Category Archives: Security

Who Holds the Key to the City: Big Data and City Management

Who Holds the Key to the City: Big Data and City Management

Big Data and City Management

Cities like New York, Madrid, and especially Rio de Janeiro are augmented with Big Data-powered initiatives that range from combating crime with predictive analytics (New York & Madrid) to providing real-time data for improved management. Although Big Data is no panacea and is mainly used in conjunction with a greater plan, there’s no denying that it aids cities, for example, in squeezing the most out of the available infrastructure.

Big Data and Public Services

New York, once a crime-ridden concrete labyrinth and inspiration for telling titles like Taxi Driver and Escape From New York, has become much safer. From 1990 to 2009, there has been a 79-percent reduction in murders, even though the social factors haven’t changed much. The Domain Awareness System, as Microsoft’s team-up with the city is called, doesn’t fall into that time frame but shows the commitment that NYC has made for safety, with an added anti-terrorism spin in the form of radiation/chemical detection in key locations of the Big Apple.

New-York-2

That being said, Big Data was already used for public safety purposes in NYC before, in the form of call record processing, allowing police to focus on areas from which more crime-related calls are made. The efficacy of this practice has been proven quite some time ago: criminologist Lawrence Sherman studied call records in Minneapolis, showing that some 3.5 percent of the addresses produced about 50 percent of the crime calls. And crime doesn’t simply move to another neighborhood.

In Rio de Janeiro, however, the use of Big Data has taken a different course. The municipality focuses on predictive analytics as well as real-time city insights that alert public services to impending trouble. The intelligent operations centre, as the 2010 joint project of the municipality and IBM is called, focuses on weather reports, public surveillance, cleaning services and transport. The effort has produced mixed results, as evidenced by the embarrassing protests, which coincided with the 2014 FIFA World Cup, calling for better public services.

One can surmise that the 560+ cameras wired to the operations centre in Rio provide a very rough approximation of the city; however, the scale of data is not really at hand here. Big Data is but a part of the effort, as it is in New York City, to make the city more safe. The centre was established after a series of lethal landslides caused by rainfall, so its main efforts lie on emergency prevention and detection.

Crimewaves still plague the city, and the protests showed that infrastructure-related problems still linger. The biggest boon is the lives saved (not necessarily improved) due to better coordination between public services.

Conclusions

These early efforts show that cities have a lot of room to tread before operations centres become completely ingrained and vital for the city’s sustenance. In New York, Big Data has become part of long-term efforts to reduce crime. In Rio, Big Data is leveraged to improve the overall coordination and squeeze more out of scarce infrastructure. There is, however, only so much you can do before the time is ripe for concrete and bulldozers.

(Image Source: Stuart Monk / Shutterstock.com)

By Lauris Veips

IT Security: Think Like A Thief – And An Average Joe, Too

IT Security: Think Like A Thief – And An Average Joe, Too

IT Security: Think Like A Thief – And An Average Joe, Too

With security threats to information services growing in sophistication, frequency and variety, IT professionals on all sides of the marketplace are realizing an urgent need to reinvent themselves to better anticipate the bewildering variety of attacks that they and their customers face. The problem that they are discovering, is that the systems’ maliciousness and weaknesses exist not only in the software and hardware at their fingertips, but in the minds of those that have access to it.

cyberman-hp

A good example of this can be seen in just one form of attack: SQL injection, in which destructive code finds its way into a database by way of a vulnerable opening. These vulnerable openings might be the “username” or “password” panels on a login form, or the space for a credit card number on an ecommerce form. It would never occur to the average user to insert anything other than the required information into this panel, but for the bad guys, this panel is as tempting as an open window, or a set of misplaced keys. It is the way in to an unprotected treasure.

It is the mindset that is essential here. Good guys don’t think like bad guys. Therefore, IT defense often appears to be playing a game of catch-up with opportunists who may exist anywhere on the planet, yet who can access a server with ease.

A recent Brighttalk.com webcast featuring data collected by the Ponemon Institute pointed out that U.S. companies reported an average of “$12.7 million in losses to cybercrime,” with “the most costly cybercrimes … caused by denial of services, malicious insiders, and malicious code. These threats account for more than 55 percent of all cybercrime costs.

The rise of the use of mobile technologies and BYOD serve to compound this problem, given the wide variety of apps, platforms and devices in use, but once again, it is very often the users themselves that are the chief offenders. A classic example of network vulnerability in past years was the act of leaving a password on a sticky-note under the keyboard. A modern variant of this is the free and open use of mobile technologies – part of the BYOD culture that is making its way into the workplace. Users seldom employ the vigilance required to ensure their devices are clean and impermeable as they connect to their employers’ cloud servers.

