Category Archives: Security

Hybridization: A Mindset Approach

Hybridization: A Mindset Approach

The Social Data Cloud

One of the most amazing attributes of the cloud and its related technologies is its sheer openness. New companies and ventures spring up daily, fueled, in some cases, by one single good idea. They launch first and then seek out operating capital through angels or crowdfunding afterward.

This is a whole new ballgame. In a similar vein, employees of established companies seek more flexible work hours, ask to use their own technologies, and turn to the cloud as the central place for meetings, communication and access to data. This too, is a whole new ballgame.

King Data

shutterstock_250632115

(Image Source: Shutterstock)

Organizations worldwide are learning that the hierarchies and silos of yesteryear are very quickly becoming redundant and obsolete. Data is king, and agility is essential. Such statements aren’t mere prognostications of a distant future; they are observations of an existing global marketplace, in which customers in both retail and industrial markets expect a complete and consistent experience across any channel they wish to use, from the desktop through to smartphone.

IT has always been in the middle of every corporate venture, but in this new age, it has become time to make a fundamental shift from focusing on IT to focusing on what can be done with IT. This is an amazing catharsis. It moves from physical, tangible elements to “ideas and potential.” Slowly, more and more organizations are recognizing that they must, and can, meet their strategic business objectives as well as provide better service to customers through an open concept approach, both inside and outside their walls.

Cloud Hybridization

The hybridization of the cloud is both timely and essential. Decision-makers must let go of the mindset of singularity, and the notion that they must constrain all data, all ideas, and all power inside a single building or department. Hybridization refers to a division of processing power, data storage, mission-critical applications and customer interaction between internal, private, and externally managed clouds.

merging

Many analysts point to success stories like Uber and AirBnB, as companies who essentially own no hard assets, but who have changed the face of business permanently. But many other organizations also exist as case studies, who have slowly and carefully embraced cloud-based applications for their field agents, and for their suppliers, while developing collaborative workspaces internally. These organizations exist in every single market sector, from construction and manufacturing through to retail and professional services.

Turning Your Back On Social Media

It is all a matter of mindset, and this springs in part from trust. For example, many decision-makers still distrust social media as an irrelevant and frivolous waste of employee time. They fail to observe its ability to reinforce one of the oldest and most stable concepts of business development: a direct connection to, and understanding of the customer. This same trust-challenge extends into enterprise-level problems such as determining the choice of cloud systems. It is very human to resist change, especially when the speed of change has increased from decades to months or even weeks. How can any executive group hope to create a five-year plan when the sands shift so frequently?

cloud_78

Although many companies are now working on their transition to hybrid cloud and virtual technologies as core business applications, many others still struggle with the decision. There is much to learn, much to test, and many miles yet to travel.

Those that have succeeded, even if that path to success include some stumbling and some failure, have recognized that in addition to breaking down the walls and silos of technology, one must also break down the silos and walls of human interaction. This means allowing representatives from every department, not only IT, to work together to identify challenges, discuss solutions and implement change.

The hybridization of business points not only to the choice of technology, but to a hybridization of mindset and attitude. That should be seen as a very exciting concept.

For more on this topic, go to businessvalueexchange.com, sponsored by Hewlett Packard Enterprise.

By Steve Prentice

Enforcing Governmental Decryption

Enforcing Governmental Decryption

Governmental Decryption

Recent U.S. bills proposed in California and New York aim to implement a controversial governmental backdoor into mobile devices. The issue concerns forcing manufacturers to provide a mechanism for decrypting any device’s content, without the consent or presence of the owner of the device. But the police already have the right to take your phone and use it against you in the court of law. What good does it do for the manufacturers to be required to decrypt any encrypted content?

DataLock-cloudtweaks-comic

Backdoors for tyrannies

The fundamental argument against the governmental backdoor is that any backdoor will inevitably be exploited by other actors. To comply with the law, manufacturers and vendors create a technical means that can be exploited by anyone as an attack vector. Certainly that is one of the reasons for requiring a backdoor, as the usage pattern scenarios can be expanded rapidly from California and New York. Why would national security intelligence operators want to stay limited to these states? Instead, what they are aiming for is global coverage.

Indeed, the relevant mobile operating system providers are global, and implementing a backdoor will implement it globally, not just in one jurisdiction. The controversial bills include a financial instrument to enforce compliance from the operating system and device vendors—a $2500-per-device fine for any device sold in these areas that doesn’t comply. Surely any mobile device vendor will be more than happy to comply rather than let itself be driven bankrupt.

Good deeds uncovered

While the motivation for the governmental access has largely been justified by referring to petty crime and fighting terrorism, one can perhaps assume that the there is more to the story than just breaking up the encryption of a local drug dealer or global lone wolf. After all, the heaviest users of encryption are intelligence agencies, militaries, and corporations. Surely none of those would want their phone manufacturers to leave any kind of backdoor, even when a local cop had been issued with a search warrant.

mitigation-security

Given that law enforcement agencies around the world have invested hugely in targeted spyware, most of them are already able to intrude on and invade any device they want to. Whatever encryption is in place, they can circumnavigate it by gaining access to the user device before any encryption happens, e.g. by mirroring the screen for remote inspection and often as not permanent storage.

