Category Archives: Security

L.A. Hospital Pays $17,000 In Bitcoin Ransom To Hackers

L.A. Hospital Pays $17,000 In Bitcoin Ransom To Hackers

Not too long ago, taking the nation’s wild, messy, unreliable system of medical records online seemed like a worthy goal.

To improve the quality of our health care while lowering its cost, we will make the immediate investments necessary to ensure that, within five years, all of America’s medical records are computerized,” President Obama said. “This will cut waste, eliminate red tape and reduce the need to repeat expensive medical tests.”

While the shift Obama and many others pushed may have improved care, electronic medical records led to quite the unique hostage situation in Los Angeles this week. There, a hospital fell prey to a cyberattack — and the hospital has escaped its plight by paying hackers a $17,000 ransom.

Allen Stefanek, president and chief executive of Hollywood Presbyterian Medical Center, explained the situation in a statement on Wednesday.

On the evening of February 5th, our staff noticed issues accessing the hospital’s computer network,” he wrote. “Our IT department began an immediate investigation and determined we had been subject to a malware attack. The malware locked access to certain computer systems and prevented us from sharing communications electronically.”

Full Article Source: Washington Post

Destroying Cloud Data In The Age Of Data Multiplication

Destroying Cloud Data In The Age Of Data Multiplication

The Age of Data Multiplication

We are surrounded by data, whether in our personal or professional lives with digital elements that are constantly being captured about us. This leads to exponentially increasing volumes of data whether from Internet-connected devices, video, cell records, customer transactions, healthcare and government records.

Today, there is a growing awareness and sensitivity from end users, government agencies and lawmakers of how all of this data might be used and in the coming years this concern is only set to heighten.

data

(Image Source: Shutterstock)

Organizations leveraging cloud services to store this data may need to take a closer look at the lifespan of the data they collect and how it is expired and destroyed. Today’s organizations need to understand that cloud as a model causes data to multiply further. The dynamic nature of resource allocation and maximizing availability in a hybrid or public cloud means resources are replicated and backed up across multiple data centers. When an organization contacts the cloud provider to expire or expunge data they may only be severing their client connection to the data. Organizations often don’t allow for the fact that backup instances or traces of data may still linger and could be a source for unauthorized access.

So, how do today’s organizations ensure their data is destroyed?

1. Tag all sources of mission-critical data: It starts with strong preventative measures: If data is classified digitally to a scheme that is intuitive to your cloud provider and your organization it will be easier to track through its lifecycle and then expire and destroy.

2. Take time to assign entitlements and access rights: Ensure that access rights or entitlements for sensitive or mission-critical data are limited to only those who have a legitimate need for access.

3. Apply encryption based on context: When data is encrypted, it is only readable to those with access to the encryption keys. It is the most certain way to limit unauthorized access to data in the cloud. By encrypting organizations can be better assured of the confidentiality of their data and potentially be less concerned with their cloud providers’ data destruction methods.

4. Perform data wipes: Many government and industry standards require data storage wipes to ensure that hardware is safe for reuse. There are different types of software and hardware that even allow for remote erasure. The benefit is to enable a provider or enterprise to repurpose the media for reuse.

5. Physically destroy data and media: In the cases of highly classified information organizations can use strong magnets to destroy data or even shred physical media. This ensures that the data on the destroyed media can never be recovered. Physical destruction methods are the last resort and only feasible in a private cloud environment.

By Evelyn de Souza

Internet Performance Management In Today’s Volatile Online Environment

Internet Performance Management In Today’s Volatile Online Environment

Internet Performance Management

It’s no exaggeration to say that the Internet is now the heart of the global economy. Competition is intense and the performance of an organization’s web-based assets can make or break its future. Business continuity, which is defined as the ability to survive either man-made or natural disasters without losing valuable data, revenue, or customers, is now a critical aspect of Internet Performance Management. The effectiveness of an online presence relies on a healthy Internet infrastructure that connects cloud, data centers and CDNs to customers, employees and partners.

The size, scale, and complexity of the data which is uploaded to the Internet annually is staggering. In 2015 alone, over 250 million new users gained access to the internet, connecting through more than 10 billion devices. Every 12-month period represents a quantum leap in the volume of online activity, and this trend is only likely to increase.

shutterstock_270830714

(Image Source: Shutterstock)

Without a robust, responsive Internet presence, a company will struggle to survive. The volume of traffic, the numbers of users and the amount of money spent online are compelling drivers. Yet there are real concerns around the issues of control, resiliency and security for organizations serving online clients.

These concerns include:

  • Uncertainty over how to measure and analyze performance

  • An inability to control cost and quality with cloud providers

  • An incomplete view of internet traffic; and

  • A lack of visibility to plan for price, performance and scale

As companies move toward an Internet-dependent infrastructure, it is imperative that they find ways to maintain visibility and control in order to manage performance.

Optimal Migration Planning

Visibility is a critical tool. It leads to effective planning for business scale, an optimal migration to cloud providers and it gives way to the right tools to optimize cloud performance and manage business continuity.