As CIO Community Manager John Dodge pointed out recently the results of a survey from Centrify Corp. reveals that “only 43% of employees using mobile devices for work are keenly aware of mobile security. That means 57% are not.” The survey points out that “on average, 45 percent of the enterprise employees surveyed have more than six third-party applications installed on their personal device” and “43 percent have accessed sensitive corporate data on their personal device while on an unsecured public network, such as the airport or a coffee shop.”

These findings point out a disturbing reality for IT security specialists: they not only have to think like bad guys, they also have to think like average, innocent good-guys, for whom password and security protocols are tedious, and in the case of younger professionals, unfettered access to Internet technologies is a given.

DDoS attacks, for example highlight how this weak link can be exploited. One documented case, an attack on a group of U.S. banks in January 2013 was carried out by waves of botnet zombies located around the world. The source of the outbreak was determined to be an innocent general-interest website based in the U.K. that had been poisoned by a web design company based in Turkey. The weak link: an administrative password on the U.K. website.

These events, just a couple of the many thousands that happen every day, reveal a requirement for security specialists to maintain a number of different mindsets – to think like a thief, certainly but to also not overlook the most obvious source of IT vulnerability: the average human being.

This post is brought to you by the Enterprise CIO Forum and HP’s Make It Matter.

By Steve Prentice

Cloud Infographic – What Are Cloud Access Security Brokers (CASBs)?

Cloud Infographic – What Are Cloud Access Security Brokers (CASBs)?

What Are Cloud Access Security Brokers?

Security is, I would say, our top priority because for all the exciting things you will be able to do with computers – organizing your lives, staying in touch with people, being creative – if we don’t solve these security problems, then people will hold back.” – Bill Gates

Cloud Access Security Brokers, known as CASBs, are opening a brand new window into our everyday security and safety with regard to information and high-technology trends. Increasingly, cloud-focused applications and services applied by enterprises are going to be kept much more secure with the help of CASB platforms by 2016.

Gartner Inc., has recently announced a top 10 technological advances for information security. Here they are:

1) Cloud Access Security Brokers – cloud-based points, which are used for security policy enforcement purposes, and are placed between cloud service providers and cloud service consumers.

2) Adaptive Access Control – a type of control with context awareness access.

3) Pervasive Sandboxing (Content Detonation) and IOC Confirmation – a great option to detect intrusions as soon as possible, and to reduce hackers’ chances to cause damage to sensitive information.

4) Endpoint Detection and Response Solutions – used to record numerous network events and endpoints, and store the information in a centralized database.

5) Big Data Security Analytics at the Heart of Next-generation Security Platforms – a fine option for storing your monitoring data to carry out retrospective analysis.

6) Machine-readable Threat Intelligence, Including Reputation Services – a form of real-time and dynamic rating to be used for the integration with intelligence feeds and external context.

7) Containment and Isolation as a Foundational Security Strategy – an excellent means to create a defense-in-depth protection for enterprise systems.

8) Software-defined Security – aims at moving the intelligence and value into software.

9) Interactive Application Security Testing – used to provide a higher level of accuracy of application security testing via the interaction of the DAST (dynamic application security testing) and SAST (static application security testing) techniques.

10) Security Gateways, Brokers and Firewalls to Deal with the Internet of Things – associated with the Internet of Things and directed towards providing security and protection for future interconnected devices, sensors and systems, which will mainly be controlled without human involvement.

Below, you can find an interesting infographic on CASBs provided by bitglass.com

Def.Guide-CASBs

By Lilit Melkonyan

Cloud Infographic: Losing The Cyberwar To Hackers

Cloud Infographic: Losing The Cyberwar To Hackers

Losing The Cyberwar To Hackers

Much of the discussion lately has been around the JP Morgan security breach. There are also growing concerns that other companies may have been infiltrated as well which is not a surprise considering the ruthless nature of cyberwar. Security will always be an issue and something businesses must continuously prepare for in order to minimize damage.

Attached is an infographic discovered at IDG which take a closer look at Cyberwar in the U.S.

