Category Archives: cloud security

North State Communications to Acquire Stalwart

North State Communications, a leading fiber optic network, data center and cloud services provider, has announced its plans to purchase Stalwart, an IT security integration firm. The purchase will complement DataChambers, North State Communication’s data center and cloud computing subsidiary. While North State Communications said that it expects to close the deal in the third quarter, no details pertaining to the deal were disclosed.

datachambers

 

Royster Tucker III, CEO of North State describes, “North State is extremely pleased to be gaining such a highly qualified and well-rounded IT security firm as Stalwart. Their professional integrity and mastery of advanced threat protection are ideal counterparts for DataChambers’ data center and cloud offerings. Bringing Stalwart onboard further fuels our strategic growth and helps round out our ability to effectively address some of the greatest IT challenges facing businesses today.” Tucker also said that the deal originated from North State Communication’s search for ways to add value for business customers.

Tucker also said, “As businesses begin to move into the cloud and IT infrastructure becomes distributed and moves into the cloud, we wanted to build that business and Stalwart has real expertise in IT infrastructure and security. Today more than ever, you have to wrap that in an envelope of security, and that’s what Stalwart brings to the table.”

Bill Cooper, CEO of Stalwart, also shared his opinion of the deal:  “North State is a strategic acquirer who shares our core virtues and beliefs. This, more than anything, will continue to make Stalwart unique and better. It is exciting to think of the myriad ways our team will now be able to create additional value for our coveted and growing customer base.” Bill Cooper will continue to lead Stalwart as it joins North State.

The post North State Communications to Acquire Stalwart appeared first on Cloud News Daily.

Elastica Partners with Telstra to Expand into Australian Cloud Security Market

Recently, cloud security firm Elastica has partnered with Cisco and Telstra to expand into the New Zealand-Australia region in response to the growing threat of “Shadow IT” that has stemmed from increased cloud use.

Elastica’s APAC managing director John Cunningham describes that problems may arise from the struggle to monitor activities of the many apps operating on their network as well as the data that is left unmonitored in the system. This may pose a threat to the system. Elastica is a company whose aim is to secure the cloud.

 

Telstra-2

 

Because of Australia’s demand for cloud based solutions, it is the perfect market for companies like Elastica, for when cloud networks are needed, cloud security is necessary as well.  Cunningham describes, “Typically with technology, it starts in the US and then it would expand globally, maybe to Japan, maybe to Europe, and then Australia. But this time, it’s a little bit different. Cloud is going out simultaneously around the world, so our investment in Australia is going to be there to support that rapid adoption of cloud applications within Australia.” He then pronounces the importance of cloud security, “For every use of a cloud application, there are millions of events being generated … that becomes a data science problem. As humans, and with the scale of activities happening on cloud application, data science is required to help organizations get visibility of what is important.”

Telstra director of security practice John Ieraci said that Telstra was very impressed by Elasticas ability to handle issues that came from ‘Shadow IT.” “When Elastica appeared in mid-2014, we were impressed with the ability to monitor, track, and block sensitive data in real time and quickly identify shadow IT and shadow data for cloud applications, both SaaS and IaaS, using a data science approach and with zero deployment.”

 

The post Elastica Partners with Telstra to Expand into Australian Cloud Security Market appeared first on Cloud News Daily.

Cloud security vendor Adallom secures $30m in series C led by HP

Adallom secured $30m in new funding this week from HP Ventures among others

Adallom secured $30m in new funding this week from HP Ventures among others

Cloud security service provider Adallom announced this week it has secured $30m in a series C funding round led by Hewlett Packard Ventures, which the company said it would put towards research and development.

Adallom, which was founded by cybersecurity veterans Assaf Rappaport, Ami Luttwak and Roy Reznik in 2012, offers a security service that integrates with the authentication chain of a range of SaaS applications and lets IT administrators monitor usage for every user on each device.

The software works with a conjunction of end-point and network security solutions and has a built-in, self-learning engine that analyses user activity on SaaS applications and assesses the riskiness of each transaction in real-time, alerting administrators when activity becomes too risky for an organisation given its security policies.

