their account to watch a show on a friend’s device? Does that count as password-sharing?

The situation gets even murkier when:

  • A service’s terms of service do not specify if you can or cannot share passwords.
  • It’s not easy to find the terms of service.
  • The login to a service uses a multi-factor login (such as a Facebook account) rather than a password. In this situation, does sharing your Facebook account then count as password-sharing for the other service?
  • Corporations keep password libraries for use of many employees in the same company.

This ruling also fails to account for the practical nature of life and business. How can a parent or business plan for serious illness, death, or other significant events without consensual password-sharing? Our personal and business lives revolve around myriad disparate online services requiring password access, and in some cases not sharing those passwords could lead to serious business or personal disruptions. Consider, for instance, a wife using her husband’s bank accounts to pay the bills while he is in the hospital.

It’s dispiriting to watch individuals being prosecuted. The CFAA has veered far from its original intent of targeting hackers and other egregious offenders. It’s possible it will be used like the Digital Millennium Copyright Act (DMCA) was used to go after illegal file sharers in bulk, going after the many, many Americans who innocuously share their passwords with others.

 

Sadly, this is only one of many recent examples of the courts extending the scope of criminal law in a way that seriously undermines people’s ability to function and do business on the Internet. The cases of Lavabit and Apple clearly show the encroachment of government fingers into the electronic privacy rights of American citizens.

There is some steady light at the end of this tunnel. Another ruling shortly after the July 5th one, in Facebook v. Power Ventures, a separate court ruled that one can willfully pass along your authorization to specific login credentials to another person. However, even this ruling leaves many unanswered questions as to what types of activity are allowed and what “authorized access” exactly means. In particular, under what specific conditions can this delegated access be revoked such that continued use would be considered a crime?

The message of these cases: The government gets to dictate how Americans use computers and the Internet, regardless of their rights or what makes sense. Americans should be vigilant in staying on top of the legal developments surrounding their online lives, and communicate loud and clear with their representatives to let them know what they think about legislation such as the CFAA.

By Erik Kangas

THE CLOUD IS FUELING THE TECH SECTOR’S PROFITS

THE CLOUD IS FUELING THE TECH SECTOR’S PROFITS

The Tech Sector’s Profits

The tech industry continues to generate huge profits, and for good reason. Internet usage in its various forms keeps growing, leading to demand for tech-related products and services.

Over the years, various sectors within tech have driven revenue, and the latest is the cloud. Here is a look at how technology companies are harnessing the cloud to generate billions of dollars in revenue, as well as which companies may be left behind.

Why the Cloud, and Why Now?

Huge profits are nothing new for the tech industry. In the 1990s, the internet rolled out to the mainstream, causing PC sales to skyrocket and the dot.com boom – and subsequent bust. Later, internet advertising began generating revenue.

While other sectors still make plenty of cash, the cloud is the latest driver, and it has mobile technology to thank.

These days, 68 percent of U.S. adults own a smartphone and 45 percent own a tablet. For many, mobile devices have become the go-to device for web browsing and other online activities.

However, mobile devices such as smartphones and tablets don’t have the memory PCs do. That means much of the data and information consumed via mobile devices is stored on the cloud.

Take music, for instance. Ten or 15 years ago, you likely had all of your music stored directly on your computer and/or iPod. Today, more and more music lovers rely on streaming services such as Spotify or Google Play to host and manage their music collections, driven by the cloud.

The Proof Is in the Profits

Look no further than the recent round of earnings reports to see the influence the cloud has on the tech industry.

During the second quarter of the year, Amazon’s cloud unit reported nearly $3 billion in revenue, a 60 percent increase.

Google and Microsoft are also huge players in the cloud space. The segment of Google’s business that includes its cloud services rose 30 percent to $2.2 billion in the second quarter, while Microsoft expects its cloud-computing businesses to generate $20 billion in annual revenue by 2018.

Further, because the mobile internet largely depends on it, the cloud generates plenty of indirect revenue as well.

Take mobile marketing, which mainly serves ads to users via cloud services. Facebook is expected to generate more than $23 billion in global ad revenue this year, and in the second quarter, 84 percent of its ad sales were mobile.  That’s just one company.