Hence, the question should be more about whether or not governmental access should be institutionalized. It is currently happening, but do we want to increase its use further? And indeed, do we want to throw more oil on the fire of the struggles between historic nation-states, and within the circles of privatized global security providers?

By Kristo Helasvuo

SAS Celebrates 40th Year of Record Revenue — US$3.16 Billion In 2015

SAS Celebrates 40th Year of Record Revenue — US$3.16 Billion In 2015

SaS Record Revenue

Risk, Fraud and Security Intelligence Influence 40th Consecutive Year of Growth

CARY, NC–(Marketwired – February 02, 2016) – Growing customer demand for risk, fraud and security intelligence analytics strongly influenced SAS’ 40th consecutive year of revenue growth. SAS posted US$3.16 billion in total operating revenue, up 6.4 percent in constant currency (2.3 percent US dollars) over 2014. New software sales increased 12 percent in constant currency (8 percent US dollars) — a testament to an ever-growing demand for SAS® Analytics.

For 40 years, SAS has been helping customers change the world with analytics,” said SAS CEO Jim Goodnight. “As the leader in analytics, we continue to be the company people turn to for unrivaled expertise and solutions when it matters most.”

Global impact

SAS total revenue growth was strong worldwide. New sales revenue percentage growth reached double digits in most regions, showing the effect of successful globalization efforts. In addition to boosts from new capabilities in risk, fraud and security intelligence, all regions continued growth in SAS core technologies, including data management, analytics and business intelligence.

Financial services, government and insurance represent the highest proportion of SAS revenue by industry. Customers in these areas include Bank of America and HSBC, German insurer Munich Re and leading Irish retail bank permanent tsb, as well as many US government organizations including Delaware State Police and California’s Orange County Child Support Services. Industries with the greatest growth included banking, manufacturing, retail and services.

2015 Financial Infographic

Cloud, Internet of Things (IoT) bring opportunities

SAS is strengthening its offerings in the cloud, mobile and IoT spaces. SAS Cloud Analytics gained traction quickly and is now used by customers in more than 70 countries.

With 40 billion connected devices estimated to enter the market by 2020, the IoT will accelerate scientific breakthroughs, including advancements like smart cities, where experts position SAS as a major player. Yet, as opportunities for innovation increase with such connectivity, so do the risks of being attacked. In 2015, SAS introduced SAS Cybersecurity to help combat such risks.

Commitment to innovation is key to customer satisfaction

According to analysts, SAS has “predictive analytics solutions that offer almost every feature a data scientist or business user could ever want.” SAS’ commitment to innovation makes this possible. In 2015, the company reinvested 25 percent of total revenue into research and development – nearly double the percentage of annual revenue reinvested by most major technology companies.

As SAS has grown, we have always reinvested a high percentage of revenue into R&D – this year a quarter of our total revenue – which allows us to stay at the cutting edge of analytics innovation and maintain a leadership position in our core markets,” said SAS Chief Marketing Officer Randy Guard.

Customers benefit from SAS analytics in countless ways. Last year, innovations included the following:

  • SAS Cybersecurity enables customers to detect attackers’ activities in real time.
  • SAS Event Stream Processing helps customers analyze millions of events per second.
  • SAS Data Loader for Hadoop simplifies data management in the fast-growing big data architecture.
  • SAS Factory Miner contains automated model development, selection and deployment capabilities, and machine learning techniques.

In addition to these new innovations, SAS’ established portfolio continued helping customers make a difference in people’s lives. For example, SAS Visual Analytics, with nearly 14,000 licenses worldwide, helped the International Organization for Migration identify high-risk shelters, and better allocate resources to put roofs over the heads of thousands of Nepali earthquake victims.

Such innovation brought more than 1,800 new customers to SAS in 2015, now at 80,000 customer sites (including Lenovo and the Orlando Magic). This significant increase in new customers, along with a strong commitment to quality and service, contributed to SAS being named No. 1 for customer satisfaction, loyalty and purchase momentum by Temkin Group.

SAS partners extend reach to customers

In 2015, SAS partners influenced 30 percent of new sales and nearly half of SAS’ largest deals, and the SAS channel is making a bigger impact than ever. Since welcoming global distributor Arrow Electronics, SAS has signed more than 150 resellers. In 2015, SAS signed its first OEM agreement with Toshiba Global Commerce Solutions and signed its first managed analytic services providers (MASPs) to further help customers implement SAS technology in ways that best fit their individual needs and those of their own end users.




SAS will continue to thrive in 2016

Analysts named SAS a leader in agile BI, and IDC noted in a recent report that SAS held a 33.3 percent share of the advanced and predictive analytics market. That share was greater than the 24.5 percent market share of all the other nine named competitors combined. SAS has also been recognized by industry analysts as a leader in data management, fraud detection, retail, customer intelligence, BI and analytics segments.

SAS plans to continue delivering innovation in cloud analytics and analytics-as-a-service, BI/data visualization, data management, customer intelligence, fraud detection, security intelligence solutions and risk management. SAS will also introduce enhanced versions of SAS big data analytics products.

