Category Archives: Security

Tweaking the Cloud for Optimum Results

Tweaking the Cloud for Optimum Results

Tweaking the Cloud

For both business and personal use, the cloud is one of today’s dominant technologies, though just a few years ago many of us would have been dismissive of it, if not completely unaware. Most of us use a variety of cloud storage applications such as Google Docs, Dropbox, and OneDrive that have very quickly and inconspicuously altered our lives; remote working is no longer a copy-and-carry bother, accessing personal documents can be done from any location, uploading files takes a moment and doesn’t require any additional hardware. But the benefits to our personal lives are just a drop in the ocean of advantages the cloud provides businesses; is it any wonder that CompTIA reports the public cloud service market will reach $204 billion in global revenue by the end of this year? One particular advantage of the cloud is that it’s available to absolutely everyone and as such small- and medium-sized organizations have access to the same tools that formerly have been exclusive to large corporations with their hefty budgets and extensive infrastructures.

Tweaking the Cloud

Exploiting the Cloud Optimally

According to CompTIA’s Trends in Cloud Computing over 90% of surveyed companies state they use one or another form of cloud computing; regrettably, most of them are still using it for non-critical functions instead of full production stage. Says Seth Robinson, senior director, technology analysis, CompTIA. “The reality is that the cloud market is undergoing refinement as users gain greater appreciation and understanding of what cloud computing entails.”

seth-robinson-gFor best results, organizations are using the cloud to reduce both hardware and support needs, thus reducing energy consumption as well as shrinking CapEx costs. Switching to the cloud can take the strain off in-house infrastructure maintenance and development, particularly in smaller companies that don’t have the funds for a department dedicated solely to IT upkeep. Furthermore, as the cloud is reducing a company’s private infrastructure, it is, in fact, expanding its network and increasing accessibility, strengthening data efficiency and utilization. And let’s not forget the cost efficiencies of cloud computing; small and medium businesses optimally employing the cloud are reporting cost efficiencies of up to 40 times that of those running their own IT systems.

Of course, many companies using cloud solutions are still in the early stages. Says Robinson, “… A significant number of businesses are still learning about cloud concepts and performing experiments, pilots, and initial migrations.” If you’re not at least tweaking your organization’s cloud usage for prime performance, you’re way behind the curve.

Pitfalls to Avoid

Don’t let cloud concerns dampen your enthusiasm, but optimal cloud usage means avoiding some of the pitfalls and maintaining control. Currently, security and data privacy concerns are high on the list of public cloud fears along with a significant number of organizations reporting loss of visibility and control after cloud adoption. Notably, the highest difficulty reported is transition with organizations struggling to shift critical apps to the cloud.

These concerns, however, shouldn’t halt the progression of cloud adoption; according to Concept Technology Inc., following a few essential steps helps overcome such worries:

  • Select trustworthy and competent service providers and vendors. Ensure data centers are secure, crucial SLAs are in place, and provider services are high quality.
  • Plan your cloud. Just because the cloud can improve business operations, doesn’t mean it will without a good strategy. Ensure that you’re implementing cloud tools in the right areas to improve productivity and benefit employees.
  • Test control, security, and reliability. It’s always easier to simply believe that the services you’re paying for are complete; don’t foolishly bury your head in the sand but instead, put in the effort to ensure access is adequately controlled, data security policies are in place, and system violations can be detected and appropriately countered.
  • An always-up infrastructure is key to a thriving business. Ensure that your providers offer the necessary support to handle maintenance and failures without downtime.
  • Plan for recovery and backup. Cloud backup options make it easier than ever to prepare for disaster; ensure backup of on-site facilities is covered but be sure also to check that service providers have suitable backup facilities protecting your off-site data and services.
  • Finally, it’s important to have an out. Cloud services are advancing so rapidly that it would be a mistake to lock yourself into a contract with a provider that isn’t keeping up with the industry. Today most vendors offer high-value services without restrictive contracts.

Any further tips or insights to offer around optimum cloud tweaks? Be sure to let us know.

By Jennifer Klostermann

Last Week: Google, Gooligan, and Amazon Glue

Last Week: Google, Gooligan, and Amazon Glue

Google Security 

It has been revealed that over one million Google accounts have been hacked by an attack campaign called “Gooligan” – breaching 13,000 new devices every day. The malware attack was uncovered by a security group who immediately contacted the Google Security team and continue to work closely with Google to combat the malware.

Gooligan could potentially affect any devices running on Android 4 or 5 (that’s Jelly Bean, KitKat, or Lollipop), which accounts for over 74% of in-market devices.

