Category Archives: Security

Migrating to a Business Cloud (5 Warnings)

Migrating to a Business Cloud (5 Warnings)

Migrating to a Business Cloud 

In theory, migrating to cloud computing should be easy. Choose a cloud provider, move the files to the data server and everything is good to go. While that may work for the personal cloud, migrating into a business cloud format is a lot more complicated.

As Ann Bednarz pointed out in a CIO.com article, companies are dealing with IT legacy systems that have been in place for years, and this makes switching to a cloud format all the more difficult.

Here are five issues to watch out for when turning to cloud computing:

Migration TimeTable 

Christopher_Messer
Christopher Messer

Complications may arise if organizations don’t take ample time to plan out their migration path and clearly identify their needs. “Complications usually revolve around overly aggressive migration timetables and not having enough time to sync large amounts of data, or not enough cycles being allocated to mapping out the new workflow for employees on the new cloud platform,” said Chris Messer, vice president of technology at Coretelligent.

It’s critical to not attempt to migrate multiple services, data-sets or interconnected and complicated services with a large number of dependencies without careful planning and a clear understanding of how all the services will operate on the new cloud platform, Messer added. “Most cloud migration challenges can be easily avoided by allocating ample time to both the planning and execution and migration phases of the project. Businesses need to ensure that they’re working with an experienced vendor, or that their IT team is leveraging a proven method or product for the migration

Security 

Even though security within the cloud has improved over the past few years, it remains one of the more complicated issues involved with cloud migration. As Asaf Cidon, CEO of Sookasa, pointed out, business owners need to think not just about the security of their data in the cloud, but also the security of the data on the devices accessing the cloud.

A move to the cloud will not magically improve security around your application or service, nor will it automatically maintain the good security controls and procedures you have in place presently. “Your organization needs to bring all the stakeholders to the table and think about what will change and what will remain the same with regard to security,” Hazdra from Neohapsis said. These stakeholders typically include the line-of-business manager, IT application development team leads, your information security team, and potentially representation from legal and compliance teams.

Shadow Cloud

shadow-it-cloud

Before the cloud migration even happens, IT departments need to realize a simple fact: employees are already using the cloud. And they are already storing corporate data there. They aren’t waiting for the company to use cloud computing, and the use of Shadow Cloud can great a lot of headaches for IT, Rajiv Gupta, CEO of Skyhigh Networks explains. IT departments need to investigate how their employees are already using the cloud and then work to migrate that use from Shadow Cloud formats into the organization-designated cloud.

Picking the Right Provider 

When it comes to cloud computing, the service provider is one of the most important elements. Choose the wrong provider, and it could cost the company thousands of dollars in security-related costs, lost or compromised data, too much down time, and other headaches. According to Stephen Pao, GM of Security Business at Barracuda, before moving to the cloud, IT decision makers need to ask questions such as: What are the agreement service levels and agreement objectives? Are there any additional service charges or hidden fees? Is there a service level objective or does it cost extra to have more services? Read the best cloud reviews. The way to avoid problems is to know what the provider can do for your company – and what it cannot do – before signing any formal agreements.

Flexibility of Infrastructure Choices 

david-bio
David W. Hsieh

One of the best things about the cloud is the number of choices available. One of the worst things about the cloud is the number of choices available. The cloud can actually reduce the amount of flexibility a company has over its infrastructure choices, according to David Hsieh, VP of Marketing at Instart Logic. “Cloud providers offer a menu of choices, but you have to choose from their options — there’s usually no ‘substitutions’ or ‘secret menu’ items you can choose from. This can cause a certain degree of inefficiency because you can’t fully tailor your infrastructure to meet specific needs.”

There will always be some manner of risk involved with migrating business functions to the cloud, but as companies become more reliant on the cloud – especially as mobile access increases – there will be risks with not moving to the cloud, as well.

It is highly beneficial for all of the teams mentioned above to analyze, assess and present what they view as the benefits and risks so effective business decisions can be made,” said Hazdra. “Cloud migration projects offer an excellent opportunity to review and improve upon the security controls present in your organization.”

