Category Archives: Security

Cloud Security Alliance (CSA) Las Vegas Security Event

Cloud Security Alliance (CSA) Las Vegas Security Event

Keynotes Set For Upcoming Cloud Security Alliance Congress

Schedule of Workshops, Trainings and Certifications to Compliment Session Line Up at the only Data Privacy and Cloud Security Conference Featuring Best-in-Class Education and Networking

The Cloud Security Alliance (CSA), the world’s leading organization dedicated to defining and raising awareness of best practices to help ensure a secure cloud computing environment, today released the keynote presenters and session line up for the upcoming CSA Congress US at the Privacy.Security.Risk Conference taking place September 29 – October 1 in Las Vegas, NV. Registration is currently open with early registration discounts being offered through August 28.

P.S.R. brings together two industry-leading events, CSA Congress US and the IAPP Privacy Academy to provide attendees with more than double the education and networking opportunities with the leading innovators and practitioners in technology, security and privacy for the price of a single conference. 

This year’s keynote presents include:

  • Arthur W. Coviello, Jr., Executive Chairman (Retired), The Security Division of EMC, RSA
  • Brian Krebs, Investigative Reporter, Cybersecurity Expert
  • Travis LeBlanc, Chief of Enforcement, Federal Communications Commission
  • Lydia Parnes, Partner, Wilson Sonsini Goodrich & Rosati
  • Jessica Rich, Director, Bureau of Consumer Protection, Federal Trade Commission
  • Adam Tanner, Fellow, Institute for Quantitative Social Science, Harvard University
  • Jean Yang, PhD Student, Computer Science and Artificial Intelligence Laboratory (CSAIL), Massachusetts Institute of Technology

More than 1000 cloud and privacy practitioners and leaders will have access to a total of eleven tracks that will make up this year’s conference program including.  Cloud Security and Privacy, Compliance and Audit, Emerging Technologies, Healthcare Privacy, Information Security, International Developments, Intersection of Privacy and Security, Marketing, Privacy Program Management and Development, Risk and Trust in the Cloud and Security Development and Operations.  Additionally a number of training, certifications and pre-conference workshops will also be offered at this year’s event…

Visit for more conference information: Cloud Security Alliance 

New Approach Addresses Cybersecurity Challenges For The IoT

New Approach Addresses Cybersecurity Challenges For The IoT

Cybersecurity Challenges For The IoT

The traditional approach to cybersecurity is to assume trust and then take steps to manage what isn’t trusted. But as the concept of an industrial Internet of Things (IIoT) gains momentum, one of the primary challenges facing businesses is safeguarding connections between information technology (IT) and operational technology (OT).

With this in mind, a US company has developed an innovative system that improves IT security by securing OT endpoints. Working in a way that that is completely opposite to the way that traditional cybersecurity works, the system assumes that there is zero trust, and uses a physical and virtual appliance to enable only communications that are whitelisted.

The company, Tempered Networks, prides itself on taking “a different approach,” and last year this approach was recognized in the form of two prestigious awards for entrepreneurship and innovation. One was Frost & Sullivan’s 2014 North American Entrepreneurial Company of the Year award, and the other, SC Magazine’s 2014 Security Innovator award.

The company provides built-for-purpose, military-grade security appliances that are designed to “cloak” the network’s critical infrastructure using cryptographic identities to hide communications between trusted devices. Ultimately this enables all types of businesses to take advantage of machine-to-machine (M2M) and IIoT connectivity that is secure and efficient, and it reduces operating costs significantly to boot.

The appliance Tempered Networks has designed is an HIPswitch that is positioned right in front of the computer or any other IP-connected device. Since there are multiple computers in every business, all the HIPswitches are managed via a central HIPswitch conductor. Then administrators within the company are able to configure private overlay networks between the server and various items of equipment (the OT devices), so that only specific data is visible. If there is no “peer HIPswitch identity,” communications from any other part of the network will be ignored, because it is assumed to be “untrusted.” This, in turn, will protect the device from infection by any malicious form of traffic.

IoT expert, Zeus Kerravala applauds the new technology and its very different approach.

