Tag Archives: security

DDOS, Deloitte, Ed Powers, Mike Denning, News & Analysis, Verizon

Deloitte, Verizon team on cybersecurity

Verizon and Deloitte are teaming up on cybersecurity

Verizon and Deloitte are teaming up on cybersecurity

Deloitte and Verizon Enterprise Solutions have announced a partnership that will see the two firms deliver a comprehensive set of cybersecurity and risk-management solutions to enterprises.

The deal will see Verizon leverage its experience in digital forensics and managed services experience and Deloitte’s cyber risk advisory services to deliver end-to-end incident response services.

“As the cybersecurity landscape becomes more formidable, this alliance enables enterprises to better prepare for today’s new reality,” said Mike Denning, vice president, global security for Verizon Enterprise Solutions.

“We understand that companies need to have the mindset that being breached is a matter of when, not if. With our combined capabilities, we are preparing enterprises to better withstand a cyberattack before and beyond the breach.”

Ed Powers, national managing principal, Deloitte cyber risk services, Deloitte said companies today are looking for more comprehensive cybersecurity tools rather than acquiring them in bits and pieces.

“Organizations today need to quickly contain the damage, but they also need a solutions provider that can help them regain full business strength and improve their capacity to withstand future crises. We are making it possible for our clients to meet tomorrow’s cyber challenges head-on while continuing to power performance in their businesses,” Powers said.

The move comes as cyberattacks like DDoS are becoming more frequent and more impactful. According to a recently published Neustar DDoS report which surveyed 250 businesses across a broad range of sectors globally, about 40 per cent of companies now estimate losses of over £100,000 per hour at peak times during a DDoS outage.

Andrew Kellett, data protection, Data security, News & Analysis, ovum

Ovum: Security skills shortage remains most prevalent barrier in cloud

Security skills shortages are hampering IT's ability to adopt cloud services

A security skills shortage is hampering cloud adoption

Security and an IT security skills shortage remain the most prevalent barriers to cloud uptake, according to Ovum principle analyst Andrew Kellett.

Although Ovum’s research suggests the volume of sensitive corporate data stored in the cloud continues to grow, with enterprise cloud adoption rates exceeding 80 per cent, in many cases this data is not adequately protected.

“Security, or lack thereof, is a significant issue. If there is one problem area inhibiting further adoption of cloud-based services, it is enterprise concerns about shortfalls in the protection regimes of many cloud service providers,” Kellet said, adding that since more sensitive data appears to be stored in the cloud the most basic security practices and controls aren’t necessarily enough.

“On too many occasions, security policies only come into place once a new technology has already gone mainstream, and this is certainly true of the cloud industry. Many cloud providers have been guilty of ‘bolting on’ security as an afterthought, something which has left previous generations of technology vulnerable to malware attacks, advanced persistent threats and other breach tactics.”

“Whether they like it or not, organisations are putting their trust in the hands of the service provider, often without being completely satisfied that such trust is justified or that service levels and protection can be maintained,” he concluded.

Other recently published research from Ovum suggests enterprises are quite concerned with how their cloud service providers implement security controls. The company recently surveyed 818 ITDMs for their views on cloud security and found that in the US specifically, respondents seemed most concerned about lack of control over the location of data (82 per cent), increased vulnerability of shared infrastructure (79 per cent), and “privileged user” abuse of the cloud service provider (78 per cent).

data privacy, data protection, Microsoft, News & Analysis, Public Sector

Microsoft, civil liberties renew calls for Patriot Act reform

Microsoft and close to 50 tech companies and civil liberties assocaitions have renewed calls to reform the US Patriot Act ahead of the expiry of the law's provisions governing bulk data collection

Microsoft and close to 50 tech companies and civil liberties associations have renewed calls to reform the US Patriot Act ahead of the expiry of the law’s provisions governing bulk data collection

Microsoft, along with nearly fifty other technology civil rights associations and technology firms have signed an open letter to senior members of the US government calling for reform of the Patriot Act, a cause célèbre for Microsoft among other cloud firms in recent years.

