Archivo de la etiqueta: security

data protection, Data security, Microsoft, News & Analysis, Scott Charney

Microsoft to improve transparency, control over cloud data

Microsoft wants to improve the security of its offerings

Microsoft wants to improve the security of its offerings

Microsoft has announced a series of measures to give customers more control over their cloud-based data, a move it claims will improve transparency around how data is treated as well as the security of that data.

The company announced enhanced activity logs of user, admin and policy-related actions, which customers and partners can tap into through a new Office 365 Management Activity API to use for compliance and security reporting.

Microsoft said by the end of this year it plans to introduce a Customer Lockbox for Office 365, which will give Office users the ability to approve or reject a Microsoft engineer’s request to log into the Office 365 service.

“Over the past few years, we have seen the security environment change and evolve. Cyber threats are reaching new levels, involving the destruction of property, and governments now act both as protectors and exploiters of technology. In this changing environment, two themes have emerged when I talk with our customers – 1) they want more transparency from their providers and more control of their data, and 2) they are looking for companies to protect their data through leading edge security features,” explained Scott Charney, corporate vice president, trustworthy computing at Microsoft.

“In addition to greater control of their data, companies also need their technology to adhere to the compliance standards for the industries and geographic markets in which they operate.”

The company is also upping its game on security and encryption. Office 365 already encrypts data in transit, but in the coming months Charney said the company plans to introduce content-level encryption, and by 2016 plans to enable the ability for customers to require Microsoft to use customer-generated and customer-controlled encryption keys to encrypt their content at rest.

It also plans to bolster network security through Azure-focused partnerships with the likes of Barracuda, Check Point, Fortinet, Websense, Palo Alto Networks, F5 and Alert Logic, and broaden the security capabilities of its enterprise mobility management suite.

Microsoft has over the past couple of years evolved into a strong proponent of and active participant in discussions around data security and data protection, including legislative change impacting these areas in the US. It’s also among a number of US cloud providers that are convinced many still lack trust in the cloud from a security standpoint, consequently hampering its ability to make inroads into the cloud market, which gives it an added incentive to double down on securing its own offerings.

Cisco, Elastica, News & Analysis, Rehan Jalil, Scott Harrell, Shadow IT

Cisco, Elastica join forces on cloud security monitoring

Cisco will resell Elastica's cloud service monitoring technology

Cisco will resell Elastica’s cloud service monitoring technology

Networking giant Cisco is teaming up with Elastica, a cloud security startup, in a move that will see the two firms combine their threat intelligence and cloud service monitoring technologies.

The partnership will also see Cisco resell Elastica’s cloud application security and monitoring solution (CloudSOC) to its customers.

“The combination of Cisco’s threat-centric security portfolio and Elastica’s innovation in cloud application security provides a unique opportunity. Our global customers gain additional levels of visibility and control for cloud applications and it enhances our portfolio of advanced cloud-delivered security offerings,” said Scott Harrell, vice president of product management, Cisco Security Business Group.

“We are excited to partner with Elastica to deliver an even richer portfolio of on–premises and cloud application security to protect businesses across the attack continuum – before, during, and after an attack,” Harrell said.

The move is a big win for Elastica, a startup that existed stealth in early 2014 and just last month secured $30m in funding. Cisco will provide the security startup with a large and varied channel that spans both the enterprise and scale-out markets, while Cisco can plug a gap in its burgeoning cloud-centric portfolio (that said, it’s possible the move is a precursor to an acquisition).

“CIOs want to empower employees with advanced cloud apps that help enterprises stay agile, productive and competitive in the marketplace. The power of these cloud apps – information sharing and built-in collaboration capabilities – also require a completely new approach to security,” said Rehan Jalil, president and chief executive of Elastica.

“Elastica’s cloud app security technology, together with Cisco’s broad security portfolio and footprint, will help us catalyze the safe and compliant use of cloud apps so that our customers can continue to securely make their businesses more agile and productive,” Jalil said.

Brendan Hannigan, CrossIdeas, cybersecurity, IBM, Lighthouse, News & Analysis

IBM makes cyber threat data available as a cloud security service

IBM is launching a cybersecurity cloud service

IBM is throwing its hat into the cybersecurity ring

IBM has unveiled a cloud-based cybersecurity service which includes hundreds of terabytes of raw aggregated threat intelligence data, which can be expanded upon by users that sign up to use the service.

At about 700TB, IBM’s X-Force Exchange service is being pitched by the firm as one of the largest and most complete catalogues of cybersecurity vulnerability data in the world.

The threat information is based on over 25 billion web pages and images collected from a network of over 270 million endpoints, and will also include real-time data provided by others on the service (so effectively, the more people join, the more robust the service gets).