IoT Challenges and Trends

kerravalaKerravala has been addressing some of the challenges businesses today face with the IoT in talks he’s been presenting at IT Roadmap events.

Founder and principal analyst at ZK Research, which identifies short term trends that demand tactical shifts that fit long-term strategies, Kerravala calls the IoT the “next technology mega-trend” that all sized businesses must be aware of. One of the greatest challenges, he says, is bringing IT and OT together, especially since many IT people are not familiar with OT, which is responsible for all the various technologies businesses need to operate and generate revenue, from trucks to medical equipment.

Even though IT and OT are separate, “In an IoT world, everything gets connected to a common network,” he points out in a recent article. Further, IoT brings them together quickly, “as the data these devices generate provides valuable insight into the revenue-generating components of the enterprise.”

Even though OT devices may exist on networks right now, a major challenge is securing OT devices that are mostly closed, not located in a secure data center, and don’t have the level of instrumentation required to manage and secure themselves. While IT operates are already battling to secure corporate networks, now they have to add OT to the network and maintain the same, or preferably and even higher level of security, he says. It sounds impossible, but, as he points out, Tempered Networks has addressed this very problem.

IT Roadmap New York

NYC_ITR15

Kerravala is in the lineup of speakers who will be sharing information and views in New York on July 29. His topic, Connecting the Future: Trends in the Internet of Things, will explore the huge potential the IoT has in terms of creating new business opportunities as well as new streams of revenue. Convinced like many others that the IoT can change the way we live, learn and work more radically than others realize, he will present some of the latest trends relating to the IoT together with real world examples that show how it adds value to enterprises. Since this is done, in part, by connecting devices that weren’t traditionally connected, the challenges themselves offer opportunities to innovative, entrepreneurial businesses like Tempered Networks.

By Penny Swift

Google Glass – The Good, The Bad & The Ugly

Google Glass – The Good, The Bad & The Ugly

Google Glass

Though only available to a tiny percentage of the world’s population and criticized as ‘dead’, Google Glass appears, in fact, to be alive and well in the enterprise, with a recent announcement that Google is planning to distribute Glass ‘Enterprise Edition through Glass for Work partners. 9To5Google reports that this new edition will come with a new, larger prism display, Intel Atom CPU for better performance, and optional external battery pack.

Already there are ethical quandaries and debate around privacy. Noted by Jules Polonetsky, executive director and co-chairman of the Future of Privacy Forum, both Kodak cameras and caller ID were initially met with serious privacy concerns when first introduced, but have been accepted as harmless and integral parts of our society today. Perhaps there will be much study and inquiry required before society fully embraces Google Glass and similar tech, but the advantages might quickly put paid to any reluctance.

The Workplace

workplace

Because Google Glass provides users with the ability to record everything they see, as well as surf the net while simultaneously interacting with the world, the impact on business may be both positive and negative. Some public businesses such as restaurants, bars, casinos, and theatres have already banned Google Glass from their premises, though since many similar functions are provided via smart phones, it’s questionable how necessary this is.

Privacy issues including recording confidential meetings, and safety issues such as performing hazardous jobs with divided attention, are evident, but a host of benefits exist too. Google Glass provides apps that aid in business travel with flight reminders, navigation, and expense calculation. Presentations can be far more streamlined and better communicated with apps that allow speakers to control slides and view notes while presenting, and Google Glass provides efficiency optimization through training possibilities, applications that help locate lost items, reminders, and built-in assessments. Checks for quality, safety, and security could create safer, more efficient work environments, and the communication and collaboration possibilities are infinite.

Education

Google Glass may be considered the ultimate cheat sheet though it wasn’t all that long ago that calculators weren’t allowed in exam rooms. Today it’s almost ridiculous to imagine the situation in which any complex mathematics or engineering examination would require students to do without scientific calculators. Google Glass could revamp education systems providing video tutorials and quick research mechanisms, and the interaction capacity could transform learning processes. Affording mechanics and surgeons a working blueprints while leaving their hands free to act may not be far in the future, and so how long before schools and universities train their students to work with such wearable tech instead of insisting without?