Microsoft has previously criticised the US government’s bulk data collection practices, and the ability of its authorities to act on warrants beyond US soil (particularly when such acts contradict local laws where those businesses operate).

In an open letter to very senior members of the US government including Michael Rogers, director of the NSA, senate minority leader Harry Reid, and US president Barack Obama, the organisations reaffirm the need to end the US government’s bulk data collection practices, and make government and corporate reporting on any Foreign Intelligence Surveillance Court decisions more transparent.

The US Patriot Act Section 215, which currently serves as the legal basis for the NSA’s bulk collection of metadata, is due to expire in June this year.

“We the undersigned represent a wide range of privacy and human rights advocates, technology companies, and trade associations that hold an equally wide range of positions on the issue of surveillance reform. Many of us have differing views on exactly what reforms must be included in any bill reauthorizing USA Patriot Act Section 215,” the letter reads.

“That said, our broad, diverse, and bipartisan coalition believes that the status quo is untenable and that it is urgent that Congress move forward with reform.”

“It has been nearly two years since the first news stories revealed the scope of the United States’ surveillance and bulk collection activities. Now is the time to take on meaningful legislative reforms to the nation’s surveillance programs that maintain national security while preserving privacy, transparency, and accountability.”

Microsoft is among a range of technology companies in support of reforming how American legal entities treat data, both within the context of surveillance activities or general legal proceedings. But US lawmakers have signaled they are prepared to act on longstanding promises to reform the legal landscape. Last month American lawmakers introduced two bipartisan bills that seek to limit the reach of US courts over data stored in cloud services located outside the US, a move welcomed by a broad coalition of technology and telecoms firm – including Microsoft.

engineering, Enterprise IT, Khatib & Alami, News & Analysis, private

AEC firm K&A moves from private to public cloud, saves 40% in costs

Khatib & Alami moved onto iland's public cloud platform this year

Khatib & Alami moved onto iland’s public cloud platform this year

Global architectural design and project management firm Khatib & Alami (K&A) has moved from a private cloud platform onto a public cloud, which the company said has led to a 40 per cent reduction in IT operations management spend.

K&A, which was set up in 1964 and has offices in the Middle East, Africa, Western Europe and North America, offers a range of architectural and engineering services.

The company originally moved to deploy its internal applications on a private cloud platform hosted in iland’s datacentre in London, which it did in order to consolidate its IT environments.

At the time the company also experimented with public cloud platforms, but preferred to maintain its private cloud deployment. However, while it’s difficult to narrow down an exact figure where private and public cloud platforms are equal in cost, the company’s corporate IT manager Mohamed Saad said the public cloud option began to make more sense at the company’s growth began to outpace its ability to scale efficiently, both in terms to technology and personnel.

“The hardware was becoming too restrictive because we weren’t able to scale up.  We would have had to purchase more hardware and then deploy that and add more virtual servers with capacity for additional processing power. We would also have needed to employ the maintenance staff that went along with purchasing more hardware. Then we’d have to maintain all this equipment,” he explained.

“All of the maintenance and management headaches and the fact we needed rapid scalability helped us come to the decision that having our own private cloud infrastructure was just too much of a hassle.”

“What’s more, iland’s public cloud was considerably more economical than using our own equipment. We’re getting close to 35 to 40 per cent cost savings with iland’s cloud. iland now hosts all of our mission critical applications, allowing us to focus our IT efforts on activities that drive our business forward,” he added.

Enterprise Strategy Group, Funding, Gene Stevens, News & Analysis, Scott Chasin, Universal Music Group

ProtectWise scores $17m to bring cloud security DVR to the enterprise

ProjectWise has exited stealth and announced it has raised $17m in funding

ProjectWise has exited stealth and announced it has raised $17m in funding

ProtectWise, which specialises in providing cloud security services, has exited stealth mode and announced it has secured $17m. The company, which was founded by former McAfee executives Scott Chasin and Gene Stevens, said it will use the funding to expand its sales and marketing efforts.

