Category Archives: Security

Privacy Issues And Wearable Devices

Privacy Issues And Wearable Devices

Since users of Fitbit have unwittingly shared their ‘sexual workouts’ with the whole of the world wide web, the reasons why 8 out of 10 people have privacy concerns over wearable devices become apparent rather quickly. As wearables surround us, the things they measure — and potentially make public– become more important to us, in the sense of us not willing to share them with the rest of the world.

Users of wearables want not only control over their data, but also, as in the case of Fitbit, expect the handlers of data not to expose such information that may embarrass or harm the user.

Measuring yourself for the public

After taking a quick look at some random user profiles at Endomondo, a popular app with mobile tracking software, I was positively disenchanted with the way they handle data. The default policy seems to be that the duration and time, along with the actual route (in the case of activities for which GPS tracking is used) of the workout is shared publicly with the users of Endomondo. At least that it was so for a dozen or so accounts I checked.

wearable-device

It goes without saying that the data I saw is only important for me as I write this article. I can only guess what someone would do with my Endomondo stats–the best conclusion would be that I’m terrible at schedules and am a lazy runner. On the other hand, thieves (or someone worse) can use a user’s statistics as ‘data leverage’ for their misdeeds. It becomes a matter of waiting for the victim’s long weekend run before burglarizing their home once you know at what times and for how long someone exercises.

Similarly, Adam Tanner of Forbes chronicled the debates within the company of Yale Zhang, a medical device entrepreneur in Atlanta. The data his company’s health trackers collect, like the blood oxygen saturation, heart rate, and perfusion index, is interesting not only to their users. It potentially appeals to data buyers and marketers as well, especially if coupled with the possibility to advertise directly to or identify the users.

Zhang is wondering whether or not, and if so — in what way — to monetize that data. One might say what the article lacked was an image of Zhang holding the proverbial skull, but the question still lingers. It is clear that it’s not the responsibility of the carrier to merely wipe their legal hands clean with lengthy Terms & Conditions. They have to make sure that, if users do want to share their data, they are given direct control over how it gets shared and with whom. Otherwise, things are bound to get ugly, or embarrassing, quick.

(Image Source: Shutterstock)

By Lauris Veips

Apps That Violate IT Policy – What and How?

Apps That Violate IT Policy – What and How?

Apps That Violate IT Policy

Over the last two days we’ve looked at  whether or not Shadow IT is a opportunity or a threat, and the security risks that unapproved apps pose to businesses and organisations. To conclude the mini-series, today we look at a new report that’s been released by Netskope. The Netskope Cloud Report typically compiles the most interesting trends on cloud app adoption and usage based on aggregated, anonymised data from the Netskope Active Platform.

The key theme in the Q3 report for 2014 is how mobile devices have been using the cloud. They note that more than half of all ‘send’ or ‘approve’ activities occur on mobile, and a shockingly high number of activity-based policy violations also occur on the platform. The most frequent offenders aren’t social, but largely “prosumer” apps – demonstrating that IT departments are still finding it difficult to move employees on to a single, approved app for a single, specific purpose.

Enterprise Ready

In total, businesses are using on average a mammoth 579 cloud apps, of which a worryingly high 88.7 percent are not enterprise ready – failing to meet standards in either security, auditability, or business continuity. To reinforce the belief that Shadow IT is spiralling out of control, Netskope cite one business which used more than 3,000 apps. As we discussed on Monday, this is a huge problem for IT departments, especially given more than one-third of all policy violations are currently occurring via mobile apps.

With the exception of ubiquitous apps such as Dropbox and Evernote, line-of-business apps are the most common. Marketing apps are the most common (60 per business), then human resources (36), finance/accounting (29), and CRM (24). Of those apps, the threat posed to an organisation’s security is vast – 98 percent of marketing apps are not enterprise ready, 96 percent of HR, 98 percent of finance and 91 percent of CRM.

Policy violations can take many forms – ranging from downloading personally-identifiable information from an HR app to a mobile device, to alerting when users share documents in cloud storage apps with someone outside of the company. With 44 percent of all download activities occurring on mobile devices, and with 40 percent of all sharing happening via mobile, it’s quickly apparent why IT departments struggle to track, update and manage the Shadow IT within an organisation.