Google’s director of Android security, Adrian Ludwig, released a statement on Thursday, thanking the group for their research and reassuring customers that they are working to fix the problem:

As part of our ongoing efforts to protect users from the Ghost Push family of malware, we’ve taken numerous steps to protect our users and improve the security of the Android ecosystem overall…”

The malware itself exploited known weaknesses in older versions of the Android OS, it used this weakness to take control of devices and install apps and software without permission – using innocuous and harmless sounding names such as StopWatch or Wi-Fi Enhancer. There have also been cases of hackers using the victim’s username and password to post false reviews of the apps. The malware can access data from Google Play, Gmail, Google Photos, Google Docs, G Suite, Google Drive, and more – in a similar fashion to the Android malware campaign found by researchers in the SnapPea app last year.

Google have removed associated apps from Google Play, disrupted the servers used by the attackers, and taken steps to secure Google accounts that may have been compromised by the malware.

Amazon Glue

On Thursday at Re:Invent, AWS’s Las Vegas Conference, Amazon announced Amazon Glue, a fully managed ETL (Extract, Transform, Load) service that eases the process of moving data between your data stores. The program is designed to help you through the process of compiling and preparing your data for analytics, and loading it from source to destination with the utmost ease. CTO, Werner Vogels, said during the announcement that they want to turn the accepted notion, that it takes 80% of your time preparing data and only 20% analyzing it, on its head.

AWS wrote in their blog post announcement that:

AWS Glue simplifies and automates the difficult and time consuming data discovery, conversion, mapping, and job scheduling tasks,”

AWS Glue is integrated with Amazon S3Amazon RDS, and Amazon Redshift, and can be connected to any data store that is JDBC (Java Database Connectivity)-compliant. AWS Glue will trawl through your data sources, identify data formats, and then offer suggested schemas and transformations, to save you the time spent hand-coding data flows. These transformations can be edited using tools like Python, Spark and Git, and shared with other AWS Glue users.

Google App Builder

On Thursday Google released their brand new App Maker, their new, super-fast way for businesses to build apps- to “go from idea to app in days, not months”. App Maker features built-in templates, a drag-and-drop UI editor, point-and-click data modelling, support for open standards (HTML, CSS, Javascript etc), and built in integration with G Suite and Google services like Maps, Contacts, and Groups. All of which work together to help developers move through the process as fast as possible.

Google have been using the buzzwordserverless” to promote the product, given the cloud-based infrastructure and drag-and-drop development. Despite the simplification of the developmental process, there is room for users who want to delve deeper into the coding thanks to the built-in script editor – one that purportedly function like a fully featured IDE (Integrated Development Environment). App Maker is available via Google’s Early Adopter Program for G Suite Business.

By Josh Hamilton

Expect Open Source Security to Become a Major Focus in 2017

Expect Open Source Security to Become a Major Focus in 2017

Open Source Security

There is no doubt about it: We are living in the middle of the Digital Age.

But we didn’t get here alone. Thousands of people from all over the world have come together to develop programs, apps and software to get us where we are now. In order to maintain the level of technology that we have become accustomed to, we need the help of coders and programmers from all over to help solve problems and make changes.

When the coding community is invited to manipulate the source code of a program, it is known as open source. But what does open source really mean for your software — and your security?

Open Source vs. Closed Source

Open Source Security

(Infographic Source: Kinvey)

Behind each program you are running, there is a set of codes that allow your computers, cellphones or tablets to read. For large companies, this code is heavily protected. When a company does not allow customers or users to manipulate the code of the program, this is known as closed source.

A company may choose to keep their code secret in an effort to protect their ideas or property. They may fear a competitor stealing their code to make a similar program, or they may not want to lose control of how the program or app runs. But in keeping the code a secret, customers and users are unable to understand how it works or make changes for themselves.

On the other hand, an open source code is available for users, coders and programmers to manipulate as they see fit. For example, Vid.ly is an open source video platform and an excellent example of the benefits one offers. Another popular example is GitHub, an open source community where developers and coding fanatics can follow or create projects.

Using an open source code rather than a closed source code gives users the opportunity to solve problems for themselves or recruit coders to make necessary changes for them. Open source code also gives users the opportunity to see and understand how the program works.

But open source codes can also bring up questions of security.

Why Is Open Source Security Important?

When code is open source, anyone can make changes or view the code. There are not restrictions on who can access that information, make adjustments or pull details.

Unfortunately, this means that hackers also have access to open source codes. Does this mean that open source is less safe than closed source? Not necessarily.

Having a source code open to the public means that many individuals can look for potential areas where hackers may attack. When multiple professionals can make changes when they are needed, codes are updated more frequently. Users can also browse through the code to determine its safety and security, something they are unable to do with closed code.

As we move into 2017, open source codes are only going to become more popular. This also means that security for open source codes will continue to grow.

What Open Source Security May Look Like in 2017

While open source code is no stranger to the world of database management systems, 2017 will be the year that it truly takes off. As more companies adopt open source codes as the standard, there will also be a new focus on how to keep that code safe from hackers.

