Category Archives: Security

State of the Union: Obama Hopes To Make The Internet A Safer Place

State of the Union: Obama Hopes To Make The Internet A Safer Place

Obama Hopes To Make The Internet A Safer Place

Fresh off the back of a joint conference with British Prime Minister David Cameron last week, in which the two heads of state said they wanted their countries to have increased cybersecurity capabilities to help counter terrorism, Barrack Obama has used his annual State of the Union address to announce that he will use 2015 to pass new cybersecurity legislation that will make the internet a safer place. 

No foreign nation, no hacker, should be able to shut down our networks, steal our trade secrets, or invade the privacy of American families, especially our kids. We are making sure our government integrates intelligence to combat cyber threats, just as we have done to combat terrorism”, said Obama. 

state-of-union

(Image Source: USAToday)

The high-profile hacks of Sony, Target, and Home Depot in recent months have made new legislation a priority, though in the aftermath of the President’s announcement it was already being suggested his plans will struggle to gain traction. Anindya Ghose, Professor of Information, Operations and Management Sciences at New York University, said “I don’t think anyone wants to see another Sony. It’s bad for everyone, but I find it difficult to see any legislation going through despite the importance of it”. 

It appears that, once again, the extremely partisan nature of US politics could stand in the way of progress. The Sony hack (in which 50,000 employees’ details were stolen) was the perfect example of how cybersecurity and personal data protection were linked, said Ghose, but because of the hostility between the two parties and the fact the Republicans control both Congress and the Senate, new legislation would be difficult. 

This has infuriated groups such as the American Civil Liberties Union (ACLU) and the Electronic Frontier Foundation (EFF), who have repeatedly called on Obama to strengthen consumer protection; currently there are very few restrictions on the data that companies can collect from digital apps and how they are allowed to use that information. 

Addressing the partisan politics directly, the President said “I urge this Congress to finally pass the legislation we need to better meet the evolving threat of cyber-attacks, combat identity theft, and protect our children’s information. If we don’t act, we’ll leave our nation and our economy vulnerable”. 

David Le Duc, Director of a lobby group for the software and digital content industry, disagrees with Obama, the ACLU and the EFF. He said: “We agree with the goal of securing people’s privacy but we are concerned that a broad, overreaching approach will affect the ability to maximise the economic and social use of data”. His concerns could be legitimate – Silicon Valley has long espoused the virtues of big data for everything from advertising to improving our health, and there is a genuine concern on the ground that new laws could hinder firms’ ability to use the vast wealth of data currently at their disposal. 

In his speech, Obama claimed that introducing new measures would let the US “continue to protect the technologies that have unleashed untold opportunities for people around the globe”. On this point Le Duc is more reconciliatory, saying “A lot of us enjoy tremendous benefits from apps that are customised and immediate based on our preferences and likes”, but he sounded a word of caution, adding “Going too far to limit that to protect our ‘privacy’ would not be an effective endeavour”. 

What do you think of Obama’s ideas? Are they going too far, or a necessary step to protect citizens lives? Are Silicon Valley companies right to be concerned? Would Obama really jeopardise the future of some of the US’s foremost tech enterprises by limiting their ability to compete? Let us know in the comments below.

By Daniel Price

4 Different Types of Attacks – Understanding the “Insider Threat”

4 Different Types of Attacks – Understanding the “Insider Threat”

Understanding the “Insider Threat” 

The revelations that last month’s Sony hack was likely caused by a disgruntled former employee have put a renewed spotlight on the insider threat.

The insider threat first received attention after Edward Snowden began to release all sorts of confidential information regarding national security. While many called him a hero, what was too often under-reported was the way Snowden gathered his information – by misusing his credentials. In fact, the 2014 Verizon Data Breach Investigations Report stated that privilege abuse was the most common type of insider threat by far.

Insider threats can pose a real security risk to companies. They can be caused by someone who is purposely malicious, as Sony discovered, or it can be something as simple as someone opening an attachment loaded with malware that allows outsiders the opportunity to steal information.

hacks

It is important to understand that there are several different categories of insider threat actors, and each of them represents significant challenges to organizations,” said a security researcher at DoTerra.