“The IBM X-Force Exchange platform will foster collaboration on a scale necessary to counter the rapidly rising and sophisticated threats that companies are facing from cybercriminals,” said Brendan Hannigan, general manager, IBM Security.

“We’re taking the lead by opening up our own deep and global network of cyberthreat research, customers, technologies and experts. By inviting the industry to join our efforts and share their own intelligence, we’re aiming to accelerate the formation of the networks and relationships we need to fight hackers,” Hannigan said.

Last year IBM made a number of acquisitions to bolster end-point and cloud security (CrossIdeas, Lighthouse) and adding cyber threat detection to the mix creates a nicely rounded security portfolio. But the move also put it in direct competition with a wide range of managed security service providers that have been playing in this space for years and going after the same verticals (oil & gas, financial service, retail, media, etc.), so it will be interesting to see how IBM differentiates itself.

Adallom, cloud security, Funding, HP, News & Analysis, Saas

Cloud security vendor Adallom secures $30m in series C led by HP

Adallom secured $30m in new funding this week from HP Ventures among others

Adallom secured $30m in new funding this week from HP Ventures among others

Cloud security service provider Adallom announced this week it has secured $30m in a series C funding round led by Hewlett Packard Ventures, which the company said it would put towards research and development.

Adallom, which was founded by cybersecurity veterans Assaf Rappaport, Ami Luttwak and Roy Reznik in 2012, offers a security service that integrates with the authentication chain of a range of SaaS applications and lets IT administrators monitor usage for every user on each device.

The software works with a conjunction of end-point and network security solutions and has a built-in, self-learning engine that analyses user activity on SaaS applications and assesses the riskiness of each transaction in real-time, alerting administrators when activity becomes too risky for an organisation given its security policies.

The company said the latest funding round, which brings the total amount secured by the firm since its founding three years ago to just under $50m, speaks to the rapid growth of the SaaS market, and the need for more flexible security solutions.

“The market’s embrace of our approach to cloud security and our investors’ continued confidence in our products, team and results to date is a strong endorsement of Adallom. It also serves as encouragement to continue to execute on our mission to deliver the best platform for protecting data in the cloud,” said Rappaport, Adallom’s chief executive. “We’re determined to exceed the expectations of our customers and investors, and continue our innovation in this market.”

The company said the investment will be used to double down on development and improve support for more services; it claims the security service already supports over 13,000 cloud apps.

Adallom’s funding round caps off a successful month for a number of cloud security vendors, with Palerra, ProtectWise and Elastica all securing millions in investment.

Analytics, cloud security, Funding, Machine learning, News & Analysis, Norwest Venture Partners (NVP), Palerra, Wing Venture Capital and Engineering Capital

Cloud security vendor Palerra scores $17m

Palerra is among a number of cloud security startup combining predictive analytics and machine learning algorithms to bolster cloud security

Palerra is among a number of cloud security startups combining predictive analytics and machine learning algorithms in clever ways

Cloud security vendor Palerra has secured $17m in series B funding, a move the company said would help accelerate sales and marketing efforts around its predictive analytics and threat detection services.

Palerra’s flagship service, Loric, combines threat detection and predictive analytics in order to provide automatic incident response and remediation for malicious traffic flowing to a range of cloud services and platforms.

Over the past few years we’ve seen a flurry of cloud security startups emerge, which all deploy analytics and machine learning algorithms to cleverly detect perceived and actual threats and respond in real-time, so it would seem enterprises are starting to become spoilt with choice.

The $17m round was led by August Capital, with participation from current investors Norwest Venture Partners (NVP), Wing Venture Capital and Engineering Capital, and brings the total amount secured by the firm to $25m.

The funds will be used to bolster sales and marketing efforts at the firm.

“The dramatic rise in adoption of cloud services by today’s enterprises against the backdrop of our generation’s most potent cyber threats has necessitated a new approach. LORIC was designed to meet these threats head on and this new round underscores our commitment to deliver the most powerful cloud security solution in the industry,” said Rohit Gupta, founder and chief executive officer of Palerra.

“As the perimeter disintegrates into a set of federated cloud-based and on-premises infrastructures, effective monitoring becomes almost impossible, unless security controls are embedded in these heterogeneous environments. This will require enterprises to reconsider and possibly redesign their security architecture and corresponding security controls by placing those controls in the cloud,” Gupta added.