Not All Companies Benefit

One sector that has taken a hit with the rise of cloud computing is the PC market. With smartphones and the cloud now the main focal points of the tech sector, companies that depend on PC technology for their revenue have suffered.

For example, PC chip manufacturer Intel saw profit decrease 51 percent in the second quarter, as the company restructures to focus less on PCs. Intel should be back, however – it hopes to use its technology to become a company that helps run the cloud, which needs a massive amount of servers to operate.

The Cloud’s Drawbacks

Cloud computing is on a roll, but it’s not without its faults. The top concern among business and IT professionals with migrating its digital setups to the cloud is security. In fact, in a recent survey, 67 percent said security would slow down migration, while 55 percent believe there will be more data breaches or other security issues.

That said, businesses of all sizes are using the cloud for their IT infrastructures, and there are still years of growth to come. When large and influential tech companies like Google and Microsoft say they’re going to invest and innovate in cloud computing, it’s a safe bet the dollars will continue to flow.

By Kayla Matthews

THE AGE OF DATA: THE ERA OF HOMO DIGITUS

THE AGE OF DATA: THE ERA OF HOMO DIGITUS

The Age of Data

In our digital era data deluge – soaring amounts of data, is an overriding feature. That’s why it’s fitting to focus on the concept of Homo Digitus, which I first learned about about in“The creative destruction of medicine: How the digital revolution will create better health care,” by Eric Topol, and more recently highlighted as a Gigaom conference theme.  In Topol’s vision there is a new human species, Homo digitus that benefits from the data deluge brought about by the convergence of the digital and physical world.  They track sleep quality with brain-wave headbands, monitor vital signs with wrist transceivers and use cell phones for self-diagnosis amongst other things, realizing the opportunity for a much more evolved life.

Data is the New Food

Each evolution of the human species delivers on the promise of a smarter human far more capable than the species that preceded it.  In earlier species humankind looked for new ways to improve hunting and gathering of food and in some parts of the world, such was their mastery that they even created an oversupply of certain foods. Homo Digitus sees data as the new food and you’d be challenged to find any facet of life that has not been revolutionized by data deluge – there are a great many varying estimates, on how much data is created every year but everywhere you look volumes of data are soaring.

Mostly, it’s been for the better good of humankind.  With new data points we’ve experienced great transformation in the quality of services, business process and everyday living.  We’ve come to have a great reliance on the benefits that data deluge brings.  If you consider how often an individual might use map services to estimate a commute, or an app to compare shopping prices, and then for business the productivity and economic gains from using data points to estimate customer preferences, improve customer service and speed business delivery times.

Data Exploitation

Conversely, data is also exploited and misused in ways that leaves humankind fragile and that puts businesses at great risk.  Data breaches, privacy infringements, identity and data theft, and unauthorized data access and changes abound.   Every day we read of some new exploit, more egregious than the previous where criminals have found a new way to extract data and then profit from the sale of that data.

There are also businesses who have started to use data from individuals in a way that is not always very transparent. That’s stating it in very simplistic terms.  However, as great a risk might be posed to businesses from well-intentioned individuals, who might accidentally misuse or overshare data.  It’s only natural considering that for many individuals digitization occurred midway during their lifespan and dealing with the data deluge is not yet a completely natural phenomenon.  Also, our lives are increasingly fast paced, workplaces are more pressurized and the convergence between home and work narrower, that workers are prone to accidentally misusing data.  For example, it’s very easy to accidentally drag and drop a file into an email and send as an attachment.

Controlling the Data Deluge to Maximize on Homo Digitus

What’s needed is a way that allows Homo Digitus to benefit from the positive effects of data deluge but with the safety net that data flows are being directed to only those authorized to have access.  In an enterprise being able to proactively determine data flows and then implement additional safeguards based on a comprehensive set attributes ranging from geolocation, network, device down to multiple facets of identity will be critical, given the sophistication of data exploitation.  Information securitytools have traditionally been associated with impeding progress.  Newer solutions need to be easy to implement and policy attributes stated in a way which are business-consumable.   Homo Digitus is still in the process of being shaped.  Now is the time to ensure that data deluge does not become the destroyer of this species and remains the positive enabler.