They are:

  1. Compromised actors: Insiders with access credentials or computing devices that have been compromised by an outside threat actor. These insiders are more challenging to address since the real attack is coming from outside, posing a much lower risk of being identified.
  1. Negligent actors: Insiders who expose data accidentally — such as an employee who accesses company data through public WiFi without the knowledge that it’s unsecured. A large number of data breach incidents result from employee negligence towards security measures, policies and practices.
  1. Malicious insiders: Insiders who steal data or destroy company networks intentionally – such as a former employee who injects malware in corporate computers on his last day at work.
  1. Tech savvy actors: Insiders who react to challenges. They use their knowledge of weaknesses and vulnerabilities to breach clearance and access sensitive information. Tech savvy actors can pose some of the most dangerous insider threats, and are likely to sell confidential information to external parties or black market bidders.

Data theft by insiders is as much the result of companies failing to implement strategies and technologies to employee monitor behavior and govern access to data as it the actual malicious behavior of an employee seeking financial gain or revenge, Jason Hart, VP, Cloud Solutions, at SafeNet, pointed out.

The enemy within has been a threat to data security for decades and is nothing new,” said Hart. “However, the frequency and impact of insider security incidents have increased because the notion of a ‘security perimeter’ has completely disappeared. Companies have embraced distributed, mobile models for their workforces based on the consumerization of IT and the increased use of shared resources.”

This is especially true with BYOD, cloud services or consumer hosting. “These practices have reduced the effectiveness of traditional security, which has focused on the securing the perimeter, endpoints within the enterprise, and corporate networks.”

To defend against the insider threat, IT departments will need to take a different approach to security. According to Asaf Cidon, CEO of Sookasa, it is time to stop thinking about securing the network or the perimeter and begin focusing on securing the data.

The worst-case scenario often isn’t a hacker breaching internal systems, despite all the attention that massive hacks like Sony get. It’s an employee that loses his smartphone or has his laptop stolen,” Cidon said. “The best defense lies in securing the data—not just the devices. That means encrypting at the file-level, so confidential information is protected no matter where it ends up. IT administrators need tools that enable proactive security. By being able to track, audit, and control—even employees’ personal devices, security is dramatically enhanced. And by being able to change permission settings in real-time, IT admins can address threats underway, from lost or stolen devices or malicious insiders.”

The key is understanding what data needs be classified as critical, where that data resides and flows, and conducting a risk assessment based on confidentiality, integrity, accountability and auditability, Hart added. “There is no single technology that can provide the silver bullet to stop insider threats. Companies need to adopt technologies such as identity and access management and authentication to set policies that govern who can access what and when. This needs to be coupled with monitoring technologies that provide alerts when data is being accessed from a device or individual outside the normal patterns of activity.”

The sooner companies stop thinking breach prevention and start thinking breach acceptance, the sooner they will be better prepared to minimize the impact of data breaches whether they are from insiders or hackers.

By Jeremy Page

The iCloud Scandal – Who Is To Blame? –  ‘Cloud’ Security vs. ‘Internet’ Security

The iCloud Scandal – Who Is To Blame? – ‘Cloud’ Security vs. ‘Internet’ Security

How the iCloud Scandal Has Helped to Define the Difference Between ‘Cloud’ Security and ‘Internet’ Security

Busting the myth that bad cloud security was to blame for Apple’s recent celebrity data disaster

Overview: We discuss the ‘celebrity hacking’ iCloud saga and debate whether or not the breach was likely down to Cloud encryption issues or inadequate internet security measures.

Apple’s recent ‘celebrity hacking’ iCloud saga has stirred up several concerns about the safety of data in the Cloud. What if my confidential data was to be leaked in the same way, I hear you ask? And if society’s VIPs are helpless to it, what chance do I have of keeping my information safe? Well, cloud users shouldn’t be overly concerned. The scandal, as with many leaks, was actually more to do with each affected individual’s internet security (or lack thereof). Here’s why this recent drama shouldn’t break our trust with the Cloud.

security-network

Accepting responsibility at an individual level

Just because you’re uploading data on your computer to the Cloud, doesn’t mean you don’t still need to make sure your own computer is safe. Hackers can still target your personal or business computers. If, for example, you’ve subsequently uploaded this data to the Cloud, it certainly doesn’t follow that any obtained data was definitively taken there. Virtually all ‘clouds’ are down-to-earth facilities called Data Centres that store and distribute data, the good news is that they are military-grade strength in terms of access and security.