In terms of the apps with the largest volume of policy violations, the top five categories which offend most frequently are cloud storage, CRM, collaboration, HR, and finance. From these categories, the five activities which most frequently constitute policy violations are logins, views, downloads, edits and uploads.

Top 10 App Violators

The top ten apps that violate IT policy were also highlighted in the report. The high usage of these apps by employees should provide yet another serious concern for IT departments.

What do you think? Do you use these apps at work? Perhaps your employer has banned them? Let us know in the comments below.

NS-Cloud-Report-Oct14-IG-00_001

By Dan Price

Do Organisations Face A Security Risk From Apps?

Do Organisations Face A Security Risk From Apps?

Yesterday we looked at the growing area of Shadow IT within organisations. We concluded that even though Shadow IT has the potential to be a force for good, there is still a significant threat posed by the usage of apps that do not align with a company’s security, compliance, reliability, documentation or control.

How much of a threat do mobile apps now pose? Is it true that a small device used incorrectly could rapidly become the biggest security hole in a company? The advent of BYOD certainly opens up companies to threats that may slip through the network cracks because of employee negligence or lack of understanding.

data-breach

Companies need to understand that a BYOD culture will inevitably open them up to security challenges. For example, the 400+ million Android devices in operation doesn’t only mean big money for Google but also means big money to app makers, and unfortunately, criminals. However, although surveys in all industries regularly show criminals will target the companies, systems and platforms with the most users, who is actually more of a threat to an organisation, criminals or employees?

According to a Ponemon Institute study, a company’s own employees are certainly the biggest threat to company data – they say one third of all data breaches are internal and accidentally caused by workers. Employees risk losing data when their devices are stolen or not sufficiently secured from data-stealing malware – for example, it is predicted that only 20% of Android-based devices have security apps installed, while smartphones and cell phones make up 30 to 40 percent of all robberies in major North American cities, accounting for 27,000 thefts.

The same study also shows that employee negligence is the root of many data breaches – this category includes connecting to unsecure wireless networks, downloading and installing unapproved apps, and visiting malicious websites. Mobile malware can do a lot of harm to a business – information-stealing malware, one of the most prevalent Android malware types can log, steal, and publish almost everything an employee does on their mobile. When half of business leaders say they frequently use the same password for personal web applications as they do for sensitive work applications, it is paving the way for a major data breach.

BYOD also means many IT organisations are not fully aware of which cloud applications are in use across the enterprise, making it difficult for them to monitor and control user access to mission-critical applications and data. With half of all mission-critical applications expected to be running in the cloud by next year, it is vital that companies put in place the right processes to mitigate any risks. Jackie Gilbert, Vice President of Sailpoint, a leading management solutions provider, recently claimed that “Just 34 percent of companies bring IT staff into the vendor selection and planning process when a cloud application is procured without using an IT budget, and more than 14 percent of business leaders said they have no way of knowing if sensitive data is stored in the cloud at all”. It suggests a serious lack of visibility and control that can greatly increase an organisation’s risk of security breaches.

Which apps specifically pose the biggest risk to organisations? Which most frequently violate IT policy? Stay tuned for a special report that we will release on CloudTweaks.com tomorrow.

By Daniel Price

Shadow IT – Threat or Opportunity?

Shadow IT – Threat or Opportunity?

Shadow IT

christoper-rentropShadow IT – sometimes referred to as Stealth IT – describes the usage of IT systems and solutions that are built and used inside businesses and organisations without explicit approval from IT departments and/or management. Fueled by the growth of BYOD policies, Christopher Rentrop, Professor of Informatics at Konstanz University of Applied Sciences, believes it now includes “all applications that are acquired without the IT department’s involvement and whose use is not covered by IT service management

His definition means the term includes software, cloud apps, workflows and even hardware. While Shadow IT can play an important role in the fields of innovation, research, and development, it also causes problems by frequently failing to adhere to a company’s need for control, documentation, security and reliability.

Compliance

But how much of a threat is the area? Can a company be seriously compromised by unchecked Shadow IT within its walls? We know hardware can be identified by network management tools, but monitoring social media platforms and other cloud-based applications is very difficult. For example, staff can use Facebook or Dropbox to send or publish documents unobserved and pose a compliance risk, while non-approved software and services consume bandwidth, slow networks, and ultimately add to the workload of IT departments. Indeed, half of the IT managers questioned believe that 50 percent of their budget is being eaten up by the management of shadow IT alone.

