Archivo de la etiqueta: security

Datacentre, News & Analysis, Safe Harbour, Skyhigh Networks

Skyhigh Networks opens European data centre to resolve Safe Harbour fears

datacentreCloud security vendor Skyhigh Networks has opened a new data centre in Germany as it moves to strengthen its support of European customers and multi-nationals.

The Frankfurt facility is a response to increasing demand for data localisation within Europe, which has been stoked by the recent Safe Harbour ruling by the European Court of Justices.

In October BCN reported how a Court of Justice of the European Union (CREU) ruling puts many companies at risk of prosecution by European privacy regulators if they transfer the data of EU citizen’s to the US without a demonstrable set of privacy safeguards.

The 4,000 firms that transfer their clients’ personal data to the United States currently have no means of demonstrating compliance to EC privacy regulations. As the legal situation currently stands, EU data protection law says companies cannot transfer EU citizens’ personal data to countries outside the EU which have insufficient privacy safeguards.

The new data centre will use a Hadoop cluster to analyse traffic analysis and identify and report on the risk of cloud services. It will provide interception, inspection, encryption and decryption services. The system will also run anomaly detection, reporting and data leak prevention services to secure SkyHigh’s clients’ cloud services.

SkyHigh said the new data centre gives customers a choice over where their data is processed and better performance in addition to privacy and sovereignty. The data centre is on a site owned and managed by European employees.

“We are delighted that Skyhigh Networks has opened a data centre in Europe,” said David Cahill, Security Strategy and Architecture Manager at AIB, a bank with 2.6 million customers and 14,000 employees. Cahill said that conforming to existing European data protection laws and the General Data Protection Regulation expected in 2016 need to be taken “very seriously”.

M&A, News & Analysis, Sophos, SurfRight

Sophos drops $32m on SurfRight to enhance threat detection

Cybersecurity2Security vendor Sophos has bought Dutch cloud security vendor SurfRight, which specialises in endpoint threat detection and response (ETDR) and threat prevention, for $31.8 million.

Sophos said it will immediately integrate the SurfRight technology into its line of endpoint security systems and on completion will make the technology available via its global channel of 15,000 partners.

Sophos will continue development and support for SurfRight’s existing product line including its popular HitmanPro range of malware scanning and removal tools, which has 20 million users worldwide. Sophos will retain all SurfRight employees and the company’s office in Hengelo. SurfRight CEO Mark Loman will join the Sophos Enduser Security Group.

Hengelo-based SurfRight develops technology that detects and stops attacks by interrupting the malware and advanced persistent threat (APT) vectors. The software spots any dubious looking memory manipulations, which are often a hallmark of malicious code that might be running furtive activity. The ability to nip these exploits in the bud can fortify endpoint security mechanisms, by thwarting malicious code’s abuses of processor and memory resources. Surfright’s portfolio also includes anti-espionage and anti-ransom software to prevent the growing threat of malware software such as CryptoLocker.

The logic of the deal, for SurfRight, is a high-growth industry leader with a world channel and the support of specialized product development teams, according to SurfRight CEO Mark Loman. “We built this technology to address every vector of an APT attack in an auto-responding, coordinated manner,” he said.

Sophos’ security strategy uses multiple components of security protection, including network security and endpoint security that continuously communicate with each other. This, says Sophos, makes for faster threat detection and cuts the time and resources needed for investigating security incidents.

Interrupting and mitigating custom-made malware is becoming increasingly important as traditional antivirus and network-based intrusion detection systems cannot cope with the speed of threats generated in the modern cloud environment, according to Dan Schiappa, senior VP of Enduser Security at Sophos.

Netwrix, News & Analysis

Lack of visibility in cloud makes IT pros nervous and insecure – report

Unauthorised access and account hijacking are the biggest risks that IT professionals associate with the cloud, according to a new global cloud security survey.

The survey, conducted on behalf of IT auditor Netwrix, asked 600 IT professionals from across the globe about cloud security, their expectations of cloud providers and what measures they take to ensure data security. The IT Pros, who work in sectors including technology, manufacturing, government, healthcare, finance and education said that migrating to the cloud scared them. The majority (65%) of companies are concerned about security and 40% worry about their loss of physical control over data in the cloud, the survey found.