Most of the problems come from device based computer hacks and there are of course products available to protect you from potential invasions when you’re connected to the internet. Safeguarding your system will keep your data better protected. Once you’ve implemented strong security software, all you need to do is follow the same security advice that’s been dished out to users since the dawn of the web: make sure your passwords are extra-long and impossible to guess. In the light of the hacking scandal, Apple also suggested customers sign up for ‘two-step verification’ to add an extra layer of protection to their accounts.

Another theory regarding the leaks is that information may have been disclosed in response to phishing emails. Here, managers or even the celebrities themselves may have accidentally shared their passwords in a socially-engineered attack. If you should notice anything suspicious whatsoever about an email asking you to verify your information, ignore and delete it.

Dispelling the myth that the Cloud is light on security

The Cloud, and cloudware services in general such as software-as-a-service, cloud-based communication applications like Skype and security packages are normally protected by very sophisticated security measures. Given that a growing number of people are signing up for cloud-based services, you should not be concerned that the cloud providers themselves are going to break the confidentiality agreements they have with their customers.

Of course, there is always the very small chance of a breach in security, whatever system you’re using whether it is in the cloud or not. But when a cloud vendor has previously been accused of being at fault in the event of a data hack, it’s often turned out not to be their fault at all.

This is what Apple suggested in their statement following the hacking scandal. The leak was blamed on a ‘very targeted attack on user names, passwords and security questions’. As opposed to it being a fault with cloud security, it was suggested it was perhaps more to do with individual user details and passwords not being sturdy enough.

A timely reminder

time

Of course, it is unlikely your business would ever be targeted in the same way that mega-famous celebrities are. The iCloud hacking scandal just reinforces the need for all accounts to be sufficiently protected wherever possible to avoid any ‘brute-force’ hacking tactics.

Many, many cloud providers have not yet had to worry about hacks, but high-profile cases like Apple’s immediately cause the public to panic. Apple are certainly not exempt of any blame – as the Wall Street Journal suggests, the scandal was much like a ‘door not having a doorman’ – but in general, iCloud-gate shouldn’t fuel too much worry amongst the public about cloud security. Users just need to remember to investigate their providers’ promises in full, and make sure that the internet security that they can control is absolutely watertight.

By Gary Gould

Resolved: Username/Passwords Alone MUST Go

Resolved: Username/Passwords Alone MUST Go

Username/Passwords MUST Go

New Year’s Resolution #1 for any cloud IT deployment manager in 2015 ought to be that the user name/password alone must go.  High-profile breaches that exploit username and password-only authorization systems are becoming all-too-frequent events.   The Syrian Electronic Army’s attack on the Associated Press’s Twitter account that caused a 136 Billion dip in the stock market used a spear phishing scheme where employees enter their user names and passwords onto a fake Web site to obtain passwords. So, too, did an eBay intrusion in May 2014 that was also attributed to spear phishing.  And while the details about the November 2014 Sony breach are still unclear, multiple reports indicate that system access ultimately occurred via compromised admin accounts.  (Having a file folder titled Passwords clearly didn’t help either.)

password

What can cloud IT teams do to minimize the risk of careless disclosure of access credentials to a spear phishing attack?  One answer is to make it impossible for the user to divulge that information, unless the gun is pointed at the users head.

Confidential resources or high level access privileges should have an authentication method associated with it that is impossible to disclose by accident.  Typically these approaches involve multi-factor authentication (MFA) and range on a continuum from one-time-passwords to PKI.  The concept received a boost recently when Microsoft baked multi-factor authentication directly into the Windows 10 operating system, making it as consumer-friendly as possible in hopes of encouraging users to move beyond passwords.

If an enterprise is running a service containing confidential information, with administrators spread all over the globe, and where end user ease of use is required,  it’s best to implement adaptive authentication, where authentication strength matches the confidentiality or access level of a resource.