By Jeremy Page

Cloud Infographic – CloudTrends Report 2014

Cloud Infographic – CloudTrends Report 2014

CloudTrends Report 2014

Report finds that enterprise-managed services for greater visibility, control, QoS and security of cloud applications are on the rise

Key findings of the Allot CloudTrends Report include:

  • Over 45% of CSPs are offering public cloud applications and services for enterprises ranging from basic email and storage to fully-fledged unified communications, CRM and ERP solutions.
  • Microsoft Office 365 is the most prevalent office suite offered by CSPs to SMBs and Enterprise with over 33% of CSPs surveyed offering the Microsoft platform. Office 365 represents over 90% of the virtualized office suite type offerings, while the Google Apps offering comes in at a distant 8%.
  •  QoS management for cloud services lags behind basic adoption. Just 23% of CSPs are currently offering QoS and/or visibility solutions for mission-critical applications and 32% of CSPs offer some form of cloud-based security service such as anti-DDoS or URL filtering.
  •  QoS management for cloud services is much more prevalent when unified communications, Office, and Microsoft Lync are involved, indicating the need to actively manage access to these critical applications. With unified communications, 32% of CSPs offer QoS management, 48% offer Office applications and 50% offer Microsoft Lync.

Higher Quality PDF Version

INF_CloudTrends_H2_2014_US_Publish (1)_001

INF_CloudTrends_H2_2014_US_Publish (1)_002

Don’t Go Breaking my Heart – Wearables and Your Health

Don’t Go Breaking my Heart – Wearables and Your Health

Wearables and Your Health

Former Vice President Dick Cheney famously admitted recently that he had the wireless feature of his pacemaker turned off. The ex-VP, who has a history of cardiac trouble, recently underwent a pacemaker upgrade, but is naturally reluctant to leave it exposed to hackers who might find a way of remotely shutting it down. Mr. Cheney’s situation is one of the more famous examples of the dangers lurking within wearables, those devices that connect humans to the Internet of Things more closely and more permanently.

Jimmy Nichols of CBR points out a number of distinct areas of vulnerability for wearables wearers, which include, on the health front, privacy violations and compilation of data regarding the products we consume and even our state of health – which might adversely affect insurance rates; and medical failure, in which connected technologies that ordinarily allow physicians or nurses to access patients’ vital signs and machinery remotely, might fall into the wrong hands.

Such dire yet legitimate warnings tend to scare away many who fear the dangers of technological progress more than they revel in its promise. But alongside, or in spite of, the efforts of the bad guys, wearable technology continues to offer great leaps forward in health care. External technologies range from intelligent tracking devices that monitor a hospital inpatient’s vital signs through RFID, through to new methods of diagnosis and drug-free healing.

Jim-Johnson
CEO-Jim-Johnson

Just one of these, called “below sensory nocturnal therapy DC stimulation” offers DC electrical stimulation into a patient’s tissue during sleeping hours when the body’s immune and regenerative systems are most active. The developers of this therapy, Prizm Medical, showcased its potential at the Wearable Technologies Show in Dusseldorf, in November 2014. Prizm CEO Jim Johnson acknowledged that the big players, such as Apple and Google are getting into the medical and sports medicine market space, which means everyone should pay attention.

Wearables are also making their mark in the treatment of Ebola and other highly infectious diseases.

These range from hand washing hygiene monitors to infrared cameras that can detect higher-than-normal body heat and which can be mounted on a cellphone camera case. Additional technologies include 48-hour body thermometers that attach to the skin, and location software that help calculate the risk to caregivers based on time spent at a specific location where an Ebola patient was situated.

Another vendor at the Dusseldorf MEDICA show, Evena Medical, demonstrated their smart glasses, which help in the difficult process of venipuncture (inserting needles into patients’ veins.) This seemingly common procedure is very difficult when dealing with Ebola patients, and according to the Infusion Nurses Society (INS), first attempts fail 40 percent of the time. The smart glasses help make “invisible” veins visible to medical staff, speeding up the process and rendering it safer.

Wearables promise to deliver major innovations in health care and treatment. As with all other types of intelligent devices, however, the human operators themselves must seek to remain on guard. They must change their perception of a simple device such as a thermometer from being an isolated device to being part of a matrix of shared information and access. This will serve as a major barrier against invasion and criminal misuse.