In addition to software growth, SAS will expand operations next year. The company will add sales staff and create new customer contact centers in Dublin and the Asia Pacific region. In the US, SAS will open a new office in Detroit to support growth in auto manufacturing. The company will also break ground on a new office tower at SAS world headquarters in Cary, NC.

Commitment to education addresses analytics skills gap

SAS provides analytics training via SAS Analytics U and in partnership with universities and high schools. One of the many ways SAS is addressing the analytics skills gap, SAS Analytics U saw tremendous growth in its free offerings. Downloads of SAS University Edition and SAS OnDemand both grew in popularity, with more than 520,000 combined downloads and registrations. More than 45,000 people registered for free e-learning courses.

The recently launched SAS Academy for Data Science offers SAS Certified Big Data Professional and SAS Certified Data Scientist credentials. The academy imparts skills in big data management, advanced analytics, machine learning and data visualization.

Worldwide Advanced and Predictive Analytics Software Market Shares, 2014: The Rise of the Long Tail, IDC No. 257344, July 2015.

About SAS

SAS is the leader in analytics. Through innovative analytics, business intelligence and data management software and services, SAS helps customers at more than 80,000 sites make better decisions faster. Since 1976, SAS has been giving customers around the world THE POWER TO KNOW®.

Microsoft Underwater Data Center To Be Tested

Microsoft Underwater Data Center To Be Tested

Microsoft Underwater Data Center

The sea is everything” Jules Verne

Microsoft, believing that the sea holds the key to their future, has tested a self-contained data center that operates far below the surface of the ocean. The key to this study is the millions that it will save on the industry’s most expensive problem, air-conditioning.

Going Underwater

Thousands of computer servers generate a lot of heat, and continuing to maintain them effectively and efficiently is the reason for considering water as a cooling medium. Too much heat causes servers to crash, whereas, the possibility of running underwater servers could not only cool them, but cause them to run even faster.

Code-named Project Natick, the answer might lead to giant steel tubes running fiber optic cables on the bottom of the ocean floor. Another option would be to capture the ocean currents with smaller turbines, encapsulated in small jellybean type shapes that would generate the electricity needed for cooling.

Other Options

With the exponential growth of technologies including the Internet of Things, centralized computing will be a bigger demand in the future. With more than 100 data centers currently, Microsoft is spending more than $15 billion to add more to their global data systems.

While Microsoft is looking to underwater locations to meet their growing computing needs, there are other companies who have found other unusual locations and ways to build data centers, while taking advantage of differing resources.

server-cool

The SuperNap Data Center, a $5 billion dollar, 2 million square foot facility in Michigan is located in the former Steelcase office building. Switch built the SuperNap Data Center in Grand Rapids within the 7 story pyramid shaped building that features a glass and granite exterior. It will be one of the largest data centers found in the eastern U.S.

Nautilus Data Technologies have developed floating data centers turning to the sea as well. They have recently announced their first project The Waterborne Data Center. They believe that their approach to cooling their data will save Americans who are spending currently over $13 billion a year. According to Arnold Magcale, CEO and co-founder, Nautilus Data Technologies, “The Nautilus proof of concept prototype exceeded all expectations – validating how our waterborne approach will provide the most cost effective, energy efficient and environmentally sustainable data center on the market.”

At a more clandestine location, but also incorporates water as a cooling mechanism, Academica, designed a hidden underground data center to use pumped seawater to cool the servers. An added bonus is that the heat generated from the cooling process, provides heat to over 500 local homes before being regenerated back to the sea.

The sea is only the embodiment of a supernatural and wonderful existence.” Jules Verne

By Tina Rose

The Cloud Showdown: How To Determine The Best Cloud Solution For Your Business

The Cloud Showdown: How To Determine The Best Cloud Solution For Your Business

The Cloud Showdown

For small and medium businesses (SMB) seeking to grow in 2016, options for increasing efficiency abound. The Cloud offers many benefits for businesses, including slashing IT expenses, providing a more efficient and reliable way to store and back up data, and facilitating collaboration among employees. In fact, 39 percent of SMBs claim that file backup is the first priority task for which they use the Cloud, specifically cloud storage services.

However, migrating to the Cloud is no simple task. There are many important factors to consider before taking this step. One key decision involves choosing the cloud solution that best fits your company’s needs: public, private, or hybrid.

What are the differences between public, private, and hybrid cloud solutions? What are the advantages and disadvantages of each?

Public Cloud

The public cloud is unique because users can access resources, such as applications and storage space, publicly over the Internet. Dropbox and Google Drive are two popular examples of the public cloud.

public-vs-private

Advantages

1. High Level of Scalability – Public cloud solutions offer numerous benefits to businesses, specifically data scalability. And, in the SMB environment, where business demands are prone to fluctuation, scalability is especially appealing. When more or less data space is required, businesses using the public cloud can adjust the space available to them – either up or down – nearly instantaneously.

The public cloud’s nearly unlimited scalability makes it a very flexible option for businesses. This means you only pay for the resources you use, when you use them.” – David Linthicum, senior vice president of Cloud Technology Partners

2. No On-Site Equipment Required – Besides the pay-as-you-go pricing feature, the public cloud does not require businesses to install equipment onsite, which decreases the overall cost of using the Cloud. Because cloud service providers (CSP) have an incentive to make their products as easy to use and accessible as possible, the public cloud is simpler to navigate and more intuitive than private or hybrid solutions.