For applications where payment or high-value information is exchanged, such as in banking,, One-Time Passwords (OTP) are an option enabling a single transaction or entry into a session.  They’re certainly better than weak passwords, but you can still fool a user using a fake web site and using the OTP acquired from the user to access the legitimate resource.

Is Certificate Based Authentication a possible key?

One solution that has been around for almost as long as the password, is a certificate based authentication. The private key is impossible to memorize, and therefore disclose even by mistake. A clear improvement over OTP is a certificate based system, which can include either software-based certificates that are created and installed on the user’s computer, or hardware-based certificates that are created and installed on  a secure element –the chip of a smart card, or a mobile phone’s SIM card.  Both provide improved risk mitigation, even with software based certificate stores.

At the other end of the spectrum is mobile PKI.  If users’ credentials are stored in a tamper resistant environment (Secure Element), even the user can’t view them. When the authentication process begins, the request is sent to the secure element using a second channel (mobile network), and the request includes a clear text part to be signed “Sign in to salesforce.com.” The request is signed by the private key residing in the secure element using a PIN code associated with the key (not the mobile phone PIN).   As a result the system cannot divulge this information, even by accident.   Should someone wish to compromise the whole chain, they would have to have access to your computer, mobile network operator systems as well as your mobile phone OS core functions. Or steal your phone and ask for the PIN code at gunpoint.

It’s time we retire the 50-year old username and password-alone approach to cloud security and move to better approaches to identity relationship and access management.   They exist, they’re readily deployed and proven, and they represent perhaps the best lesson of recent hacks for organizations of all sizes.

By Petteri Ihalainen, GlobalSign

Are you SURE you are ready for the cloud?

Are you SURE you are ready for the cloud?

Ready For The Cloud?

For several years now, people and organizations have been slowly but surely moving their data and applications to the cloud. Whether it is a local private cloud, Hybrid or a fully hosted one, they all have one thing in common: They are no longer tied to physical hardware.

That is how it’s supposed to be right? Well, during my years of working with companies to achieve “cloud”, people are still getting a little confused, or they just do not understand exactly what they want, or better yet, how to get it. There is a difference between hosted servers, colocation, and cloud resources.

My experience in migrating our customers, we focused on three types of cloud migrations: 1) Infrastructure, 2) Application, 3) Storage. Many people say that moving to a SaaS solution is a separate way also, but I am talking about maintaining control over your applications, data, and the systems that house them. Most SaaS solutions, unless you set the application up on your own systems, is a paid service. Yes, we all know about DBaaS, PaaS, and XaaS, but we are going to focus on what you have in house for now.

Security Needs

swirling-cloud

The first thing I have my clients look when they are interested in a cloud migration is at their security needs. Are they under a compliance model that would be harder for them to enforce with their data being managed or hosted offsite (e.g. HIPAA, Gramm Leach Bliley act, SoX, PCI…). Storage is only part of the problem. Data at rest normally has a separate requirement than data in motion (i.e. Copying data to and from the cloud provider). If they are under restrictions, we have to factor in additional security measures like firewalls and new policies and procedures.

Once we get the layout on the security front, I take them through the application discovery. Why is this important? One reason is many software licenses for applications are only good for the local company’s datacenter, not at a hosted provider. Also, many homegrown applications may have hard coded information in them (e.g. IP Addresses, Using HOST files, or using a TCP/UDP port range to communicate with instead of a dedicated TCP/UDP port that can be opened in the firewalls). One other issue that homegrown applications have is the people that write them may not be around now (e.g. hit by a bus, retired, or quit). If that is the case, high-end developer resources are brought in to reverse engineer the application so it can be used in a cloud environment. That takes time.

Number Crunching

numbers-crunch

Once we have a list of the applications, then we need to crunch some numbers. If you have 50 hosts, and out of those 50 hosts each one has 25 guest VMs then you would have 1250 VMs you need to migrate. But what if you only have a few VMs, and everything else are physical machines? Then you need to add an additional step or converting them from P2V (Physical to Virtual) or P2V2C (Physical to Virtual to Cloud). Not hard to do, but it takes time and allot of after hours work.