Chua Sock Koong, M&A, News & Analysis, Robert McCullen, Singtel, Telco Cloud, Trustwave

Singtel buys Trustwave in managed security play

Singtel has acquired Trustwave, a cloud and managed security services provider

Singtel has acquired Trustwave, a cloud and managed security services provider

Singtel is to acquire IT security firm Trustwave in a move that will see the latter operate as the cybersecurity division of the Singaporean telecoms incumbent.

The deal will see Singtel acquire a 98 per cent stake in the American security services firm, which has an $850m equity value. Singtel said it paid around $810m for the company.

Following the acquisition more than 1,200 Trustwave employees will join Singtel to form a standalone cybersecurity services business unit.

Trustwave said it had three million business subscribers pre-acquisition and five security operations centres (in the US and Poland).

In canned remarks Trustwave chairman, chief executive and president Robert McCullen said: “This strategic partnership creates an unparalleled opportunity to combine Singtel’s robust information and communications solutions with Trustwave’s industry-leading security technologies and managed services platform to deliver cutting-edge solutions that will enhance our customer experience.”

“Singtel is the perfect partner for us as we continue to help businesses fight cybercrime, protect data and reduce security risk, and the Trustwave team is thrilled to become a part of such a prestigious and innovative organization,” McCullen said.

Singtel said the move will allow it to build a stronger presence in the American and European cloud services markets as it combines its existing enterprise IT assets it already leverages in the Asia Pacific region.

Chua Sock Koong, Singtel Group chief executive said: “We aspire to be a global player in cyber security.  We have established a strong security business in the region, both organically and through strategic partnerships with global technology leaders.”

“Our extensive customer reach and strong suite of ICT services, together with Trustwave’s deep cyber security capabilities, will create a powerful combination and allow Singtel to capture global opportunities in the cyber security space,” Koong said.

The acquisition will see Singtel move into an area that seems to be constantly on the up – cyberattacks like DDoS and man-in-the-middle attacks are becoming more frequent and cheaper to procure on the black market according to nearly every report out there, and other IT-focused telcos (i.e. Verizon) making moves to broaden their enterprise services to include cloud security and managed security services. According to Gartner the managed security industry is estimated to generate approximately $24bn by 2018, up almost 75 per cent from $14bn in 2014.

Evan Grim, Josh Alexander, Microsoft, multifactor authentication, News & Analysis, PingIdentity, RSA, Salesforce, Toopher

Salesforce buys mobile authentication startup

MFA is becoming more prominent among enterprises

MFA is becoming more prominent among enterprises

Salesforce has acquired Toopher, a Texas-based mobile authentication startup, for an undisclosed sum.

The company, which offers multifactor authentication (MFA) for mobile platforms, was acquired by the CRM giant less than a month after it secured $200k in new investment.

“Today it is with great excitement that we can unveil our ability to super-charge our superpower—because we are being acquired by Salesforce,” the company’s founders Josh Alexander and Evan Grim wrote in a statement on the Toopher website.

“While we will no longer sell our current products, we are thrilled to join Salesforce, where we’ll work on delivering the Toopher vision on a much larger scale as part of the world’s #1 Cloud Platform. We can’t imagine a better team, technology and set of values with which to align.”

Toopher said it will continue to support existing customers.

Salesforce is aligning itself with a number of enterprise IT vendors including Microsoft, PingIdentity and RSA, which have over the past few years moved to acquire MFA vendors in order to bolster the security posture of their offerings.

Given the rise in MFA adoption among enterprises (a recent SafeNet survey suggests 37 per cent of organisations used MFA in 2014, up from 30 per cent the previous year), the performance improvements associated with tight technical integration between MFA and the services they protect, and the fact these enterprises are becoming more and more mobile, it’s not surprising to see some vendors swoop in to acquire the technology outright.

DDOS, Deloitte, Ed Powers, Mike Denning, News & Analysis, Verizon

Deloitte, Verizon team on cybersecurity

Verizon and Deloitte are teaming up on cybersecurity

Verizon and Deloitte are teaming up on cybersecurity

Deloitte and Verizon Enterprise Solutions have announced a partnership that will see the two firms deliver a comprehensive set of cybersecurity and risk-management solutions to enterprises.

The deal will see Verizon leverage its experience in digital forensics and managed services experience and Deloitte’s cyber risk advisory services to deliver end-to-end incident response services.

“As the cybersecurity landscape becomes more formidable, this alliance enables enterprises to better prepare for today’s new reality,” said Mike Denning, vice president, global security for Verizon Enterprise Solutions.

“We understand that companies need to have the mindset that being breached is a matter of when, not if. With our combined capabilities, we are preparing enterprises to better withstand a cyberattack before and beyond the breach.”

Ed Powers, national managing principal, Deloitte cyber risk services, Deloitte said companies today are looking for more comprehensive cybersecurity tools rather than acquiring them in bits and pieces.