Personal

google-glassThe privacy concerns of filming in bathrooms and other private areas are significant, as are safety fears around driving while messaging or Googling. Though many countries have laws related to the use of recording equipment and one or two party consent, as well as safety regulations which control the use of mobile devices while driving, Google Glass will present a new realm for lawmakers to tackle. The assistance Google Glass might provide is really limited only to the imagination.

With the potential for healthcare, assistance for the handicapped, memory support, and translation, as well as augmented reality and safer extreme sports, our personal lives might change dramatically. Of course, the dilemma of social engagement is already of concern with the amount of time people spend locked into virtual reality, ignoring their physical environments. Will we live in a future where it’s polite to remove both your hat and your Google Glass when entering someone’s home?

Glasshole or Not? 7 Urgent Ethical Dilemmas for Wearable Tech offers more insight into how society might deal with these and similar scenarios in the future, providing fresh discussions and perspectives around wearable tech.

By Jennifer Klostermann

Risks Of Virtualization In Public And Private Clouds

Risks Of Virtualization In Public And Private Clouds

Risks Of Virtualization

Server virtualization is one of the cornerstone technologies of the cloud. The ability to create multiple virtual servers that can run any operating system on a single physical server has a lot of advantages.

These advantages can appear in public, Infrastructure as a Service (IaaS), as well as in private clouds.

However, it also brings some risks.

risks

Virtualization reduces the number of physical servers required for a given workload, which brings cost benefits. It also allows for more flexible sizing of computer resources such as CPU and memory. This in turn tends to speed up development projects, even without automatic provisioning. Virtualization can even increase the security of IT because it is easier to set up the right network access controls between machines.

So in order to get real benefits, steer clear of the risks. A pretty extensive overview of these risks was written by the US National Institute of Standards and Technology (NIST). You can find it at Special Publication 800-125. This article is partly based on that.

Let us first get some of the important concepts straight. The host is the machine on which the hypervisor runs. The hypervisor is the piece of software that does the actual virtualization. The guests then, are the virtual machines on top of the hypervisor, each of which runs its own operating system.

The hypervisors are controlled through what is called the ‘management plane’, which is a web console or similar that can remotely manage the hypervisors. This is a good deal more convenient than walking up to the individual servers. It is also a lot more convenient for remote hackers. So it is good practice to control access to the management plane. That might involve using two-factor authentication (such as smart cards), and only giving individual administrators the access that is needed for their task.

An often mentioned risk of virtualization is the so-called ‘guest escape’, where one virtual machine would access or break into its neighbor on the same virtual machine. This could happen through a buggy hypervisor or insecure network connections on the host machine. The hypervisor is a piece of software like any other software. In fact, it is often based on a scaled-down version of Linux, and any Linux vulnerability could affect the hypervisor. However, if you control the hypervisor, you control not just one system, you can control the entire cloud system. So it is of the highest importance that you are absolutely certain that you run the right version of the hypervisor. You should be very sure of where it came from (its provenance), and you should be able to patch or update it immediately.

Network Design

Related to this is the need for good network design. The network should allow real isolation of any guest, so that they will not be able to see any traffic from other guests, nor traffic to the host.

virtualization-design

An intrinsic risk of server virtualization is so called ‘resource abuse’, where one guest (or tenant) is overusing the physical resources, thereby starving the other guests of the resources required to run their workloads. This is also called the ‘noisy neighbor’ problem. To address it can require a number of things. The hypervisor might be able to limit the over usage of a guest, but in the end, somebody should be thinking about how to avoid putting too many guests on a single host. That is a tough balance to strike: too few guests means you are not saving enough money, too many guests mean you risk performance issues.

In the real world, there are typically a lot of virtual servers that are identical. They run from the same ‘image’, and each virtual server is then called an instance of that image, or instance for short.

Then, with virtual servers it becomes easy to clone, snapshot, replicate, start and stop images. This has advantages, but also creates new risks. It can lead to an enormous sprawl or proliferation of server images that need to be stored somewhere. This can become hard to manage and represents a security risk. For example, how do you know that when a dormant image is restarted after a long time, that it is still up to date and patched? I heard a firsthand story of an image that got rootkitted by a hacker.