If we now take the 1250 VMs that we mentioned before, and now applied how many separate applications we have over the top of it, it should give us a number we can look at more closely. If the customer has 400 applications, we apply it to the 1250 VMs that would leave us with 850 VMs. This number says every application needs its own VM, which we know most of the time it is not true. Also, the new number doesn’t take into consideration clustered, print servers, fault tolerant units or server farms. So, out of those 850 VMs, some will still need to be around.

We crunch the numbers again. Everything you move to a hosted cloud, you pay for. Period. Whether it is CPU, RAM, Disk, Bandwidth you will pay something, somehow for it. And, if you use additional services that the cloud provider can offer, such as Databases, Backups, Managed Services, your ticket will grow per VM instance that you have in the cloud. So, we need to make sure that applications can coexist on the same VMs to save money. The only way to tell that is to monitor the application’s usage of resources and see if another application or a few can buddy up with it on the same VM.

Now, once we get to this point I ask them “Why?” Why do they want to move to the cloud? What do they expect to get out of it? Do you have a test environment already that you have been learning cloud management on? Do you own licenses for locally installed software or do you plan on using an open source solution? Does the term “all or nothing” really work for the cloud? Do you have certified personnel on staff that can use the selected software or environments to benefit your company and make the migration successful?

Over the next few articles here on CloudTweaks, I will get into the weeds of each step, why we need them, and caveats if we forget something or take it for granted. We need to look at the roles and responsibility matrix for each organization, and who does what when and where.

Cloud is simple, robust and easy to use if you plan accordingly. Just because you are being circled by hungry sharks, doesn’t mean they will bite!

Please subscribe to our weekly newsletter located in the footer to follow this series.

By Richard Thayler

Cloud Security In The Workplace

Cloud Security In The Workplace

Workplace Cloud Security

Our workplaces are changing and much of it for the better. Increased flexibility – pushed by cloud services – is behind many of the changes. Home working, increased collaboration – it’s all good, and it’s all delivering significant business benefits.

We know that. That’s so 2013.

But fewer than 10% of businesses know what their employees are doing on the cloud. They call it ‘shadow IT activity’ – in other words, activity that is happening on the cloud, within the business, which cannot be accounted for as secure.

Consider the disgruntled employee with access to company passwords through Google Drive or the careless employee with Dropbox access to supposedly secure files. Consider perhaps the careless celebrity with photographs in iCloud.

It’s in the shadows because we don’t know the threat. In fact, many of us don’t even know if we’ve been compromised or not.

The threat and the opportunity

threat

For me, this is both a threat and an opportunity for IT. In the most opportunistic of terms, IT can stake out its position as the guardian of corporate security here. If the cloud has taken away much of IT’s responsibility – and potentially has put IT at risk within an organisation – then the risk of shadow activity within the business should give IT the chance to re-establish a position.

And there’s a business case – worryingly so. The threat is that our data could walk out of the door because we’re using file sharing and collaboration tools, often without regulation. Shared passwords, shared access – it may all increase productivity but unmonitored, it represents a significant risk.

50% of organisations questioned in this survey said that they don’t have a policy on acceptable cloud usage. With employees connecting to personal devices and carrying on the work either on their commute or at home, it’s almost impossible to restrict unauthorised SaaS usage – so would a policy help?

Governance – but what kind of governance?

Certainly, governance would be of benefit. Without IT’s overseeing of SaaS activity, the business benefits of cloud activity are almost wiped out by the risk of being compromised. There are businesses who have ceased to trade as a result of compromised data – so a balance has to be struck.

Innovation and agility need to be pursued, and it’s IT’s task to provide this environment. Therefore, shadow IT could very well be not just accepted but embraced, within a fast-paced environment. But governance goes beyond ensuring passwords are regularly changed and that leavers’ access is removed. It’s about a framework that guarantees both innovation and security. If we’re going to use the cloud to its full capability, we need to eliminate as many of the risks as possible – or the business case goes out of the window.

(Image Source: pcruciatti / Shutterstock.com)

By Gareth Cartman

Cloud Ready Business Drivers

Cloud Ready Business Drivers

Cloud Ready Business Drivers

Many organizations are faced with the dilemma of moving to the cloud. Understandably so. This isn’t a decision that can be taken overnight. Every CTO and CIO will do their due diligence of mapping business and technology needs before they make their final call. There are a few business scenarios though where moving to the cloud just seems like an answered prayer. When it seems like, it’s the best solution – like its the right thing to do at the right time.