By Steve Prentice

Cloud Infographic –  DDoS attacks, unauthorized access and false alarms

Cloud Infographic – DDoS attacks, unauthorized access and false alarms

DDoS attacks, unauthorized access and false alarms

Above DDoS attacks, unauthorized access and false alarms, malware is the most common incident that security teams reported responding to in 2014, according to a recent survey from SANS Institute and late-stage security startup AlienVault. The average cost of a data breach? $3.5 million, or $145 per sensitive record.

An effective incident response program, including one where a security information and event management (SIEM) is in place to detect compromises earlier, helps lower the cost of a compromise. Yet in the SANS and AlienVault survey, 85% of the security professionals polled reported that they aren’t using a SIEM to support in staying ahead of the threat.

Included is an infographic provided courtesy of AlienVault.

AlienVault-IncidentResponse-infosec1

Juniper Reports Discovers Mobile Commerce Growth Powered By The Cloud

Juniper Reports Discovers Mobile Commerce Growth Powered By The Cloud

Juniper Reports Discovers Mobile Commerce Growth

A recently unveiled report from Juniper Research has found that the total number of users who plan to engage in mobile transactions is going to grow considerably over the coming years. They predict that just over 2 billion mobile phone or tablet users will make mobile commerce transactions by the end of 2017, up from 1.6 billion during this calendar year. 

Powered by advances in mobile-based cloud computing and data security, mobile consumption of services such as banking, money transfer and purchases of goods and services is surging as consumers either migrate from desktop usage or become first-time eCommerce users through their smartphones or tablets. Juniper believe that the key to the huge growth lies in developed markets – claiming that within the next five years, half of all online transactions would be completed on mobile devices, rather than on computers. 

mobile-devices-use

Although the number of 2 billion seems huge, Juniper apply a fairly liberal definition to the term ‘mobile commerce’. They define it as anything people do regarding finance on mobile devices (mainly smartphones and tablets) – including everything from banking to money transfers and from eBay e-commerce transactions to app store purchases. 

Away from the more typical transactions, the report also touches on contactless payments. It noted that while the technology still hadn’t garnered much traction outside of Japan and South Korea, the upcoming worldwide rollout and subsequent growth of Apple Pay was expected to provide Near Field Communication (NFC) with real momentum. Apple Pay is already seeing success, with CEO Tim Cook recently noting that more than 1 million credit cards were activated with Apple Pay, while fast food giants McDonald’s has said that half of US touch purchase transactions are made using Apple Pay). 

The final significant finding of note was the potential of social networks in accelerating mobile commerce adoption. According to report author Dr Windsor Holden: “Brands and retailers should certainly seek to integrate their offerings with players such as Facebook and FourSquare. Integration offers reach, allied to the potential to target specific user demographics”. Her suggestion of letting brands and retailers integrate with social networks such as Facebook and Foursquare is especially noteworthy given Facebook is working on integrating payments into its Messenger app, which recently surpassed 500 million monthly active users. Facebook CEO Mark Zuckerberg, however, has cautioned payments wouldn’t be coming anytime soon. 

It’s not all positive though – as ever, security concerns feature prominently. Indeed, the report notes that consumer concerns around transaction security remain the primary inhibitor on service adoption.

What do you think? Can NFC and mobile commerce replace traditional in-shop purchases? Could it even remove the need for physical banks entirely? Let us know your thoughts in the comments below.

(Image Source: Shutterstock)

By Daniel Price

The Importance of Password Management – Do the Eyes have it?

The Importance of Password Management – Do the Eyes have it?

The Importance of Password Management

One of the main drawbacks to the borderless space that comprises the cloud is that of security. Recent breaches such as Heartbleed, Target and Home Depot demonstrate that crucial data – the passwords and PINs that keep the bad guys away from our money and information, need constant vigilance and upkeep, primarily in terms of keeping passwords complicated and unique.

For many, this becomes too much work, which is why the most common passwords, such as 123456 are still heavily used.

The importance of security has always been paramount, but is about to become a whole lot more critical as the Internet of Things opens the world of data up from simply PCs and phones to refrigerators, baby monitors, home automation systems and much more. With each of these items able to talk to each other across a common platform, any one simple misappropriated password attached to one device becomes the entryway that can infect an entire system, much like the hugely complex human body can be brought down by a single insect bite or infected needle.

The Open Web Application Security Project (OWASP) recently released a list of the top ten security weaknesses of the Internet of Things, which included Insecure Web Interface, Insufficient Authentication/Authorization, Lack of Transport Encryption, Insufficient Security Configurability, and Poor Physical Security.