3. Magnitude of Resources Available from Cloud Vendor – Unlike private cloud solutions, the public cloud is a fairly inexpensive option for businesses. Because the public cloud leaves infrastructure monitoring and maintenance to a cloud vendor, a company can offload these tasks to a service that has more resources.

For example, Amazon can run a distribution center and manage their cloud infrastructure more efficiently than a single company due to scale. It’s hard to argue that any one company can have the same amount of scale as a big cloud vendor, like Amazon.” – Duane Tharp, vice president of technical sales and services for Cloud Elements

However, the public cloud is not perfect. Businesses considering this option also should educate themselves about its disadvantages.

Disadvantages

1. Security Risks – Because using the public cloud means a business’ data is stored on external equipment, it is necessary to consider the array of security issues that may arise and then implement safeguards to monitor and protect data.

All that matters is that the Cloud is secure. Therefore, if you choose a public cloud service, you should make sure that it is secure.” – Jason Reichl, CEO of Go Nimbly

2. Choice-Convenience Tradeoff – With the public cloud, there is a trade off between convenience and choice. Businesses using a public cloud solution cannot choose the equipment on which their data and applications are stored. Rather, the CSP makes this decision.

Private Cloud

Private cloud solutions service a single company and are managed in-house by an IT department. This set-up offers a number of benefits.

Advantages

1. High Level of Security and Privacy Security concerns dominate business leaders’ thoughts when it comes to the Cloud. You cannot help them for worrying about data breaches that may arise due to purposeful security hacks or human error. A single data breach can cost thousands of dollars and may even result in a lawsuit. As companies focus their efforts on ensuring secure cloud systems, a private solution increasingly becomes more appealing.

“These days, many organizations are concerned about using a shared infrastructure, or shared Cloud, because of security. Now, more organizations are willing to go to private or shared cloud solutions because of the security tools and services that have been developed in the past two to three years for the Cloud.” – Jose Alvarez, director of IT infrastructure at Auxis

2. Greater Control Over Cloud Infrastructure – The private cloud grants companies more control over the system’s infrastructure. The company can tailor its cloud system to meet specific needs, standards, and regulations.

Disadvantages

The private cloud has its own set of disadvantages.

1. Lack of Flexibility – Private cloud solutions lack flexibility, which is often touted as the Cloud’s greatest benefit.

“Once a company invests in a cloud infrastructure, it must adhere to a specific lifecycle. This means there is no pay-as-you-go pricing advantage or off-site equipment. A company has to acquire the equipment and skills needed to operate the technology in order to sustain the private cloud.” – Duane Tharp

2. Higher Cost – Private cloud solutions are more expensive because of their do-it-yourself (DIY) characteristics. Besides losing the pay-as-you-go data space feature, companies have to buy servers, pay for the electricity the servers require, and hire IT talent to keep the system running and fix problems quickly.

In the private cloud, you’re limited to the resources you buy. You use your own hardware and software, which you have to pay for and set up. There is no cost elasticity.” – David Linthicum

Hybrid

cloud-showdown

A hybrid cloud solution incorporates aspects of both the private and public cloud models. Some resources are trusted to a public CSP, while others are kept in-house and private.

Advantages

The hybrid cloud is the best of both worlds because it combines the advantages of both the public and private cloud. For example, a company can move workloads between public and private solutions thus eliminating the private cloud’s inflexibility and the public cloud’s limited security.

Disadvantages

Conversely, hybrid cloud solutions also assume the disadvantages of the private and public cloud, such as a lower level of security for data stored on the public cloud. Hybrid cloud solutions also are more complex, making it necessary to have a knowledgeable IT staff on-hand to confront problems that arise.

The Verdict

Whether a public, private, or hybrid cloud solutions is best for you business depends on what your company needs from the Cloud.

I don’t think there are pros and cons. I think each company needs to evaluate and determine what is the best solution for their needs.” – Jose Alvarez

A common school of though is that a public cloud solution makes more sense for small businesses that use the cloud on an ever-changing scale, while a private or hybrid cloud solution is more appropriate for medium and larger companies.

One way to think about the different cloud solutions is as though you are renting or buying a car. If you need a car for a week only, it makes more financial and practical sense to rent the car. However, if you plan to put another 200,000 miles on the car, obviously you should consider buying. Whether you buy or rent the car depends on your context and needs, and it is the same with the Cloud.

By Sarah Patrick

 

V2V Communications – Driverless Cars To Impact Lives

V2V Communications – Driverless Cars To Impact Lives

Driverless Cars To Impact Lives

Today’s vehicles come pre-equipped with tons of new technology that help us connect our lives in many ways. It can connect our phones, our homes, and now it can connect us to other cars on the roadways.

Car-to-Car Communication Basics

Car to car communication, also known as V2V communication, is a technology that will begin appearing in many new cars in the next couple of years. V2V is a safety feature that allows cars to broadcast their position, speed, and other data to surrounding vehicles. While many vehicles may have radar or other means to detect obstacles, the V2V communication system allows the cars to work together to build an accurate map of what is occurring in real time. This can help drivers get notified of trouble that he or she may miss or not anticipate.