So the least you should do; is do your anti-malware, virus and version checking also on images that are not in use. Even when you work with a public IaaS provider, you are still responsible for patching the guest images.

In summary, server virtualization brings new power to IT professionals. But as the saying goes, with great power comes great responsibility.

(Image source: Shutterstock)

By Peter HJ van Eijk

Mobile Phones – Cyber Security Threat Within US Department of Defense

Mobile Phones – Cyber Security Threat Within US Department of Defense

Cyber Security Threat

A recent whitepaper on cyber security in the US government reveals that that the increasing number of mobile phones being used within federal agencies is escalating the risk of cyber threat from inside agencies. It also cites employees as the key to insider threats, and recommends that more money be spent addressing this issue.

Titled Cybersecurity in the Federal Government, the report commissioned by management software company, SolarWinds tackles the many challenges IT professionals currently face trying to prevent both external and internal IT security threats and attacks. It also suggests ways that government and the private sector can help to mitigate the growing risks of cyber attack.

insider-threats

Based on a study undertaken by the North American communications company, Market Connections, the whitepaper explores growing “insider threats” within the Federal IT community, acknowledging that this type of threat is the most damaging, and currently creating the greatest concern within government. It looks at the impact of mobile devices as an increasing insider threat; and examines investment trends that are moving toward attempting to mitigate insider threats. It also considers insider threat prevention techniques and tools cyber security managers within government are able to implement.

The increasing use of mobile technology was cited as “the top obstacle for preventing insider threats” within federal agencies. A total of 56 percent of participants in the study believed the mobile devices were an obstacle when it came to preventing accidental cyber threats; and 44 percent said it was an obstacle for preventing malicious threats. A third of those involved in the study believed that agency data on government-owned mobile devices was most at risk. By comparison, only 29 percent were worried about contractor- or employee-owned devices.

According to Joel Dolisy, CIO of SolarWinds, the concerns regarding mobile devices are likely to increase as federal agencies implement more bring-your-own-device programs. “This shift in technology at work will likely contribute to the increased risk from insiders,” he said. Further, because federal agencies generally see external threats as a greater risk, internal threats don’t attract the same resources as external threats, he said.

Insider Threats

security-insider

The study was commissioned in December last year (2014) to assess just how much hacking comes from malicious outsider attacks and how much is due to insider threats. While federal agencies spend a vast amount of money preventing attacks from outside – especially those identified as originating in other countries including China and Russia – those managing cyber security within US federal agencies have been concerned for some time about insider threats.

It followed a previous study earlier in the year, which revealed that because people are so unpredictable, whether through malicious intent or human error, they pose a “damaging threat” to government agency cyber security defenses.

According to the US Defense Contract Management Agency (DCMA)’s director of operations, the Department of Defense has positioned itself quite strongly against external cyber threats, but malicious or accidental insider threats have caused more problems. This was largely because people within agencies largely “do what they want” and see security as a form of interference, he said. Additionally, some of the younger employees have “skills to successfully work around security protocols.

While more than half of respondents in the study believed that insiders were the biggest security threat to federal agencies, 38 percent were convinced that whether from external or external sources, malicious threats were the most damaging breach suffered. A total of 23 percent said malicious insiders were the biggest cyber security threat of all.

Primary security threats cited were:

  • The general hacking community (46 percent)
  • Foreign governments (38 percent)
  • Hacktivists (30 percent)

When asked where data was most at risk, 47 percent said personal computers, and 42 percent said removable storage media.

Ultimately, the study cited a simple solution to addresses insider threats. Agencies must know what devices are used on their networks as well as who is using them and when they are using them. They also need to establish what is being used in the network operation, and whether it is virtual, mobile or desktop based.

Internal threats will continue to exist as long as agencies continue to employ people, so agencies need to make at least an equal investment in addressing insider threats,” the report states.