The company said the latest funding round, which brings the total amount secured by the firm since its founding three years ago to just under $50m, speaks to the rapid growth of the SaaS market, and the need for more flexible security solutions.

“The market’s embrace of our approach to cloud security and our investors’ continued confidence in our products, team and results to date is a strong endorsement of Adallom. It also serves as encouragement to continue to execute on our mission to deliver the best platform for protecting data in the cloud,” said Rappaport, Adallom’s chief executive. “We’re determined to exceed the expectations of our customers and investors, and continue our innovation in this market.”

The company said the investment will be used to double down on development and improve support for more services; it claims the security service already supports over 13,000 cloud apps.

Adallom’s funding round caps off a successful month for a number of cloud security vendors, with Palerra, ProtectWise and Elastica all securing millions in investment.

Army Increases Its Cloud Computing Usage

The US Army has begun to use IBM’s hybrid cloud technology to process their transactions, the amount of which surpasses the amount of transactions performed on the New York Stock Exchange. This occurred last year when the Army switched its Logistics Support Activity system to a hybrid cloud.

 

The hybrid cloud system is used by more than 65,000 personnel to obtain, manage and maintain inventories of products needed by the troops out on the field. Utilizing a cloud to perform these functions allow the Army to better utilize the data it collects, which in turn will provide better insight and service to members. IBM claims that since the switch, the Army has seen savings of up to 50%.

 

CloudStrategy_announcement_slider

 

With the success of the use of a hybrid cloud, the Army has now set eyes on introducing new analytical services, such as data mining, that can be rolled out to all parts of the organization. Anne Altman, general manager for US federal at IBM, has said that hybrid cloud implementation has enabled the Army to keep its existing investments in on-premise technology while also benefiting from a hybrid cloud, such as security, scalability and being able to connect to existing infrastructure.

 

The Army has always been a progressive adopter of promising information technologies, and other agencies and organizations are following in their footsteps. For example, the Central Intelligence Agency (CIA) signed a $600 million cloud contract with Amazon Web Services, which IBM lost out on. After this loss, IBM went on to gain momentum in the federal space and signed other cabinet agencies and pushing forward with a cloud data center targeting defense department workloads. This center is housed in the Navy-owned Allegany Ballistics Laboratory in West Virginia.

The post Army Increases Its Cloud Computing Usage appeared first on Cloud News Daily.

Cloud security vendor Palerra scores $17m

Palerra is among a number of cloud security startup combining predictive analytics and machine learning algorithms to bolster cloud security

Palerra is among a number of cloud security startups combining predictive analytics and machine learning algorithms in clever ways

Cloud security vendor Palerra has secured $17m in series B funding, a move the company said would help accelerate sales and marketing efforts around its predictive analytics and threat detection services.

Palerra’s flagship service, Loric, combines threat detection and predictive analytics in order to provide automatic incident response and remediation for malicious traffic flowing to a range of cloud services and platforms.

Over the past few years we’ve seen a flurry of cloud security startups emerge, which all deploy analytics and machine learning algorithms to cleverly detect perceived and actual threats and respond in real-time, so it would seem enterprises are starting to become spoilt with choice.

The $17m round was led by August Capital, with participation from current investors Norwest Venture Partners (NVP), Wing Venture Capital and Engineering Capital, and brings the total amount secured by the firm to $25m.

The funds will be used to bolster sales and marketing efforts at the firm.

“The dramatic rise in adoption of cloud services by today’s enterprises against the backdrop of our generation’s most potent cyber threats has necessitated a new approach. LORIC was designed to meet these threats head on and this new round underscores our commitment to deliver the most powerful cloud security solution in the industry,” said Rohit Gupta, founder and chief executive officer of Palerra.

“As the perimeter disintegrates into a set of federated cloud-based and on-premises infrastructures, effective monitoring becomes almost impossible, unless security controls are embedded in these heterogeneous environments. This will require enterprises to reconsider and possibly redesign their security architecture and corresponding security controls by placing those controls in the cloud,” Gupta added.