When would one give a thumbs up to the cloud without a doubt?

Global Online Customers

global-customers

For an internet company that has customers spread across geographies, the cloud is the place to be. Primarily from the economies of scale perspective. You want your customers to get the best of response times, no matter which part of the world they log in from. Cloud solutions deal with this kind of scenario best due to the following reasons:

Data center spread – A cloud deployment will typically have a better geographical spread of hosting options as compared to an individual on premise deployment. This means that the closest servers can server your customers, an absolute benefit given the attention span of today’s online customers.

Handling failures – Redundancy levels, both in hardware and software are much higher in cloud-based solutions as compared to others. An uptime SLA signed with your cloud provider gives you an assurance of being available for your customers.

Global Field Operations

Again, a global conglomerate with operations spanning remote locations, a cloud solution will work wonders from the mobility perspective. Sales or quality personnel, who need to conduct field visits, can perform their tasks on smart devices and sync to the server when connectivity is better. True, this can also be done on a non-cloud deployment. Again, it is the breadth of geographies, criticality of business functions and economic perspectives that determine if the cloud is a favorable choice. From a business view, the faster the data is entered into the system, the more value it offers to forward decision-making.

Another aspect, to consider, is that mobile interfaces typically tend to be simpler and standardized. This move is helping folks in functions such as customer support, sales and compliance audits to focus on their core competencies, without being bogged down with the nitty gritty of having to learn to operate an intricate IT system.

Seasonal Demand

Some businesses have more peaks and valleys in transactions than others. For example, areas such as specialty retail, event management, tourism and education can greatly benefit from SaaS deployments. The cost benefits analysis works in favor of such companies as you pay only for actual utilization. Depending on the variation in demand, an individual deployment could turn out to be very expensive even with energy efficiency measures put in place.

While there are other businesses that have already signed in onto various cloud solutions for various reasons, and yet so many that are still evaluating, cloud solutions do appear to be transforming the technology industry. For new businesses that do not have to deal with the backlog of a legacy system, evaluation of cloud solutions is highly recommended.

(Image Source: Shutterstock)

By Kapila Gidwani

Safely Storing Data in the Cloud

Safely Storing Data in the Cloud

Safely Storing Data in the Cloud

It’s not easy to make sure all your data and documents are protected when using the cloud. It often seemed like 2014 was ‘the year of the hack’, with the Apple iCloud fiasco, the revelation of the Heartbleed security bug, the North Korea vs Sony movie battle, and innumerable data thefts from companies’ supposedly secure servers.

Against this backdrop it is more important than ever to make sure you’re protected online. Cloud storage is convenient and cost-effective, but both these benefits are entirely dependent on how secure your information is – a stolen file or a leaked document could cost a business its existence, as competitors capitalise, market advantage is lost, and customers look elsewhere.

shutterstock_198188897

Of course, there are certain steps any individual or business can take to ensure they make life as difficult as possible for would-be cyber criminals:

Passwords

According to a recent Deloitte study, more than 90 percent of passwords created by users can be cracked within less than ten seconds.

You need to create a secure and unique password for each of the online services that you use. Use a password-naming convention to help you regularly change and remember your current password for a specific online service. Remember, doubling your email password for other services you use (your Facebook account, your cloud storage account) is a terrible idea – all your login information and forgotten passwords always arrive to your email.

Encryption

One of the easiest ways to safeguard your privacy when using cloud storage services is to look for one that offers local encryption for your data. This provides an additional layer of security because decryption will be required before you can be granted access to the data.

With the additional step of encrypting and decrypting your data, you may find that syncing your files with your cloud drive takes longer – but it’s a necessary evil and one that shouldn’t be ignored.

Back-Up Data Locally

The most important rule for managing data to always have a backup. You can either set up a cloud account for backup purposes, or use a USB drive to back-up data that’s already in the cloud.

Storage Made Easy

Storage Made Easy offers some of the best backup and security features in the marketplace, along with some of the most competitive pricing.