Management of downtime, including communication with clients, is also vital. Downtime is costly, and when clients are unable to access cloud-based information or monitor and manage their equipment remotely, they face the very real possibility of losing sales and eroding hard-won customer confidence.

mlarsonA safety-first mindset is a valuable asset in this environment. Matt Larson, CTO at Dyn, a leader in Internet Performance Management solutions, puts it like this: “Assume every piece of technology you use in your business will break. Think about the time you spend making your data center components more reliable from redundant servers, power supplies and database servers to entire data center sites. Are any of these perfectly bulletproof? The record shows they are absolutely not.”

Now think about protecting from failure and Internet Infrastructure itself. Most companies do not even monitor the Internet backbone to know if there are problems and they do not build redundancy and failsafe into how their customers connect to their Internet assets such as cloud providers and CDNs. Business Continuity extends to an Internet Infrastructure that demands planning and dynamic agility to defeat outages, performance degradation, and security risks.

New Challenges and Demands

Every year brings new challenges and demands for internet performance managers. In the coming year, experts predict more security breaches, more mobile banking, greater peer-to-peer distribution and a surge in the viability of the Internet of Things. Whether you’re working with data centers, content delivery networks, cloud service providers or with SaaS providers, “the need for visibility, insights and control of Internet Performance has never been more prevalent across countries, service providers and enterprises,” writes Dyn Chief Strategic Officer Kyle York. “As the world flattens, as the Internet grows more complex and volatile, and as user demands for exceptional experiences heighten, 2016 will assuredly be a big year for Internet Performance.”

In the next post in this series, we’ll look at how to leverage the Internet to cope with the challenges of business continuity and gain a competitive advantage.

CDN Performance Series Provided By Dyn

By Jeremy Daniel

IBM Unveils New Mainframe For Encrypted Hybrid Clouds

IBM Unveils New Mainframe For Encrypted Hybrid Clouds

IBM Unveils New Mainframe

World’s most secure server, built for hybrid cloud, available for mid-sized organizations

ARMONK, N.Y., Feb. 16, 2016 /PRNewswire/ — IBM (NYSE: IBM) today unveiled a new mainframe, bringing the security of data encryption without slowing down system performance to mid-sized organizations.

The new system, IBM z13s, is enabled and optimized for hybrid cloud environments and can help secure critical information and transactions better than before. IBM also announced new security partnerships and highly integrated innovations for the mainframe:

Brian David Flores, Cryptographic Hardware Verification Engineer, IBM z Systems with IBM's new z13s microprocessor chip, Tuesday, February, 16, 2016, Poughkeepsie NY. The new IBM z13s mainframe features embedded cryptography features that allow clients to process twice as many high-volume, encrypted transactions without compromising performance. The z13s bring the benefits of the mainframe to mid-sized organizations and makes it so that they no longer need to choose between security and performance.
  • Security embedded into hardware – The new z13s has advanced cryptography features built into the hardware that allow it to encrypt and decrypt data twice as fast as previous generations, protecting information without compromising performance.
  • Intelligent security capabilities – IBM is integrating mainframe technology with IBM Security software solutions to create a more secure foundation for a hybrid cloud infrastructure. IBM also is offering a new Cyber Security Analytics service to z Systems customers that can help identify malicious activity by learning user behavior over time.
  • Expanded partner ecosystem – IBM is working with leaders in the cyber security industry through the “Ready for IBM Security Intelligence” partner program to help deliver enterprise-wide solutions and offerings tailored to specific client needs. The new partners for z Systems are BlackRidge Technology, Forcepoint (a joint venture of Raytheon and Vista Equity Partners) and RSM Partners.

As digital business becomes the standard and transactions increase, the need for increased security has become paramount. The typical enterprise can face an average of 81 million security incidents annually. The incidents and threats are escalating and evolving as companies increase interactions to their network through mobile devices and cloud networks, with industry analyst IDC forecasting 80 percent enterprise hybrid cloud adoption by 2017. Cyber criminals nowadays are manipulating data, rather than stealing it, compromising its accuracy and reliability. The z13s provides access to APIs and microservices in a hybrid cloud setting while keeping data integrity intact.

Fast and secure transaction processing is core to the IBM mainframe, helping clients grow their digital business in a hybrid cloud environment,” said Tom Rosamilia, senior vice president, IBM Systems. “With the new IBM z13s, clients no longer have to choose between security and performance. This speed of secure transactions, coupled with new analytics technology helping to detect malicious activity and integrated IBM Security offerings, will help mid-sized clients grow their organization with peace of mind.

