KML_FLASHEMBED_PROCESS_SCRIPT_CALLS

Archive for the ‘Cloud Security’ Category

 

Focus on Big Data at Big Telecom Event in Chicago

Friday, June 27th, 2014 by

The Big Telecom Event is an annual summit held by industry publication Light Reading that gathers some of the most important figures in the industry together to discuss progress, problems, and what’s on the horizon as technology continues to develop at a rapid pace. This year’s conference, held at the Sheraton Towers in downtown Chicago, didn’t neglect the massive popularity of Big Data and its emerging uses, which was the main topic of discussion for the panel “The Customer-Driven Telco: Real-Time Analytics, Big Data & CEM.”

The talk was moderated by Heavy Reading Senior Analyst Ari Banerjee and included the following panelists: Adan Pope, the CTO of Business Unit Support Solutions at Ericsson; Amy Millard, the Vice President of Marketing for Support.com; Sid Harshavat, Security Architect for Symantec; and Kevin McGinnis, the Vice President of Development and Operations for Pinsight Media at Sprint.

Focus on cloud infrastructure and organization
Much of what the panel discussed was about using Big Data to its fullest potential – that is, organizing a cloud server and all its data to best serve the customer and the speed at which information can be delivered. Pope suggested that horizontal organization could be a major solution for companies looking to increase accessibility to data for the employees using it because a system with fewer middle levels won’t garble information unnecessarily.

Miller thought another effective way to use the cloud computing technology to its fullest potential was to put a higher emphasis on developing analytics to make sense of large amounts of research-based data much faster to best service a client.

“Organizationally, bringing analytics teams in earlier during development [would be useful],” she commented.

However, Big Data won’t organize itself based on a company’s whim – those involved in the management of data must decide what type of organizational structure makes sense for the needs of its staff before it can be created and used as a cloud infrastructure. CloudTweaks writer Syed Raza commented on the importance of a logical structure for an organization in a recent article.

(more…) «Focus on Big Data at Big Telecom Event in Chicago»

Public Cloud Appealing to Those Needing Disaster Recovery

Friday, May 9th, 2014 by

These days, businesses are aggregating an incredible amount of data from a lot of different silos. Whether they’re using the information to create enhanced marketing campaigns, conduct research for product development, or look for a competitive edge in the market, these companies are taking whatever steps are necessary to protect that data. Between data breaches and natural occurrences like severe weather that can cause companies to lose their data, many are moving their disaster recovery initiatives to cloud servers.

A broken disk.

A broken disk.

A practical solution
One of the most popular deployment options, public cloud models offer companies the opportunity to back up their data in encrypted, secure environments that can be accessed whenever it’s convenient. However, businesses are looking to take this capability to the next level. Redmond Channel Partner referenced a study sponsored by Microsoft titled “Cloud Backup and Disaster Recovery Meets Next-Generation Database Demands,” which was conducted between December 2013 and February 2014 by Forrester Consulting.

The research firm polled 209 organizations based in Asia, Europe, and North America, with 62 percent of survey participants consisting of large-scale enterprise IT managers. Many of the businesses reported having mission-critical databases larger than 10 terabytes. Respondents claimed that some of the top reasons for using public cloud computing models for backups included saving money on storage (61 percent) and reducing administration expenses (50 percent).

Forrester noted that a fair number of enterprises often omit encrypting their database backups due to the complexity involved and the possibility of data corruption. A number of participants also acknowledged they neglect to conduct tests regarding their disaster recovery capabilities.

The available opportunities
Despite these drawbacks, Forrester’s study showed that cloud-based backup and disaster recovery (DR) models have matured over the past 4 years. In addition, there’s the option of using a hybrid approach that involves combining on-premise DR solutions with public cloud storage. For example, an enterprise could keep all its data in in-house databases and orchestrate a system that would either duplicate or transfer all data into a cloud storage environment in the event of a problem.

(more…) «Public Cloud Appealing to Those Needing Disaster Recovery»

FBI: Health Care Providers Need to Improve Security

Tuesday, May 6th, 2014 by

There’s no disputing that upon implementing cloud servers, physicians, nurses, and hospital administrators will be able to store and access patient information more easily than before. Although such an approach enables them to develop treatments for specific customers, IT professionals and government officials believe care facilities need to improve their security before progressing to the cloud.

Nurses and doctors accessing information.

Nurses and doctors accessing patient information.

A number of cloud solutions offer expanded data protection; however, the current state of many electronic health records systems is lackluster, at best. Data flowing between hospital PCs and mobile devices opens new avenues — creating an environment hackers could potentially exploit to steal sensitive personal health information.