By Evelyn de Souza

Lavabit, Edward Snowden and the Legal Battle For Privacy

Lavabit, Edward Snowden and the Legal Battle For Privacy

The Legal Battle For Privacy

In early June 2013, Edward Snowden made headlines around the world when he leaked information about the National Security Agency (NSA) collecting the phone records of tens of millions of Americans.

It was a dramatic story. Snowden flew to Hong Kong and then Russia to avoid deportation to the US, where the government had charged him with violations of the Espionage Act. Journalists boarded a flight from Moscow to Havana on the speculation Snowden would be onboard. Some called him a hero; others branded him a traitor and a villain.

Meanwhile, on June 28, 2013, FBI agents showed up at the door of Ladar Levison. Levison owned an email service called Lavabit, and the agents had a pen register order requiring him to hand over the metadata for the email activity of a particular customer’s account. However, Levison argued that to do this, he’d have to reprogram the entire encryption system that protected his users’ privacy.

The court sealed the case, so the first the public heard of it was when Levison ended his email service, stating on Lavabit’s website: “I have been forced to make a difficult decision: to become complicit in crimes against the American people or walk away from nearly ten years of hard work by shutting down Lavabit. After significant soul-searching, I have decided to suspend operations.”

The full text of his statement is still available on the Lavabit site.

Only recently did the court lift Levison’s gag order, at which point he could confirm what everyone had guessed: the FBI had been after Edward Snowden’s communications made through Lavabit.

Every American email service provider has a clause in its privacy and non-disclosure policies that indicates it may disclose information as necessary to comply with law. Some promise they will inform customers if or when authorities request that information.

Yet, as in the case of Lavabit and Snowden, a gag order often accompanies the request, making it illegal to tell the customer the government has requested access to the data. In these cases, the law wins, and the contract with the customer loses.

data-economy

(Image Source: Shutterstock)

So, what do you do when presented with an FBI warrant for private data, which you believe to be unethical and even unconstitutional?

Email Providers Face a Serious Dilemma

There are two options:

1. You can fight these orders in court. However, smaller email service providers do not have the money on hand to fund an expensive legal battle and to pay “contempt of court” fees for non-compliance during the case. This lack of resources puts these companies at a serious disadvantage in their ability to push back. They have to give in.

2. You can give in and follow the letter of the request, but in a way that’s inconvenient for law enforcement. This buys time and can limit the scope of what the officers or agents can access. However, depending on the actions taken, it can also seriously hinder the email provider’s business.

For Lavabit, when law enforcement wanted Levinson to hand over an encryption key that would have not only exposed Snowden but also his other customers, he decided to close shop. He did not have the resources to fight the government in court and could not guarantee the privacy and security of his users’ email.

The Privacy Predicament

It is egregious that the government’s requests in pursuit of Snowden were so broad as to impinge on the privacy of 410,000 other unrelated users of Lavabit’s service. This is blatantly unconstitutional. It would be as if the police received a warrant to wiretap one person’s phone line and then listened to all calls in the city that included that phone line. Though it may not be technically possible to narrow the scope down to the communications of a specific individual, this does not give the government the right to infringe on the privacy of everyone who happens to have a phone.

This affair with Lavabit and Snowden preceded the recent iPhone decryption issue, when the FBI tried to force Apple to put in a backdoor in iOS software, post facto, so it could decrypt an iPhone belonging to Syed Farook, responsible for the San Bernardino shootings in December 2015.

DataLock-cloudtweaks-comic-small

Apple pushed back in legal proceedings. The FBI dropped the case when it found a third-party to unlock the iPhone.

Although that legal battle ended, another fight has begun. The government wants cellphone providers to build in legitimate “second front doors” to encrypted devices, so that it can access on demand with a court order.

This will jeopardize the privacy of average American citizens without making it significantly easier to catch the bad guys, who will inevitably get their unbreakable encryption elsewhere. Hundreds of companies outside the US offer secure encryption technology. These companies make it easy for people to get encryption outside the reach of American law.