Ovum: Cloud service providers need to double down on security

Enterprises would be more willing to use cloud if providers focused more on security, compliance

Enterprises would be more willing to use cloud if providers focused more on security, compliance

A recently published Vormetric survey suggests over half of enterprises globally are using cloud-based services to store sensitive data, and many of the IT decision makers polled by the firm said they felt pressured into using cloud services over legacy alternatives. But respondents also showed an overwhelming willingness to use cloud services to store or analyse sensitive data if service providers could guarantee some essential security and information governance capabilities and measures.

Vormetric, which worked with Ovum to petition 818 ITDMs globally on their use of cloud and big data platforms, said about 54 per cent of respondents globally were keeping sensitive information in the cloud. Interestingly, 46 per cent of all respondents expressed concerns that market pressures are forcing them to use cloud services.

And though databases and file servers were typically rated by respondents as top risks for storage of sensitive information, they are now also joined by big data environments – with big data (31 per cent) seen by ITDMs as slightly more at risk than file servers (29 per cent).

In the US specifically, respondents seemed most concerned about lack of control over the location of data (82 per cent), increased vulnerability of shared infrastructure (79 per cent), and “privileged user” abuse of the cloud service provider (78 per cent).

“The data shows that US IT decision makers are conflicted about their cloud deployments,” said Alan Kessler, chief executive officer of Vormetric. “Market pressures and the benefits of cloud service use are strong, but enterprises have serious security concerns around these environments. There is enormous anxiety over how sensitive data and systems can best be protected, with lack of control listed as the number one worry among US respondents.”

“For cloud service providers to increase their footprint in the enterprise, they must address enterprise requirements around security, data protection and data management. More specifically, cloud service providers need to provide better protection and visibility to their customers,” Kessler said.

Andrew Kellett, lead analyst for Ovum and author of the 2015 Vormetric Insider Threat Report said the results demonstrate “both hope and fear” when it comes to cloud and big data technologies, which could slow the pace at which enterprises refresh their technology platforms.

“But, there are steps enterprises can take and changes providers can make that will increase adoption. For example, more than half of global respondents would be more willing to use cloud services if the provider offers data encryption with key access control,” he said.

About 52 per cent also said they would be more likely to use cloud services if service level commitments and liability terms for a data breach were established, 48 per cent said the same if explicit security descriptions and compliance commitment were established.

Ovum: Cloud service providers need to double down on security

Enterprises would be more willing to use cloud if providers focused more on security, compliance

Enterprises would be more willing to use cloud if providers focused more on security, compliance

A recently published Vormetric survey suggests over half of enterprises globally are using cloud-based services to store sensitive data, and many of the IT decision makers polled by the firm said they felt pressured into using cloud services over legacy alternatives. But respondents also showed an overwhelming willingness to use cloud services to store or analyse sensitive data if service providers could guarantee some essential security and information governance capabilities and measures.

Vormetric, which worked with Ovum to petition 818 ITDMs globally on their use of cloud and big data platforms, said about 54 per cent of respondents globally were keeping sensitive information in the cloud. Interestingly, 46 per cent of all respondents expressed concerns that market pressures are forcing them to use cloud services.

And though databases and file servers were typically rated by respondents as top risks for storage of sensitive information, they are now also joined by big data environments – with big data (31 per cent) seen by ITDMs as slightly more at risk than file servers (29 per cent).

In the US specifically, respondents seemed most concerned about lack of control over the location of data (82 per cent), increased vulnerability of shared infrastructure (79 per cent), and “privileged user” abuse of the cloud service provider (78 per cent).

“The data shows that US IT decision makers are conflicted about their cloud deployments,” said Alan Kessler, chief executive officer of Vormetric. “Market pressures and the benefits of cloud service use are strong, but enterprises have serious security concerns around these environments. There is enormous anxiety over how sensitive data and systems can best be protected, with lack of control listed as the number one worry among US respondents.”