CSO_Cyberwar

Overcoming Obstacles In Cloud Computing Adoption

Overcoming Obstacles In Cloud Computing Adoption

Overcoming The Numerous Challenges

According to Buyya et al. (2008), “A Cloud is a type of parallel and distributed system consisting of a collection of inter-connected and virtualized computers that are dynamically provisioned and presented as one or more unified computing resources based on service-level agreements established through negotiation between the service provider and consumers.” The enormous advantages of cloud computing in improving businesses have generated unprecedented interest in its adoption. However, customers of a cloud face numerous challenges such as service requirements; unexpected outages; invalid assumptions about the operating environment; poor isolation between users, hardware degradation, misconfiguration of software; cost implications of failure and uncertainty about cloud providers’ ability to meet service level agreements (SLA). Cloud providers are usually responsible for problems related to their own infrastructure. Although cloud providers monitor their physical resources such as servers, storage and network systems to provide a highly stable infrastructure, they usually do not guarantee individual instance availability.

disgruntled

In addition, Benson and his colleagues analysed the problems users faced and categorized them into five categories: Application-related (e.g. Email server setup, Windows Licensing, LAMP setup, Linux), Virtual Infrastructure-related ( e.g. Virtualized Storage, Attach/Detach, Virtualized load balancer, DNS & Virtualized IP) , Image Management-related ( Image bundling issues, storage and migration of image between buckets, Update/kernel install issues),Performance-related ( Instance not responding, Instance stuck in terminating, EBS performance), and Connectivity-related (General connectivity, Firewall, Connection performance, Connecting to app).

These risks hinder the adoption of cloud. Zardri et al. (2013) believe that “evaluating pre adoption choices at early stages is cost-effective strategy to mitigate risks for probable losses due to wrong or uninformed selection decisions”. They suggested that companies should identify obstacles and their importance through understanding their consequences on the adoption process (obstacle prioritization). Then, appropriate tactics should be used to handle, manage, and solve the problems. Furthermore, analysing Service Level Agreements (SLA) of cloud providers and matching them against users’ requirements can be useful in revealing potential SLA violations, conflicts and probable risks.

Benson (2013) also  introduced several strategies that cloud providers can apply to help users.

Best Effort Support Model: “user forumis considered as one of the most common version of support models. Unfortunately, cloud providers do not make guarantee on the response time of the operators and the resolution time of the problem.

Premium Support Model: In this model, cloud providers guarantee the user that problems will be resolved within a certain period of time. The SLA provided to a user is inversely proportional to the price paid by the users; a higher price demands a guaranteed for a shorter resolution time. Certain providers also ensure that users have access to dedicated operators who are familiar with the user’s environment and needs.”

As discussed above, it would seem that companies should identify and understand early the properties of the problems that they will face in using a cloud before migrating any servers, databases, applications or data to the cloud.  Data security and privacy breaches, as well as regulatory and legal compliance are significant issues when moving from in-house IT infrastructure to cloud services. Therefore, specific standards, education, and appropriate support mechanisms should be designed to solve the problems.

(Image Source: Shutterstock.com)

By Mojgan Afshari

The Lighter Side Of The Cloud – Data Locking

The Lighter Side Of The Cloud – Data Locking



DataLock-cloudtweaks-comic

By Al Johnson

Are you looking to supercharge your Newsletter, Powerpoint presentation, Social media campaign or Website? Our universally recognized tech related comics can help you. Contact us for information on our commercial licensing rates.

New AlgoSec Survey Reveals Huge Challenge To Unify Security Policy Management

New AlgoSec Survey Reveals Huge Challenge To Unify Security Policy Management

New AlgoSec Survey Reveals Huge Challenge to Unify Security Policy Management Across On-Premise and Public Cloud Environments algosec_hybrid_cloud_security-info

Survey Highlights Need to Increase Visibility, Create New Workflows and Compliance Processes, and Reconsider Team Responsibilities to Secure Network Access in a Hybrid Environment

Boston, MA(September 30, 2014)AlgoSec, the market leader for Security Policy Management, today announced the results of its “Security Policy Management in Hybrid Cloud Environments” survey. The survey focuses on the network security challenges facing companies that are deploying or planning to deploy their business applications on public Infrastructure as a Service (IaaS) platforms.  A key finding of the survey shows that 79 percent of organizations stated that they need better visibility in order to unify security policy management across their on-premise and public cloud environments.