Mainframe portfolio deepens security capabilities

IBM’s z13s, the new entry point to the z Systems portfolio for enterprises of all sizes, is packed with security innovations.

z Systems can encrypt sensitive data without compromising transactional throughput and response time, eliminating what has traditionally been a barrier for IT departments in implementing encryption. The z13s includes an updated cryptographic and tamper-resistant hardware-accelerated cryptographic coprocessor cards with faster processors and more memory, providing encryption at twice the speed as previous mid-range systems. This means clients can process twice as many high-volume, cryptographically-protected transactions as before without compromising performance. This equates to processing twice as many online or mobile device purchases in the same time helping to lower the cost per transaction.

z Systems clients can take advantage of the z Systems Cyber Security Analytics offering, which delivers an advanced level of threat monitoring based on behavior analytics. The solution, being developed by IBM Research, learns user behaviors and is then able to detect anomalous patterns on the platform, alerting administrators to potential malicious activity. Along with IBM® Security QRadar® security software, which can correlate data from more than 500 sources to help organizations determine if security-related events are simply anomalies or potential threats, z Systems now delivers breakthrough intelligent security solutions that offer end-to-end protection based on advanced analytics. z Systems Cyber Security Analytics service will be available as a no-charge, beta offering for z13 and z13s customers.

IBM Multi-factor Authentication for z/OS (MFA) is now available on z/OS. The solution adds another layer of security by requiring privileged users to enter a second form of identification, such as a PIN or randomly generated token, to gain access to the system. This is the first time MFA has been tightly integrated in the operating system, rather than through an add-on software solution. This level of integration is expected to deliver more streamlined configuration and better stability and performance.

Enhanced security for the hybrid cloud

Hybrid cloud infrastructure offers advantages in flexibility but can also present new vulnerabilities. With more than half of all attackers coming from the inside, organizations must automate monitoring, removing human error or meddling.vi To address this, IBM is integrating the mainframe with IBM Security solutions that address privileged identity management, sensitive data protection and integrated security intelligence. When paired with z Systems, these solutions can allow clients to establish end-to-end security in their hybrid cloud environment.

IBM Security Identity Governance and Intelligence can help prevent inadvertent or malicious internal data loss by governing and auditing access based on known policies while granting access to those who have been cleared as need-to-know users. IBM® Security Guardium uses analytics to help ensure data integrity by providing intelligent data monitoring, which tracks which users are accessing what specific data, helping quickly identify threat sources in the event of a breach. IBM Security zSecure and QRadar use real-time alerts to focus on the identified critical security threats that matter the most to the business.

Security partner ecosystem expands to mainframe platform

Total system security requires deep knowledge of specific industries and threats. That is why IBM is working with other leaders in the field to augment its own solutions. IBM’s strategic partnership program for security, “Ready for IBM Security Intelligence,” now includes more software applications from key ISVs integrating their solutions for z Systems. As the program extends to z Systems, it will provide an additional layer of protection and access governance to critical applications, resources and data that reside on the mainframe.

  • BlackRidge Technology delivers identity-based network security that operates before network connections are established and security defenses engage at the application layer. BlackRidge determines and authenticates user or device identity on the first packet before network connections are established. This provides the equivalent of secure caller ID for the network that allows only identified and authorized users or devices access to enterprise systems, stopping known and even unknown threats.
  • Forcepoint’s Trusted Thin Client® secures sensitive and mission critical data at the endpoint – where it is most at risk. With a read-only endpoint device, there is no residual data on the device – if compromised nothing can be stolen or leaked.
  • RSM Partners offers deep expertise in application readiness, penetration testing and security reviews. It also has software products that help ease security administration and provide dashboards that give a view into an organization’s overall mainframe security posture.

Banco do Nordeste, Latin America’s largest regional development bank, has purchased two new z Systems to support its growing mobile and banking automation transformations. Security, and specifically fraud prevention, is a primary concern for the bank. With z Systems as a core part of its technology infrastructure, it can use analytics capabilities to detect anomalies and prevent fraud.

As our business continues to grow, we need a computing platform that can grow with us – while at the same time offering the security and reliability banks require,” said Claudio Freire, Superintendent of Information Technology, Banco do Nordeste. “The combination of performance and security on the mainframe with the openness of Linux provides us with an optimal platform to analyze user engagement and manage massive amounts of sensitive client data while keeping it secure.

The new z13s’ planned availability will be March of this year. IBM Global Financing leases and payment plans are available from IBM and IBM Business Partners and provide flexible terms and conditions that can be tailored to meet each customer’s needs to upgrade from older models to z13s, convert an owned z system to leasing while upgrading or acquiring a net new z13s. Promotional offers include 90 days deferred payment for new credit-qualified customers.

To learn more about IBM Security, visit http://www.ibm.com/security, follow @IBMSecurity on Twitter or visit the IBM Security Intelligence blog.

To learn more about the IBM z Systems portfolio, visit http://www.ibm.com/systems/z/ or the IBM Systems blog.

