Everyone cares and worries about the security of their computer nowadays—from the individual home user with a single Mac, to the IT Admin who has a whole department (or an entire company) full of Macs and PCs to worry about. In this post, I will show you in some detail the features of Parallels Desktop […]
The post The Security Features in Parallels Desktop appeared first on Parallels Blog.
One of the notable aspects of virtualization is the presence of heterogeneous networks with diversified devices, platforms, and OSes. Desktops and laptops have been accompanied by and sometimes replaced with tablets and smartphones. In addition, a variety of devices such as Chromebooks, Raspberry Pi, and wearables came into the network. The Internet of Things has […]
The post Here’s Everything You Should Know About Two-Factor Authentication appeared first on Parallels Blog.
One in four companies would be willing to pay a ransom to criminals who stole their information, with 14% of them willing to pay over a million dollars, says a study. Companies with cyber insurance are most likely to hand over cash.
This revelation comes from a survey of cross industry sample of 200 IT and security professionals by the Cloud Security Alliance. The study’s objective was to examine how industries around the world are managing cloud adoption.
Exposure is increasing, according to the survey, which indicated that IT professionals are struggling to cater for the demand for new cloud services, receiving on average 10.6 requests each month for new cloud services. Only 71.2% of companies now have a formal process for users to request new cloud services and of these 65.5% admitted that they ‘only partially’ follow it. Due diligence is impossible under the circumstances because it takes an IT security team 17.7 days on average to evaluate the security of a cloud provider, the study says.
The most common reason for rejecting a cloud service is not related to security or compliance but the fact that a comparable cloud solution is already in place. Small companies are most likely to judge a cloud service by the cost, with the lack of budget, in 28.4% of cases, being the most popular criteria for rejection.
The lack of security could cause problems in future because many companies are now putting sensitive customer information in the cloud. The most commonly purchased cloud system is customer relationship management (CRM), which was identified as a purchase by 36.3% of the survey sample. The figures may reflect a degree of complacency as ‘just 35.0% of IT and security professionals believe that cloud-based systems of record are less secure than their on-premises counterparts’, says the report.
Despite the perceived improvement in security from cloud services, 60.8% of companies have taken the precaution of appointing a chief information security officer. However, these relatively new roles are ill-defined and responsibilities, such as ransom negotiation, vary across companies.
“It’s shocking that so many companies are willing to pay even a penny’s ransom,” said Skyhigh Networks spokesman Nigel Hawthorn, “The idea that some would pay more than $1m is downright staggering. Hackers are increasingly confident they can hold businesses over a barrel.”
When the European Court of Justice declared the US-EU Safe Harbour framework invalid in the case of Schrems v Data Protection Commissioner, some 4,500 companies began to panic. Many are still struggling to decide what to do: should they implement an alternative method of transferring personal data from the EEA to the US, or should they simply wait to see what happens next?
Waiting is a risky game, as the European data protection authorities’ (DPAs) grace period extends only until January 31 2016, by which time companies must have their cross-Atlantic data transfers in order. After this date, enforcement action may be taken against those transferring personal data without a suitable mechanism in place to ensure adequate protections to personal data. Although the slow churning of US and EU authorities negotiating a replacement for Safe Harbour can be heard in the distance, no timeline has yet been set for its implementation. There is also the added complication of the newly approved EU General Data Protection Regulation, which is likely to muddy the waters of an already murky negotiation.
Will Safe Harbour 2.0 come to the rescue?
According to the European Commissioner for Justice, Consumers and Gender Equality (the Commissioner), the negotiations on ‘Safe Harbour 2’ continue, undoubtedly under added pressure following the invalidation of the original Safe Harbour framework. Whilst both sides understand the sense of urgency, no proposal has yet met the needs of both the national security services and the European DPAs.
In Autumn 2013, the European Commission created a report providing 13 recommendations for improving Safe Harbour Number 13 required that the Safe Harbour national security exception is used only to an extent that is strictly necessary. This recommendation remains a sticking point in negotiations. Human rights and privacy organisations have little hope that these hurdles will be effectively overcome: In November 2015, a letter was sent to the Commissioner from EU and US NGOs, urging politicians to commit to a comprehensive modernisation of data protection laws on both sides of the Atlantic.
Of course, the real bridge to cross is on US law reform, which the Commissioner sees as more about guaranteeing EU rules in the US than changing US law. It seems the ball is very much in the North American court.