ProtectWise offers what it’s essentially calling a “cloud network DVR” that the company says can recall and analyse traffic going back weeks, months and even years in a bid to uncover any threats.

“By creating a network memory in the cloud, we’re able to provide a time machine for threat detection,” said Stevens, the company’s chief technology officer. “It automatically replays and analyzes stored network traffic whenever new threats emerge to uncover threats that were previously unknown.  This makes it possible to continuously analyze what we observe in the past and the present together to refine and reveal the threats that matter most.”

It also applies machine learning algorithms in conjunction with a number of commercial intelligence feeds to generate a broad security posture overview of a company’s digital services.

Some of the company’s early customers (it claims over a dozen overall) include the Enterprise Strategy Group and Universal Music Group.

“Enterprises today are grappling with Defense in Doubt,” said Chasin, the company’s chief executive officer. “The traditional defence in depth approach has left security professionals with a costly daisy chain of endpoint solutions that provide only a point-in-time view of threats and emit a tidal wave of security alarms with no context or correlation across solutions. By shifting network security to the cloud, we make it possible to leave this outdated, ineffective model of enterprise network security behind.”

Cloud security firms have attracted significant funding over the past couple of years, a testament to a growing shift towards cloud services. Earlier this month cloud security provider Elastica announced it had secured $30m in series B funding, a year after the firm exited stealth mode and announced its first investment round.

Alan Kessler, Andrew Kellett, cloud security, encryption, Enterprise IT, News & Analysis, ovum, Vormetric

Ovum: Cloud service providers need to double down on security

Enterprises would be more willing to use cloud if providers focused more on security, compliance

Enterprises would be more willing to use cloud if providers focused more on security, compliance

A recently published Vormetric survey suggests over half of enterprises globally are using cloud-based services to store sensitive data, and many of the IT decision makers polled by the firm said they felt pressured into using cloud services over legacy alternatives. But respondents also showed an overwhelming willingness to use cloud services to store or analyse sensitive data if service providers could guarantee some essential security and information governance capabilities and measures.

Vormetric, which worked with Ovum to petition 818 ITDMs globally on their use of cloud and big data platforms, said about 54 per cent of respondents globally were keeping sensitive information in the cloud. Interestingly, 46 per cent of all respondents expressed concerns that market pressures are forcing them to use cloud services.

And though databases and file servers were typically rated by respondents as top risks for storage of sensitive information, they are now also joined by big data environments – with big data (31 per cent) seen by ITDMs as slightly more at risk than file servers (29 per cent).

In the US specifically, respondents seemed most concerned about lack of control over the location of data (82 per cent), increased vulnerability of shared infrastructure (79 per cent), and “privileged user” abuse of the cloud service provider (78 per cent).

“The data shows that US IT decision makers are conflicted about their cloud deployments,” said Alan Kessler, chief executive officer of Vormetric. “Market pressures and the benefits of cloud service use are strong, but enterprises have serious security concerns around these environments. There is enormous anxiety over how sensitive data and systems can best be protected, with lack of control listed as the number one worry among US respondents.”

“For cloud service providers to increase their footprint in the enterprise, they must address enterprise requirements around security, data protection and data management. More specifically, cloud service providers need to provide better protection and visibility to their customers,” Kessler said.

Andrew Kellett, lead analyst for Ovum and author of the 2015 Vormetric Insider Threat Report said the results demonstrate “both hope and fear” when it comes to cloud and big data technologies, which could slow the pace at which enterprises refresh their technology platforms.

“But, there are steps enterprises can take and changes providers can make that will increase adoption. For example, more than half of global respondents would be more willing to use cloud services if the provider offers data encryption with key access control,” he said.