Some analysts believe that Shadow IT now threatens the very existence of IT departments. They claim that the traditional procurement process is dying, replaced instead by individual departments servicing their own IT needs away from the eyes of the IT departments. Three reasons for this are normally forthcoming; 1) IT departments are slow and cumbersome in terms of action, 2) the IT departments lacks the expertise necessary in certain apps, and 3) the IT department is too expensive and too complex. Research by Gartner suggests that at least 90 percent of all IT spend will be managed outside of the IT department by 2020, with Forrester adding that central IT departments will become largely obsolete.

Current IT Landscape

Rather than posing a problem, it can be argued that this instead represents an opportunity. The reason the traditional procurement processes are dying isn’t the fault of IT departments per se, but because lots of organisations insist on using a method that is 25 years old and out of touch with the current IT landscape. IT departments need to listen to the staff, aiming to become a powerful and forward-thinking force that helps make companies more efficient, effective and profitable.

Staff should not be accused of circumventing IT departments wilfully. Typically they have a problem that they need solving fast. When the world outside the office sees such solutions a download away, it is unrealistic to expect a different, lengthy procedure in work. Such a situation explains the soaring growth of services like Dropbox – emails cannot cope with large attachments, so employees use Dropbox and the problem is solved – with or without the blessing of the IT management.

Shadow IT Infographic: Vanson Bourne

What do you think of Shadow IT, is it a threat to organisations’ internal security, or an opportunity for them to amend and improve their practices? Let us know in the comments below.

Tomorrow we look at the security risks round apps frequently used within the Shadow IT umbrella.

By Daniel Price

Cloud: Enabling Virtualised Banking Environments

Cloud: Enabling Virtualised Banking Environments

Enabling Virtualised Banking

At the outset it is important to understand where cloud will fit into the existing banking landscape and in order to do so, one must first recognize that the biggest development of recent times is the complete transformation and virtualisation of traditional banking services.

Emphasis is on the digitisation of products and services; this totally changes the customer experience, allowing the customer to access all bank services anywhere on any device at any time.

The digital trend has forced banks to re-examine their approach and a new strategy focuses not only on optimising online marketing channels, but also social media integration and other touch points that today’s tech-savvy consumer engages with.

Cloud Growth Driver

The cloud is now a growth driver for financial institutions, rather than a medium just for bringing costs down. Investments in SaaS mode solutions are largely to simplify operations, aid better product development, expedite product launches and rapidly enter new markets. Based on my personal research it’s clear that SaaS will radically yet positively change the financial services provisioning landscape.

Financial institutions face increasing pressure from new competitors, tighter regulatory requirements, and highly sophisticated and demanding customers. As a result of this, financial service providers are creating more context-aware solutions by analysing the typical actions executed by their customers and patterns of use all while investing in creating a frictionless user-friendly digital experience.

banking-virtual

Knowledge is power, and the banks know this. I feel that behaviour analytics benefits the financial services sector far more than any other, why? banks tend to have long and in some cases lifelong relationships with their customers and longevity means profit. Only now are FI’s realising that the cloud can create efficiencies and protect their competitive position, SaaS mode applications seem to be at the top of the IT departments shopping list and currently is the application mode of choice for an estimated 42% of banks.

From a viability perspective it is important also to understand that Public Cloud is not as unsecure as people might thing, and that is because of the huge investments in data centres, taking into consideration the miniscule investment of $8.6 billion Microsoft made in 2011 for Cloud R&D or perhaps the $1.2bn investment which IBM were aiming to make earlier in 2014 there is a clear trend or even appetite for the several technology leaders in this space to invest heavily in having accredited data centres so that they can be used by all types of businesses with focus on financial services.

Cloud Theories

A typical theory about the Cloud is that it is unsecure and not usable for the banking and investment sectors or any other which have strict compliance guidelines to be followed. This is definitely not the case, and more and more banks and other highly regulated sectors have been investing in the Cloud over the last few years and even more encouraging is the fact that regulators want to work with innovators to aid them in tailoring a solution that fits the regulatory guidelines. Increasing efficiency and reducing annual security investment will prick the attention of any enterprise, so it’s understandable that banks want to embrace cloud models of technology.