Do not, however, be fooled by the House of Representatives passing the Judicial Redress Act, which allows foreign citizens to bring legal suits in the US for alleged violations of their privacy rights. Reform is not easy, and it is now for the Senate to decide whether to follow suit, or to find a way to water down the Act. The govtrack.us website which follows the progress of bills through Capitol Hill gives the act a 22% chance of success. With odds like these, maybe we shouldn’t bet on cross-Atlantic privacy reform in the immediate future
The future of global surveillance
Whilst there have been positive noises coming from the White House regarding the privacy rights of non-Americans, it is unlikely in a post-9/11 world that any government will allow itself to be prevented from accessing data of either its own or foreign nationals.
In light of recent terror attacks all over the world, the Snowden debate is more relevant than ever. How far should government intelligence agencies go towards monitoring communications? Snowden forced governments to think twice about their surveillance practices, but recent attacks may have the opposite effect. Although their so-called ‘snooping’ may breach citizens’ fundamental rights, it may be more a question of how many civil liberties citizens are willing to exchange for safety and security.
The British Government has suggested that fast-track aggressive surveillance proposals (dubbed ‘the Snoopers’ Charter’) are the way forward in helping prevent acts of terror. This new emphasis on drones and cyber-experts marks a big shift from 2010’s strategic defence review. This is a war fought online and across borders and one cannot ignore the context of Safe Harbour here.
The implications on global e-commerce
Hindering cross-border data transfer impedes e-commerce and can potentially causes huge industries to collapse. By 2017, over 45 percent of the world is expected to be engaging in online commerce. A clear path across the Atlantic is essential.
The Information Technology and Innovation Foundation put it bluntly in stating that, aside from taking an axe to the undersea fibre optic cables connecting Europe to the US, it is hard to imagine a more disruptive action to transatlantic digital commerce than a stalemate on data transfer– a global solution must be reached, and soon.
The future of global cross-border data transfer
Time is running out on the Safe Harbour negotiations, and creating frameworks such as this is not simple – especially when those negotiating are starting so far apart and one side (the EU) does not speak with a unified voice.
Most of the 28 European Member States have individual national DPAs, not all of whom agree on the overall approach to reform. If the DPAs could speak in one voice, there could be greater cooperation with the Federal Trade Commission, which could hasten agreements on suitable frameworks for cross-Atlantic data transfers. In the US, much will come down to the law makers and, with an election brewing, it is worth considering the different scenarios.
Even though the two main parties in the US stand at polar ends of the spectrum on many policies, they may not be so distant when it comes to global surveillance. In the wake of the Snowden revelations, Hilary Clinton defended US global surveillance practices. The Republican Party has also been seen in favour of increased surveillance on certain target groups. The question remains: if either party, when elected, is happy to continue with the current surveillance programme, how will the US find common ground with the EU?
Conclusion
Europe seems prepared to act alone in protecting the interests of EU citizens, and the CJEU’s decision in Schrems was a bold and unexpected move on the court’s part. However, with the ever increasing threat to EU citizens’ lives through organised terror, the pressure may be mounting on the EU to relax its stance on data privacy, which could mean that finding common ground with the US may not be so difficult after all. We shall have to wait and see how the US-EU negotiations on Safe Harbour 2 evolve, and whether the European Commission will stand firm and require the US to meet its ‘equivalent’ standard.
Written by Sarah Pearce, Partner & Jane Elphick, Associate at Cooley (UK) LLP.
VMware has moved to patch flaws in several of its services and has worked with Intel Security to beef up its protection of mobile cloud systems.
In a security announcement on its web site VMware told clients that versions of VMware ESXi, Workstation, Player and Fusion for Windows suffer from a kernel memory corruption which could be exploited.
Earlier this week VMware announced that it is working with Intel Security on two joint mobile initiatives involving AirWatch. It has also joined the Intel Security Innovation Alliance.
The two vendors will allow clients to share mobility data via the McAfee Data Exchange Layer, a component within Intel Security’s system. The integration of AirWatch with Intel Security technologies will help customers get more out of their existing security investments, resolve mobile threats more quickly and reduce operational costs, claims VMware. Additionally, Intel Security has joined the AirWatch Mobile Security Alliance (MSA).
The alliance formed by Intel Security and VMware addresses three areas of enterprise security: data protection, threat detection and prevention and security management with integrated workflows.
Mobile business transformation will run its course much quicker if companies can get their foundation security system to work with their mobility assets, according to Noah Wasmer, VP of mobile engineering and product management for end-user computing at VMware. “This partnership with Intel Security will deliver a complete mobile security solution. McAfee Data Exchange Layer will communicate essential threat intelligence that can help drive faster response and remediation,” said Wasmer.