About 52 per cent also said they would be more likely to use cloud services if service level commitments and liability terms for a data breach were established, 48 per cent said the same if explicit security descriptions and compliance commitment were established.

Alan Kessler, Andrew Kellett, cloud security, encryption, Enterprise IT, News & Analysis, ovum, Vormetric

Ovum: Cloud service providers need to double down on security

Enterprises would be more willing to use cloud if providers focused more on security, compliance

Enterprises would be more willing to use cloud if providers focused more on security, compliance

A recently published Vormetric survey suggests over half of enterprises globally are using cloud-based services to store sensitive data, and many of the IT decision makers polled by the firm said they felt pressured into using cloud services over legacy alternatives. But respondents also showed an overwhelming willingness to use cloud services to store or analyse sensitive data if service providers could guarantee some essential security and information governance capabilities and measures.

Vormetric, which worked with Ovum to petition 818 ITDMs globally on their use of cloud and big data platforms, said about 54 per cent of respondents globally were keeping sensitive information in the cloud. Interestingly, 46 per cent of all respondents expressed concerns that market pressures are forcing them to use cloud services.

And though databases and file servers were typically rated by respondents as top risks for storage of sensitive information, they are now also joined by big data environments – with big data (31 per cent) seen by ITDMs as slightly more at risk than file servers (29 per cent).

In the US specifically, respondents seemed most concerned about lack of control over the location of data (82 per cent), increased vulnerability of shared infrastructure (79 per cent), and “privileged user” abuse of the cloud service provider (78 per cent).

“The data shows that US IT decision makers are conflicted about their cloud deployments,” said Alan Kessler, chief executive officer of Vormetric. “Market pressures and the benefits of cloud service use are strong, but enterprises have serious security concerns around these environments. There is enormous anxiety over how sensitive data and systems can best be protected, with lack of control listed as the number one worry among US respondents.”

“For cloud service providers to increase their footprint in the enterprise, they must address enterprise requirements around security, data protection and data management. More specifically, cloud service providers need to provide better protection and visibility to their customers,” Kessler said.

Andrew Kellett, lead analyst for Ovum and author of the 2015 Vormetric Insider Threat Report said the results demonstrate “both hope and fear” when it comes to cloud and big data technologies, which could slow the pace at which enterprises refresh their technology platforms.

“But, there are steps enterprises can take and changes providers can make that will increase adoption. For example, more than half of global respondents would be more willing to use cloud services if the provider offers data encryption with key access control,” he said.

About 52 per cent also said they would be more likely to use cloud services if service level commitments and liability terms for a data breach were established, 48 per cent said the same if explicit security descriptions and compliance commitment were established.

Featured, Hacking

The Hacking Industry isn’t Just Getting Bigger, it’s Getting Smarter

In this video, Solutions Architect Dan Allen talks about the growth and evolving sophistication of the hacking industry. There was a large uptick in data breaches in late 2013 and throughout 2014. Dan discusses the importance of having visibility into your environment to address breaches as quickly as possible and to make sure they got resolved properly.

 

http://www.youtube.com/watch?v=pM4vw_Tyzjg

 

 

Interested in learning more? Reach out to us!

End-User Computing, Featured

2015 Predictions: End User Computing and Security

Earlier in the week, we posted some 2015 predictions from Chris Ward and John Dixon. These predictions covered cloud, the internet of things and software defined technologies. Here are a few quick predictions around end user computing and security from Francis Czekalski and Dan Allen.