As the demand for open source code grows in 2017, so will the demand for open source security. With more companies using open source code to run their programs, it can be expected that 2017 will see an increase of attacks on open source codes. To combat this and protect users, open source security will increase as well.

With the right security measures, there’s no reason to believe that open source code is less safe than closed source. By allowing teams of coders from all over the world to find potential problems and recommend solutions, open source code may actually be safer than closed source. In 2017, we will continue to see that level of security increase as more companies focus on protecting their open source codes.

By Kayla Matthews

STC Group Is Leading A Biometric Authentication Revolution

STC Group Is Leading A Biometric Authentication Revolution

Biometric Authentication

The explosion of online services that involve personal data, classified information, and the free flow of wealth around the globe has brought with it the need for innovative top-notch security systems. Sophisticated online fraudsters with access to massive resources are able to collect passwords and data, which enable them to cause massive disruptions to the way we do business today. Biometric data is increasingly viewed as the most secure method of protecting data and ensuring that the people who we are interacting with online are actually who they say they are.

Market Growth

There is no doubt that the market for speech recognition software is growing rapidly. The sector is projected to be worth just under US$10 billion by 2022, with a compound annual growth rate of 15.87%, according to market research firm, Markets and Markets. The firm cites many factors as being behind the growth, including “the growing instances of fraud in several end-user industry segments such as enterprise, healthcare, and so on and the adoption of mobile banking by several national and international banks and e-commerce retailers.

social-data

While the primary market focus at the moment is on security applications of the technology, there is a widespread expectation that speech and voice recognition software will be seamlessly integrated into the emerging Internet of Things, to facilitate interactions with appliances such as refrigerators, thermostats and vehicles.

Major companies such as Google, Apple, and Microsoft are leveraging their large customer base and neural networks to process, understand, and take decisive actions based on real-time voice inputs from the user...”

Speech recognition’s share of the market is increasing due to growing popularity of using on voice recognition instead of a text-based interface. One of the largest drivers of growth, according to the research, is the fact that mobile devices are becoming increasingly powerful and manufacturers are actively integrating speech and voice recognition technologies into them.

Fraud

One of the most intractable problems facing the industries in which the data safety comes as a top priority is the issue of fraud. Banking industry is a prime example of one. For instance, when a bank receives thousands of voice calls every day, it becomes a prime target for global fraudsters to try and access someone else’s account via the telephone. The standard security processes include asking for full Name, ID number, date of birth etc. However, that type of data can easily be hacked, stolen and used. In much the same way, the answering of secret questions is a widespread securitization method, but that too can be discovered and exploited by sophisticated algorithms.

Biometric data on the other hand is almost fool-proof. From fingerprints to eye scan to the growing field of voice recognition, biometrics are the next wave of security.

Biometric Authentication

A biometric system implemented in a bank speeds up verification process, thereby improving the quality of interaction with clients and provides world-class security in a seamless fashion. During any conversation, whether incoming or outgoing, the system starts the user check in the background as the call begins, and collects a sample of the voice data. Then it matches that data against a reference sample which it has in a database. This whole process takes only a few seconds before the results appear on the operator’s monitor, giving them the all clear to carry on with the process, or raising a red flag, which requires further investigation.

It is important to note that biometric systems mainly do not rely on language in any way, so it is still reliable if a client speaks from any device and in any language.

Ultimately, there is a very strong case for biometric software to replace the use of passwords and more traditional security methods. As the number of cases of malware or Trojans use increases, victims are targeted in ways that improve conversion rates to monetize corrupted accounts. Biometrics, and in particular voice and speech recognition, are far more secure than traditional passwords can ever be and they provide easier and simpler access for most users who struggle to remember multiple passwords over time.

The Banking Environment

Belorussian branch of Austrian group Raiffeisen represents one of the largest commercial banks in Belorussia and is one of the leading local financial institutions in terms of efficiency and profitability. Data analysis revealed that the number of voice calls the bank was receiving that required active identification was increasing every year. They took the decision to implement voice identification software that would dramatically cut the time needed to perform identification, provide excellent reliability and accuracy, and take place in the background so that clients were not even aware that they were being verified unless there was a problem.

money-big-data

Raiffeissen turned to the technology company STC to develop the software.

The CEO of the STC Group, Dmitry Dyrmovsky, explains: “A multimodal biometric authentication platform can be easily used for providing safe and secure user authentication, and at the same time decreasing the cost of remote services.”

STC’s platform called VoiceKey is at the heart of several solutions offered by the company. One of its key features is the ‘’liveness detection” technology, which makes it impossible to use photos or recordings to fake authentication. STC has also developed a programming interface for user application so that it can be integrated into various software applications for use in banking, hospitals, call centers as well as mobile applications. Anywhere that identification is key to an online process, VoiceKey can be adapted and integrated seamlessly.