Partner Quotes:

BlackRidge

Key to protecting the enterprise and new cloud deployments is managing access at the earliest possible time based on user and device identity. Even being able to identify endpoints via network scanning can be an entry point for malicious hackers, whose methods are becoming more and more advanced. As a member of the Ready for IBM Security Intelligence partner program for z Systems, we have been able to offer our identity-based network protection for the mainframe to provide a new level of protection against today’s advanced threats.Bob Graham, CEO, BlackRidge Technology

Forcepoint

The vast majority of security concerns today revolve around the endpoint device. No matter how secure the infrastructure is, if endpoints are not secure, vulnerabilities exist,” said Ed Hammersla, Chief Strategy Officer at Forcepoint and President, Forcepoint Federal. “By integrating Forcepoint Trusted Thin Client with an IBM z Systems mainframe customers will benefit from a highly secure environment that will help prevent leakage of sensitive data at the endpoint.

RSM Partners

Cyber threats are constantly changing and evolving as attackers look for new ways to compromise systems. By working with IBM, RSM Partners is able to use its expertise in mainframe security to help organizations take full advantage of new technology to build comprehensive solutions that stay ahead of new threats.Mark Wilson, Director, RSM Partners

Managing Cloud Applications Among The Business Regulations

Managing Cloud Applications Among The Business Regulations

Managing  Cloud Business Regulations

Cloud applications must be managed in a way that complies with the many different government standards in the United States. As more cloud applications are being implemented in businesses of every industry, companies need a way to ensure compliance. Some of these regulations include the Health Insurance Portability and Accountability Act (HIPPA), the Control Objectives for Information and Related Technology (COBIT) and Sarbanes Oxley Act (SOX).

These each require businesses to ensure certain standards within their organizations, including protection of data and full disclosure. While organizations might know how to handle compliance for in-house applications, how do leaders handle cloud applications? What, if anything changes?

Managing Cloud Applications

healthcare

There are several important compliance requirements that businesses are required to follow depending on which industry they are in. For example, for the healthcare industry, HIPAA protects the use and disclosure of patient data and ensures that healthcare organizations have the correct security measures in place to protect patient data, as well as requiring a complete audit trail of all users at an organization. HIPAA compliance also states that upon termination, the company must have processes in place to revoke access to systems and applications. SOX is another standard for general business that also requires all information about user’s actions, including document/data access, password changes, logins and logouts and any changes made to be recorded. Still another, COBIT, which is published by the IT Governance Institute provides “a generally applicable and accepted standard for good Information Technology (IT) security and control practices that provides a reference framework for management, users and IS audit control and security practitioners.” These are only a few of the many different rules and compliance regulations which organizations need to follow.

All of these can be extremely time consuming, confusing, and difficult to easily achieve. Especially when organizations start to implement many different cloud applications at their company it can be difficult to manage them in accordance with compliance rules.

Many organizations implement identity and access management (IAM) solutions that ensure that data is easily secure and that these standards are met. Many IAM solutions work seamlessly with both in house and cloud applications so that the overall process can be managed effectively without several different solutions to ensure correct compliance. How does this work?

Ensuring Security and Correct Access Rights

When dealing with many different cloud applications, it is common for access rights for a user to be incorrect. This is either from being set incorrectly from the beginning when the employees account was set up, or during their time with the organization they acquired incorrect access rights over time, which can be a major compliance issue.

security-community

(Image Source: Shutterstock)

One way that an IAM solution combats this is by ensuring that access is correct from the beginning. Since setting up employee accounts in all applications, including cloud applications is time consuming, human resources or the account admin often uses a template account or copy an account of an employee with a similar position. This then leads to the employee often accumulating rights which they should not have. Depending on the different roles within the organization, a certain access profile can be set with an IAM solution. For example, an in-house employee working as an assistant in the finance department will have a certain set of rights that they are supposed to have. When the employee is added to the source system, depending on their role, their access rights and accounts in each application are automatically generated and set up for them. An email can then be sent to their manager with all of their access rights and accounts. If for any reason this is incorrect the manager can then easily edit the employees account.

IAM Workflow

Another compliance issue is that often the employee gains incorrect rights over time. Either they request access from someone who does not have the authorization to give it or they are lent someone’s credentials. This situation can be prevented with an IAM workflow. A workflow can be set up by the organization so that only the correct authorized managers can give access to secure applications. For example, if an employee needs access to a certain secure application for a project they can easily make the request through a portal. The request is then sent to the appropriate manager, who can either accept or deny the request. If needed, there can also be several levels of approval required. This ensures that only the correct authorized people are giving access rights.

security2-workflow

(Image source: http://www.isaca.org)

Many companies complete this procedure with an entirely paper-driven processes and each time at a SOX audit, the IT department would spend weeks of digging through the papers with the auditor. With an automated workflow system, all granting of access is traceable and documented in the identity and access management solution, so that when it comes to audit time there is an electronic paper trail. If needed, the solution can also generate an overview of all users and the rights which they have in the organization. This allows the organization to see exactly who has access to what and any changes that they made in the network.

Lastly, an automated account management solution ensures that access in all applications is revoked once the employee is no longer with the organization, which as a requirement of many compliance regulations. A manager simply disables the account in the source system and all connected accounts are automatically disabled. This ensures that the employee can no longer access the organizations network, and that removal is not accidentally overlooked.