So what will the banking environment look like in 5 years, my guess is that the number of physical branches will reduce drastically as virtual environments become the new way to bank. Who has time to queue up for a cashier or a customer services manager, wouldn’t you prefer a sophisticated online or virtual channel that’s quick, frictionless and most importantly saves valuable time?

(Image Source: Shutterstock)

By Diaz Ayub

Cloud Infographic – Data Protection and Direct Marketing

Cloud Infographic – Data Protection and Direct Marketing

How to Stay on the Right Side of the Law

The European Commission (like many other governments and regulatory bodies) has an evolving set of data protection requirements. Companies that employ direct marketing, and firms that collect data and sell it to direct marketers, have to stay informed of these requirements or they risk hefty fines and other legal penalties.

Some of the most common marketing tools in use today, such as targeted ads and cold sales calls, may become illegal under a new European law that would go into effect in 2015-2017. Firms that are non compliant with the new regulations may lose the right to do business in European markets.

This infographic provided by Neonsms will help walk you through the shifting landscape of data protection and direct marketing.

Data-Protection

 

By Gustav Steinhardt

Cloud Computing Meets The Smart Electricity Grid

Cloud Computing Meets The Smart Electricity Grid

The Smart Electricity Grid

New research makes possible time-variable pricing of cloud services based on variably-priced power from a smart grid

Cloud computing data centers often consume energy at the rate of megawatts, like other large industrial systems. Large consumers of electricity likewise often have to deal with time-varying pricing of electrical power from suppliers, who increasingly prefer “smart” (time-varying) metering and smart power grids. The cost of electrical power is often the largest component of the cost of cloud and other IT services.

So how can cloud computing servicesoffer variable tariffs to their consumers based on the variable pricing of power from a smart grid? This question is addressed in the research article “Power-Aware Cloud Metering” by Akshay Narayan and Shrisha Rao, appearing in the most recent issue of the IEEE Transactions on Services Computing (volume 7, number 3,), a research journal of the IEEE Computer Society.

Akshay Narayan, presently a Ph.D. student at the National University of Singapore did this work jointly with Shrisha Rao, a professor at IIIT Bangalore, as part of his Master of Technology (M.Tech.) thesis in information technology. In their work, Narayan and Rao arrive at a metering mechanism for cloud services in which the price of a cloud service tracks the variable input cost of electricity from a smart power grid. The power-aware cloud metering developed is a dynamic pricing and billing model where tariff for a cloud service is varied in accordance with the input electricity cost. They arrive at a model for power consumption of virtual machines hosted on a cloud infrastructure; this power consumption model is then used in calculating the cost of operation of the service. A cloud instance leased by a consumer is billed based on the cost of operation, and its resource utilization.

energy-cloud

Conventional metering of cloud services is based on a fixed tariff rate (e.g., as defined in an SLA). The weakness of this model is that consumers are billed based on a predefined tariff rate, regardless of load and cost. “Smart metering” of services on the other hand would enable service providers to effectively manage computing resources with tariff plans accounting for the load condition on the infrastructure as well as the dynamic, time-varying nature of the input costs (especially electrical power).

Pay as you go (a/k/a static pricing) also does not suffice if service providers wish to provide bulk discounts or other economic incentives. It also is inadequate if there is a need to achieve congestion control, more uniform usage, or such objectives (as is done with time-varying highway tolls).

Power cost is often the largest component of an IT service’s lifecycle costs, and the major share of its operating expenditure (OpEx). In large IT systems, in addition to the power consumed by the computing devices themselves (all of which gets dissipated in the form of heat), the power consumed by the inevitable cooling systems is also significant. Google and others claim exceptionally low power usage effectiveness (PUE) values, but 2–3 seems common in the data center industry, meaning that in a typical data center, at least as much power is consumed in the cooling system as in the computing equipment itself.

Smart grids that price electrical power at time-varying rates, and also have associated demand-response programs that require electricity consumers to rapidly reduce power consumption on demand, are becoming common worldwide in the electrical power industry. It is thus likely that data center operators and vendors of cloud services will have to account for electrical power being available at time-varying rates, and further will have to devise mechanisms to reduce their power draws when asked. Smart grids are a hot topic of research these days, as is cloud computing. However, there is hardly any work to date which considers how the former would affect the latter. With smart grids becoming the new worldwide norm for electrical distribution, and power costs for IT systems being very high and also continually on the rise, it is likely that power-aware cloud services will become common in the foreseeable future.