One company that seeks to change this is Eyelock, a New York City-based company whose new product, Myris, promises to deliver secure access literally in the blink of an eye. It sells an inexpensive device that consists essentially of a mirror and a camera to read the unique pattern of a person’s iris, and can do so even if the individual is wearing glasses. Eyelock’s people state that the application can also distinguish between a real eye and a picture of an eye.

eyelock

Iris and retina readers are the newest and most James Bond-like of security devices, but just below them on the glamour scale rests another concept, that of the online password keeper. Applications such as LastPass not only remember all the passwords that a user might have for his/her many applications and websites, but also generates highly complex ones consisting of numbers, letters and symbols. The idea behind LastPass is that the only password needed from this point on is the one that opens up the LastPass application itself.

Such sophisticated approaches to defending data are only as strong as the weakest link, which, as always, is the human user. From the overly simple (123456, qwerty and the actual word “password” topped the Huffington Post’s annual ranking of bad passwords for 2013), through to sloppy human usage – leaving a browser open, leaving passwords written down, or forgetting to log off – human actions will always be the ones that will leave a computer – and every single device that the computer can talk to – open and exposed.

Literacy, in the age of the Internet of Things is about information management, and this includes protection of that information.

By Steve Prentice

Cloud Infographic – The Digital Doppelgängers

Cloud Infographic – The Digital Doppelgängers

The Digital Doppelgängers

Cyber crime is rampant and will continue as long as there are opportunities available to maliciously gain from the exploitation of individuals and businesses. Prevention will never be 100% foolproof, but security firms are aggressively looking for solutions in order to help minimize damage caused by the exploits of cyber criminals.

Included is an infographic provided by the group CreditExpert.co.uk which profides some interesting fast facts related to cybersecurity.

Credit Expert Data FINAL

4 Services That Can Help Prevent Email Snooping

4 Services That Can Help Prevent Email Snooping

Prevent Email Snooping

Email security and privacy concerns have been an ongoing problem. The confidence of logging into your favorite email program without any concerns of prying eyes, is long gone. The good news is that there are a few well known services on the market that can help restore a bit of that confidence. Provided is a small list of some of the more talked about services on the market.

ProtonMail

ProtonMail was developed by Andy Yen, a PhD student at CERN in Switzerland, who became concerned about the NSA spying on the emails of scientists and other private citizens. He and some of the other young students at CERN got together to develop an end-to-end encryption system that the NSA couldn’t get into.

We encrypt the data on the browser before it comes to the server,” he explains. “By the time the data comes to the server it’s already encrypted, so if someone comes to us and says we’d like to read the emails of this person, all we can say is we have the encrypted data but we’re sorry we don’t have the encryption key and we can’t give you the encryption key.”

Most of ProtonMail’s team works on the project part-time. “We’re all CERN or MIT scientists,” says Yen, “so we’re doing research on computing, mathematics, physics that’s actually closely related to what we do on the secure email. Encryption is very mathematical so we have four PhD physicists working on this.”

A recent article by The Register highlights a potential security flaw in ProtonMail, though. A security researcher managed to hack into the system and plant dummy code intended to represent a potential virus. He was not able to crack the encryption or read emails, but he did manage to get his code into user’s systems, thus demonstrating a security flaw. ProtonMail claims to have patched the security flaw and says that this is no longer an issue.

Countermail

Countermail is a Swedish service that claims to be the only reliable protector against MitM (Man in the Middle) attacks, in which an attacker impersonates the communication service itself and thus gets access to all messages. Qualsys’s SSL lab gives Countermail an overall grade of “A,” and so far no major hacks or security flaws have been detected. The service charges $19.99 for a three-month subscription, or $99 for a full year.

The main criticism of Coutnermail is not a security flaw, but a potential user error that the service does not prepare for. This is loss of password. In a widely-read review of Countermail, Hacker10.com advises readers to “Be very careful to remember your password because if you lose it, it can not be recovered and your data will be lost for ever.