Segregation of Responsibility

Another compliance issue is segregation of duty or role collision. One aspect of SOX compliancy requires that certain tasks cannot be performed by one and the same person. For example, an order may be placed by person X but this should be validated by person Y. If this happens the system will automatically block or alert a manager whenever two of such authorizations are being granted to one and the same user. This ensures that SOX is easily met.

All of these IAM tasks can be handled completely in a portal in the cloud. So, an employee who works remotely with only cloud applications can still benefit and the organization can still easily manage that users account. This is the same for managers, as they can accept or deny requests for anywhere at any time. Many IAM solutions work seamlessly with both in house and cloud applications so that the organization can easily ensure they are efficiently managing all applications and are in accordance with compliance rules.

By Dean Wiech

3 Considerations To Help Businesses Navigate Cloud Implementation

3 Considerations To Help Businesses Navigate Cloud Implementation

Cloud Implementation

Cloud computing technology has improved significantly in the past year, making it an appealing tool for businesses of all sizes. Cloud computing can benefit businesses in many ways, from cutting costs, to increasing business efficiency, to guaranteeing data recovery in case of an accident. In fact, 47 percent of medium and large enterprises say increased efficiency is the main benefit of cloud computing, according to a new survey data on enterprise cloud computing.

service_providers_-_enterprise_cloud_computing_2

What common mistakes should companies be aware of as they begin the migration process? What steps should they take when implementing cloud infrastructure?

Moving to the Cloud can be complicated. Not all data, applications, and files are suited for cloud storage and security issues may arise if proper safeguards are not implemented properly.

cloud-image-migration

(Image Source: Shutterstock)

Some common cloud implementation mistakes include,

  • Solely relying on in-house resources
  • Selecting a cloud service provider that does not meet you company’s needs
  • Starting off with a complex cloud solution before acquiring the necessary knowledge and resources to maintain and secure the system properly

Three crucial considerations will help businesses navigate these mistakes as they prepare to adopt cloud infrastructure.

1. Determine Business’ Cloud Computing Needs and Goals

Before adopting a new technology, the crucial question to ask is, “How can it meet the company’s needs?

These considerations require evaluating the following:

  • Type and breadth of data a company needs to store
  • Tasks they need to accomplish
  • Level of security and privacy they need to maintain
  • Standards and regulations to which they need to be compliant
  • Features they need to ensure quality performance and enhanced business function.

For example, if a company is choosing between the big four cloud providers – Amazon Web Services (AWS), Microsoft Azure, Google Cloud, and IBM Cloud – AWS may stand out because of its reputation as the cloud computing service that dominates the market. However, if the company already uses Microsoft applications, Azure may be the better choice.

The most popular cloud vendor is Amazon. They are ahead of the game because they offer services that are easy to implement and use. Then, Microsoft Azure and Google follow Amazon. … But, if a company or enterprise is attached to Microsoft products, then Microsoft Azure may be a better fit for them. It depends on the company’s requirements.” – Jose Alvarez, director of IT infrastructure, Auxis

2. Choose A Cloud Solution that Meets Your Company’s Needs

The three cloud systems, public, private, and hybrid, have advantages and disadvantages. Before adopting cloud infrastructure, it is important for businesses to understand the similarities and differences of each cloud solution in order to select the type that is most appropriate for their business goals.

First, the public cloud provides resources publicly over the Internet. While data scalability and price flexibility are key advantages of this cloud solution, a business that does not know how to monitor data security risks security breaches.

Data Breach Comic

Second, private cloud solutions service a single company and are managed in-house by the IT department. The main advantage of the private cloud is the high level of security it offers. Businesses are responsible for the infrastructure. However, maintaining a private cloud solution is more expensive and less flexible than the public cloud.

Third, hybrid cloud solutions combine characteristics from both public and private clouds. However, a business needs a knowledgeable IT staff on-hand to combat the complexities inherent in this solution.

3. Evaluate Knowledge and Resource Gaps in IT Department

Especially in the SMB market, cloud infrastructure adoption often slows due to a fear of the Cloud. One explanation for this fear is the lack of knowledge and resources available in-house to implement and maintain cloud solutions, according to David Amaya, a consultant at Cardinal Solutions.

Many [businesses] know just enough about the Cloud to be afraid of it and say, ‘I’m not touching that.’” – David Amaya

Another explanation highlights ever-present security and compliance concerns.

I see the challenge of cloud security as an educational issue. People have to understand and learn more about the Cloud to use it effectively.” – Randy Bias, vice president of technology at EMC

To ensure your IT department can confront this fear of the cloud head on, it is necessary to consider the following questions:

  • Does the company have a dedicated IT team in-house?
  • What roles will the IT team play after cloud infrastructure implementation?
  • What additional resources and training are needed to prepare the IT team for the transition?

Takeaways

Cloud computing opens up numerous opportunities for businesses, and the complexities inherent in adopting cloud infrastructure should not dissuade businesses from embracing this technology. Outlining business needs and goals, comparing these needs to the cloud solutions and services available, and determining the resources required to facilitate the transition are key to a successful and effective cloud implementation process.