(Image Source: Shutterstock)

By Penny Swift

Data Violations – Record Year For Data Breaches

Data Violations – Record Year For Data Breaches

Record Year For Data Breaches

The news is full of data security breaches. This week, Sputnik International reported that Hacking Team had a 400 GB database stolen and published, and last month Ars Technica discussed in detail the information breach at the U.S. Government’s Office of Personnel Management. MSPmentor‘s current IT security news includes the hacking of databases at Harvard, a data breach discovered at Orlando Health, and 85,000 compromised debit and credit cards during the FireKeepers Casino data breach. Non-profit identity theft organization ITRC reported 400 data breaches this year as of June 30 and believes 2015 could top the charts for data violations.

report-breaches

See The Full Report

As if you didn’t have more important things to worry about – so here’s a quick look at how to stay ahead.

The Risks

  • Access control and authentication: are you certain only the necessary people have access to relevant data at all times?
  • Terms and conditions: are the standards of your service providers equal to those your organization maintains? And how secure are your own standards?
  • Virtualization technology: what are the security guarantees? How accessible are the services offered?
  • Data privacy: strict security measures need to be in place ensuring responsible data management, and industry and regulation compliance.

Security Strategies

  • Transparency: choose service providers that adhere to industry standards, provide clear service and product details, and have open lines of communication.
  • Drills: be sure to test for possible security holes, and plan for breaches. Just as you would prepare for physical risks such as fires, put emergency tests and procedures in place to counter data threats.
  • Backup: always have a backup. Do it now.
  • Diversify: minimize your risk by spreading data over localized and cloud servers; scatter service provider usage where possible.
  • Education: train yourself and your employees on security threats and defenses. Try to be proactive and keep up with the constantly-evolving environment.
  • Data tracking: understanding data-centric security tools helps maintain sensitive data and ensures you’re the first to know should something go wrong.
  • Policies in place: governance policies are essential and should be clearly established to safeguard data privacy. Data sensitivity classification helps apply the correct security techniques to relevant data sets.
  • Encryption: never store encryption keys in the software or with your data, and be certain that strong encryption techniques are being used. Always remember that data being used is also vulnerable, so take steps to ensure secure handling.

We’ve managed to get hold of Jay Jacobs and Bob Rudis’ Data-Driven Security: Analysis, Visualization and Dashboards, and are offering a free download for Cloud Tweaks readers this week. This valuable book discusses how the correct use and understanding of data can positively impact your security levels, covering concepts, tools, and techniques that surpass best practice alone.

By Jennifer Klostermann

CDN Performance Report – Month of June – 2015

CDN Performance Report – Month of June – 2015

CDN Performance Report

Each month CloudTweaks will be providing a series of benchmark testing performance reports conducted by our contributing partners. The first in our series will be on (CDN) Content Delivery Networks which is a growing industry whose customers are primarily web based companies looking for that extra layer of site protection and speed. This monthly Performance Data Report is provided by Cedexis

HTTP Latency

In North America we note an increase in Latency for Akamai around the 14th of June that lasted about 3 days. Over the course of the month however, Akamai maintained a clear advantage over the other CDNs measured here.

cdn-1

Moving to South America we see that Akamai is also maintaining a clear latency lead at 125ms on average for the month vs. their competitors as measured at the 75th percentile.

cdn-5

In Europe Level3 and Edgecast ran neck and neck for the entire month at the number 2 slot averaging roughly 67ms at the 75th percentile.

cdn-2

In Asia Akamai ran on average at around half the latency of its nearest competitors at around 37ms at the 75th percentile. Of note was a 3-4 day increase in latency that knocked them to over 160ms for at least 2 days on average.

cdn-6

In Africa Akamai ran at near 210ms at 75th percentile while the rest of the pack at between 247ms and 251ms at the 75th percentile.

cdn-3

Now turning our attention to Availability we see that worldwide (5 major geographies: Asia/Europe/N America/S American/Africa) for the month of June Availability on average was between 98.295% and 98.578%. In spite of a significant dip in Availability for Level3 in the middle of the month – they led on average for the month.

cdn-7

Regionally the story was different. It was only in Europe that all 5 CDNs reached 99% available. In N American not one CDN was over 99% for the month. Other geographies were worse.

cdn-4

Benchmark testing provided by

cedexis

7 Cloud Security Mistakes Bound To Bite You

7 Cloud Security Mistakes Bound To Bite You

7 Main Cloud Security Mistakes 

Like sharks off the coast of North Carolina this summer, information security threats are lurking. And now that cloud computing is woven into the fabric of IT everywhere, specific risks to an enterprise’s data apply.