V2V Leads to Driverless Vehicles

Communicating, or talking cars will change our lives. They will prevent numerous accidents, and could eventually lead to more driverless vehicles. Many standard features now include parallel parking programs, intelligent cruise control, and other features which allow some form of automatic overtaking. The driver can sit back and allow the computer to do the driving.

self-driving-cars
(Infographic source: Nowsourcing/Insurance Quotes.com)

Driverless cars have many more safety features than manual cars. Car manufacturers are ready to take driving completely out of the hands of drivers, and using V2V communication begin to set up a highway and road system that will on the surface seem safer than dealing with human error. The new cars will be cleaner, more efficient, and while they can reduce the number of accidents, they can never be perfectly safe.

Ethical Issues

Ethical issues will and have come about when dealing with V2V communication and driverless cars. In the event of an accident, how should the car be programmed to behave and respond? Should it minimize the loss of life? How should it choose between the occupants of the oncoming vehicle and its owner? Is it random? Should it be?

It’s important to answer these ethical questions, as it can play a role as to whether the consumer will ever truly accept the driverless vehicle to purchase. If the car in question is programmed to sacrifice the owner in the event of a collision, who would buy it? The Toulouse School of Economics in France did a study to find out whether self-driving cars will become widely accepted in light of this knowledge. What they found was quite interesting. While people generally understood and agreed with the idea that cars should be programmed to minimize the death toll, they were only willing to look at it idealistically. In general, they actually wanted other drivers to have this technology, but when it comes to having it for themselves, the answer was a firm, no. Drivers, in general, do not trust the other drivers on the road, and do not place any more trust in the technology to make things safer for themselves. Whether car owners place any more trust in the technology or not, cities are definitely taking a hard look at the bottom line.

Jim Barbaresso, who is vice president at HNTB, an infrastructure design firm, and a director of the Intelligent Transportation Systems World Congress, noted that while carmaker are not focused on this as a selling point, cities are focused on one major aspect of V2V communication, and that is safety.

What History Has Taught Us

According to David Mindell,who is a MIT professor and author of the new book, Our Robots, Ourselves: Robotics and the Myths of Autonomy, argues that the advanced sensors and self-driving cars can be achieved without full autonomy. He notes there are 40 years worth of examples of great human achievements in other areas such as submersibles and aerospace engineering in which advancements in technology always were more valuable when it was interactive in some way.

Future Insights

The IDC believes that the technology in our vehicles will continue to advance at a rapid pace, however “the connected vehicle ecosystem is still embryonic in its evolution” and there are many obstacles that are yet to be overcome. These challenges can include operator and passenger safety, data privacy, and system costs.

By Tina Rose

A New CCTV Nightmare: Botnets And DDoS attacks

A New CCTV Nightmare: Botnets And DDoS attacks

Botnets and DDoS Attacks

There’s just so much that seems as though it could go wrong with closed-circuit television cameras, a.k.a. video surveillance. With an ever-increasing number of digital eyes on the average person at all times, people can hardly be blamed for feeling like they’re one misfortune away from joining the ranks of Don’t Tase Me, Bro, esteemed internet celebrity.

However, if you think viral infamy is your worst-case scenario when it comes to CCTV, think again. Keep reading to find out why CCTV cameras and other internet-connected items are open to being hijacked by hackers looking to do DDoS damage, and about the bizarre case of the CCTV botnet located at a mall five minutes from a professional DDoS mitigation service.

The internet of issues with the Internet of Things

CCTV cameras belong to the Internet of Things (IOT), a grouping of, well, things that are linked through both wired and wireless networks, often using the same internet protocol as the internet. They’re embedded with network connectivity, electronics, sensors and software that allow them to collect data and exchange data. Pacemakers, smart thermostats and microchips in animals are all examples of the items that make up the Internet of Things.

bot-net
The Internet of Things is actually very cool. It minimizes the gap between the physical world and computer-based systems. It’s what allows you to turn on your smart washing machine from the office, or lock your front door from the train. Here’s the issue with the Internet of Things, though. Your laptop is connected to the internet, so you’ve secured it. Same for your phone, tablet, probably your router, and any other number of internet-connected devices you use on a daily basis. You wouldn’t leave those open to exploitation, allowing just anyone to hijack and control them.

The Internet of Things is designed to be remotely controlled across network infrastructure. Read that again. These items are designed to be remotely controlled. And yet, how many of those cow microchips do you think are secured? How many smart TVs? How many of the 245 million surveillance cameras that are installed worldwide? (And that’s only counting the professionally installed surveillance cameras. Imagine how many do-it-yourself cameras are out there with even less security.)

Hijacking horror stories

You’ve probably already read about the downside of the Internet of Things, you just may not have realized it. One of the most high-profile instances of this is the recent stories about baby monitors being hacked, with grown men screaming at babies in the dead of the night.

cloud-security-attacks-vendors

(Image Source: Shutterstock)

As you can imagine, the potential for foul play with the Internet of Things is extensive. This is what’s led to the creation of CCTV botnets, which have been behind a number of DDoS attacks. By gaining control of internet-connected devices, attackers are able to direct those resources at a target website or other internet service, overwhelming it with malicious traffic and either driving it offline, or slowing it down enough to be unusable for legitimate users.

