Posts

Compliance and the Cloud: Debunk the Myths

It is no secret that the benefits of the cloud are enormous. The cloud enables scaling, rapid deployment and provisioning, all of which means that users can enter new markets more quickly and integrate acquired companies easily. And they can do all this while reducing waste, shortening deployment times and more importantly, lowering costs.

But despite the growing numbers of businesses that are adopting the cloud worldwide, there are still some companies that are reluctant to move their workloads to the cloud. This is sadly due to the fact that there are still many negative myths which surround the cloud and compliance in the cloud. It is important to point out that most standards of compliance which govern IT management are not designed with cloud in mind. For example, compliance standards are mostly concerned with maintaining the integrity of data and not locking down entire virtual environments. So, it’s quite easy for companies who look forward to adopting cloud services to be confronted with many questions regarding compliance in the cloud, which sadly remain unanswered…that is, until now.

MYTH #1: Security is Security After all!

When talking about IT infrastructure, security is usually at the top of the list, and for good reason. But when it comes to a regulated environment, you soon find out that there is no such thing as being “good enough”. This is the reason why companies who look to adopt the cloud need to ensure that their data is properly protected. This also means making sure that your network is kept safe from malware and from the prying eyes of cyber criminals.

Apart from keeping your antivirus software up-too-date, businesses also need to address the security behavior of their entire organization. This means keeping track of what and how information is being shared? Who has access to data and how that data is being protected from unauthorized access? Do you have network segregation and are you using VLAN tagging? VLAN tagging allows parts of the network to be compartmentalized into distinct VLANs, which enables users to create small quarantine zones between machines and consequently reduces data exposure. When it comes to security, it’s important that you leave nothing to assumption. Here are some tips to make sure your data remains safe on the cloud.

  • Use a commercial firewall.
  • Use a managed switch which will be able to handle VLANs.
  • Invest in a good anti-virus software.

MYTH #2: Get Compliant Capabilities with a Single Vendor

With the increasing interest in compliance in the cloud, many service providers are ready to offer a wide array of compliant capable products. But, unfortunately, the truth is that it is not possible for a single vendor to address the many requirements of various regulatory mandates. In other words, there is really no silver bullet when it comes to compliance in the cloud. So, rather than relying solely on a single vendor (or product), businesses should turn towards implementing a more holistic approach to their security strategy which focuses on the big picture when it comes to the regulatory requirements regarding compliance and the cloud.

It is important to remember that the consumers and not the cloud providers, have to deal with the burden of compliance. And while there might be some grey areas when it comes to regulatory services, it is important for businesses to not hinge their compliance status on a provider who claims to be 100% compliant. Here are a few tips to make sure you get the most bang for your buck when it comes getting compliant cloud services.

  • Develop a feasible plan that will help you address any gaps in compliance.
  • Work closely with providers and 3rd party vendors to understand the elements of an audit and who those audits are addressed.

No matter how large or small a business, the protection and integrity of data is of utmost importance. Compliance issues in cloud services could lead to loss in sales, fines, and disrupted operations which is the reason why compliance is necessary to thrive in the cloud.

5 Predictions in 2015 of Cloud IT And Why You Need to Know

Without a doubt, 2014 was a great year for cloud. I’d like to provide five predictions for the upcoming year and why you need to know. If you’re considering moving to the cloud, it’s a good time to be a customer with new services from AWS, Google and Microsoft.

  1. More demand in the market for cloud services.

Per a recent Gartner forecast, the Software as a Service (SaaS) market will grow at a yearly growth rate of 20.2%! With this type of estimated growth, it is easy to see why so many SMB’s are ready to move to the cloud.

  1. Data security overtakes device security.

BYOD is now a part of everyday work culture. Employers and employees want to work unrestricted and devices are being replaced quickly while the value of corporate data spreads longer and connected devices reduce the necessity for device-local data storage. Companies will turn their focus from securing endpoint devices to securing data on its way to and from the cloud and being stored in the cloud in order to guarantee a smooth user experience.

  1. Security, security and security…

Many web articles discuss concerns over the security of data in the cloud as a major factor of cloud adoption. Over time, most companies recognize it is near impossible to have foolproof on-premise (company owned servers or data centers) and that no cloud is. Once accurate expectations are made, companies need to focus on evaluating and mitigating risks intelligently.

  1. Increased hybrid cloud implementation.

As more companies adopt cloud, hybrid cloud implementation will be the norm. Why? As C level executives develop cloud strategies, organizations benefit from the convenience of the cloud business model and attain the performance of on-premises solutions. Due to the complexity of today’s environments, it would prove to be extremely difficult to move everything across-the-board to the cloud.

  1. Cost effective clouds.

The return on investment for computing projects ranges significantly.  After deployment, cloud value is easy to define. In other cases, cloud needs to be considered a long-term investment and aging hardware and servers can be factored as part of the value cloud computing will truly bring to your business.

3

Data Hoards, Time to Backup!  

In a perfect world, we would not have system failures, data corruption and situations where data was simply deleted. The golden age of computing is upon us where people have generated a tremendous amount of data doing everyday things such as taking photos, collecting a music library of MP3s, or simply downloading stuff from the internet. Some data we may value more than others, but as bad habits go we usually keep everything until we get the message “YOUR SYSTEM IS FULL”. It’s natural that we all hoard data – some we are aware of and some we simply don’t know where it came from. It somehow got stored on our hard drives by way of downloading and or after we just installed something on our computers. Either case, the data will sit there growing and growing.

