Author Archive

 

Security Alert: OpenSSL Bug Needs Prompt Attention

Tuesday, April 8th, 2014 by

A major vulnerability with the OpenSSL libraries was announced this morning. According to PCWorld, “The flaw, nicknamed ‘Heartbleed’ is contained in several versions of OpenSSL, a cryptographic library that enables SSL (Secure Sockets Layer) or TLS (Transport Security Layer) encryption. Most websites use either SSL or TLS, which is indicated in browsers with a padlock symbol. The flaw, which was introduced in December 2011, has been fixed in OpenSSL 1.0.1g, which was released on Monday [April 7].”

Heartbleed

We want to ensure all our customers are aware of this vulnerability so those impacted can take appropriate measures. The following description of Heartbleed is from http://heartbleed.com:

“The Heartbleed bug allows anyone on the Internet to read the memory of the systems protected by the vulnerable versions of the OpenSSL software. This compromises the secret keys used to identify the service providers and to encrypt the traffic, the names and passwords of the users and the actual content. This allows attackers to eavesdrop on communications, steal data directly from the services and users and to impersonate services and users.”

GoGrid has already performed an extensive audit of our environment and has determined that none of our customer-supporting sites—including our management console, wiki, and secure signup—is exposed to this vulnerability.

If you are permitting SSL/TLS traffic to your servers, however, a firewall won’t block against this attack. This is a serious vulnerability with the ability to significantly expose your environment. GoGrid recommends you review the National Vulnerability Database CVE-2014-0160 as soon as possible to determine if the OpenSSL vulnerability applies to your organization and then take corrective action based on your specific security policies, if necessary.

Infographic: 2014 – The Year of Open Source?

Tuesday, April 8th, 2014 by

If you’re a software developer, you’ve probably already used open-source code in some of your projects. Until recently, however, people who aren’t software developers probably thought “open source” referred to a new type of bottled water. But all that’s beginning to change. Now you can find open-source versions of everything from Shakespeare to geospatial tools. In fact, the first laptop built almost entirely on open source hardware just hit the market. In the article announcing the new device, Wired noted that, “Open source hardware is beginning to find its own place in the world, not only among hobbyists but inside big companies such as Facebook.”

GoGrid_OpenSource200_blog

Why now?

Open source technology has moved from experiment to mainstream partly because the concept itself has matured. Companies that used to zealously guard their proprietary software or hardware may now be building some or all of it on open-source code and even giving back to the relevant communities. Plus repositories like GitHub, Bitbucket, and SourceForge make access to open-source code easy.

In its annual “Future of Open Source Survey,” North Bridge Venture Partners summarized 3 reasons support for open source is broadening:

1. Quality: Thanks to strong community support, the quality of open-source offerings has improved dramatically. They now compete with proprietary or commercial equivalents on features–and can usually be deployed more quickly. Goodbye vendor “lock-in.”

(more…) «Infographic: 2014 – The Year of Open Source?»

Infographic: Keep your patient health info secure in the cloud

Wednesday, January 22nd, 2014 by

Maintaining data security in the healthcare sector is hard. Although all businesses worry about securing confidential data, it doesn’t compare to the burden of companies managing personal health information that must comply with the Healthcare Insurance Portability and Accountability Act (HIPAA) and other relevant regulations. Unfortunately, the sensitive nature of these assets makes them even more desirable to cybercriminals. The result: Patient health information is being targeted more frequently and more aggressively than ever before. Fortunately, the evolving IT landscape has provided a way to address these threats: proactive security monitoring to identify and mitigate potential risks and encryption to protect the data itself.

Outside attacks are only one aspect of the problem, however: Negligent insiders are also putting their organizations at risk. Studies have shown that roughly 94% of healthcare firms have experienced at least 1 data breach within the past 2 years. Because these incidents cost the industry upwards of $7 billion per year, administrators must proactively seek strategies that cut down the chances of unwanted security problems.