(Image Source: Meszaros David / Shutterstock.com

By James Monroe

Cloud Infographic: The True Cost Of Downtime

Cloud Infographic: The True Cost Of Downtime

So what’s the true cost of downtime?

A third of websites experience downtime every month, and 90% of organizations have unexpectedly lost access to their critical systems. Website outages can last, on average, 7.9 hours in North America and 10.3 hours in Europe. For a society so dependent on connectivity such outages are extremely costly for organizations whose customers expect high availability anytime, anywhere.

This infographic compiled by Peer 1 Hosting outlines the true cost of website downtime, including the top five downtime disasters you never want to experience, including: damaged reputation, lost revenue, weakened loyalty, reduced productivity, and regulatory and compliance costs. It also details how organizations can proactively avoid downtime with a strategic Web hosting and cloud provider.

Peer1-Infographic-Be-Infallible_001

CloudTweaks Comics
Cloud Infographic – The Future Of Big Data

Cloud Infographic – The Future Of Big Data

The Future Of Big Data Big Data is BIG business and will continue to be one of the more predominant areas of focus in the coming years from small startups to large scale corporations. We’ve already covered on CloudTweaks how Big Data can be utilized in a number of interesting ways from preventing world hunger to helping teams win…

4 Different Types of Attacks – Understanding the “Insider Threat”

4 Different Types of Attacks – Understanding the “Insider Threat”

Understanding the “Insider Threat”  The revelations that last month’s Sony hack was likely caused by a disgruntled former employee have put a renewed spotlight on the insider threat. The insider threat first received attention after Edward Snowden began to release all sorts of confidential information regarding national security. While many called him a hero, what…

Five Cloud Questions Every CIO Needs To Know How To Answer

Five Cloud Questions Every CIO Needs To Know How To Answer

The Hot Seat Five cloud questions every CIO needs to know how to answer The cloud is a powerful thing, but here in the CloudTweaks community, we already know that. The challenge we have is validating the value it brings to today’s enterprise. Below, let’s review five questions we need to be ready to address…

SaaS And The Cloud Are Still Going Strong

SaaS And The Cloud Are Still Going Strong

SaaS And The Cloud With the results of Cisco Global Could Index: 2013-2018 and Hosting and Cloud Study 2014, predictions for the future of cloud computing are notable. Forbes reported that spending on infrastructure-related services has increased as public cloud computing uptake spreads, and reflected on Gartner’s Public Cloud Services Forecast. The public cloud service…

Report: Enterprise Cloud Computing Moves Into Mature Growth Phase

Report: Enterprise Cloud Computing Moves Into Mature Growth Phase

Verizon Cloud Report Enterprises using the cloud, even for mission-critical projects, is no longer new or unusual. It’s now firmly established as a reliable workhorse for an organization and one that can deliver great value and drive transformation. That’s according to a new report from Verizon entitled “State of the Market: Enterprise Cloud 2016.” which…

Cloud Infographic – The Future (IoT)

Cloud Infographic – The Future (IoT)

The Future (IoT) By the year 2020, it is being predicted that 40 to 80 billion connected devices will be in use. The Internet of Things or IoT will transform your business and home in many truly unbelievable ways. The types of products and services that we can expect to see in the next decade…

Three Factors For Choosing Your Long-term Cloud Strategy

Three Factors For Choosing Your Long-term Cloud Strategy

Choosing Your Long-term Cloud Strategy A few weeks ago I visited the global headquarters of a large multi-national company to discuss cloud strategy with the CIO. I arrived 30 minutes early and took a tour of the area where the marketing team showcased their award winning brands. I was impressed by the digital marketing strategy…

Cloud Infographic: Programming Languages To Build Your Cloud

Cloud Infographic: Programming Languages To Build Your Cloud

Programming Languages What programming languages are the building blocks to help develop and facilitate these present and future cloud platforms? Where can we learn and develop these skills in order to help us build our own careers? A couple of options would be to visit sites such as Stackoverflow which can provide you with a good source of information.…