News of another partnership was announced on the VMware site, which unveiled a new VMware IBM Partner Hub. This new sales enablement portal has been modified to make it easier for IBM partners to get sales assets, training and event information pertaining to the two companies’ joint efforts on Cloud, Systems, Networking, Mobility and Resiliency. Access is restricted to those with an IBM or VMware email address.
The ‘snooper’s charter’ could neutralise the contribution of Britain’s digital economy, according to a representation of US tech corporations including Facebook, Google, Microsoft, Twitter and Yahoo.
In a collective submission to the Draft Investigatory Powers Bill Joint Committee they argue that surveillance should be “is targeted, lawful, proportionate, necessary, jurisdictionally bounded, and transparent.”
These principles, the collective informs the parliamentary committee, reflect the perspective of global companies that offer “borderless technologies to billions of people around the globe”.
The extraterritorial jurisdiction will create ‘conflicting legal obligations’ for them, the collective said. If the UK government instructs foreign companies what to do, then foreign governments may follow suit, they warn. A better long term resolution might be the development of an ‘international framework’ with ‘a common set of rules’ to resolve jurisdictional conflicts.
“Encryption is a fundamental security tool, important to the security of the digital economy and crucial to the safety of web users worldwide,” the submission said. “We reject any proposals that would require companies to deliberately weaken the security of their products via backdoors, forced decryption or any other means.”
Another area of concern mentioned is the bill’s proposed legislation on Computer Network Exploitation which, the companies say, gives intelligence services legal powers to break into any system. This would be a very dangerous precedent to set, the submission argues, “we would urge your Government to reconsider,” it said.
Finally, Facebook and co registered concern that the new law would prevent any discussion of government surveillance, even in court. “We urge the Government to make clear that actions taken under authorization do not introduce new risks or vulnerabilities for users or businesses, and that the goal of eliminating vulnerabilities is one shared by the UK Government. Without this, it would be impossible to see how these provisions could meet the proportionality test.”
The group submission joins other individual protest registered by Apple, EE, F-Secure, the Internet Service Providers’ Association, Mozilla, The Tor Project and Vodafone.
The interests of British citizens hang in a very tricky balance, according to analyst Clive Longbottom at Quocirca. “Forcing vendors to provide back door access to their systems and platforms is bloody stupid, as the bad guys will make just as much use of them. However, the problem with terrorism is that it respects no boundaries. Neither, to a greater extent, do any of these companies. They have built themselves on a basis of avoiding jurisdictions – only through such a means can they minimise their tax payments,” said Longbottom.
Data centre builders and cloud service developers are at loggerheads over their priorities, according to two new reports.
The explosive growth of modern data centres is being catalysed by new hyperconverged infrastructures and software defined storage, says one study. Meanwhile another claims that enthusiasm for cloud projects to run over this infrastructure is being suffocated by security fears.
A global study by ActualTech Media for Atlantis Computing suggests that a large majority of data centres are now using hyperconverged infrastructure (HCIS) and software defined storage (SDS) techniques in the race to built computing arenas. Of the 1,267 leaders quizzed in 53 countries, 71 per cent said they are using or considering HCIS and SDS to beef up their infrastructure. However, another study, conducted on behalf of hosting company Rackspace, found that security was the over riding concern among the parties who will use these facilities.
The Hyperconverged Infrastructure and Software-Defined Storage 2016 Survey proves there is much confusion and hype in these markets, according to Scott D. Lowe, a partner at ActualTech Media, who said there is not enough data about real-world usage available.
While 75 per cent of data centres surveyed use disk-based storage, only 44 per cent have long term plans for it in their infrastructure plans and 19 per cent will ditch it for HCIS or SDS. These decisions are motivated by the need for speed, convenience and money, according to the survey, with performance (72 per cent), high availability (68 per cent) and cost (68 per cent) as top requirements.
However, the developers of software seem to have a different set of priorities, according to the Anatomy of a Cloud Migration study conducted for Rackspace by market researcher Vanson Bourne. The verdict from this survey group – 500 business decision markers rather than technology builders – was that security will be the most important catalyst and can either speed or slow down cloud adoption.
Company security was the key consideration in the top three motives named by the survey group. The biggest identified threat the survey group wanted to eliminate was escalating IT costs, which 61 per cent of the group named. The next biggest threat they want to avert is downtime, with 50 per cent identifying a need for better resilience and disaster recovery from the cloud. Around a third (38 per cent) identified IT itself as a source of threats (such as viruses and denial of service) that they would want a cloud project to address.
“Cloud has long been associated with a loss of control over information,” said Rackspace’s Chief Security Officer Brian Kelly, “but businesses are now realising this is a misconception.”