“For cloud service providers to increase their footprint in the enterprise, they must address enterprise requirements around security, data protection and data management. More specifically, cloud service providers need to provide better protection and visibility to their customers,” Kessler said.

Andrew Kellett, lead analyst for Ovum and author of the 2015 Vormetric Insider Threat Report said the results demonstrate “both hope and fear” when it comes to cloud and big data technologies, which could slow the pace at which enterprises refresh their technology platforms.

“But, there are steps enterprises can take and changes providers can make that will increase adoption. For example, more than half of global respondents would be more willing to use cloud services if the provider offers data encryption with key access control,” he said.

About 52 per cent also said they would be more likely to use cloud services if service level commitments and liability terms for a data breach were established, 48 per cent said the same if explicit security descriptions and compliance commitment were established.

Cloud Security Alliance Announces Cyber Security Guide

The Cloud Security Alliance (CSA), European Agency for Network and Information Security (ENISA), and TU Darmstadt has published a step-by-step guide for the attainment and security of cloud services. This report stems from ENISA’s 2013 report on governmental cloud use. This report details framework modeled into four phases, nine security activities and fourteen steps. Every member nation who follows this guide will, according to its authors, define and implement a secure government cloud. The authors used four nations as case studies to base their recommendations on: Estonia, Greece, Spain and the United Kingdom.

 

The focus of this report is what type of security framework is suitable for government clouds and how to execute them. If an infrastructure is fit for government use, then it is also fit for private company use as well, so long as it does not cost an excessive amount of money. Currently, there are very few European Nations who have the ability to adopt and execute cloud computing. Many in the private sector however have already begun to implement the cloud, yet it will still be many years before full execution is achieved.

 

Governments that have already been working with the cloud have adopted several cloud deployment models. Community and private clouds are the most popular, with hybrid and public clouds also being utilized. Software as a Service (SaaS) and Infrastructure as a Service (IaaS) are the most common cloud service model, and Platform as a Service (PaaS) will likely become more important moving forward. Of the e-government services that use the cloud, email was at the top of the list with other services, such as backup and archive, Identity as a Service (IDaaS), office applications, and citizen participation, follow on the list.

 

Security and privacy are the two key technology requirements for the aforementioned services. The UK government has taken drastic steps to overhaul the security classifications for government data to make it easier for service providers to construct more secure systems. Many corporations have heavily invested in complex data classification systems that have become an inhibitor to business. Simplification could make it easy to build a secure system without complicating the data classification.

 

images (1)

 

However, security is not an easily resolved issue. For example, Germany has very strong privacy and security regulations. Because of this there has been quite a few service providers trying to build data centers there in order to hold German company’s data. The UK government has been making moves towards a similar position. A recent survey of parliament members in the UK found that many thought the idea of government data being stored in off-shore centers was inhibiting a greater use of cloud computing.

 

The next part of the guide covers the roles, logic model, and the plan, do, check and act phases of security framework. It points out how inputs, activities and outputs relate to risk profiling, architectural modeling and the security and privacy requirements. Many of these steps are no different than steps IT managers take when outsourcing systems or working with system integrators. However, in the guide the outsourcing focused on entire systems while cloud focuses on services.

 

The next section focuses on applying the steps from the previous section to government applications. They apply them to the four governments mentioned at the beginning of this article as a case study. The study proves that while in its simplest form, the cloud is about commoditization and common approaches, but in real applications there can be more than one way to solve a problem.

 

In conclusion, the report comes to some very important conclusions. The report does not say that it is urgent for the EU to adopt the suggested security framework. However without a coherent framework across all of the European Union, there will certainly be gaps in security that hackers can easily exploit. Also, this means that companies who wish to work in different EU nations need to continue to have a complex network, and sometimes even conflicting government requirements. It is now up to EU leaders to ensure than comprehensive standar

The post Cloud Security Alliance Announces Cyber Security Guide appeared first on Cloud News Daily.