By Sarah Patrick

Where Is The Tipping Point For The Flying Drone Market?

Where Is The Tipping Point For The Flying Drone Market?

The Flying Drone Market

In the past year I have written a number of articles here on CloudTweaks about Drones. I enjoy flying drones. One thing I’ve used my drone for is proving I didn’t need to do the worst fall maintenance job ever. Cleaning the gutters of the house by flying the drone around the house I was able to demonstrate that in fact, the gutters were clean and did not require me climbing a ladder and cleaning them.

Now I did have a gadget-based plan B, if in fact the gutters were full of leaves. I have found a device, (robotic) which will clean your gutters for you. You simply have to make sure that it has a clear path, or you move it from one section of the roof to another. While there is still some effort, there isn’t that horrible feeling of leaning away from the ladder to reach that last bit of debris that is left in the gutter.

baseball-gutter-leaves-drone

If you take my modular drone concept you could make the gutter cleaning even easier. The modular grabs the gutter cleaner and carries it up to the roof. You then place it in the gutter, and let it run. The device stops when it is done and you then use the drone to grab the device and move it to the next gutter.

Ground Based Robotics

Today there are ground based robotic vacuum cleaners and lawn mowers. My favorite use of a robotic vacuum was the video of a cat wearing a shark fin, riding around the house on the robotic vacuum. That to me seems like a great use of both a cat and a vacuum.  With the lawn mower, you simply stake out the edges of your yard and let the device go. It will mow the yard in a linear fashion at the time you select.

Drone Potential Uses

This got me thinking about what drones are yet to come. What lies just beyond the edge of the mass market? First off is a concept I’ve talked about here on CloudTweaks before. The concept of modular or easily removed drone components, such as the ability to change from regular cameras to infrared cameras. So you can check your gutters and then fly over your roof and see where you are losing heat, or where you need to insulate. My recommendation is the adoption of the existing standard Tripod mount. This would integrate the various specialty cameras while reducing the overall cost for the drone makers and the camera makers.

The next change is to make flying the drones easier. That has radically improved with the inclusion of the GPS chips in many drones. You can utilize the concept of ‘follow me’ or of ‘launch and hover’ at a specific height. Or even at a precise height and location if you are using the drone to do the same task over and over. The flying yokes are reminiscent of the systems used by radio control model plane flyers for many years. They are not the easiest to learn and drones can be a little sensitive when it comes to the controls.

Price Points

drone-pricing

(Image Source: Shutterstock)

Price points have to come down a bit for the features that users want. Today there are a number of what I would call price zones for the drones that are available. The $100 to $300 drones will fly and take video and still pictures while flying. They will map their flight onboard. A couple even offer the streamed imaging but the quality is still pretty low. So you can stream a live video feed from the device but it is standard definition or low quality high definition. If you move up to the $300-$750 range in initial price, the streaming video is available on almost all of these drones and the quality goes up. You move, however, from the tablet controls of the cheaper drones to the flying yoke. Finally, we have the last category and that represents drones over $750. If you plan on having high quality video (4k or Ultra High Definition) you will have to move to one of these drones, or build one yourself. The other thing to consider in the drone pricing is if you want to lift or move something you will need a more expensive drone.

The last category, by the way, runs from $750 to well over $10,000. Over time as more and more functionality is added to higher end drones I will probably have to break the categories up a little more.

Those are my three initial price categories to get the Drone market to the tipping point. Lower the prices or increase the ability of lower end drones to become modular and make them a little easier to fly. The adoption of the tripod mount for all cameras and devices attached to drones is actually fairly simple. Making them easier to fly may be as much of educating me as it is of fixing the flight controls. The price points will come down as Drones move to the mass market.

Personally, I do not think the tipping point is far away for the drone market.

Scott Andersen

Internet of Things: I Spy With My Little Eye…

Internet of Things: I Spy With My Little Eye…

Using IoT To Spy

Big Brother may take advantage of our smart devices connected to the Internet so it can track or spy on people, according to U. S. Director of National Intelligence, James Clapper, who said in a report Tuesday to a U. S. Senate Select Committee on Intelligence. He submitted evidence as part of a global threat assessment report, when specific comments were made that in the future intelligence agencies could expand their surveillance capabilities by tapping into the Internet of Things to spy on suspects via their connected devices.

IoT Leaves Vulnerabilities

According to the report, when “smart’ devices are incorporated into the electric grid, we have improved efficiency, energy conservation, and convenience. This can include everything from our phones and cars to our televisions and washing machines. Security analysts have now shown that many of our new devices threaten our data privacy, data integrity or continuity of service.

privacy-threats

In the future, intelligence services might use the IoT for identification, surveillance, monitoring, location tracking, and targeting for recruitment, or to gain access to networks or user credentials.” Stated James Clapper, in the report.