We all know that this is not a perfect world and our computers will fail, heck we may decide to delete a bunch of folders not realizing what we may want was in there. Time to do backups!

There is a plethora of backup devices today at your local Best Buy, Staples, and online stores. They come in forms of ready to backup external USB drives starting at under $100bucks, USB memory sticks that have lots of storage space, SD and MicroSD cards. All these can be purchased and ready to back up your data at just about any large retail store.

On the other end of the spectrum, there are the device-less backup services that can simply back up your data over the internet—all securely of course. You probably have heard of iCloud that came with the iPhone you just purchase, you may have heard of GoogleDrive, Carbonite, Mozy Pro, and even ITAnywhere Vault! All these are backup services that can back up just about any type of data you have generated on your computers and devices. You just need to simply install some small software package from them and begin the count down. 5, 4, 3, 2, 1 !  Backup sequence has started. Besides making it easy, pricing is also great as well.   Cost can range anywhere between a few bucks a month to $30 and up for more storage and recovery features.   There are business grade options as well if you are running a small business.

In the end, we ask all ask the basic question:  what is your data worth to you?   The simple answer is that all data is worth everything when we need it.   Go ahead spend a few bucks and have a piece of mind that you have a copy of this data secured somewhere.  Do cheap out and don’t forget to back up because it’s going to cost you a lot more than just money in the long run.

Take This Checklist to Avoid Hollywood Hacking Scenario!

Leaking private photos of Hollywood’s top celebrities strikes the warning alarm of cloud security again. While arguing and discussions around cloud vulnerabilities never cool down, this time the Hollywood sensation is more a lesson about how to use cloud adequately rather than a “to use, or not to” debate, especially for business users.

Why? Simple, we are living in the cloud epoch and the world is just not heading back! So, what can we learn from the disaster this time?

First of all, use cloud attentively and carefully! Keep it in mind that you are on cloud, right now and almost for every second! No matter what you do, what devices you use and what’s the size of your business, hardly you do not use cloud – as a matter of fact, you may be part of the cloud already!

Well then, simple NO.1, DO NOT use simple, easy-to-hack-down passcode – something like a birthday, street number or phone number, or even combinations of them. Sounds easy and common sense? – Yet 70% business cloud users are not following this NO. 1, simple password policy!

Second, always consider additional security methods to further safeguard your data! Secondary encryption and two-factor authentication are among the top options.

“Secondary encryption” enables the account’s owner to take matters in his/her own hand to protect the data. Rather than relying on built-in encryption or SSL transfers that cloud providers have within their infrastructure, you can leverage other encryption programs such Box Cryptor or TrueCrypt. These programs essentially encrypt your files on the fly prior to storing it on the cloud so that your files remain unreadable even if a hacker manages to steal your password or breach your cloud provider’s normal defense mechanisms.

“Two-factor authentication” may sound jargony and unfamiliar, but it’s actually something you use all the time nowadays. Remember those requests asking for a four or six digits verification code in addition to your username and password, which are usually sent to you via text message? Those random generated, time sensitive codes are “two-factor authentication”. For business users, it can be a lot more varied and strengthened and it can be both virtual and physical, which enforces another powerful defense line for your data security.

Well, as short as this checklist is, it may save you from big trouble and loss! And if you want to learn more, check our IT Security blogs and fuel you up with more professional data-protection tips!

And share this Infographics with you IT management team:

data-security

Online Attacks Rose 81% in 2011

The war between legitimate data users and criminals interested in exploiting their data escalated again in 2011, as the number of malicious attacks on computer systems rose 81 percent from the previous year. That’s according to web security vendor Symantec, which just released an annual report on the subject.

The company, which said it blocked more than 5.5 million attacks over the year, attributes the increase to more sophisticated malware, new threats to mobile devices and thieves’ exploitation of social networks to reach new victims.

One of the most serious types of online criminality is targeted attacks intended to steal customer data or high-value secrets. While the term “corporate espionage” may conjure up images of huge, sophisticated technology enterprises, the report found that half of all targeted attacks were launched against companies with no more than 2,500 employees. A full 18 percent of the targets had 250 workers or fewer. Symantec said that may reflect attempts to reach high-value targets through their vendors or partners.

The industries most likely to be targeted for attacks were government, manufacturing and finance, and the specific people most likely to be hit were company executives.

Data breaches exposed more than 232.4 million identities during 2011. Health care companies accounted for by far the largest number of breaches, 43 percent of the total, but breaches in computer software and information technology tended to be much more significant, with those two industries accounting for 85 percent of exposed identities.

The growth of bring-your-own-device policies creates a huge new area of concern for companies, which are now more likely to be vulnerable to whatever malware employees picks up by using their social networks or by downloading software for their personal use. Another trend that calls for increased caution is the growing use of cloud computing, which demands data encryption, security around how data can be accessed and attention to the credentials of all IT support firms involved in the system.

The news from 2011 wasn’t all bad, though. The report found that the amount of spam dropped, largely thanks to law enforcement action against Rustock, a worldwide network that had sent huge amounts of spam. The percentage of email that was spa fell from 88.5 percent to 75.1 percent in 2011.