 

Francis Czekalski, Practice Manager, End User Computing

Short and sweet – here are four things to keep an eye on in 2015 around end user computing:

  • More integration with mobile devices
  • Wrappers for Legacy Applications to be delivered to IOS devices
  • Less and less dependency for traditional desktops and more focus of delivery on demand
  • Heightened focus on data security

 

end user computing and security

 

Francis presenting at GreenPages’ annual Summit event

Dan Allen, Solutions Architect

Hacktimonium! Remember when only big companies got spam? Then small companies? Then individuals? The same is happening with hacking and digital intrusion. This trend will continue into 2015. Having a Firewall isn’t going to be enough; you need to have some sort of implemented Intrusion Prevention Services like an ASA with sourcefire, Radware appliance, or even some of the smaller brands have a Unified Threat Management piece.

A Year in review: Who got hacked last year?

The Big Ones

  • Apple’s iCloud – Individual accounts hacked.
  • JP Morgan Chase – Enterprise network hacked
  • Sony – Individual and then enterprise hack
  • UPS
  • Target

A list of others you might know.

  • AOL
  • Ebay
  • Living Social
  • Nintendo
  • Evernote
  • USPS
  • Blizzard
  • SnapChat
  • NeimanMarcus
  • Home Depot
  • Washington State Justice Computer Network
  • Yahoo-Japan
  • Dominos-France

The final word here? You Won’t Know You’ve Been Hacked Until It’s Already Gone.

What do you think 2015 has in store around end user computing and security?

 

By Ben Stephenson, Emerging Media Specialist

Cloud Security Alliance, HCL Technologies, Open Source, Scalability, Standards

6 Cloud Computing Standards to Watch Out For

Of the numerous platforms available, cloud computing is slowly becoming the next big wave to hit industries and computing professionals around the globe, after Android applications. The cloud computing platform is one of the only ways in which that companies can reach new levels within their industry. One of the growing trends in the world is the rise in open-source cloud computing. Although very handy and easily available, there are factors that one needs to consider before implementing it across the company. We discuss the various problems associated with cloud computing compliance issues.

Plugging the holes in the cloud while you can

Open source cloud has rapidly increased as a mode of communication and storage for most companies around the world. Yet, due to the fact they are open source, there are certain regulatory factors that need come into the purview. Although, open source cloud computing is a conducive and a viable option compared to existing facilities, there are several factors that should be taken care of while on the cloud.

Standards-to-watch-for

  1. How secure is your cloud: One of the primary organisations that is ensuring the compliance to security issues is met, is the Cloud Security Alliance (CSA). The latter is a global coalition that represents businesses, apart from industry and subject matter experts. This organization is the reason why most companies are ensuring that they achieve the best practices within their cloud, across the world.
  2. Is the cloud compliant: When placing workloads on the cloud, make sure that you have conducted certain risk assessments before you go on the cloud. Cloud security compliance standards, once implemented is one of the factors that deals with virtualization issues.
  3. Does it have a license? Per user, device and enterprise licensing models for the cloud are essentially factors that impact companies. Licensing issues are also present in the open-source cloud models and they need to address at the outset. There may issues to be dealt with such as proprietary licenses, and other traditional licenses.
  4. Is It Interoperable? Portability within your cloud should be the reason that you are sticking to the cloud. Transferring data from one cloud to another should be the reason that you have selected the convenience provided by the cloud. This will bring forth other important factors to the purview which involves certain standards such as those laid down by the Institute of Electrical and Electronics Engineers or IEEE.
  5. How Scalable is your cloud: The faster you can connect and transfer data on your server, the faster it can upload workloads and store other data. Ensure that you cloud is scalable and brings you the convenience of uploading heavy workload without changing too much in the service contract.
  6. Evaluate the performance: Your SLA with the cloud should involve factors that allow you the convenience of business continuity and disaster recovery. This will help you measure the performance of the cloud in those critical moments.

It’s vital to have some levels of compliance in any technological advancement to enhance your business prospects. HCL Technologies is one of the technological giants that adhere to the cloud computing standards which is the reason it is in the forefront while delivering innovative SAP Solutions for its clients be it on the cloud, on premise, or through a hybrid approach.

To know more about cloud computing standards and services please visit HCL Technologies.