An official security warning 
According to Reuters, the Federal Bureau of Investigation recently informed health care providers their cyber-security infrastructures were unsatisfactory compared to other industries. Although cyber criminals have been known to attack the retail and financial sectors, they could also use electronic records containing insurance and payment information to gain access to bank accounts, personal addresses, phone numbers, and other data.

Reuters obtained a private notice sent to hospital administrators criticizing their lax network defense programs. Issued earlier this month, the memo did not mention the Healthcare.gov breach, which has been criticized by professionals for numerous security flaws. It further implored recipients to contact the FBI in the event any breaches occurred.

The source stated that criminals typically favor health care information because it takes longer for victims to realize that any intelligence has been stolen. Although they often don’t leverage the information itself, hackers often sell such data on the black market. To deter infiltration attempts, some hospitals have invested in cloud infrastructure featuring applications that encrypt data as it flows through the networks.

(more…) «FBI: Health Care Providers Need to Improve Security»

Security Alert: OpenSSL Bug Needs Prompt Attention

Tuesday, April 8th, 2014 by

A major vulnerability with the OpenSSL libraries was announced this morning. According to PCWorld, “The flaw, nicknamed ‘Heartbleed’ is contained in several versions of OpenSSL, a cryptographic library that enables SSL (Secure Sockets Layer) or TLS (Transport Security Layer) encryption. Most websites use either SSL or TLS, which is indicated in browsers with a padlock symbol. The flaw, which was introduced in December 2011, has been fixed in OpenSSL 1.0.1g, which was released on Monday [April 7].”

Heartbleed

We want to ensure all our customers are aware of this vulnerability so those impacted can take appropriate measures. The following description of Heartbleed is from http://heartbleed.com:

“The Heartbleed bug allows anyone on the Internet to read the memory of the systems protected by the vulnerable versions of the OpenSSL software. This compromises the secret keys used to identify the service providers and to encrypt the traffic, the names and passwords of the users and the actual content. This allows attackers to eavesdrop on communications, steal data directly from the services and users and to impersonate services and users.”

GoGrid has already performed an extensive audit of our environment and has determined that none of our customer-supporting sites—including our management console, wiki, and secure signup—is exposed to this vulnerability.

If you are permitting SSL/TLS traffic to your servers, however, a firewall won’t block against this attack. This is a serious vulnerability with the ability to significantly expose your environment. GoGrid recommends you review the National Vulnerability Database CVE-2014-0160 as soon as possible to determine if the OpenSSL vulnerability applies to your organization and then take corrective action based on your specific security policies, if necessary.

Does it take a village to ensure security (or just hard work)?

Monday, January 6th, 2014 by

I watched an interview this morning where Snapchat’s CEO was discussing the recent exposure of its users’ phone numbers and names and something he said stood out for me: “Tech businesses are susceptible to hacking attacks. You have to work really, really, really hard with law enforcement, security experts, and various external and internal groups to make sure that you’re addressing security concerns.”

image

I have to agree with him: It takes a lot of effort to keep up with the latest security threats and vulnerabilities, to continuously assess existing security safeguards, to open channels of communications with security peers in other organizations, and to work with local and federal law enforcement to solve common security problems. Even companies that spend millions on security like Target are clearly challenged every day to identify and remove vulnerabilities to protect their customers’ data.

The rapid growth of cloud services and cloud service providers has only added new areas of concern for organizations hoping to leverage the benefits of the cloud. Organizations must perform their due diligence in identifying the right cloud service provider for their needs—preferably one that’s had time to develop security best practices based on firsthand experience and hard-won expertise. Securing a company’s production environment requires a cloud partner that is mature and has dedicated resources to provide robust security services and products.

Consider the recent DigitalOcean security revelation that its customers can view data from a VM previously used by another customer. According to one reporter, a DigitalOcean customer “noted that DigitalOcean was not by default scrubbing user’s data from its hard drives after a virtual machine instance was deleted.” Why not? DigitalOcean confided that the deletes were taking too long to complete and resulted in potential performance degradation of its services.

I recognize that challenge because GoGrid addressed this same issue years ago. All our deleted VMs go through an automated secure scrubbing process that ensures a previous customer’s data isn’t inadvertently shared with a new customer—and we do so without impacting our production environment. Was that easy to accomplish? No, it wasn’t. In fact, it took a lot of engineering work and resources to develop the right way to secure our customers’ data without impacting performance. Taking technical shortcuts when it comes to security often results in unexpected consequences that can affect an organization’s overall security—and ultimately, its reputation.

(more…) «Does it take a village to ensure security (or just hard work)?»