Not specifying which government agencies might use the IoT to spy on citizens, that leads us directly into the debate in Washington over encryption legislation. Wednesday, the House of Representatives introduced bipartisan legislation that would prohibit individual states from requiring tech companies to build encryption weaknesses or back doors into their products.

Encryption has long been an area of disagreement between tech companies and law enforcement. It gained new attention after 2014 when Apple and Google began offering stronger encryption by default. The decisions to provide products that enable end-to-end encryption, as well as default encryption settings, at the same time that terrorist groups seek to use encryption to conceal their communication, has fueled this debate.

Moving Ahead

‘Going dark’ doesn’t have to be the case for law enforcement and government agencies according to the findings of a study at the Berkman Center for Internet & Society at Harvard University. The study addresses the warnings of law enforcement, and the importance of conducting certain types of surveillance. However, the conclusions are that “communication channels resistant to surveillance will always exist.” They go on to argue that market forces and commercial interests will limit the available opportunities in which companies will offer encryption that hides users from the companies themselves for advertising and commercial purposes. ‘Going dark’ is a myth.

going-dark-tech

(Image Source: Shutterstock)

Some of the reasons they found were that obscuring user data is not likely to be universally adopted by companies because the majority of businesses that provide services rely on access to user data for revenue streams, product functionality, and even forgotten passwords. Another reason the study gave is that software ecosystems are largely fragmented. More standardization would be required than currently exists for encryption to become widespread.

The study also found that law enforcement would have to learn to adjust and grow their surveillance capabilities to keep up with the times. The IoT is projected to grow substantially and will drastically change the way law enforcement uses surveillance today. The devices connected to the IoT may capture still images, video and audio – enabling real-time interception and recording.

Another area which law enforcement could use for surveillance and there would be no need for current government legislation into corporate encryption policies is metadata. The study concluded that:

Metadata is not encrypted, and the vast majority is likely to remain so. This is data that needs to stay unencrypted in order for the systems to operate: location data from cell phones and other devices, telephone calling records, header information in e-mail, and so on. This information provides an enormous amount of surveillance data that was unavailable before these systems became widespread.

There are many questions that will arise on how we can protect individual privacy and security in the future. The debate in Washington is important to all of us, but for all of its efforts, if Washington took into account the technological trends… the world is largely moving along quickly, without taking into account either side, or contemplating slowing down.

We are rapidly entering the age of no privacy, where everyone is open to surveillance at all times; where there are no secrets from government.” William O. Douglas

By Tina Rose

CloudTweaks Comics
The Cloud Is Not Enough! Why Businesses Need Hybrid Solutions

The Cloud Is Not Enough! Why Businesses Need Hybrid Solutions

Why Businesses Need Hybrid Solutions Running a cloud server is no longer the novel trend it once was. Now, the cloud is a necessary data tier that allows employees to access vital company data and maintain productivity from anywhere in the world. But it isn’t a perfect system — security and performance issues can quickly…

The Future Of Work: What Cloud Technology Has Allowed Us To Do Better

The Future Of Work: What Cloud Technology Has Allowed Us To Do Better

What Cloud Technology Has Allowed Us to Do Better The cloud has made our working lives easier, with everything from virtually unlimited email storage to access-from-anywhere enterprise resource planning (ERP) systems. It’s no wonder the 2013 cloud computing research IDG survey revealed at least 84 percent of the companies surveyed run at least one cloud-based application.…

Disaster Recovery – A Thing Of The Past!

Disaster Recovery – A Thing Of The Past!

Disaster Recovery  Ok, ok – I understand most of you are saying disaster recovery (DR) is still a critical aspect of running any type of operations. After all – we need to secure our future operations in case of disaster. Sure – that is still the case but things are changing – fast. There are…

Cloud Infographic – Cloud Computing And SMEs

Cloud Infographic – Cloud Computing And SMEs

Cloud Computing And SMEs SMEs (Small/Medium Sized Enterprises) make up the bulk of businesses today. Most cloud based applications created today are geared toward the SME market. Accounting, Storage, Backup services are just a few of them. According to the European Commission, cloud based technology could help 80% of organisations reduce costs by 10-20%. This infographic provided…

What the Dyn DDoS Attacks Taught Us About Cloud-Only EFSS

What the Dyn DDoS Attacks Taught Us About Cloud-Only EFSS

DDoS Attacks October 21st, 2016 went into the annals of Internet history for the large scale Distributed Denial of Service (DDoS) attacks that made popular Internet properties like Twitter, SoundCloud, Spotify and Box inaccessible to many users in the US. The DDoS attack happened in three waves targeting DNS service provider Dyn, resulting in a total of about…

The Global Rise of Cloud Computing

The Global Rise of Cloud Computing

The Global Rise of Cloud Computing Despite the rapid growth of cloud computing, the cloud still commands a small portion of overall enterprise IT spending. Estimates I’ve seen put the percentage between 5% and 10% of the slightly more than $2 trillion (not including telco) spent worldwide in 2014 on enterprise IT. Yet growth projections…