By extension, 35% are presumably not concerned about the insecurity of the cloud, which could be a source of encouragement to many public cloud service providers in this relatively new market.

The biggest fear among the survey group appears to be about unauthorised access with 69% of the respondents thinking this is more likely to happen as a consequence of cloud migration. By the same token, 43% of the sample of IT pros worried about account hijacking once the cloud is being used. However, the number of IT Pros who said they would invest extra in the additional security of a private cloud were in a minority, with only 37% of organisations prepared to put devote money to the cause. A bigger proportion, 44% of respondents, cited hybrid clouds as their preferred transition model from an on-premise infrastructure to a cloud-based model.

When planning to enforce security in the new cloud model, 56% plan to improve identity and authentication management, while 51% will use encryption and 45% of medium and large enterprises plan to audit changes and user activity.

However, despite their fears, these IT Pros seemed to think cloud migration is inevitable with only 13% of organisations rejecting the idea of adopting of cloud technology in the near future. A large minority (30%) are holding out until cloud security mechanisms are improved.

“We wanted to find out what’s preventing cloud adoption,” said Netwrix CEO Alex Vovk, “true visibility of cloud infrastructure will help companies minimise security risks, take back control and accelerate cloud adoption.”

Conficker, Malware, News & Analysis, ThreatCloud

Conficker is commonest criminal in the cloud says ThreatCloud report

Secure cloudThree families of malware account for 40% of all the crime on the cloud across the globe, according to a new report from security firm Checkpoint.

The company’s ThreatCloud report looked at statistics drawn from intelligence feeding in from Check Point’s global presence in October 2015. It identified more than 1,500 different malware families globally active in that month alone. The ThreatCloud World Cyber Threat Map uses software agents and monitors to tracks how and where cyberattacks are taking place worldwide in real time.

Three malware families, the Conflickers, Salitys and Cutwails, accounted for 40% of all recorded attacks. The report also uncovered a new trend for criminals to try to assume control of networks by focusing on remote control of infected PCs. Increasingly, these are used to launch distributed denial of service (DDoS) and spamming campaigns against service providers.

Attacks on individuals also rose sharply, though these tended to be concentrated around malware families that are involved in ransomware scams. Identity theft and the stealing of users’ information  also rose sharply. The use of kits, such as the Neutrino ransomware exploit kit Fareit malware, which steals user information from web browsers and emails, increased dramatically. In one month this criminal modus operandum rose from being the 93rd most used scam to the 10th most common form of malware seen in October.

International organisations, such as cloud service operators, are most likely to be targeted by Conficker which accounted for 20% of all attacks globally. The UK experienced a lower number of attacks than many countries European nations and was ranked 110th most vulnerable region out of 133 target countries globally. By comparison Germany ranked 93rd, Switzerland 89th, Spain 57th and France 54th. Italy is home to Europe’s most endangered cloud, being the 40th most likely country to house a victim of an attack.

It’s easy for hackers to make small changes to malware code to enable it to bypass conventional cloud defences, according to Checkpoint’s UK regional director Simon Moor. “Companies should consider deploying advanced technologies,” said Moor.

The ThreatCloud database holds over 250 million addresses analysed for bot discovery, over 11 million malware signatures and over 5.5 million infected websites.

EMC, hybrid cloud, News & Analysis

EMC announces new protection for data as cloud hybrids become the norm

Storage vendor EMC has created a new product range to protect data as it moves in and out of the various parts of a hybrid cloud.

On Tuesday it announced news products and services designed to integrate primary storage and data protection systems across private and public clouds. The aim is to combine the flexibility of public cloud services with the control and security of a private cloud infrastructure.

The new offerings carry out one of three functions, characterised as tiering data across diverse storage infrastructures, protecting data in transit to and from the Cloud and protecting data once its static in the cloud.