One of the latest innovations developed by STC is OnePass – a multimodal biometric authentication solution based on both face and voice identification. As the service is cloud-based, it can easily be integrated into any mobile application, web service or corporate information system. High level of security, reliability and simplicity of verification process can help attract new customers, decrease the demand for offline customer services (therefore, costs), increase customer loyalty and satisfaction.

Company

STC Group is a global provider of innovative systems in high-quality recording, audio and video processing and analysis, speech synthesis and recognition and real-time, high-accuracy voice and facial biometrics solutions.

STC Group is extremely well positioned to ride this next wave of security technology, with a global footprint and solid experience that will see them at the forefront of biometrics, in both security and the internet of things, in the foreseeable future.

By Jeremy Daniel

McAfee Labs Security Threat Predictions: Dronejackings and Hacktivism

McAfee Labs Security Threat Predictions: Dronejackings and Hacktivism

Security Threats Predictions

The McAfee Labs 2017 Security Threats Predictions Report has just been released by Intel Security, taking a look at predictions for 2017 along with the future of cloud and Internet of Things (IoT) security. Recognizing 14 threat trends to be wary of in 2017 along with the six most challenging obstacles confronting the cyber security industry, Intel Security further delves into cloud and IoT threats discerned from the consideration of 31 Intel Security thought leader opinions. Says Vincent Weafer, vice president of Intel Security’s McAfee Labs:

vincent-bwTo change the rules of the game between attackers and defenders, we need to neutralize our adversaries’ greatest advantages. As a new defensive technique is developed, its effectiveness increases until attackers are compelled to develop countermeasures to evade it. To overcome the designs of our adversaries, we need to go beyond understanding the threat landscape to changing the defender-attacker dynamics in six key areas: information asymmetry, making attacks more expensive, improving visibility, better identifying exploitation of legitimacy, improving protection for decentralized data, and detecting and protecting in agentless environments.”

Identifying Six Critical Industry Challenges

Though always striving to stay ahead of adversaries and identify vulnerabilities, cyber security experts are faced with new challenges daily with both cloud and IoT adding to the load. In a never-ending cycle, cyber-attacks and defenses advance consistently; enhancements to security are implemented and attackers test circumvention tactics resulting in the need for countermeasures to heighten the security protocol. Improving the lifecycle of threat defense effectiveness is essential. McAfee Labs identifies six significant security challenges and provides examples of some industry action taken to address them:

  • Reduce Asymmetry of Information

Because attackers are able to test their latest moves freely, it’s far easier to gain information about defenses than about attacks. In order to improve security, it becomes vital to prevent attackers performing such tests. Sharing information about attacks is one of the first and most critical steps in this process.

  • Make Attacks More Expensive and Less Profitable

Perhaps an obvious solution, reducing the profit of attacks is one of the quickest methods of diminishing the motivation behind them. Reducing success rates of attacks and raising capture rates helps change the economics of attacks.

  • Improve Visibility

Security visibility is a serious challenge in most organizations with cloud, IoT and bring-your-own-device programs further reducing vital transparency. Informed risk management can help bridge this gap.

  • Identify Exploitation of Legitimacy

Typically stolen credentials are used to target systems and exploit data making traditional methods of detecting illicit activity ineffective. Currently, behavioral analytics is the only resistance to this complication, a tool still in its infancy.

  • Protect Decentralized Data

With data moving to the cloud, held on personal devices, and shared with partners, vulnerabilities to accidental leaks as well as targeted attacks increase. Encryption is one solution, but it’s important to be able to protect data along the chain of use.

  • Detect and Protect without Agents

With IoT devices allowing for little agent-based security, it’s essential we find solutions such as hardware-level security, memory protection, and trusted execution environments.

Predictions for Internet of Things & Cloud Security

Security Threats Predictions

With predictions around IoT and cloud security for the next two to four years covering economic, policy, threat, and regional trends, McAfee Labs expects cloud service providers, device manufacturers, and security vendors to respond accordingly. As trust in the cloud increases, we’re likely to see more sensitive data and processes in this space, creating greater motivation for cloud attacks. However, McAfee Labs believes most businesses will keep core data in private data centers, not necessarily the smart move as public clouds are arguably more secure than private clouds. With regards to IoT, it’s noted that though many vulnerabilities exist, currently such attacks don’t offer much value. It’s likely that ransomware will be the primary threat though hacktivism is one of the biggest concerns. Unsurprisingly, it’s forecast that IoT will significantly reduce consumer privacy.

Along with more detailed and extensive coverage of Internet of Things and cloud security, the McAfee Labs 2017 Threats Predictions Report forecasts several threat assessments for 2017, including a likely decline in Windows vulnerability exploits, the use of ‘dronejackings’ for criminal purposes, hacktivism exposing privacy issues, and the growth of cyber espionage.

Download the full report for the thorough investigation of McAfee Lab’s findings.