Conducted in August 2014, the survey polled 363 information security and network operations professionals, data center architects, application owners and CIOs worldwide. 239 respondents (66 percent) reported they are currently deploying or planning to deploy business applications on an IaaS platform within the next 12-36 months. The following key findings are based on these 239 respondents, and include:

  • Visibility is obscured by clouds – 79 percent of respondents agreed or strongly agreed that they need better visibility across on-premise data centers and public clouds. Two-thirds (66 percent) of respondents agreed or strongly agreed that it is difficult to extend the corporate network security policy to the public cloud.
  • Lack of processes hinders cloud management and compliance – 59 percent of respondents noted the lack of operational workflows to manage network security in a hybrid environment. Demonstrating compliance on IaaS compared with on-premise data centers was another major issue, with 49 percent of those surveyed claiming difficultly.
  • Disparate selection of security controls used across IaaS – Only a third of respondents (33 percent) use commercial network firewalls to protect access to their data in the cloud. 25 percent of respondents use provider controls such as Amazon Security Groups, and 10 percent use host-based firewalls.
  • Companies are in the dark about security controls in the cloud – Worryingly, a third of companies that are planning to deploy business applications in the cloud within the next 12-24 months do not know which tools they will use to manage their network security policies in the cloud.
  • Data and network security are the most challenging functions to migrate to public clouds – Network security is the second most complex function to migrate to the public cloud (following data security), and the most complex for small to medium size organizations.
  • Responsibility for cloud security is fragmented – At small to medium size companies, security for business applications running in public clouds is handled mostly by IT Operations (70 percent). In the future, companies plan to transition this responsibility over to Information Security. At large companies, the responsibility is and will remain in the hands of Information Security (72 percent).

Network security in public IaaS is fundamentally different compared to traditional on-premise data centers, which results in the myriad of operational, security and compliance challenges highlighted in this survey,” said Nimmy Reichenberg, Vice President of Marketing and Strategy at AlgoSec. “As organizations look to strategically adopt public IaaS, they must ensure they have holistic visibility and a platform that can manage their network security policy consistently across their entire environment.”

  Download the full report – “Security Policy Management in Hybrid Cloud Environments”.

Contact CloudTweaks for infographic co-branding and sponsorship opportunities.

Cloud Infographic – History Of Computer Threats

Cloud Infographic – History Of Computer Threats

Cloud Infographic – History Of Computer Threats

We’d like to close out the week by providing you with an infographic courtesy of Dell which presents a fast-fact look at The History of Computer Security Threats. Security threats are constant, in many cases extremely calculated and inevitably unforgiving. There will most likely never be a 100% foolproof security solution as cyber criminals will always be a few steps ahead but, there are a number of ways to help reduce the damage.

history-security-threats

CloudTweaks Comics
Cloud Infographic – Big Data Analytics Trends

Cloud Infographic – Big Data Analytics Trends

Big Data Analytics Trends As data information and cloud computing continues to work together, the need for data analytics continues to grow. Many tech firms predict that big data volume will grow steadily 40% per year and in 2020, will grow up to 50 times that. This growth will also bring a number of cost…

Infographic: IoT Programming Essential Job Skills

Infographic: IoT Programming Essential Job Skills

Learning To Code As many readers may or may not know we cover a fair number of topics surrounding new technologies such as Big data, Cloud computing , IoT and one of the most critical areas at the moment – Information Security. The trends continue to dictate that there is a huge shortage of unfilled…

Three Factors For Choosing Your Long-term Cloud Strategy

Three Factors For Choosing Your Long-term Cloud Strategy

Choosing Your Long-term Cloud Strategy A few weeks ago I visited the global headquarters of a large multi-national company to discuss cloud strategy with the CIO. I arrived 30 minutes early and took a tour of the area where the marketing team showcased their award winning brands. I was impressed by the digital marketing strategy…

Low Cost Cloud Computing Gives Rise To Startups

Low Cost Cloud Computing Gives Rise To Startups

Balancing The Playing Field For Startups According to a Goldman Sachs report, cloud infrastructure and platform spending could reach $43 billion by 2018, which is up $16 billion from last year, representing a growth of around 30% from 2013 said the analyst. This phenomenal growth is laying the foundation for a new breed of startup…

Teach Yourself The Cloud: Cloud Computing Knowledge In 5 Easy Steps

Teach Yourself The Cloud: Cloud Computing Knowledge In 5 Easy Steps

Teach Yourself The Cloud Learn how to get to grips with cloud computing in business  Struggling to get your head around the Cloud? Here are five easy ways you can improve your cloud knowledge and perhaps even introduce cloud systems into your business.  Any new technology can appear daunting, and cloud computing is no exception.…

Cloud Infographic – The Data Scientist

Cloud Infographic – The Data Scientist

Data Scientist Report The amount of data in our world has been exploding in recent years. Managing big data has become an integral part of many businesses, generating billions of dollars of competitive innovations, productivity and job growth. Forecasting where the big data industry is going has become vital to corporate strategy. Enter the Data…