Financial repercussions of a data breach

Due to the regulations governing personal health information, the reputation damage and bottom-line costs of a data breach are often exacerbated by compliance fines. What is more troubling is that these costs are only increasing in frequency and severity. Experts believe that the financial repercussions of data breaches have increased by $400,000 between 2010 and 2012, with more than half of companies losing $500,000 or more in 2012. With the price tag expected to rise 10 percent year-over-year through 2016, businesses must plan ahead to reduce these challenges.

To illustrate the effect of data breaches on healthcare organizations and the magnitude of the response required, we’ve put together the following infographic, “Keep Your Patient Health Info Secure in the Cloud.” Part of our series of 60-second guides, the graphic will show you in only a minute why the cloud is powering new ways to secure some of the most personal information available: details about our health.

GoGrid_HIPAA_Compliance_72_F

(more…) «Infographic: Keep your patient health info secure in the cloud»

Infographic: Cloud, Mobile, and Advertising—Primed for Growth

Thursday, August 8th, 2013 by

If you use a smartphone, you know all about mobile ads. Maybe a promo just popped up on your iPhone for a store you’re passing, or you’re offered a discount on a product mentioned in a news article you’re reading on your tablet during your commute. But what you may not know is the compute power required to serve you those tiny, enticing advertisements. We’re not talking about just a few servers, either—we’re talking about a whole bunch of data-processing giants capable of handling thousands of transactions simultaneously while ensuring the proper message is delivered to the correct user on the right device at the ideal time. That’s not a simple undertaking, and certainly not a trivial implementation of infrastructure.

Online and mobile advertising in general is complex. There are hundreds of different factors that come into play each and every time an online ad is served. Sophisticated advertising platforms track a large range of variables, including:

  • User location
  • Click-throughs
  • User preferences
  • Exposure history
  • Purchase history
  • Cookies
  • Advertisers
  • Copy & digital content
  • Device information
  • A variety of other touch points

The result of all this data-crunching is ads that seem customized for a specific user, increasing conversion and revenue for the advertiser and presenting a better overall experience for the customer.

Why should advertisers jump on the cloud?

Infrastructure-as-a-Service (IaaS) growth is already reaching stratospheric heights and is predicted to continue to grow, with 62% of companies reporting use of the cloud within their organizations. Similarly, the advertising market—and specifically mobile advertising—grew by 111% in 2012 and is expected to reach $11 billion by 2017. When you pair the cloud with advertising and then throw mobile into the mix, you have a marketplace that’s primed for tremendous growth and, of course, tremendous opportunity.

(more…) «Infographic: Cloud, Mobile, and Advertising—Primed for Growth»

Managing Your World (At Least Your Infrastructure) Just Got Easier: New Managed Services

Wednesday, July 31st, 2013 by

If I think back over my years in tech, the term “managed services” usually meant one of two extremes: At one end were pricey consultants that advised you how to do something extremely complex like business process reengineering (remember BPR?) and then ended up doing it for you—usually at an astounding cost. At the other end were providers of services like email that have since become commodities and are now typically free for individuals (Gmail anyone?) or bundled with other value-added services into an office productivity “suite” for businesses.

In both cases, the mere phrase “managed services” used to create fear within the IT team as they faced the prospect of either changing a proven, established process or figuring out how to integrate a new solution with existing systems and equipment. Luckily, managed services have come a long way since then. That’s why GoGrid’s new Managed Services offer 3 things customers have told us they need:

  1. Insight
  2. Intelligence
  3. Integration

Grab a peek under the covers (insight)

Both our new Managed Monitoring Service and our Managed Security Service provide something indispensable: the ability to know what’s happening in your environment in real time—and act on it, if necessary. As John Joyner noted in TechRepublic, “If you care about uptime and maintaining good performance of any server or application, you need monitoring, too.” That type of insight is clearly valuable to a business when it results from a valid threat about a security breach or notification of a down server. However, our customers tell us it’s equally useful to see when a change occurs from deploying new code, for example. Receiving comprehensive, focused data in context about their infrastructure is what elevates that information above mere “noise.”

MS-screenshot4L

(more…) «Managing Your World (At Least Your Infrastructure) Just Got Easier: New Managed Services»