By Jennifer Klostermann

Visual Data Analytics Helps To Illustrate The Big Picture

Visual Data Analytics Helps To Illustrate The Big Picture

Visual Data Analytics

We’re consistently hearing how valuable data is today, how important it is to the success of every organization, along with the stats of the exponentially-increasing amounts and sources of data now available. But what most find when actually trying to put this data to active use is a case of easier said than done. SAP BusinessObjects Lumira, however, makes it possible to pull data from a variety of sources, examine it all in one user-friendly environment, and output reports quickly in engaging and visual ways – and perhaps most notably, without a degree in data science. With direct connectivity to SAP BusinessObjects or SAP Crystal Server software semantic layers as well as various personal data sources, SAP BusinessObjects Lumira combines disparate data into a single view for maximum efficacy; and once connected to the SAP HANA platform, pulling answers from near-limitless data becomes virtually instantaneous.

Accessible & User-Friendly

Visual Data Analytics

Ensuring users across the business have speedy access to insights, SAP BusinessObjects Lumira lowers the reliance on IT departments. With self-service delivery of insights, IT teams aren’t required to help with each and every question, and the data discovery functions available connect directly to the enterprise so that IT departments can focus on the delivery of information timeously while upholding good governance procedures.

Of particular note is SAP BusinessObjects Lumira’s straightforward platform that combines point-and-click manipulation with practical visualization tools. Data can be prepared and enhanced with geographic and time hierarchies, formatting and cleaning data is uncomplicated, and sophisticated formulas can be added without the need for any coding; and perhaps most remarkable, all transformations created are automatically applied to refreshed and new data. Once the data preparation is complete, SAP BusinessObjects Lumira makes sure valuable insights aren’t overlooked due to engaging visualizations built effortlessly through the drag-and-drop interface. Beautiful graphics and visualizations ensure data analytics express perceptions and trends through a range of available charts and graphs and provide the opportunity to see the big picture at a glance or drill down to details.

The Value of Visualization

Dan Roam, international bestselling author and visual-thinking leader, makes a strong case for business and data presentations relying on simple visuals; putting this tactic to good use ensures clarity, comprehension, and conversion. For centuries, language has relied on pictorial communication and though what we experience today is a far more complex form than ever before, charts, maps, schematics and graphics often provide the best way to understand complex data. Considering further that insights from Cisco’s 2015 Visual Networking Index state that 90% of all data transmitted today is visual, combining business data management with visualization (As seen with the example visual below) should be the obvious next step.

global-ip-data-visual

But making use of visualization isn’t just about consistency; though we don’t yet know the precise figures, it’s estimated that half to two-thirds of brain activity is dedicated to vision with the majority of brain power dedicated to visual processing and the combination of visual inputs with the inputs of other senses. And so, visualization isn’t just an easier way to communicate, it’s a stronger form of interaction better able to convey information.

For organizations working with data and data exchange, visualizations offer improved comprehension through story-telling modes and further ensure that the greatest part of brain functioning is focused on the pertinent data. SAP BusinessObjects Lumira doesn’t just make this possible; it actively promotes superior data management and performance for rapid insights and improved agility.

Sponsored spotlight series by SAP

By Jennifer Klostermann

Cloud Access Security Broker and the Cloud-based Business Role

Cloud Access Security Broker and the Cloud-based Business Role

Cloud Access Security Broker (CASB)

Cloud is the new address for businesses nowadays. The number of applications, hosted on the cloud, is rapidly increasing and that contributes in the streamlining of various business operations. Accounting applications, PBX, ERP, and CRM, etc. are some of the business applications that bring in more convenience and efficiency with the touch of the Cloud.

Cloud hosted applications can modernize the way businesses connect –be it employee connectivity or customer retention strategies. With the ability of cross-integrating different applications, cloud provides a more able and productive platform to deliver enhanced business solutions. On the other side, this ability arrives with some valuable business data, concerning to customers, employees, and several other parties. So, any lack of security on these nodes can make way for some dreadful consequences.

Cloud Access Security Broker

Businesses are willing to move to the cloud to enjoy smoother operations, but that should not come at the cost of security vulnerabilities. This need of security leads to the rise in demand for Cloud Access Security Broker (CASB) products.

CASB – Definition & Basic Importance

In simpler interpretation, CASB can be defined as dedicated security points deployed between cloud server and the user device. They together enable a highly secure and protected line of access for exchange of information for cloud applications by enforcing better authorization, encryption, loss-protection, vulnerability-detection, etc. CASB introduces innovative access, control, and monitoring solution for the enterprises to meet the rising business necessities, such as – BYOD, real-time collaboration, permission-restricted user access, etc.

Think of it as a third-party security broker hired to safeguard the application data during the transmission from premise to the cloud. Businesses strive to maintain data security at the user-end while cloud providers are burning candles at all ends to mitigate the security flaws. The gap between them remains susceptible. Implementing CASB will secure the gap between them and eventually, the overall cloud system will become secured.