New Report Finds 1 Out Of 3 Sites Are Vulnerable To Malware

New Report Finds 1 Out Of 3 Sites Are Vulnerable To Malware

1 Out Of 3 Sites Are Vulnerable To Malware A new report published this morning by Menlo Security has alarmingly suggested that at least a third of the top 1,000,000 websites in the world are at risk of being infected by malware. While it’s worth prefacing the findings with the fact Menlo used Alexa to…

The Future Of Work: What Cloud Technology Has Allowed Us To Do Better

The Future Of Work: What Cloud Technology Has Allowed Us To Do Better

What Cloud Technology Has Allowed Us to Do Better The cloud has made our working lives easier, with everything from virtually unlimited email storage to access-from-anywhere enterprise resource planning (ERP) systems. It’s no wonder the 2013 cloud computing research IDG survey revealed at least 84 percent of the companies surveyed run at least one cloud-based application.…

Why Small Businesses Need A Business Intelligence Dashboard

Why Small Businesses Need A Business Intelligence Dashboard

The Business Intelligence Dashboard As a small business owner you would certainly know the importance of collecting and analyzing data pertaining to your business and transactions. Business Intelligence dashboards allow not only experts but you also to access information generated by analysis of data through a convenient display. Anyone in the company can have access…

Cloud Computing Then & Now

Cloud Computing Then & Now

The Evolving Cloud  From as early as the onset of modern computing, the possibility of resource distribution has been explored. Today’s cloud computing environment goes well beyond what most could even have imagined at the birth of modern computing and innovation in the field isn’t slowing. A Brief History Matillion’s interactive timeline of cloud begins…

Connecting With Customers In The Cloud

Connecting With Customers In The Cloud

Customers in the Cloud Global enterprises in every industry are increasingly turning to cloud-based innovators like Salesforce, ServiceNow, WorkDay and Aria, to handle critical systems like billing, IT services, HCM and CRM. One need look no further than Salesforce’s and Amazon’s most recent earnings report, to see this indeed is not a passing fad, but…

How The CFAA Ruling Affects Individuals And Password-Sharing

How The CFAA Ruling Affects Individuals And Password-Sharing

Individuals and Password-Sharing With the 1980s came the explosion of computing. In 1980, the Commodore ushered in the advent of home computing. Time magazine declared 1982 was “The Year of the Computer.” By 1983, there were an estimated 10 million personal computers in the United States alone. As soon as computers became popular, the federal government…

How To Overcome Data Insecurity In The Cloud

How To Overcome Data Insecurity In The Cloud

Data Insecurity In The Cloud Today’s escalating attacks, vulnerabilities, breaches, and losses have cut deeply across organizations and captured the attention of, regulators, investors and most importantly customers. In many cases such incidents have completely eroded customer trust in a company, its services and its employees. The challenge of ensuring data security is far more…

Three Reasons Cloud Adoption Can Close The Federal Government’s Tech Gap

Three Reasons Cloud Adoption Can Close The Federal Government’s Tech Gap

Federal Government Cloud Adoption No one has ever accused the U.S. government of being technologically savvy. Aging software, systems and processes, internal politics, restricted budgets and a cultural resistance to change have set the federal sector years behind its private sector counterparts. Data and information security concerns have also been a major contributing factor inhibiting the…

Don’t Be Intimidated By Data Governance

Don’t Be Intimidated By Data Governance

Data Governance Data governance, the understanding of the raw data of an organization is an area IT departments have historically viewed as a lose-lose proposition. Not doing anything means organizations run the risk of data loss, data breaches and data anarchy – no control, no oversight – the Wild West with IT is just hoping…

Achieving Network Security In The IoT

Achieving Network Security In The IoT

Security In The IoT The network security market is experiencing a pressing and transformative change, especially around access control and orchestration. Although it has been mature for decades, the network security market had to transform rapidly with the advent of the BYOD trend and emergence of the cloud, which swept enterprises a few years ago.…

Cloud-Based Services vs. On-Premises: It’s About More Than Just Dollars

Cloud-Based Services vs. On-Premises: It’s About More Than Just Dollars

Cloud-Based Services vs. On-Premises The surface costs might give you pause, but the cost of diminishing your differentiators is far greater. Will a shift to the cloud save you money? Potential savings are historically the main business driver cited when companies move to the cloud, but it shouldn’t be viewed as a cost-saving exercise. There…

Cloud-Based or On-Premise ERP Deployment? Find Out

Cloud-Based or On-Premise ERP Deployment? Find Out

ERP Deployment You know how ERP deployment can improve processes within your supply chain, and the things to keep in mind when implementing an ERP system. But do you know if cloud-based or on-premise ERP deployment is better for your company or industry? While cloud computing is becoming more and more popular, it is worth…