How Your Startup Can Benefit From Cloud Computing And Growth Hacking

How Your Startup Can Benefit From Cloud Computing And Growth Hacking

Ambitious Startups An oft-quoted statistic, 50% of new businesses fail within five years. And the culling of startups is even more dramatic, with an estimated nine out of ten folding. But to quote Steve Jobs, “I’m convinced that about half of what separates the successful entrepreneurs from the non-successful ones is pure perseverance.” So while…

Explosive Growth Of Data-Driven Marketing

Explosive Growth Of Data-Driven Marketing

Data-Driven Marketing There is an absolute endless amount of data that is being accumulated, dissected, analyzed with the important bits extracted and used for a number of purposes. With the amount of data in the world has already reached into multiple zettabytes annually. A Zettabyte is one million petabytes or one thousand exabytes. With data…

Ending The Great Enterprise Disconnect

Ending The Great Enterprise Disconnect

Five Requirements for Supporting a Connected Workforce It used to be that enterprises dictated how workers spent their day: stuck in a cubicle, tied to an enterprise-mandated computer, an enterprise-mandated desk phone with mysterious buttons, and perhaps an enterprise-mandated mobile phone if they traveled. All that is history. Today, a modern workforce is dictating how…

Are Cloud Solutions Secure Enough Out-of-the-box?

Are Cloud Solutions Secure Enough Out-of-the-box?

Out-of-the-box Cloud Solutions Although people may argue that data is not safe in the Cloud because using cloud infrastructure requires trusting another party to look after mission critical data, cloud services actually are more secure than legacy systems. In fact, a recent study on the state of cloud security in the enterprise market revealed that…

Your Biggest Data Security Threat Could Be….

Your Biggest Data Security Threat Could Be….

Paying Attention To Data Security Your biggest data security threat could be sitting next to you… Data security is a big concern for businesses. The repercussions of a data security breach ranges from embarrassment, to costly lawsuits and clean-up jobs – particularly when confidential client information is involved. But although more and more businesses are…

The Rise Of BI Data And How To Use It Effectively

The Rise Of BI Data And How To Use It Effectively

The Rise of BI Data Every few years, a new concept or technological development is introduced that drastically improves the business world as a whole. In 1983, the first commercially handheld mobile phone debuted and provided workers with an unprecedented amount of availability, leading to more productivity and profits. More recently, the Cloud has taken…

Digital Twin And The End Of The Dreaded Product Recall

Digital Twin And The End Of The Dreaded Product Recall

The Digital Twin  How smart factories and connected assets in the emerging Industrial IoT era along with the automation of machine learning and advancement of artificial intelligence can dramatically change the manufacturing process and put an end to the dreaded product recalls in the future. In recent news, Samsung Electronics Co. has initiated a global…

Connecting With Customers In The Cloud

Connecting With Customers In The Cloud

Customers in the Cloud Global enterprises in every industry are increasingly turning to cloud-based innovators like Salesforce, ServiceNow, WorkDay and Aria, to handle critical systems like billing, IT services, HCM and CRM. One need look no further than Salesforce’s and Amazon’s most recent earnings report, to see this indeed is not a passing fad, but…

Adopting A Cohesive GRC Mindset For Cloud Security

Adopting A Cohesive GRC Mindset For Cloud Security

Cloud Security Mindset Businesses are becoming wise to the compelling benefits of cloud computing. When adopting cloud, they need a high level of confidence in how it will be risk-managed and controlled, to preserve the security of their information and integrity of their operations. Cloud implementation is sometimes built up over time in a business,…

5% Of Companies Have Embraced The Digital Innovation Fostered By Cloud Computing

5% Of Companies Have Embraced The Digital Innovation Fostered By Cloud Computing

Embracing The Cloud We love the stories of big complacent industry leaders having their positions sledge hammered by nimble cloud-based competitors. Saleforce.com chews up Oracle’s CRM business. Airbnb has a bigger market cap than Marriott. Amazon crushes Walmart (and pretty much every other retailer). We say: “How could they have not seen this coming?” But, more…

Cost of the Cloud: Is It Really Worth It?

Cost of the Cloud: Is It Really Worth It?

Cost of the Cloud Cloud computing is more than just another storage tier. Imagine if you’re able to scale up 10x just to handle seasonal volumes or rely on a true disaster-recovery solution without upfront capital. Although the pay-as-you-go pricing model of cloud computing makes it a noticeable expense, it’s the only solution for many…