The consequences of a DDoS attack are many and dire. Not only will a website that’s not working drive users away and erode consumer trust, but a DDoS attack can also cause hardware damage, software damage, and can act as a smokescreen while attackers steal intellectual property, customer information, and financial data. And in terms of dollars and cents, an unmitigated DDoS attack can cost an organization a staggering $40,000 per hour.

From a virtual battlefield to a physical one

CCTV botnets weren’t anything new to professional DDoS mitigation providers Imperva Incapsula. In fact, they first publicly warned about them in March of 2014 when a steep increase in botnet activity largely traced back to CCTV cameras.

However, it was a slightly different ballgame when Imperva Incapsula began to mitigate repeated HTTP flood attacks on one of their clients. The DDoS attack itself was nothing special – peaking at 20,000 requests per second, no big deal for professional DDoS mitigation – however when Imperva Incapsula began looking through the attacking IPs, they discovered something curious. Some of the botnet devices were located right near their office.

Bot-CCTV

Geo-location of CCTV Botnet devices (Source: Imperva Incapsula)

Further detective work revealed that the botnet devices in question were CCTV cameras that were accessible to attackers through the devices’ default login credentials. Imperva Incapsula employees took a look through the camera lens and recognized a mall not five minutes from their offices. In a stark departure from a normal day spent fighting the evils of the internet, employees were able to head over to the mall and explain to the camera owners in-person what had happened, why it happened, and help them clean the malware from their cameras.

Lessons that need to be learned

What you need to learn from these Internet of Things incidents is two-fold. Firstly, if you have internet-connected devices like smart TVs, washing machines, thermostats, precision farming equipment, anything, they need to be secured. Even if you for some reason did not care if your devices were being used in a botnet to carry out DDoS attacks, rest assured that if attackers can hijack your devices for DDoS attacks, they can take control of them for other reasons. This is an especially frightening thought when it comes to nanny cams and other monitoring devices in your home.

The second lesson that needs to be learned in all of this is for website owners. The Internet of Things is already massive and it’s estimated by Gartner that by the year 2020, it will be comprised of over 25 billion devices. That is billions of devices that could potentially be used in DDoS attacks against websites just like yours.

Professional DDoS protection is already a necessity, and it’s only going to continue to become a bigger necessity. Professional DDoS mitigation services may not be able to protect you from the prying eyes of a CCTV camera during your most embarrassing moments, but they can protect your website, your users, your equipment, your intellectual property, and your finances from CCTV and other Internet of Things botnets.

By Naomi Webb

Why Failure To Invest In Online Backup Could Be The Worst Business Decision You Ever Make

Why Failure To Invest In Online Backup Could Be The Worst Business Decision You Ever Make

Failure to Invest In Online Backup Could Be Costly

Success in business is a combination of many things – the right staff, the right budgeting plan, the right company culture – but also the right IT set-up.

Sadly, lots of small-medium businesses (SMBs) overlook the latter. Sure, they’ll invest in the basics, but they fail to look at the bigger picture. With so much of the business world now reliant on IT for all aspects of its operation, this could be fatal.

What is Online Backup?

In simple terms, online backup is the process of making copies of your hard drive’s data on an offsite remote server.

Typically, third-party providers are used, thus removing the need for businesses to invest in their own hardware and infrastructure. Cheap bandwidth and the decreased cost of storage means cloud-based solutions will now allow even the smallest businesses to safely secure their data without fear of loss.

Why are Offsite Backups Important?

The biggest advantage of using online backups is that your data is stored offsite.

When data is backed up onsite, whether on separate servers or on DVDs and other associated media, there is always the chance of a catastrophic loss. That could be theft, fire, or countless other causes.

Often, the backup provider will have multiple server locations, thus creating several copies of your data. That way, even if one of their locations experiences issues, your data is still safe.

Finally, your data is also encrypted, adding significant extra security against theft and cybercriminals.

storage

What’s the Worst that Could Happen?

Sadly, too many IT Directors in SMBs have the “it won’t happen to us” mentality. Nothing could be further from the truth.

Let’s take a look:

Physical Damage

We typically think of fire, flooding, and other force majeures when we consider physical damage. Of course, these are all risks that need to be fully considered, no matter how rare or unlikely.

It is arguably more important, however, to consider the risks of accidents around the office. Incidents like coffee being thrown over a laptop’s keyboard, computers knocked off desks by clumsy cleaners, and laptop bags dropped down flights of stairs all can and do happen.

The result? Data loss, monetary loss, and potentially even livelihood loss.

Hard Drive Crashes

How old is the equipment in the average office? Most experts agree that the maximum lifespan for any computer is only five years, but given the costs, time, and potential issues involved, most companies will delay upgrades for as long as possible.

hard-drive

Questions around legacy software and staff training need to be considered when upgrading – but the biggest risks of not upgrading are hard drive crashes.

Recent research suggests only 80 percent of traditional disc-based hard drives (HDDs) will see their fourth birthday, while the newer solid state drives have a limited number of reads and writes.