EMC says that by integrating its VMAX systems through new improvements to its FAST.X tiering systems it can make it cheaper for customers to prioritise their storage according to the expense of the medium. The new additions to the management system have now automated the tiering of public clouds and cater for both EMC and non-EMC storage systems.

The new levels of protection for data, as it travels in and out of the cloud, is provided by

CloudBoost 2.0. This, claims EMC, will work with EMC’s Data Protection Suite and Data Domain so that private cloud users can move data safely to the cheaper media in the public cloud for long-term data retention.

Once resident in the public cloud, data can be better protected now as a result of new Spanning product features, which can cater for different regional conditions across the European Union. Spanning Backup for Salesforce now offers better SaaS data restoration options so it’s easier restore lost or deleted data. Spanning’s new European data destination option will also aid compliance with European data sovereignty laws and regulations. Meanwhile, the Data Protection as a Service (DPaaS) offering for private clouds now has better capacity management, secure multi-tenancy and a dense shelf configuration that EMC says will ‘dramatically’ cut the cost of ownership.

Meanwhile, EMC also announced a new generation of its NetWorker data protection software.  NetWorker 9 has a new universal policy engine to automate and simplify data protection regardless of where the data resides.

“Tiering is critical to business in our own data centres,” said Arrian Mehis, general manager of VMware Cloud practice at Rackspace, “and in the data centres of our customers.”

ENDS

News

Blue Coat Systems Acquires Elastica

Blue Coat Systems as recently announced its agreement to acquire Elastica , Inc. for $280 million.

Because of the unprecedented rate with which cloud applications have been adopted, there is also an unprecedented necessity for increased security and protection for such applications. Due to the mixed use of cloud and on premise applications, Blue Coat Systems has found it difficult to efficiently manage its security. With the addition of Elastica, Blue Coat  will be able to offer a global security platform with across the board data level security. This will make Blue Coat the only company to deliver the requirements that resulted from post-infrastructure. By combining the talents of Blue Coat with Elastica’s Cloud Access Security and Analytics, Blue Coat will  provide a solution to the problems associated with cloud security requirements. Elastica’s CloudSOC provides tools such as threat scoring powered by machine learning, user and end-point behavior modeling, natural language-based cloud DLP, and analysis with remediation in a cloud application SOC. Elastica delivers such tools through its CASB gateway and API controls for cloud security management and enforcement.

image_blue_coat_security_platform1a

Greg Clark, Blue Coat CEO, has commented: “This acquisition gives Blue Coat customers access to Elastica’s CloudSOC, which brings an unprecedented level of elegance and innovation to something that is rapidly becoming a complex challenge for organizations to solve. As we evaluated many CASB players, it was clear that Elastica’s technologies represent the future of the CASB space. Segmented CASB players have survived through their dependency upon existing on-premise infrastructure. As the industry’s leading web security platform, it is natural for Blue Coat to be the first to deliver an extended spectrum of CASB capabilities while also delivering them with our cloud protection solutions.”

Mike Fey, Blue Coat president and COO, also added, ““Our customers cannot tolerate a world where the performance and security of cloud applications are spread across a tangled web of solutions leaving them powerless to manage the threat and deliver the SLA which their users have come to expect. Corporations are facing a dissolving perimeter. The traditional infrastructure-centric way of protecting users cannot support the cloud age. We have made it our mission to solve this challenge by delivering an entire solution from the cloud, specifically built for the cloud.”

The post Blue Coat Systems Acquires Elastica appeared first on Cloud News Daily.

Gemalto, News & Analysis, Research, software, Software as a service

Software market frustrating for enterprise users says Gemalto research

Software licensing is still causing enterprises grief, according to new research by security firm Gemalto. The biggest pain points and causes of frustration are the inflexibility of licensing arrangements and the unhelpful delivery options.

According to the State of Software Monetization report, software vendors must change if they’re to satisfy enterprise user demand. This means delivering software as a service and making it accessible across multiple devices, it concludes.

The disparity between customer demand and vendor supply has been created by the shift in tastes from enterprise software customers. This is a function of the ‘bring your own device’ (BYOD) phenomenon, which has been partly created by intelligent device manufacturers and mobile phone makers. However, despite creating the demand for more flexibility they have not been able to follow suit and provide a matchingly flexible and adaptable licensing and packaging technique for software, the report says.