Report: Enterprise Cloud Computing Moves Into Mature Growth Phase

Report: Enterprise Cloud Computing Moves Into Mature Growth Phase

Verizon Cloud Report Enterprises using the cloud, even for mission-critical projects, is no longer new or unusual. It’s now firmly established as a reliable workhorse for an organization and one that can deliver great value and drive transformation. That’s according to a new report from Verizon entitled “State of the Market: Enterprise Cloud 2016.” which…

SaaS And The Cloud Are Still Going Strong

SaaS And The Cloud Are Still Going Strong

SaaS And The Cloud With the results of Cisco Global Could Index: 2013-2018 and Hosting and Cloud Study 2014, predictions for the future of cloud computing are notable. Forbes reported that spending on infrastructure-related services has increased as public cloud computing uptake spreads, and reflected on Gartner’s Public Cloud Services Forecast. The public cloud service…

Digital Marketing Driven by Cloud, Big Data and IoT

Digital Marketing Driven by Cloud, Big Data and IoT

Digital Marketing Successful digital marketing campaigns are being driven largely by trending technologies, specifically the Internet of Things (IoT), Big Data, and The Cloud. These may be used for a huge number of marketing applications, from optimizing the performance of sports teams to improving science and research, even helping to aid law enforcement. Amazon Web…

7 Common Cloud Security Missteps

7 Common Cloud Security Missteps

Cloud Security Missteps Cloud computing remains shrouded in mystery for the average American. The most common sentiment is, “It’s not secure.” Few realize how many cloud applications they access every day: Facebook, Gmail, Uber, Evernote, Venmo, and the list goes on and on… People flock to cloud services for convenient solutions to everyday tasks. They…

Choosing IaaS or a Cloud-Enabled Managed Hosting Provider?

Choosing IaaS or a Cloud-Enabled Managed Hosting Provider?

There is a Difference – So Stop Comparing We are all familiar with the old saying “That’s like comparing apples to oranges” and though we learned this lesson during our early years we somehow seem to discount this idiom when discussing the Cloud. Specifically, IT buyers often feel justified when comparing the cost of a…

Disaster Recovery – A Thing Of The Past!

Disaster Recovery – A Thing Of The Past!

Disaster Recovery  Ok, ok – I understand most of you are saying disaster recovery (DR) is still a critical aspect of running any type of operations. After all – we need to secure our future operations in case of disaster. Sure – that is still the case but things are changing – fast. There are…

Virtual Immersion And The Extension/Expansion Of Virtual Reality

Virtual Immersion And The Extension/Expansion Of Virtual Reality

Virtual Immersion And Virtual Reality This is a term I created (Virtual Immersion). Ah…the sweet smell of Virtual Immersion Success! Virtual Immersion© (VI) an extension/expansion of Virtual Reality to include the senses beyond visual and auditory. Years ago there was a television commercial for a bathing product called Calgon. The tagline of the commercial was Calgon…

Using Private Cloud Architecture For Multi-Tier Applications

Using Private Cloud Architecture For Multi-Tier Applications

Cloud Architecture These days, Multi-Tier Applications are the norm. From SharePoint’s front-end/back-end configuration, to LAMP-based websites using multiple servers to handle different functions, a multitude of apps require public and private-facing components to work in tandem. Placing these apps in entirely public-facing platforms and networks simplifies the process, but at the cost of security vulnerabilities. Locating everything…

5 Things To Consider About Your Next Enterprise Sharing Solution

5 Things To Consider About Your Next Enterprise Sharing Solution

Enterprise File Sharing Solution Businesses have varying file sharing needs. Large, multi-regional businesses need to synchronize folders across a large number of sites, whereas small businesses may only need to support a handful of users in a single site. Construction or advertising firms require sharing and collaboration with very large (several Gigabytes) files. Financial services…

Beacons Flopped, But They’re About to Flourish in the Future

Beacons Flopped, But They’re About to Flourish in the Future

Cloud Beacons Flying High When Apple debuted cloud beacons in 2013, analysts predicted 250 million devices capable of serving as iBeacons would be found in the wild within weeks. A few months later, estimates put the figure at just 64,000, with 15 percent confined to Apple stores. Beacons didn’t proliferate as expected, but a few…

Are Cloud Solutions Secure Enough Out-of-the-box?

Are Cloud Solutions Secure Enough Out-of-the-box?

Out-of-the-box Cloud Solutions Although people may argue that data is not safe in the Cloud because using cloud infrastructure requires trusting another party to look after mission critical data, cloud services actually are more secure than legacy systems. In fact, a recent study on the state of cloud security in the enterprise market revealed that…

7 Common Cloud Security Missteps

7 Common Cloud Security Missteps

Cloud Security Missteps Cloud computing remains shrouded in mystery for the average American. The most common sentiment is, “It’s not secure.” Few realize how many cloud applications they access every day: Facebook, Gmail, Uber, Evernote, Venmo, and the list goes on and on… People flock to cloud services for convenient solutions to everyday tasks. They…