Cloud computing is to IT what Shark Week is to summertime: a cultural feeding frenzy. In a nod to the annual TV chomp-fest, Perspecsys presents the Seven Cloud Security Mistakes Bound to Bite You.

But taking basic precautions – whether at the beach or on the job – can help keep you and your data safe, respectively.

1. Relinquishing control of your most sensitive data to a cloud service provider

Just as swimmers are at the mercy of the ocean, using public cloud services equates to turning control of your data – even the sensitive and regulated data – over to cloud service providers.

Safety tip: For users: adhere to IT and security policies set by your organization when signing up for cloud services for business use. For organizations: Get familiar with data-centric security tools that work in and outside the company’s walls, in particular, cloud data encryption and tokenization.

sensitive-data

2. Not knowing where your data is hanging out

There are some beaches were you know you should not be going into the water. In the same vein, knowing the physical locations of where your data is being processed and stored will keep you on the right side of data-residency regulations that have a painful bite if they are violated.

Safety tip: Make sure you understand where you cloud provider’s primary and back-up datacenters are located. Take time to investigate the prevailing legal requirements in all of these jurisdictions regarding data privacy. Look to technologies such as cloud data tokenization to keep data resident in specific locations if data residency issues are challenging your cloud adoption program.

3. Not reading the fine print

When you sign up for cloud apps, you agree to the associated terms and conditions. This is like going full Hasselhoff with disregard for beach warning signs, since the policies and standards your organization adheres to regarding the treatment of data are likely not shared by the cloud service provider.

Safety tip: Insist on contractual clauses, which require that data maintained by your service providers be treated in certain ways. For example, if regulated data such as patient information is placed in third party cloud systems, additional safeguards may need to be put in place to ensure it is adequately protected.

4. Using weak passwords

Weak passwords are like a three-sided shark cage. Cyber criminals can swim right through your defenses. The top 100 passwords people use haven’t changed over the years, according to Researcher Mark Burnett who released 10 million passwords collected from data breaches over the past decade.

Safety tip: Use different passwords for different services and change your passwords frequently.

5. Believing passwords are enough

Letting passwords lull you into a false sense of security is like thinking you’re safe by swimming in a group, but not knowing there’s a colony of seals a few feet away. Shark and cyber attacks are both on the rise in 2015 as the number of bites and breaches continue to climb. The good news is that awareness is rising that even a strong password isn’t enough to keep data safe and savvy professionals are putting multiple layers of defense in place.

Safety tip: Strong multi-factor authentication is necessary to keep the network and cloud applications secure. Also use techniques like data encryption and tokenization to minimize the number of systems where data flows to in the “clear”, thereby minimizing the points where cyber criminals can get their hands on anything meaningful.

6. Not backing up your data

Boating without a life raft isn’t a high percentage move in the event of an accident. If anything, the famous U.S.S. Indianapolis speech from Jaws will make you want to always have a back up ride to shore. Make sure your cloud provider allows you to make local backups of your data too. This isn’t always possible with some of the big consumer cloud services, so be sure to ask.

Safety tip: Having backups of your data is always a good idea whether it is stored in the cloud or not. Using more than one cloud service minimizes the risk of widespread data loss or downtime due to a localized component failure.

7. Poor planning leaves you in a bind

If only Quint had listened to Chief Brody and went back to shore to get a bigger boat, perhaps he would have survived! As with most things in life, incorporating new data points into your plans can help keep you afloat. As you consider your cloud adoption programs, stay abreast of impending changes that can impact your cloud use, such as data privacy regulations that have been getting increasingly strict over the past year.

Safety tip: Map out the “life” of your cloud data. Pay attention to what countries it flows through and where it gets processed and stored. Identify if the movement of your data to any of these countries creates potential compliance or regulatory issues for you – either now or in the future – and take proactive steps to address the problem before it is too late.