Chinese based enterprise security start-up Qingteng Cloud Security has recently gained its first round funding of 60 million Yen from CBC Capital and Redpoint Ventures, setting a record among cloud security start-ups in China for amount of first round funding. Prior to this round of funding, Qingteng received 6.5 million Yen from investments from ZhenFund, Cloud Angel Fund, and Fenghou Capital.
The founder of Qingteng, Zhang Fu, has commented on the severity of the current Internet enterprise security situation. Security operations occur when problems arise, instead of establishing a system of consistent security maintenance. The most efficient way, according to Zhang, to react to external attacks utilizing internal resources is to give security teams tools that allow security operations staff to divert attention from emergency situations, as the tools will take care of them, and instead focus on regular security management.
The security platform was created to be able to adapt to various infrastructures and situations. It may automatically process security issues, construct a safe model for enterprises, analyze internal and external abnormalities that could lead to security issues, and detect as well as block hacking activities. According to Zhang, this security platform has already reached enterprises in many business sectors, including healthcare and finance.
About Qingteng
Qingteng was founded in August of 2014 and is dedicated to offering an adaptive cloud security program that can protect data on various systems and enterprises.
The post Qingteng Funding appeared first on Cloud News Daily.
Cloud security vendor Skyhigh Networks has opened a new data centre in Germany as it moves to strengthen its support of European customers and multi-nationals.
The Frankfurt facility is a response to increasing demand for data localisation within Europe, which has been stoked by the recent Safe Harbour ruling by the European Court of Justices.
In October BCN reported how a Court of Justice of the European Union (CREU) ruling puts many companies at risk of prosecution by European privacy regulators if they transfer the data of EU citizen’s to the US without a demonstrable set of privacy safeguards.
The 4,000 firms that transfer their clients’ personal data to the United States currently have no means of demonstrating compliance to EC privacy regulations. As the legal situation currently stands, EU data protection law says companies cannot transfer EU citizens’ personal data to countries outside the EU which have insufficient privacy safeguards.
The new data centre will use a Hadoop cluster to analyse traffic analysis and identify and report on the risk of cloud services. It will provide interception, inspection, encryption and decryption services. The system will also run anomaly detection, reporting and data leak prevention services to secure SkyHigh’s clients’ cloud services.
SkyHigh said the new data centre gives customers a choice over where their data is processed and better performance in addition to privacy and sovereignty. The data centre is on a site owned and managed by European employees.
“We are delighted that Skyhigh Networks has opened a data centre in Europe,” said David Cahill, Security Strategy and Architecture Manager at AIB, a bank with 2.6 million customers and 14,000 employees. Cahill said that conforming to existing European data protection laws and the General Data Protection Regulation expected in 2016 need to be taken “very seriously”.
Security vendor Sophos has bought Dutch cloud security vendor SurfRight, which specialises in endpoint threat detection and response (ETDR) and threat prevention, for $31.8 million.
Sophos said it will immediately integrate the SurfRight technology into its line of endpoint security systems and on completion will make the technology available via its global channel of 15,000 partners.
Sophos will continue development and support for SurfRight’s existing product line including its popular HitmanPro range of malware scanning and removal tools, which has 20 million users worldwide. Sophos will retain all SurfRight employees and the company’s office in Hengelo. SurfRight CEO Mark Loman will join the Sophos Enduser Security Group.
Hengelo-based SurfRight develops technology that detects and stops attacks by interrupting the malware and advanced persistent threat (APT) vectors. The software spots any dubious looking memory manipulations, which are often a hallmark of malicious code that might be running furtive activity. The ability to nip these exploits in the bud can fortify endpoint security mechanisms, by thwarting malicious code’s abuses of processor and memory resources. Surfright’s portfolio also includes anti-espionage and anti-ransom software to prevent the growing threat of malware software such as CryptoLocker.
The logic of the deal, for SurfRight, is a high-growth industry leader with a world channel and the support of specialized product development teams, according to SurfRight CEO Mark Loman. “We built this technology to address every vector of an APT attack in an auto-responding, coordinated manner,” he said.
Sophos’ security strategy uses multiple components of security protection, including network security and endpoint security that continuously communicate with each other. This, says Sophos, makes for faster threat detection and cuts the time and resources needed for investigating security incidents.
Interrupting and mitigating custom-made malware is becoming increasingly important as traditional antivirus and network-based intrusion detection systems cannot cope with the speed of threats generated in the modern cloud environment, according to Dan Schiappa, senior VP of Enduser Security at Sophos.