CryptoHeaven

CryptoHeaven dubs itself as the “world’s safest email“. It offers a “no-knowledge” security solution, meaning users maintain their own keys and nothing readable is stored on the service’s own servers. That means that even if CryptoHeaven itself is compromised, its users can still be confident in the security of their communications. As a private reviewer comments, “When you first run the client, you create an RSA key pair and set the key length & prime certainty. The private RSA key is then encrypted with what CryptoHeaven calls your passcode, a hashed and salted output of your username & password…That sounds like a lot of win!” The service is also set apart by the fact that it offers an entire communications suite (instant messenger, voice mail, etc.) in addition to its email client.

Another point in Cryptoheaven’s favor is its location in Toronto, Canada. The Canadian government is not aggressive with its spying program (unlike the United States and a few European governments), and so this server location is protected by international boundaries – although this could change at any moment, as many governments are ramping up their spying efforts and the US government has a documented history of extending its spying program internationally.

Enigmail

Enigmail is not an email service as such, but rather a plugin for SeaMonkey and Mozilla Thunderbird. It encrypts data sent through these mail services using a GNU Privacy Guard. Launched in 2001, it is a widely used open-source security solution. Users have a private, password-protected decryption key that they can share with as many or as few of their contacts as they wish. This reliably keeps third-party viewers from getting into the email.

Significantly, a report by the Freedom of the Press Foundation found that encryption was one of the only reliable ways to prevent NSA spies from accessing email. They went on to specify Enigmail as one of the more reliable and user-friendly encryption products on the market for this purpose.

By Gustav Steinhardt

CloudTweaks Comics
Using Big Data To Analyze Venture Capitalists’ Ability To Recognize Potential

Using Big Data To Analyze Venture Capitalists’ Ability To Recognize Potential

Big Data To Analyze Using Big Data to Analyze Venture Capitalists’ Ability To Recognize Potential For those who are regularly involved with SMEs, venture capital, and company valuations, it is common knowledge that start-ups that exit for more than $1 billion dollars are extremely rare – often termed ‘unicorn’ companies. Despite their rarity, it should…

Fintech Investments Are Seeing Consistent Growth

Fintech Investments Are Seeing Consistent Growth

The Financial Services Cloud Fintech investment has been seeing consistent growth in 2015, with some large moves being made this year. The infographic (Courtesy of Venturescanner) below shows the top Fintech investors and the amount of companies they’re currently funding: Just this week, a financial data startup known as Orchard Platform raised $30 million in…

Surprising Facts and Stats About The Big Data Industry

Surprising Facts and Stats About The Big Data Industry

Facts and Stats About The Big Data Industry If you start talking about big data to someone who is not in the industry, they immediately conjure up images of giant warehouses full of servers, staff poring over page after page of numbers and statistics, and some big brother-esque official sat in a huge government building…

The Future of M2M Technology & Opportunities

The Future of M2M Technology & Opportunities

The Future Of The Emerging M2M Here at CloudTweaks, most of our coverage is centered around the growing number of exciting and interconnected emerging markets. Wearable, IoT, M2M, Mobile and Cloud computing to name a few. Over the past couple of weeks we’ve talked about Machine to Machine (M2M) such as the differences between IoT and…

Big Data – Top Critical Technology Trend For The Next Five Years

Big Data – Top Critical Technology Trend For The Next Five Years

Big Data Future Today’s organizations should become more collaborative, virtual, adaptive, and agile in order to be successful in complex business world. They should be able to respond to changes and market needs. Many organizations found that the valuable data they possess and how they use it can make them different than others. In fact,…

Four Reasons Why CIOs Must Transform IT Into ITaaS To Survive

Four Reasons Why CIOs Must Transform IT Into ITaaS To Survive

CIOs Must Transform IT The emergence of the Cloud and its three delivery models of Infrastructure as a Service (IaaS), Software as a Service (SaaS) and Platform as a Service (PaaS) has dramatically impacted and forever changed the delivery of IT services. Cloud services have pierced the veil of IT by challenging traditional method’s dominance…

Cloud Security Risks: The Top 8 According To ENISA

Cloud Security Risks: The Top 8 According To ENISA

Cloud Security Risks Does cloud security risks ever bother you? It would be weird if it didn’t. Cloud computing has a lot of benefits, but also a lot of risks if done in the wrong way. So what are the most important risks? The European Network Information Security Agency did extensive research on that, and…