The importance of CASB can be judged with the prediction of Gartner that states close to 85% of the large enterprises will have CASB product in action, by 2020. Currently, less than 5% of enterprises have these services in action. So, the coming years are all set to see a tremendous rise in the number of CASB implementation. This improved level of security will also allow the developers to deliver more productive applications on the cloud.

What CASB Can Do For Business Applications

Cloud security has grown by leaps and jumps in the recent years. But it may still have certain weaknesses and anyone with the proper knowledge and malicious intent can hack their way into the system and wreak havoc. A cloud-based business service, such as – Hosted PBX, can carry crucial details of your business like call logs, client contact details, call recording, etc. Such information cannot be compromised upon by the business. So, there is demand for more reliable security measure – CASB. CASB ceases the flaws that exist between the local device and the cloud server. Mitigating those errors, cloud can be even more reliable solutions for business, as well as the end-user.

Here is what CASB has to offer:

1. Application Governance

Applications governance refers to understanding and the controlling of permissions associated with the Cloud hosted applications. To help this cause, CASB enforces an enhanced credential mapping, encryption, device profiling, and policy classification. These actions help better application detailing and boosting the security points accordingly. It is very much like a personalized security setup for the application. Regardless if its a soft-phone, tax software, or any other Cloud hosted application, CASB will offer special security governance as per the need of application.

2. Access Monitoring

security watch

Better access monitoring ensures that every attempt made to access the application is detected and duly logged. By defining the access permissions on the basis of recent and usual log in activities of the users in an intense manner for different users (support agent, customer, manager, etc.), they are restricted to access only the permitted data and hence, shielding the key data from the different users. CASB utilizes various methods, such as- single sign-on, authentication, authorization, logging, etc. to monitor the accessed application.

3. Controlled Safekeeping

Different CASB products have various boosted security measures that help them detect and prevent any malware intrusions. To keep such attempts at bay, they are even able to offer them non-sensitive (worthless) data to steal away using the ‘tokenization technique’. So, attempts for the data intrusion can be mitigated without much damage.

Wrapping It Up

Cloud computing is considered one of the finest examples of technical advancements as it offers on-the-go solutions without any restrictions of the device platforms. Cloud dependent services, such as – application hosting, VoIP, etc. have eased the data control element for businesses and enhanced the productivity measures. The technology has advanced to offer high-on-quality and low-on-expense solutions. However, the challenges associated with data security has often restricted the Cloud from being a supremely accepted option for businesses. Implementation of CASB products promises a near-perfect security for the cloud setup. But the fingers are kept crossed for now as the service is yet to face the real usage testing.

By Kirti Khanna

Common Cloud Mistakes – And How To Avoid Them

Common Cloud Mistakes – And How To Avoid Them

Common Cloud Mistakes

One of the first lessons in order to avoid common cloud mistakes with anyone entering the tech field learns is that nothing is as simple as it appears to be at first glance. That lesson goes double for companies implementing a hybrid-cloud strategy. Yes, it is possible to achieve the “best of both worlds” ideal of public-cloud efficiency combined with private-cloud security and control. Just don’t expect to get it perfectly right on your first try. Take some tips from those who have been there, done that, and then done it again the right way.

The first mistake made by many cloud-computing neophytes is choosing the wrong cloud. No, the cloud isn’t this monolithic entity that you simply plug into like a power outlet. In a November 2016 article on TechTarget, Marc Staimer identifies six different kinds of public-cloud storage:

  • Block storage is local embedded disk or SAN storage best suited for high-performance applications.
  • File and NAS storage work best for apps requiring NFS or SMB protocols.
  • Three different types of object storage are available for active archiving, cool archiving, and cold archiving.
  • Tape storage, usually in the form of a linear tape file system, is also used for cold archiving.

Block storage provides the lowest latency and the highest IOPS and throughput, but it is also the most expensive form of cloud storage, priced as much as 30 times more than active or cool archival storage. At the other extreme, cold archive storage costs as little as one cent per gigabyte, but it can take hours for users to access the data, and some providers charge up to 12 times the storage cost to read more than a small amount of the archived data.

On the other side of the hybrid-cloud connection, it can be just as difficult to select the optimal form of on-premises storage:

  • A primary NAS or SAN storage system replicates snapshots or tiers of data to public-cloud storage based on the policy you determine.
  • A gateway or cloud integrated storage (CIS) works like NAS or SAN storage by caching data locally and moving the bulk to cloud storage based on policy; it leaves a stub that makes public-cloud data appear to be stored locally.
  • An on-premises object storage system offers the same de facto interface as public-cloud storage, or alternatively, it extends to the public interface, replicating data based on policy, similar to the way it is done in a NAS or SAN system.
  • The existing NAS or SAN storage setup can be augmented with archive or backup software that copies data to the public cloud based on the policy you set.

