Security Challenges of the Public Cloud

Two-thirds of businesses identify security as the top concern when considering moving to the public cloud. And they are right to do so. Now that data is being stored in new ways and new locations around the globe, businesses need to trust what is happening to their corporate data.

Of the many security challenges that the public cloud has introduced, let’s focus on governance. Achieving and maintaining governance and compliance in the cloud involves considering:

• Jurisdiction and regulatory requirements
Can the data be accessed and stored at rest within regulatory constraints?

• Complying with export/import controls
Are encryption software controls permitted in different countries or jurisdictions?

• Compliance of the infrastructure
Is the cloud infrastructure/architecture/service you are using compliant?

• Audit and reporting requirements
Can you provide the required evidence and reports to demonstrate compliance with regulations and legal requirements?

It is essential for businesses to establish that the governance requirements of their corporate data are being met on the public cloud. If they aren’t then other options must be considered.

Cloud Computing Options

Cloud computing has been gaining attention from businesses as a way to access advanced technology that isn’t necessarily hosted or owned by the user. According to recent surveys public cloud approaches are gaining traction among SMBs. Approximately twice as many SMBs plan to implement public cloud solutions compared with private cloud solutions in the coming year.

The public cloud is where the greatest economies and easiest-to-implement solutions are found. However, for companies needing complete control of their data a private cloud is much more appropriate. Combining the private and public cloud solutions into a hybrid cloud is an option as well.

Contact DataHive to discuss our cloud computing options.

Phishing and Spear Phishing Attacks are Effective

A recent survey of IT enterprise decision makers by Proofpoint, Inc. has found that phishing and spear phishing attacks against large organizations are extremely common and extremely effective in compromising user credentials and corporate IT systems.

Just over half of all respondents believe that their organizations were targeted by phishing email in the past year.

More than half of those respondents belonging to organizations with 1000 or more email users believe that their organizations were targeted by a spear phishing attack.

By comparison, 42% of respondents belonging to organizations with fewer than 100 email users believe they were targeted by a spear phishing attack.

More than a third of respondents who experienced a spear phishing attack in the previous 12 months (17% of all respondents) believe that the attacks resulted in compromised user login credentials and/or unauthorized access to corporate IT systems.

When asked which vectors posed the greatest risk of corporate data loss, respondents answered outbound email, online file sharing solutions, stolen mobile devices and postings to social media sites in that order.

Cost of Data Breaches

A new study by Ponemon Institute has shown that 54% of participants experienced at least one data breach in the last 12 months. Of those, 19% experienced more than four!

Almost half of those who suffered a data breach reported their corporate reputation suffered. Almost a third had had to downsize due to loss of customers.

Data breaches came with a cost too — an average £91,985 ($146,240.51) increase in customer acquisition spending.

Research shows that it takes businesses on average over 9 months and £138,700 ($220,509.42) to fully recover from a data breach.

One can’t help but conclude that data breaches and cybercrime have serious consequences to corporations.

Astoundingly, 58% of those businesses who had yet to suffer a data breach didn’t believe they would suffer loss of reputation if it happened to them. As well, 70% didn’t believe they would have to spend more on customer acquisition if they became victims of a data breach.

There is definitely a discrepancy between what businesses think the repercussions of a data breach would be and what the repercussions really are. Unhappily, this dissociation from reality tends to lull businesses into complacency about their data security.

Now is definitely the time, before a data breach happens, to anticipate and forestall risks to corporate data.

Hacker Group Anonymous has been Busy

The hacker group Anonymous has had a busy week doing what they do best — hacking.

“Today, Nov. 4, 2012, our security team became aware of the public posting of VMware ESX source code dating back to 2004. This source code is related to the source code posted publicly on April 23, 2012,” VMware wrote on its Security and Compliance blog. “It is possible that more related files will be posted in the future. We take customer security seriously and have engaged our VMware Security Response Center to thoroughly investigate.”

Anonymous also claimed to have hacked PayPal and leaked confidential information, including coded passwords and phone numbers, from approximately 28,000 PayPal accounts.

PayPal has issued a statement saying they are investigating but have yet to find evidence of this breach.

Cyber Security Concerns Should Include Mobile Devices

Not surprisingly the majority of SMBs allow their employees to use mobile devices such as smartphones and tablets. Alarmingly very few of them have taken the necessary steps to ensure these devices are safe from cyber threats.

According to a survey commissioned by AT&T and the Polytechnic Institute of New York University, 90% of SMBs allow their employees to use mobile devices to access work email, and 41% allow their employees to use these devices to access business files.

An astonishing 83% of SMBs allow their employees to use their personal devices for work.

Only 29% have installed anti-virus software on smartphones.

Although 82% of SMBs have taken steps to secure company laptops, only 32% are taking measures to protect smartphones, and 39% to protect tablets.

Of the majority not taking steps to protect these mobile devices, only 42% have plans to increase security.

Why Canada is a Great Location for a Data Centre

There are many reasons why Canada is an excellent choice of location for a data centre.
• Canada has skilled, highly trained workforce
• Canada enjoys political stability
• Canada has low energy costs and water rates
• private network providers are easy to find
• the risk of disaster, man-made or natural, in Canada is very low.
• The Canada Privacy Act doesn’t allow government agencies to collect personal information unless it relates directly to those agencies’ operations or activities

There are many good, solid reasons to use a Canadian data centre. Happily for us, DataHive is located in Calgary, Canada — considered the most geographically safe location in North America.

More Problems with Amazon’s Web Services

Amazon’s Web Service’s main cloud computing service, EC2, is having problems today (October 15, 2012) with network connectivity issues. This spells problems for its large number of clients. Businesses and developers are having trouble accessing their rented computer resources.

“We are continuing to work to resolve the networking connectivity issues resulting in elevated packet loss for some EC2 instances in the US-EAST-1 region,” Amazon posted on its global status page today.

US-EAST-1 turns out to be Amazon’s main datacentre hub which provides services to a huge number of sites including Reddit.

US-EAST-1 is Amazon’s most problem-prone datacentre. Last July saw a major failure in this region that was caused by lightning and turned into a cascading fail.

Benefits of Virtualization

Virtualization is increasingly being used by enterprises to reduce their power consumption and air conditioning needs. Virtualization also provides enterprises with a flexibility that allows them to:

• change and scale their infrastructure to support their business goals and needs

• meet evolving business challenges by leveraging existing resources

• provide adaptable and configurable infrastructure to streamline test and development environments

• enable fast resource provisioning and workload balancing, and

• support business continuity strategies.

DataHive is pleased to offer virtualization to our clients with growing and evolving needs. Give us a call to discuss the various options available.

Dangers of Big Data

Recently there have been newspaper articles about individuals in different parts of the globe accessing databases unlawfully. One police officer was accessing her department’s database to find personal information about potential boyfriends, and another police officer was using it to extort people whose cars had been parked at dodgy locations.

A big danger posed by Big Data is the number of people who can access it. There are the corporate staff, IT personnel, statisticians, even outside parties such as data scientists who may lack experience in data security. They may also, just as those police officers noted above, have a hidden, personal agenda when accessing corporate data.

Data breaches, whether they be unintentional or malicious, can cost a business its customers, income, reputation, and can even close a business down. Ignoring or mishandling Big Data can have serious consequences.

DataHive would be happy to discuss any concerns you have about your Big Data issues, and to offer custom solutions. Just call 403-313-1106.