How Formal Verification Can Thwart Change-Induced Network Outages and Breaches

How Formal Verification Can Thwart Change-Induced Network Outages and Breaches

How Formal Verification Can Thwart  Breaches Formal verification is not a new concept. In a nutshell, the process uses sophisticated math to prove or disprove whether a system achieves its desired functional specifications. It is employed by organizations that build products that absolutely cannot fail. One of the reasons NASA rovers are still roaming Mars…

Why Cloud Compliance Doesn’t Need To Be So Overly Complicated

Why Cloud Compliance Doesn’t Need To Be So Overly Complicated

Cloud Compliance  Regulatory compliance is an issue that has not only weighed heavily on the minds of executives, security and audit teams, but also today, even end users. Public cloud adds more complexity when varying degrees of infrastructure (depending on the cloud model) and data fall out of the hands of the company and into…

Cloud Infographic – Cloud Public, Private & Hybrid Differences

Cloud Infographic – Cloud Public, Private & Hybrid Differences

Cloud Public, Private & Hybrid Differences Many people have heard of cloud computing. There is however a tremendous number of people who still cannot differentiate between Public, Private & Hybrid cloud offerings.  Here is an excellent infographic provided by the group at iWeb which goes into greater detail on this subject. Infographic source: iWeb

Achieving Network Security In The IoT

Achieving Network Security In The IoT

Security In The IoT The network security market is experiencing a pressing and transformative change, especially around access control and orchestration. Although it has been mature for decades, the network security market had to transform rapidly with the advent of the BYOD trend and emergence of the cloud, which swept enterprises a few years ago.…

Moving Your Email To The Cloud? Beware Of Unintentional Data Spoliation!

Moving Your Email To The Cloud? Beware Of Unintentional Data Spoliation!

Cloud Email Migration In today’s litigious society, preserving your company’s data is a must if you (and your legal team) want to avoid hefty fines for data spoliation. But what about when you move to the cloud? Of course, you’ve probably thought of this already. You’ll have a migration strategy in place and you’ll carefully…

Cost of the Cloud: Is It Really Worth It?

Cost of the Cloud: Is It Really Worth It?

Cost of the Cloud Cloud computing is more than just another storage tier. Imagine if you’re able to scale up 10x just to handle seasonal volumes or rely on a true disaster-recovery solution without upfront capital. Although the pay-as-you-go pricing model of cloud computing makes it a noticeable expense, it’s the only solution for many…

Why Security Practitioners Need To Apply The 80-20 Rules To Data Security

Why Security Practitioners Need To Apply The 80-20 Rules To Data Security

The 80-20 Rule For Security Practitioners  Everyday we learn about yet another egregious data security breach, exposure of customer data or misuse of data. It begs the question why in this 21st century, as a security industry we cannot seem to secure our most valuable data assets when technology has surpassed our expectations in other regards.…

Lavabit, Edward Snowden and the Legal Battle For Privacy

Lavabit, Edward Snowden and the Legal Battle For Privacy

The Legal Battle For Privacy In early June 2013, Edward Snowden made headlines around the world when he leaked information about the National Security Agency (NSA) collecting the phone records of tens of millions of Americans. It was a dramatic story. Snowden flew to Hong Kong and then Russia to avoid deportation to the US,…

Having Your Cybersecurity And Eating It Too

Having Your Cybersecurity And Eating It Too

The Catch 22 The very same year Marc Andreessen famously said that software was eating the world, the Chief Information Officer of the United States was announcing a major Cloud First goal. That was 2011. Five years later, as both the private and public sectors continue to adopt cloud-based software services, we’re interested in this…

How Formal Verification Can Thwart Change-Induced Network Outages and Breaches

How Formal Verification Can Thwart Change-Induced Network Outages and Breaches

How Formal Verification Can Thwart  Breaches Formal verification is not a new concept. In a nutshell, the process uses sophisticated math to prove or disprove whether a system achieves its desired functional specifications. It is employed by organizations that build products that absolutely cannot fail. One of the reasons NASA rovers are still roaming Mars…

Protecting Devices From Data Breach: Identity of Things (IDoT)

Protecting Devices From Data Breach: Identity of Things (IDoT)

How to Identify and Authenticate in the Expanding IoT Ecosystem It is a necessity to protect IoT devices and their associated data. As the IoT ecosystem continues to expand, the need to create an identity to newly-connected things is becoming increasingly crucial. These ‘things’ can include anything from basic sensors and gateways to industrial controls…