CIS systems are generally the most cost-effective option, but only if the correct amount of data is cached locally to avoid frequent calls to the cloud. Object storage can be much simpler to integrate with cloud services, so long as your apps don’t require a high level of performance. Object storage can also conflict with some subsets of Amazon Web Services Simple Storage Service (S3) interface. Likewise, recovering and restoring data from the cloud requires a physical or virtual media server in the public cloud itself, which is far from a given.

Expert consensus: Focus on goals, not cloud tech, and keep it simple

Cloud technologies change faster than the weather, which means it can be a mistake to become overly committed to a single platform or toolset. The first bit of advice offered by Forbes’ Dan Woods is to identify the cloud features that will improve your business and then become proficient in them rather than trying to become an expert on cloud technologies generally. No organization needs all the capabilities offered by AWS, Microsoft Azure, Google Cloud, and other vendors. Find the handful of specific cloud services that promise to deliver the biggest return for your business needs and focus on them initially.

common cloud mistakes

“Cloud platforms such as OpenStack can be difficult to deploy and manage, but 90 percent of the reasons cited for project failures are related to people and processes rather than to technology…” Source: Gartner, via the RackSpace blog

C-level executives are likely to rank cost savings at or near the top of the list of reasons why they’re interested in cloud computing. That is the second big common cloud mistake that companies make when formulating their cloud strategies, according to Woods: neglecting to value the cloud’s ability to help the organization achieve its goals. The role of IT is being transformed as IT functions become integrated with business departments, and IT itself becomes just as business-focused as the rest of the company.

This leads directly to the third common cloud mistake: “forklifting” your internal infrastructure onto a cloud platform with little or no effort to optimize your apps and other systems for the cloud’s best features: extensibility, efficiency, resiliency, and scalability. Initially, your big concern is getting your operations up and running on the cloud infrastructure, not doing so in a way that maximizes the cloud’s capabilities. Eventually, the only way the cloud will prove to be cost-effective is if you make the adjustments required to match your apps, databases, and other resources to the best features cloud services have to offer.

See cloud services as partners rather than vendors

IT is far from the only department affected by cloud computing. The nature of the relationship between the company and the service provider is changing fundamentally as well. According to TheCsuite’s Andrew Peddie, one of the top mistakes companies make when choosing a cloud service is treating it as a buyer/seller relationship. Any cloud project has a better chance of success if you see it as a partnership and collaboration with the cloud provider.

common cloud mistakes

“Cloud computing has had the greatest impact on the role of chief information officers, but all areas of the organization have been affected by cloud-driven changes…” Source: SpencerStuart

Peddie warns against underestimating the length of time required to complete cloud projects. To avoid unnecessary delays, evaluate only a handful of potential cloud partners rather than casting a wide net. Conduct interviews in person rather than over the phone. Have your decision-making process in place before you need it, and make sure your agreement includes long-term protection against future price increases.

When it comes to developing, managing, and protecting your company’s vital digital assets, there has never been a better time to embrace the changes presented by the cloud and its related technologies. The effort required for your organization to realize the benefits of cloud computing doesn’t have to be daunting, particularly if you learn from the lessons of those who have tangled with the cloud, and lived to tell the tale.

By Brian Wheeler

CloudTweaks Comics
5 Ways The Internet of Things Will Drive Cloud Growth

5 Ways The Internet of Things Will Drive Cloud Growth

5 Ways The Internet of Things Will Drive Cloud Growth The Internet of Things is the latest term to describe the interconnectivity of all our devices and home appliances. The goal of the internet of things is to create universal applications that are connected to all of the lights, TVs, door locks, air conditioning, and…

5 Considerations You Need To Review Before Investing In Data Analytics

5 Considerations You Need To Review Before Investing In Data Analytics

Review Before Investing In Data Analytics Big data, when handled properly, can lead to big change. Companies in a wide variety of industries are partnering with data analytics companies to increase operational efficiency and make evidence-based business decisions. From Kraft Foods using business intelligence (BI) to cut customer satisfaction analysis time in half, to a…

SaaS And The Cloud Are Still Going Strong

SaaS And The Cloud Are Still Going Strong

SaaS And The Cloud With the results of Cisco Global Could Index: 2013-2018 and Hosting and Cloud Study 2014, predictions for the future of cloud computing are notable. Forbes reported that spending on infrastructure-related services has increased as public cloud computing uptake spreads, and reflected on Gartner’s Public Cloud Services Forecast. The public cloud service…

Cloud Computing and Finland Green Technology

Cloud Computing and Finland Green Technology

Green Technology Finland Last week we touched upon how a project in Finland had blended two of the world’s most important industries, cloud computing and green technology, to produce a data centre that used nearby sea water to both cool their servers and heat local homes.  Despite such positive environmental projects, there is little doubt that…

The Questions of Privacy In The Internet of Things Revolution

The Questions of Privacy In The Internet of Things Revolution

Privacy in the Internet of Things Revolution The Internet of Things (IoT) has been promising a lot to consumers for a few years and now we’re really starting to see some of the big ideas come to fruition, which means an ever-growing conversation around data security and privacy. Big data comes with big responsibilities and…

Are Women Discriminated Against In The Tech Sector?