Recovering data from a “dead” hard drive is a non-exact science and is not guaranteed to work, so if your office is running old computers without backups, now is the time to start getting very worried.

Theft

There are two sources of theft to worry about. Of course, there are the typical smash-and-grab raids that are all too common in big cities and unsecured premises, but you also need to consider opportunistic theft.

digital-theft

(Image Source: Shutterstock)

It can occur when a person leaves their laptop unattended in a café or accidentally leaves it on public transport. This is more common than in might seem – for example, in 2008 an employee of the UK government inadvertently left a laptop containing the latest top-secret terror intelligence on al-Qaeda on a train.

If it can happen to the government, it can happen to your SMB!

Viruses and Malware

Viruses and malware are a big part of the ever-growing cybercrime problem.

The Center for Strategic and International Studies estimated the annual cost of cybercrime to be more than $445 billion in 2014, while U.S. President Barack Obama put the figure closer to $1 trillion in a 2009 speech.

Whatever the figure, pretending that your SMB’s data cannot be reached is naive.

For example, ransomware programs like CryptoLocker can encrypt files stored on local drives using an RSA public key, with the private key kept on the malware’s control servers. The victim is given a payment deadline, and if money is not received in time, the private key is deleted. Experts agree that, although the virus itself can be easily removed, the file encryption is almost impossible to break.

Don’t be held to ransom by only having one copy of your business-critical data.

Employees

A company’s staff provides IT Directors with two main headaches. Firstly, incompetence, and secondly, deliberate actions. Both are almost impossible to plan for without backups.

employees-digital

 

Incompetence and error can see vital files deleted in a flash. No doubt we’ve all accidently deleted the wrong file at some point in our lives – now imagine deleting several months of work without realizing. Without backups it will unquestionably cost your SMB both customers and cash.

Rogue employees are just as bad. Indeed, a poll at the Infosecurity Europe Conference in 2014 found that 37 percent of companies thought the biggest threat to information security was rogue employees; higher than cyber-attacks (19 percent) and “bring your own device” (15 percent).

The Solution? IDrive…

In short, the solution to all these threats is frequent online backup, and one of the best companies to choose for managing your backups is IDrive.

They provide SMBs with “secure data protection for all of [its] business computers, servers, Exchange, SQL, NAS and mobile devices,” and offer a whole host of standout features, as well as extremely competitive price plans.

For example, their features include multiple device backup, a local storage facility to compliment the cloud backup and thus allowing for faster restoring of data, 256-bit AES data encryption, real-time backups, incremental and compressed backups to ease bandwidth strain, online file synchronization, and social media backups.

They have three plans – the free plan includes 5 GB of space and 5 GB of sync space, the “Personal Plan” provides 1 TB to 10 TB of space and costs $44 – $372 per year, and the “Business Plan” provides 250 GB to 12.5 TB of space and costs $74 – $2249 per year.

What’s Stopping You?

What’s preventing you from investing in an online backup solution right now? Can you afford not to have a plan in place? Let us know your thoughts and feedback in the comments section below.

This post is brought to you by IDrive Inc.

By Daniel Price

CloudTweaks Comics
Big Data – Top Critical Technology Trend For The Next Five Years

Big Data – Top Critical Technology Trend For The Next Five Years

Big Data Future Today’s organizations should become more collaborative, virtual, adaptive, and agile in order to be successful in complex business world. They should be able to respond to changes and market needs. Many organizations found that the valuable data they possess and how they use it can make them different than others. In fact,…

How Your Startup Can Benefit From Cloud Computing And Growth Hacking

How Your Startup Can Benefit From Cloud Computing And Growth Hacking

Ambitious Startups An oft-quoted statistic, 50% of new businesses fail within five years. And the culling of startups is even more dramatic, with an estimated nine out of ten folding. But to quote Steve Jobs, “I’m convinced that about half of what separates the successful entrepreneurs from the non-successful ones is pure perseverance.” So while…

How Data Science And Machine Learning Is Enabling Cloud Threat Protection

How Data Science And Machine Learning Is Enabling Cloud Threat Protection

Data Science and Machine Learning Security breaches have been consistently rising in the past few years. Just In 2015, companies detected 38 percent more security breaches than in the previous year, according to PwC’s Global State of Information Security Survey 2016. Those breaches are a major expense — an average of $3.79 million per company,…

4 Industries Being Transformed By The Internet of Things

4 Industries Being Transformed By The Internet of Things

Compelling IoT Industries Every year, more and more media organizations race to predict the trends that will come to shape the online landscape over the next twelve months. Many of these are wild and outlandish and should be consumed with a pinch of salt, yet others stand out for their sober and well-researched judgements. Online…

Five Cloud Questions Every CIO Needs To Know How To Answer

Five Cloud Questions Every CIO Needs To Know How To Answer

The Hot Seat Five cloud questions every CIO needs to know how to answer The cloud is a powerful thing, but here in the CloudTweaks community, we already know that. The challenge we have is validating the value it brings to today’s enterprise. Below, let’s review five questions we need to be ready to address…

Why Hybrid Cloud Delivers Better Business Agility

Why Hybrid Cloud Delivers Better Business Agility

Why Hybrid Cloud Delivers Better Business Agility A CIO friend of mine once told me that a hybrid cloud model enables him to “own the base, rent the spike” when it comes to unplanned events. Let’s face it – maintaining unused infrastructure for rare or random IT events is expensive and unnecessary in a cloud…