PerspecSys-David-CanellosBy David Canellos

David is President and CEO of Perspecsys. Previously, David was SVP of Sales and Marketing at Irdeto Worldwide, a division of Naspers. Prior to that, David was the President and COO of Cloakware, which was acquired by Irdeto. Before joining Cloakware, David was the General Manager and Vice President of Sales for Cramer Systems (now Amdocs), a UK-based company, where he was responsible for the company’s revenue and operations in the Americas. 

CloudTweaks Comics
Explosive Growth Of Data-Driven Marketing

Explosive Growth Of Data-Driven Marketing

Data-Driven Marketing There is an absolute endless amount of data that is being accumulated, dissected, analyzed with the important bits extracted and used for a number of purposes. With the amount of data in the world has already reached into multiple zettabytes annually. A Zettabyte is one million petabytes or one thousand exabytes. With data…

Lavabit, Edward Snowden and the Legal Battle For Privacy

Lavabit, Edward Snowden and the Legal Battle For Privacy

The Legal Battle For Privacy In early June 2013, Edward Snowden made headlines around the world when he leaked information about the National Security Agency (NSA) collecting the phone records of tens of millions of Americans. It was a dramatic story. Snowden flew to Hong Kong and then Russia to avoid deportation to the US,…

How Formal Verification Can Thwart Change-Induced Network Outages and Breaches

How Formal Verification Can Thwart Change-Induced Network Outages and Breaches

How Formal Verification Can Thwart  Breaches Formal verification is not a new concept. In a nutshell, the process uses sophisticated math to prove or disprove whether a system achieves its desired functional specifications. It is employed by organizations that build products that absolutely cannot fail. One of the reasons NASA rovers are still roaming Mars…

Cloud Infographic – The Data Scientist

Cloud Infographic – The Data Scientist

Data Scientist Report The amount of data in our world has been exploding in recent years. Managing big data has become an integral part of many businesses, generating billions of dollars of competitive innovations, productivity and job growth. Forecasting where the big data industry is going has become vital to corporate strategy. Enter the Data…

5 Essential Cloud Skills That Could Make Or Break Your IT Career

5 Essential Cloud Skills That Could Make Or Break Your IT Career

5 Essential Cloud Skills Cloud technology has completely changed the infrastructure and internal landscape of both small businesses and large corporations alike. No professionals in any industry understand this better than IT pros. In a cutthroat field like IT, candidates have to be multi-faceted and well-versed in the cloud universe. Employers want to know that…

Cloud Infographic: Programming Languages To Build Your Cloud

Cloud Infographic: Programming Languages To Build Your Cloud

Programming Languages What programming languages are the building blocks to help develop and facilitate these present and future cloud platforms? Where can we learn and develop these skills in order to help us build our own careers? A couple of options would be to visit sites such as Stackoverflow which can provide you with a good source of information.…

The Monstrous IoT Connected Cloud Market

The Monstrous IoT Connected Cloud Market

What’s Missing in the IoT? While the Internet of Things has become a popular concept among tech crowds, the consumer IoT remains fragmented. Top companies continue to battle to decide who will be the epicenter of the smart home of the future, creating separate ecosystems (like the iOS and Android smartphone market) in their wake.…

Cloud Infographic – Cloud Computing And SMEs

Cloud Infographic – Cloud Computing And SMEs

Cloud Computing And SMEs SMEs (Small/Medium Sized Enterprises) make up the bulk of businesses today. Most cloud based applications created today are geared toward the SME market. Accounting, Storage, Backup services are just a few of them. According to the European Commission, cloud based technology could help 80% of organisations reduce costs by 10-20%. This infographic provided…

The Industries That The Cloud Will Change The Most

The Industries That The Cloud Will Change The Most

The Industries That The Cloud Will Change The Most Cloud computing is rapidly revolutionizing the way we do business. Instead of being a blurry buzzword, it has become a facet of everyday life. Most people may not quite understand how the cloud works, but electricity is quite difficult to fathom as well. Anyway, regardless of…