Are Women Discriminated Against In The Tech Sector?

Women Discriminated Against In Tech Sector It is no secret that the tech industry is considered sexist since most women are paid less than men; there are considerably fewer women in tech jobs; and generally men get promoted above women. Yet the irony is twofold. Firstly, there is an enormous demand for employees with skills…

Cloud Infographic – The Future (IoT)

Cloud Infographic – The Future (IoT)

The Future (IoT) By the year 2020, it is being predicted that 40 to 80 billion connected devices will be in use. The Internet of Things or IoT will transform your business and home in many truly unbelievable ways. The types of products and services that we can expect to see in the next decade…

Cloud Computing Offers Key Benefits For Small, Medium Businesses

Cloud Computing Offers Key Benefits For Small, Medium Businesses

Cloud Computing Benefits A growing number of small and medium businesses in the United States rely on as a means of deploying mission-critical software products. Prior to the advent of cloud-based products — software solutions delivered over the Internet – companies were often forced to invest in servers and other products to run software and…

Low Cost Cloud Computing Gives Rise To Startups

Low Cost Cloud Computing Gives Rise To Startups

Balancing The Playing Field For Startups According to a Goldman Sachs report, cloud infrastructure and platform spending could reach $43 billion by 2018, which is up $16 billion from last year, representing a growth of around 30% from 2013 said the analyst. This phenomenal growth is laying the foundation for a new breed of startup…

The Cloud Is Not Enough! Why Businesses Need Hybrid Solutions

The Cloud Is Not Enough! Why Businesses Need Hybrid Solutions

Why Businesses Need Hybrid Solutions Running a cloud server is no longer the novel trend it once was. Now, the cloud is a necessary data tier that allows employees to access vital company data and maintain productivity from anywhere in the world. But it isn’t a perfect system — security and performance issues can quickly…

Don’t Be Intimidated By Data Governance

Don’t Be Intimidated By Data Governance

Data Governance Data governance, the understanding of the raw data of an organization is an area IT departments have historically viewed as a lose-lose proposition. Not doing anything means organizations run the risk of data loss, data breaches and data anarchy – no control, no oversight – the Wild West with IT is just hoping…

The Importance of Cloud Backups: Guarding Your Data Against Hackers

The Importance of Cloud Backups: Guarding Your Data Against Hackers

The Importance of Cloud Backups Cloud platforms have become a necessary part of modern business with the benefits far outweighing the risks. However, the risks are real and account for billions of dollars in losses across the globe per year. If you’ve been hacked, you’re not alone. Here are some other companies in the past…

Is Machine Learning Making Your Data Scientists Obsolete?

Is Machine Learning Making Your Data Scientists Obsolete?

Machine Learning and Data Scientists In a recent study, almost all the businesses surveyed stated that big data analytics were fundamental to their business strategies. Although the field of computer and information research scientists is growing faster than any other occupation, the increasing applicability of data science across business sectors is leading to an exponential…

The Future Of Cloud Storage And Sharing…

The Future Of Cloud Storage And Sharing…

Box.net, Amazon Cloud Drive The online (or cloud) storage business has always been a really interesting industry. When we started Box in 2005, it was a somewhat untouchable category of technology, perceived to be a commodity service with low margins and little consumer willingness to pay. All three of these factors remain today, but with…

Data Breaches: Incident Response Planning – Part 1

Data Breaches: Incident Response Planning – Part 1

Incident Response Planning – Part 1 The topic of cybersecurity has become part of the boardroom agendas in the last couple of years, and not surprisingly — these days, it’s almost impossible to read news headlines without noticing yet another story about a data breach. As cybersecurity shifts from being a strictly IT issue to…

Cloud Security Risks: The Top 8 According To ENISA

Cloud Security Risks: The Top 8 According To ENISA

Cloud Security Risks Does cloud security risks ever bother you? It would be weird if it didn’t. Cloud computing has a lot of benefits, but also a lot of risks if done in the wrong way. So what are the most important risks? The European Network Information Security Agency did extensive research on that, and…

Are Cloud Solutions Secure Enough Out-of-the-box?

Are Cloud Solutions Secure Enough Out-of-the-box?

Out-of-the-box Cloud Solutions Although people may argue that data is not safe in the Cloud because using cloud infrastructure requires trusting another party to look after mission critical data, cloud services actually are more secure than legacy systems. In fact, a recent study on the state of cloud security in the enterprise market revealed that…