Their service lets all files be encrypted, even if the underlying storage cloud does not support encryption. It means sensitive information stored in local storage or remote clouds can be securely encrypted. Furthermore, users can choose to have data stored in a nominated ‘primary cloud’ and have it automatically backed-up to a ‘backup cloud’ to ensure the data is always available when it’s needed. The service also includes an easy-to-use email backup that integrates with Microsoft Outlook and Microsoft Outlook Express. Finally, it uses a sophisticated protocol gateway that exposes access to files from common protocols irrespective of whether these are supported on the back end storage or not.

They offer both personal and business solutions, with pricing starting from $59.99 per license or $5 per user per month respectively.

You can contact them on Skype or social media for more info.

Post Sponsored By Storage Made Easy

By Daniel Price

CloudTweaks Comics
Cloud Infographic – Cloud Computing And SMEs

Cloud Infographic – Cloud Computing And SMEs

Cloud Computing And SMEs SMEs (Small/Medium Sized Enterprises) make up the bulk of businesses today. Most cloud based applications created today are geared toward the SME market. Accounting, Storage, Backup services are just a few of them. According to the European Commission, cloud based technology could help 80% of organisations reduce costs by 10-20%. This infographic provided…

The Future of M2M Technology & Opportunities

The Future of M2M Technology & Opportunities

The Future Of The Emerging M2M Here at CloudTweaks, most of our coverage is centered around the growing number of exciting and interconnected emerging markets. Wearable, IoT, M2M, Mobile and Cloud computing to name a few. Over the past couple of weeks we’ve talked about Machine to Machine (M2M) such as the differences between IoT and…

Will Your Internet of Things Device Testify Against You?

Will Your Internet of Things Device Testify Against You?

Will Your Internet of Things Device Testify Imagine this:  Your wearable device is subpoenaed to testify against you.  You were driving when you were over the legal alcohol limit and data from a smart Breathalyzer device is used against you. Some might argue that such a use case could potentially safeguard society. However, it poses…

Digital Marketing Driven by Cloud, Big Data and IoT

Digital Marketing Driven by Cloud, Big Data and IoT

Digital Marketing Successful digital marketing campaigns are being driven largely by trending technologies, specifically the Internet of Things (IoT), Big Data, and The Cloud. These may be used for a huge number of marketing applications, from optimizing the performance of sports teams to improving science and research, even helping to aid law enforcement. Amazon Web…

The Cloud Is Not Enough! Why Businesses Need Hybrid Solutions

The Cloud Is Not Enough! Why Businesses Need Hybrid Solutions

Why Businesses Need Hybrid Solutions Running a cloud server is no longer the novel trend it once was. Now, the cloud is a necessary data tier that allows employees to access vital company data and maintain productivity from anywhere in the world. But it isn’t a perfect system — security and performance issues can quickly…

The Future Of Cloud Storage And Sharing…

The Future Of Cloud Storage And Sharing…

Box.net, Amazon Cloud Drive The online (or cloud) storage business has always been a really interesting industry. When we started Box in 2005, it was a somewhat untouchable category of technology, perceived to be a commodity service with low margins and little consumer willingness to pay. All three of these factors remain today, but with…

Fintech Investments Are Seeing Consistent Growth

Fintech Investments Are Seeing Consistent Growth

The Financial Services Cloud Fintech investment has been seeing consistent growth in 2015, with some large moves being made this year. The infographic (Courtesy of Venturescanner) below shows the top Fintech investors and the amount of companies they’re currently funding: Just this week, a financial data startup known as Orchard Platform raised $30 million in…

5 Considerations You Need To Review Before Investing In Data Analytics

5 Considerations You Need To Review Before Investing In Data Analytics

Review Before Investing In Data Analytics Big data, when handled properly, can lead to big change. Companies in a wide variety of industries are partnering with data analytics companies to increase operational efficiency and make evidence-based business decisions. From Kraft Foods using business intelligence (BI) to cut customer satisfaction analysis time in half, to a…