The most frequently voiced complaint, from 87% of the survey sample, was about the cost of renewing and managing licenses. Almost as many (83%) complained about the time needlessly wasted on unfriendly processes for renewing and managing licenses (83%) and the time and costs that were lost to non-product-related development (82%). Most of the survey sample (68%) said they had little idea over how the products they buy are being used in the enterprise.

Four out of five respondents believe that software needs to be future-proofed to be successful.

The report was compiled from feedback from 600 enterprise software users and 180 independent software vendors (ISVs), in relation to headaches related to software licensing and packaging.

Software consumption is changing and customers only want to pay for what they use, according to Shlomo Weiss, Senior VP for Software Monetization at Gemalto. “Delivering software, in ways that customers want to consume it, is critical for creating a user experience that sells,” said Weiss.

News

Ovum Cloud Security

Tim Jennings, an Ovum analyst, has declared that although there are many fears surrounding the security of the cloud, the increasing number of data breaches is more likely to influence enterprise transition to the cloud. This trend exemplifies the increasing level of maturity of the cloud environment. Jennings commented in a blog,” “Given that data security and privacy concerns have been an inhibitor during the early stages of cloud adoption, it is somewhat ironic that the continued spate of high-profile customer data breaches is likely to push more enterprises toward cloud services. One can envisage, therefore, pointed conversations within boardrooms as CIOs and chief security officers are questioned about the likelihood of their organizations being the next to suffer reputational damage through the exposure of customer data. Many organizations will conclude that using the expertise of a third party is a more reliable approach than depending on in-house resources.”

To a certain extent, some degree of vulnerability will always be prevalent. Jennings added, “Many have been like rabbits caught in the headlights, seemingly having little insight into the root cause of the failure, the extent of the consequences, or the actions required for remediation.”

Outsourcing to modern cloud providers appears to be the logical move. Cloud providers have invested large amounts of money into the security sector, covering areas from the physical security of a center to encryption of customer data and advanced security intelligence.

While it is unrealistic for large companies to replicate this sophisticated cloud environments created by experts, adopting a public cloud environment is not always safer. “It may be that enterprises prefer to use either an on premise or virtual private cloud, while still taking advantage of a specialist provider’s management and security capabilities. Nor does it mean that the responsibility for security and customer data passes away from the enterprise—even though the delivery of these capabilities is in the hands of the third party, governance and control must be retained in-house.”

The post Ovum Cloud Security appeared first on Cloud News Daily.

Egnyte, File Sharing, Opinion

Bringing the enterprise out of the shadows

Ian McEwanIan McEwan, VP and General Manager, EMEA at Egnyte discusses why IT departments must provide employees with secure, adaptive cloud-based file sync and share services, or run the risk of ‘shadow IT’ — inviting major security vulnerabilities and compliance issues within organisations.

The advent of cloud technology has brought a wide range of benefits to businesses of all sizes, improving processes by offering on-demand, distributed access to the information and applications that employees rely on. This change has not only made IT easier for businesses, it is also fueling new business models and leading to increased revenues for those making best use of the emerging technology.

The cloud arguably offers a business the greatest benefit when used for file sync and share services, allowing users to collaborate on projects in real-time, at any time on any device from any geographic location. File sync and share makes email attachments redundant, allowing businesses to reclaim and reduce the daily time spent by employees on email, as well as the chances of files being lost, leaked or overwritten. If used correctly, IT departments can have a comprehensive overview of all the files and activity on the system, enabling considerably better file management and organisation.

Employees ahead of the corporate crowd

Unfortunately business adoption of file sharing services is often behind where employees would like it to be and staff are turning to ‘shadow IT’ – unsanctioned consumer-grade file sharing solutions. These services undermine the security and centralised control of IT departments. Businesses lose visibility over who has access to certain files and where they are being stored, which can lead to serious security and compliance problems.

CIOs need to protect their companies from the negative impact of unsanctioned cloud applications by implementing a secure solution that monitors all file activity across their business.