Cloud Infographic – The Future (IoT)

Cloud Infographic – The Future (IoT)

The Future (IoT) By the year 2020, it is being predicted that 40 to 80 billion connected devices will be in use. The Internet of Things or IoT will transform your business and home in many truly unbelievable ways. The types of products and services that we can expect to see in the next decade…

The Cloud Is Not Enough! Why Businesses Need Hybrid Solutions

The Cloud Is Not Enough! Why Businesses Need Hybrid Solutions

Why Businesses Need Hybrid Solutions Running a cloud server is no longer the novel trend it once was. Now, the cloud is a necessary data tier that allows employees to access vital company data and maintain productivity from anywhere in the world. But it isn’t a perfect system — security and performance issues can quickly…

A New CCTV Nightmare: Botnets And DDoS attacks

A New CCTV Nightmare: Botnets And DDoS attacks

Botnets and DDoS Attacks There’s just so much that seems as though it could go wrong with closed-circuit television cameras, a.k.a. video surveillance. With an ever-increasing number of digital eyes on the average person at all times, people can hardly be blamed for feeling like they’re one misfortune away from joining the ranks of Don’t…

Consequences Of Combining Off Premise Cloud Storage and Corporate Data

Consequences Of Combining Off Premise Cloud Storage and Corporate Data

Off Premise Corporate Data Storage Cloud storage is a broad term. It can encompass anything from on premise solutions, to file storage, disaster recovery and off premise options. To narrow the scope, I’ve dedicated the focus of today’s discussion to the more popular cloud storage services—such as Dropbox, Box, OneDrive—which are also known as hosted,…

Are Cloud Solutions Secure Enough Out-of-the-box?

Are Cloud Solutions Secure Enough Out-of-the-box?

Out-of-the-box Cloud Solutions Although people may argue that data is not safe in the Cloud because using cloud infrastructure requires trusting another party to look after mission critical data, cloud services actually are more secure than legacy systems. In fact, a recent study on the state of cloud security in the enterprise market revealed that…

The Cancer Moonshot: Collaboration Is Key

The Cancer Moonshot: Collaboration Is Key

Cancer Moonshot In his final State of the Union address in January 2016, President Obama announced a new American “moonshot” effort: finding a cure for cancer. The term “moonshot” comes from one of America’s greatest achievements, the moon landing. If the scientific community can achieve that kind of feat, then surely it can rally around…

How To Humanize Your Data (And Why You Need To)

How To Humanize Your Data (And Why You Need To)

How To Humanize Your Data The modern enterprise is digital. It relies on accurate and timely data to support the information and process needs of its workforce and its customers. However, data suffers from a likability crisis. It’s as essential to us as oxygen, but because we don’t see it, we take it for granted.…

Three Tips To Simplify Governance, Risk and Compliance

Three Tips To Simplify Governance, Risk and Compliance

Governance, Risk and Compliance Businesses are under pressure to deliver against a backdrop of evolving regulations and security threats. In the face of such challenges they strive to perform better, be leaner, cut costs and be more efficient. Effective governance, risk and compliance (GRC) can help preserve the business’ corporate integrity and protect the brand,…

Cloud Services Providers – Learning To Keep The Lights On

Cloud Services Providers – Learning To Keep The Lights On

The True Meaning of Availability What is real availability? In our line of work, cloud service providers approach availability from the inside out. And in many cases, some never make it past their own front door given how challenging it is to keep the lights on at home let alone factors that are out of…

Achieving Network Security In The IoT

Achieving Network Security In The IoT

Security In The IoT The network security market is experiencing a pressing and transformative change, especially around access control and orchestration. Although it has been mature for decades, the network security market had to transform rapidly with the advent of the BYOD trend and emergence of the cloud, which swept enterprises a few years ago.…

Your Biggest Data Security Threat Could Be….

Your Biggest Data Security Threat Could Be….

Paying Attention To Data Security Your biggest data security threat could be sitting next to you… Data security is a big concern for businesses. The repercussions of a data security breach ranges from embarrassment, to costly lawsuits and clean-up jobs – particularly when confidential client information is involved. But although more and more businesses are…

Protecting Devices From Data Breach: Identity of Things (IDoT)

Protecting Devices From Data Breach: Identity of Things (IDoT)

How to Identify and Authenticate in the Expanding IoT Ecosystem It is a necessity to protect IoT devices and their associated data. As the IoT ecosystem continues to expand, the need to create an identity to newly-connected things is becoming increasingly crucial. These ‘things’ can include anything from basic sensors and gateways to industrial controls…

Using Private Cloud Architecture For Multi-Tier Applications

Using Private Cloud Architecture For Multi-Tier Applications

Cloud Architecture These days, Multi-Tier Applications are the norm. From SharePoint’s front-end/back-end configuration, to LAMP-based websites using multiple servers to handle different functions, a multitude of apps require public and private-facing components to work in tandem. Placing these apps in entirely public-facing platforms and networks simplifies the process, but at the cost of security vulnerabilities. Locating everything…