5 Essential Cloud Skills That Could Make Or Break Your IT Career

5 Essential Cloud Skills That Could Make Or Break Your IT Career

5 Essential Cloud Skills Cloud technology has completely changed the infrastructure and internal landscape of both small businesses and large corporations alike. No professionals in any industry understand this better than IT pros. In a cutthroat field like IT, candidates have to be multi-faceted and well-versed in the cloud universe. Employers want to know that…

Cloud Computing – The Good and the Bad

Cloud Computing – The Good and the Bad

The Cloud Movement Like it or not, cloud computing permeates many aspects of our lives, and it’s going to be a big part of our future in both business and personal spheres. The current and future possibilities of global access to files and data, remote working opportunities, improved storage structures, and greater solution distribution have…

Cloud Native Trends Picking Up – Legacy Security Losing Ground

Cloud Native Trends Picking Up – Legacy Security Losing Ground

Cloud Native Trends Once upon a time, only a select few companies like Google and Salesforce possessed the knowledge and expertise to operate efficient cloud infrastructure and applications. Organizations patronizing those companies benefitted with apps that offered new benefits in flexibility, scalability and cost effectiveness. These days, the sharp division between cloud and on-premises infrastructure…

Why Security Practitioners Need To Apply The 80-20 Rules To Data Security

Why Security Practitioners Need To Apply The 80-20 Rules To Data Security

The 80-20 Rule For Security Practitioners  Everyday we learn about yet another egregious data security breach, exposure of customer data or misuse of data. It begs the question why in this 21st century, as a security industry we cannot seem to secure our most valuable data assets when technology has surpassed our expectations in other regards.…

What the Dyn DDoS Attacks Taught Us About Cloud-Only EFSS

What the Dyn DDoS Attacks Taught Us About Cloud-Only EFSS

DDoS Attacks October 21st, 2016 went into the annals of Internet history for the large scale Distributed Denial of Service (DDoS) attacks that made popular Internet properties like Twitter, SoundCloud, Spotify and Box inaccessible to many users in the US. The DDoS attack happened in three waves targeting DNS service provider Dyn, resulting in a total of about…

Disaster Recovery – A Thing Of The Past!

Disaster Recovery – A Thing Of The Past!

Disaster Recovery  Ok, ok – I understand most of you are saying disaster recovery (DR) is still a critical aspect of running any type of operations. After all – we need to secure our future operations in case of disaster. Sure – that is still the case but things are changing – fast. There are…

Achieving Network Security In The IoT

Achieving Network Security In The IoT

Security In The IoT The network security market is experiencing a pressing and transformative change, especially around access control and orchestration. Although it has been mature for decades, the network security market had to transform rapidly with the advent of the BYOD trend and emergence of the cloud, which swept enterprises a few years ago.…

Your Biggest Data Security Threat Could Be….

Your Biggest Data Security Threat Could Be….

Paying Attention To Data Security Your biggest data security threat could be sitting next to you… Data security is a big concern for businesses. The repercussions of a data security breach ranges from embarrassment, to costly lawsuits and clean-up jobs – particularly when confidential client information is involved. But although more and more businesses are…

Do Not Rely On Passwords To Protect Your Online Information

Do Not Rely On Passwords To Protect Your Online Information

Password Challenges  Simple passwords are no longer safe to use online. John Barco, vice president of Global Product Marketing at ForgeRock, explains why it’s time the industry embraced more advanced identity-centric solutions that improve the customer experience while also providing stronger security. Since the beginning of logins, consumers have used a simple username and password to…

Protecting Devices From Data Breach: Identity of Things (IDoT)

Protecting Devices From Data Breach: Identity of Things (IDoT)

How to Identify and Authenticate in the Expanding IoT Ecosystem It is a necessity to protect IoT devices and their associated data. As the IoT ecosystem continues to expand, the need to create an identity to newly-connected things is becoming increasingly crucial. These ‘things’ can include anything from basic sensors and gateways to industrial controls…

Using Cloud Technology In The Education Industry

Using Cloud Technology In The Education Industry

Education Tech and the Cloud Arguably one of society’s most important functions, teaching can still seem antiquated at times. Many schools still function similarly to how they did five or 10 years ago, which is surprising considering the amount of technical innovation we’ve seen in the past decade. Education is an industry ripe for innovation…