If the fight for second front doors wasn’t enough, discouraging developments have worked their way through the courts, too. In June, a federal district court in Virginia ruled the federal government does not need a warrant to hack into an individual’s computer. Given the Fourth Amendment bars unlawful searches and seizures, it’s unlikely this ruling will hold up in appeal. Nonetheless, it speaks volumes for how the courts and governments view privacy and security.

The Fight Continues

It’s likely that many more court battles lie ahead as organizations and individuals go head-to-head with the government to argue their right to privacy.

Enter the Lavabit Legal Defense Foundation (known as LavaLegal for short). Lavabit’s founder Ladar Levison launched the nonprofit to help service providers avoid complying with unconstitutional requests, such backdoors and handing over encryption keys. The nonprofit will operate on donations.

If LavaLegal receives enough funding, it can help small companies continue operating as usual while pushing back on perceived unconstitutional requests, until the courts can make decisions in their cases. For small businesses, this could be a lifeline that lets them continue operating while paying hefty legal fees.

By Erik Kangas

CloudTweaks Comics
5 Reasons Why Your Startup Will Grow Faster In The Cloud

5 Reasons Why Your Startup Will Grow Faster In The Cloud

Cloud Startup Fast-tracking Start-ups face many challenges, the biggest of which is usually managing growth. A start-up that does not grow is at constant risk of failure, whereas a new business that grows faster than expected may be hindered by operational constraints, such as a lack of staff, workspace and networks. It is an unfortunate…

Cloud Infographic – Big Data Predictions By 2023

Cloud Infographic – Big Data Predictions By 2023

Big Data Predictions By 2023 Everything we do online from social networking to e-commerce purchases, chatting, and even simple browsing yields tons of data that certain organizations collect and poll together with other partner organizations. The results are massive volumes of data, hence the name “Big Data”. This includes personal and behavioral profiles that are stored, managed, and…

Big Data – Top Critical Technology Trend For The Next Five Years

Big Data – Top Critical Technology Trend For The Next Five Years

Big Data Future Today’s organizations should become more collaborative, virtual, adaptive, and agile in order to be successful in complex business world. They should be able to respond to changes and market needs. Many organizations found that the valuable data they possess and how they use it can make them different than others. In fact,…

Cloud Computing Price War Rages On

Cloud Computing Price War Rages On

Cloud Computing Price War There’s little question that the business world is a competitive place, but probably no area in business truly defines cutthroat quite like cloud computing. At the moment, we are witnessing a heated price war pitting some of the top cloud providers against each other, all in a big way to attract…

The CloudTweaks Archive - Posted by
Choosing IaaS or a Cloud-Enabled Managed Hosting Provider?

Choosing IaaS or a Cloud-Enabled Managed Hosting Provider?

There is a Difference – So Stop Comparing We are all familiar with the old saying “That’s like comparing apples to oranges” and though we learned this lesson during our early years we somehow seem to discount this idiom when discussing the Cloud. Specifically, IT buyers often feel justified when comparing the cost of a…

Utilizing Digital Marketing Techniques Via The Cloud

Utilizing Digital Marketing Techniques Via The Cloud

Digital Marketing Trends In the past, trends in the exceptionally fast-paced digital marketing arena have been quickly adopted or abandoned, keeping marketers and consumers on their toes. 2016 promises a similarly expeditious temperament, with a few new digital marketing offerings taking center stage. According to Gartner’s recent research into Digital Marketing Hubs, brands plan to…

Business Analytics Vs Data Science

Business Analytics Vs Data Science

Big Data Continues To Grow Big Data continues to be a much discussed topic of interest and for good reason.  According to a recent report from International Data Corporation (IDC), “worldwide revenues for big data and business analytics will grow from nearly $122 billion in 2015 to more than $187 billion in 2019, an increase…

12 Promising Business Intelligence (BI) Services For Your Company

12 Promising Business Intelligence (BI) Services For Your Company

12 Promising Business Intelligence (BI) Services Business Intelligence (BI) services have recently seen an explosion of innovation and choices for business owners and entrepreneurs. So many choices, in fact, that many companies aren’t sure which business intelligence company to use. To help offer you a solution, we’ve compiled a list of 12 Business Intelligence companies…