Secure cloud-based file sharing

To satisfy both the individual user and business as a whole, IT departments need to identify file sharing services that deliver the agility that comes with storing files in the cloud. It starts with ensuring that a five-pronged security strategy is in place that can apply consistent, effective control and protection over the corporate information throughout its lifecycle. This strategy should cover:

  • User Security – controlling who can access which files, what they can do with them and how long their access will last.
  • Device Security – protecting corporate information at the point of consumption on end user devices.
  • Network Security – protecting data in transit (over encrypted channels) to prevent eavesdropping and tampering.
  • Data Centre Security – providing a choice of deployment model that offers storage options both on premises and in the cloud and total control over where the data is stored.
  • Content Security – attaching policies to the content itself to ensure it can’t leave the company’s controlled environment even when downloaded to a device.

A solution that addresses these security areas will allow efficient collaboration without sacrificing security, compliance and control.

A user friendly, business ready solution

Furthermore, the selected solution and strategy will need to keep up with business demands and industry regulations. Flexibility can be achieved if businesses consider adaptive file sharing services that give them access to files regardless of where they are stored – in the cloud, on premises or a hybrid approach. This enables a business to adapt the service for its own changing business preferences, as well as industry standards that can dictate where data is stored and how it is shared. Recent changes to the US-EU Safe Harbour regulations which determine how businesses from the US and EU must share and keep track of data, highlight the necessity for businesses to have an adaptive file sharing solution in place to meet the demands of new regulations,  or else risk heavy fines and reputational damage.

The final hurdle towards successful implementation of a cloud-based file sharing service is ensuring user adoption through simple functionality. If a service isn’t easy to use, staff may find themselves falling back on shadow IT services due to convenience. It is important, therefore, that IT seeks solutions that can be accessed across all devices, and can be integrated with other popular applications already in used within an organisation.

The integrity and privacy of a business’ information requires a secure, adaptive cloud-based file sharing solution that gives organisations comprehensive visibility and control across the lifecycle of its data. Overlooking the security implications of shadow IT services can result in a company incurring significant costs – not just in financial terms, but for a company’s brand, reputation and growth potential. It’s time for IT departments to act now and adopt cloud services that enable efficient collaboration, mitigate any chances of risk and lift the shadow from corporate data.

Azure, data protection, Druva, Microsoft, News & Analysis

Druva’s data protection service now available on Azure

Cybersecurity2Converged data protection firm Druva has allied itself with Microsoft Azure in a bid to expand its cloud presence to a wider public cloud and infrastructure market.

The new relationship gives Druva customers more global options for their data storage, privacy and security needs and a more impressive infrastructure vendor for companies with sensitive compliance and legal issues. Partnering with Azure helps Druva settle any regional data privacy issues that might otherwise dissuade them from using Druva as more companies realise that on-premise storage is becoming unsustainable, according to Druva.

Druva’s new Azure relationship, it says, gives customers have a wider set of choices as they try to decide how to keep up with data growth, security and regionally specific regulation requirements.

Azure will help Druva meet international and industry-specific compliance standards, such as ISO 27001, HIPAA, FedRAMP, SOC 1 and SOC 2. Among the country standards it meets are the Australia IRAP, UK G-Cloud and Singapore MTCS. Microsoft was also the first to adopt the uniform international code of practice for cloud privacy, ISO/IEC 27018, which governs the processing of personal information by cloud service providers. Microsoft’s data centre locations will give Druva 21 storage regions around the globe, including Canada and China which will help Druva meet data residency needs increasingly specified by clients, it claims.

Customers need stronger data protection and security in the cloud now they’re running sensitive workloads, according to Druva CEO Jaspreet Singh. Microsoft will broaden Druva’s cloud-related options and give customers additional choice for deploying in the cloud securely and conveniently. “Druva has quickly grown to become the de facto standard for data protection workloads in the public cloud,” said Singh.

Azure will extend the data storage footprint of Druva inSync, the analyst endpoint and cloud service data protection system. Druva inSync plans will begin at $6/user per month. Azure support will be generally available in 45 days.