“Organizations today need to quickly contain the damage, but they also need a solutions provider that can help them regain full business strength and improve their capacity to withstand future crises. We are making it possible for our clients to meet tomorrow’s cyber challenges head-on while continuing to power performance in their businesses,” Powers said.

The move comes as cyberattacks like DDoS are becoming more frequent and more impactful. According to a recently published Neustar DDoS report which surveyed 250 businesses across a broad range of sectors globally, about 40 per cent of companies now estimate losses of over £100,000 per hour at peak times during a DDoS outage.

Andrew Kellett, data protection, Data security, News & Analysis, ovum

Ovum: Security skills shortage remains most prevalent barrier in cloud

Security skills shortages are hampering IT's ability to adopt cloud services

A security skills shortage is hampering cloud adoption

Security and an IT security skills shortage remain the most prevalent barriers to cloud uptake, according to Ovum principle analyst Andrew Kellett.

Although Ovum’s research suggests the volume of sensitive corporate data stored in the cloud continues to grow, with enterprise cloud adoption rates exceeding 80 per cent, in many cases this data is not adequately protected.

“Security, or lack thereof, is a significant issue. If there is one problem area inhibiting further adoption of cloud-based services, it is enterprise concerns about shortfalls in the protection regimes of many cloud service providers,” Kellet said, adding that since more sensitive data appears to be stored in the cloud the most basic security practices and controls aren’t necessarily enough.

“On too many occasions, security policies only come into place once a new technology has already gone mainstream, and this is certainly true of the cloud industry. Many cloud providers have been guilty of ‘bolting on’ security as an afterthought, something which has left previous generations of technology vulnerable to malware attacks, advanced persistent threats and other breach tactics.”

“Whether they like it or not, organisations are putting their trust in the hands of the service provider, often without being completely satisfied that such trust is justified or that service levels and protection can be maintained,” he concluded.

Other recently published research from Ovum suggests enterprises are quite concerned with how their cloud service providers implement security controls. The company recently surveyed 818 ITDMs for their views on cloud security and found that in the US specifically, respondents seemed most concerned about lack of control over the location of data (82 per cent), increased vulnerability of shared infrastructure (79 per cent), and “privileged user” abuse of the cloud service provider (78 per cent).

data privacy, data protection, Microsoft, News & Analysis, Public Sector

Microsoft, civil liberties renew calls for Patriot Act reform

Microsoft and close to 50 tech companies and civil liberties assocaitions have renewed calls to reform the US Patriot Act ahead of the expiry of the law's provisions governing bulk data collection

Microsoft and close to 50 tech companies and civil liberties associations have renewed calls to reform the US Patriot Act ahead of the expiry of the law’s provisions governing bulk data collection

Microsoft, along with nearly fifty other technology civil rights associations and technology firms have signed an open letter to senior members of the US government calling for reform of the Patriot Act, a cause célèbre for Microsoft among other cloud firms in recent years.

Microsoft has previously criticised the US government’s bulk data collection practices, and the ability of its authorities to act on warrants beyond US soil (particularly when such acts contradict local laws where those businesses operate).

In an open letter to very senior members of the US government including Michael Rogers, director of the NSA, senate minority leader Harry Reid, and US president Barack Obama, the organisations reaffirm the need to end the US government’s bulk data collection practices, and make government and corporate reporting on any Foreign Intelligence Surveillance Court decisions more transparent.

The US Patriot Act Section 215, which currently serves as the legal basis for the NSA’s bulk collection of metadata, is due to expire in June this year.

“We the undersigned represent a wide range of privacy and human rights advocates, technology companies, and trade associations that hold an equally wide range of positions on the issue of surveillance reform. Many of us have differing views on exactly what reforms must be included in any bill reauthorizing USA Patriot Act Section 215,” the letter reads.

“That said, our broad, diverse, and bipartisan coalition believes that the status quo is untenable and that it is urgent that Congress move forward with reform.”

“It has been nearly two years since the first news stories revealed the scope of the United States’ surveillance and bulk collection activities. Now is the time to take on meaningful legislative reforms to the nation’s surveillance programs that maintain national security while preserving privacy, transparency, and accountability.”

Microsoft is among a range of technology companies in support of reforming how American legal entities treat data, both within the context of surveillance activities or general legal proceedings. But US lawmakers have signaled they are prepared to act on longstanding promises to reform the legal landscape. Last month American lawmakers introduced two bipartisan bills that seek to limit the reach of US courts over data stored in cloud services located outside the US, a move welcomed by a broad coalition of technology and telecoms firm – including Microsoft.