Microsoft Obtains ISO Cloud Privacy Certification

When it comes to cloud computing and services, privacy is at the front of every company’s mind. When the United States began to demand access to cloud-based data from Microsoft’s Ireland data center, customers recognized that their information might not be safe from privacy violations even if their information is not resident in the US. Many industry players, including Microsoft, have started to fight these demands. No matter what they decide to do, the EU or the US governments will not be happy.

 

Microsoft truly believes their customers own their own data, not the cloud providers who they store it with. Microsoft claims to be the first major cloud provider to adopt the ISO/IEC 27018. This is the first global standard for cloud privacy, and many of Microsoft’s programs have been evaluated for compliance by the British Standards Institute.

microsoft

The ISO/IEC 27018 establishes commonly accepted control objectives and guidelines for implementing measures to protect identifying persona information in accordance with the 29100 policy. Microsoft’s general counsel Brad Smith said that they are optimistic that this policy can serve as a template for regulators and customers as they both desire strong privacy protection. Adherence to this policy will ensure that customer’s privacy will be protected in many ways.

 

First, customers will be in charge of their data, and Microsoft will only process personally identifiable information based on what the customer wants. Second, customers will always know what is happening to their data, all returns, transfers, and deletion of data will be transparent. Third, there will be restrictions on how Microsoft handles personal data, including restricting its transmissions over public networks, storage on transportable media and processes for data recovery. Fourth, the data will not be used for advertising purposes. Lastly, Microsoft will inform their customers about government access to data. The standard requires law enforcement requests for data must be disclosed to the customers.

 

Adherence to this standard is an important move to reassure its enterprise customers that their information is safe. However, the execution of these promises is worth more than making the promises. There are still lingering concerns and fears about data privacy and security around shifting to the cloud, so Microsoft’s announcement is a step in the right direction.

The post Microsoft Obtains ISO Cloud Privacy Certification appeared first on Cloud News Daily.

5 Cloud Security Practices

2014 could have easily been host to some of the biggest security breaches ever. Many hackers have adapted to the ever-changing technological advances, but current security practices and technologies can prevent these breaches. Many companies that fell victim to security breaches fell into the compliance equals security trap. This trap concludes that if a company goes to the trouble of being legally compliant, to any number of regulations, then it will be secure. But this is not the case.

 

Security is never a guarantee. However, there are some things that can be done to help prevent serious breaches of security and the consequences that come along with it.

 


cloudsecurity1220

 

-Continuous Visibility: Companies need to have complete and total visibility into their technology assets and services. You cannot secure what you cannot see. You need to be aware of what you have and what it’s doing at all times if you want to keep things secure. Visibility can be a challenge due to the automated, on-demand modern infrastructure.

 

-Exposure Management: Once transparency is achieved, companies need to eliminate obvious vulnerabilities that are known in their networks. Continuous monitoring tools, strong vulnerability and security configuration management technology and practices are key to mitigating exposure.

 

-Strong Access Control: This practice is often implemented incorrectly. Many companies implement access control, however they give excess access. Recent breaches involved valid access control ID’s being used to compromise systems that had nothing to do with its function in the network. The ID’s had access to a lot of information that they shouldn’t have. Limit the access users receive and monitor all user actions.

 

-Data Protection and Encryption: Once all the aforementioned steps have been taken, it is important to encrypt any sensitive information. Both data at rest and data in motion need to be encrypted if they have any sensitive material. Data protection is needed to ensure that even if data gets compromised, it will not get sent outside of the network.

 

-Compromise Management: Few companies actually have plans to deal with a breach and how to mitigate the damage caused. No matter what preventative steps you have taken, breaches can still occur. Companies need to implement courses of action and technologies that allow them to act fast. This includes being able to tell that you have been compromised. This includes file integrity monitoring, intrusion detection, and forensic data for analysis.

 

These steps represent that bare minimum of protection and are suggested for implementation to limit your vulnerability.

The post 5 Cloud Security Practices appeared first on Cloud News Daily.