Cloud Infographic: The Explosive Growth Of The Cloud

Cloud Infographic: The Explosive Growth Of The Cloud

The Explosive Growth Of The Cloud We’ve been covering cloud computing extensively over the past number of years on CloudTweaks and have truly enjoyed watching the adoption and growth of it. Many novices are still trying to wrap their mind around what the cloud it is and what it does, while others such as thought…

10 Trending US Cities For Tech Jobs And Startups

10 Trending US Cities For Tech Jobs And Startups

10 Trending US Cities For Tech Jobs And Startups Traditionally actors headed for Hollywood while techies made a beeline for Silicon Valley. But times are changing, and with technological job opportunities expanding (Infographic), new hotspots are emerging that offer fantastic opportunities for tech jobs and startup companies in the industry. ZipRecruiter, an online recruitment and job…

The Rise Of BI Data And How To Use It Effectively

The Rise Of BI Data And How To Use It Effectively

The Rise of BI Data Every few years, a new concept or technological development is introduced that drastically improves the business world as a whole. In 1983, the first commercially handheld mobile phone debuted and provided workers with an unprecedented amount of availability, leading to more productivity and profits. More recently, the Cloud has taken…

3 Keys To Keeping Your Online Data Accessible

3 Keys To Keeping Your Online Data Accessible

Online Data Data storage is often a real headache for businesses. Additionally, the shift to the cloud in response to storage challenges has caused security teams to struggle to reorient, leaving 49 percent of organizations doubting their experts’ ability to adapt. Even so, decision makers should not put off moving from old legacy systems to…

Despite Record Breaches, Secure Third Party Access Still Not An IT Priority

Despite Record Breaches, Secure Third Party Access Still Not An IT Priority

Secure Third Party Access Still Not An IT Priority Research has revealed that third parties cause 63 percent of all data breaches. From HVAC contractors, to IT consultants, to supply chain analysts and beyond, the threats posed by third parties are real and growing. Deloitte, in its Global Survey 2016 of third party risk, reported…

Beacons Flopped, But They’re About to Flourish in the Future

Beacons Flopped, But They’re About to Flourish in the Future

Cloud Beacons Flying High When Apple debuted cloud beacons in 2013, analysts predicted 250 million devices capable of serving as iBeacons would be found in the wild within weeks. A few months later, estimates put the figure at just 64,000, with 15 percent confined to Apple stores. Beacons didn’t proliferate as expected, but a few…

Data Breaches: Incident Response Planning – Part 1

Data Breaches: Incident Response Planning – Part 1

Incident Response Planning – Part 1 The topic of cybersecurity has become part of the boardroom agendas in the last couple of years, and not surprisingly — these days, it’s almost impossible to read news headlines without noticing yet another story about a data breach. As cybersecurity shifts from being a strictly IT issue to…

Cloud-Based Services vs. On-Premises: It’s About More Than Just Dollars

Cloud-Based Services vs. On-Premises: It’s About More Than Just Dollars

Cloud-Based Services vs. On-Premises The surface costs might give you pause, but the cost of diminishing your differentiators is far greater. Will a shift to the cloud save you money? Potential savings are historically the main business driver cited when companies move to the cloud, but it shouldn’t be viewed as a cost-saving exercise. There…

Three Tips To Simplify Governance, Risk and Compliance

Three Tips To Simplify Governance, Risk and Compliance

Governance, Risk and Compliance Businesses are under pressure to deliver against a backdrop of evolving regulations and security threats. In the face of such challenges they strive to perform better, be leaner, cut costs and be more efficient. Effective governance, risk and compliance (GRC) can help preserve the business’ corporate integrity and protect the brand,…

The Fully Aware, Hybrid-Cloud Approach

The Fully Aware, Hybrid-Cloud Approach

Hybrid-Cloud Approach For over 20 years, organizations have been attempting to secure their networks and protect their data. However, have any of their efforts really improved security? Today we hear journalists and industry experts talk about the erosion of the perimeter. Some say it’s squishy, others say it’s spongy, and yet another claims it crunchy.…