Cloud Infographic: The Explosive Growth Of The Cloud

Cloud Infographic: The Explosive Growth Of The Cloud

The Explosive Growth Of The Cloud We’ve been covering cloud computing extensively over the past number of years on CloudTweaks and have truly enjoyed watching the adoption and growth of it. Many novices are still trying to wrap their mind around what the cloud it is and what it does, while others such as thought…

Staying on Top of Your Infrastructure-as-a-Service Security Responsibilities

Staying on Top of Your Infrastructure-as-a-Service Security Responsibilities

Infrastructure-as-a-Service Security It’s no secret many organizations rely on popular cloud providers like Amazon and Microsoft for access to computing infrastructure. The many perks of cloud services, such as the ability to quickly scale resources without the upfront cost of buying physical servers, have helped build a multibillion-dollar cloud industry that continues to grow each…

Are Cloud Solutions Secure Enough Out-of-the-box?

Are Cloud Solutions Secure Enough Out-of-the-box?

Out-of-the-box Cloud Solutions Although people may argue that data is not safe in the Cloud because using cloud infrastructure requires trusting another party to look after mission critical data, cloud services actually are more secure than legacy systems. In fact, a recent study on the state of cloud security in the enterprise market revealed that…

Do Not Rely On Passwords To Protect Your Online Information

Do Not Rely On Passwords To Protect Your Online Information

Password Challenges  Simple passwords are no longer safe to use online. John Barco, vice president of Global Product Marketing at ForgeRock, explains why it’s time the industry embraced more advanced identity-centric solutions that improve the customer experience while also providing stronger security. Since the beginning of logins, consumers have used a simple username and password to…

Adopting A Cohesive GRC Mindset For Cloud Security

Adopting A Cohesive GRC Mindset For Cloud Security

Cloud Security Mindset Businesses are becoming wise to the compelling benefits of cloud computing. When adopting cloud, they need a high level of confidence in how it will be risk-managed and controlled, to preserve the security of their information and integrity of their operations. Cloud implementation is sometimes built up over time in a business,…

Three Tips To Simplify Governance, Risk and Compliance

Three Tips To Simplify Governance, Risk and Compliance

Governance, Risk and Compliance Businesses are under pressure to deliver against a backdrop of evolving regulations and security threats. In the face of such challenges they strive to perform better, be leaner, cut costs and be more efficient. Effective governance, risk and compliance (GRC) can help preserve the business’ corporate integrity and protect the brand,…

Don’t Be Intimidated By Data Governance

Don’t Be Intimidated By Data Governance

Data Governance Data governance, the understanding of the raw data of an organization is an area IT departments have historically viewed as a lose-lose proposition. Not doing anything means organizations run the risk of data loss, data breaches and data anarchy – no control, no oversight – the Wild West with IT is just hoping…

The Cloud Is Not Enough! Why Businesses Need Hybrid Solutions

The Cloud Is Not Enough! Why Businesses Need Hybrid Solutions

Why Businesses Need Hybrid Solutions Running a cloud server is no longer the novel trend it once was. Now, the cloud is a necessary data tier that allows employees to access vital company data and maintain productivity from anywhere in the world. But it isn’t a perfect system — security and performance issues can quickly…

Maintaining Network Performance And Security In Hybrid Cloud Environments

Maintaining Network Performance And Security In Hybrid Cloud Environments

Hybrid Cloud Environments After several years of steady cloud adoption in the enterprise, an interesting trend has emerged: More companies are retaining their existing, on-premise IT infrastructures while also embracing the latest cloud technologies. In fact, IDC predicts markets for such hybrid cloud environments will grow from the over $25 billion global market we saw…

Why Security Practitioners Need To Apply The 80-20 Rules To Data Security

Why Security Practitioners Need To Apply The 80-20 Rules To Data Security

The 80-20 Rule For Security Practitioners  Everyday we learn about yet another egregious data security breach, exposure of customer data or misuse of data. It begs the question why in this 21st century, as a security industry we cannot seem to secure our most valuable data assets when technology has surpassed our expectations in other regards.…