Archivo de la etiqueta: security

engineering, Enterprise IT, Khatib & Alami, News & Analysis, private

AEC firm K&A moves from private to public cloud, saves 40% in costs

Khatib & Alami moved onto iland's public cloud platform this year

Khatib & Alami moved onto iland’s public cloud platform this year

Global architectural design and project management firm Khatib & Alami (K&A) has moved from a private cloud platform onto a public cloud, which the company said has led to a 40 per cent reduction in IT operations management spend.

K&A, which was set up in 1964 and has offices in the Middle East, Africa, Western Europe and North America, offers a range of architectural and engineering services.

The company originally moved to deploy its internal applications on a private cloud platform hosted in iland’s datacentre in London, which it did in order to consolidate its IT environments.

At the time the company also experimented with public cloud platforms, but preferred to maintain its private cloud deployment. However, while it’s difficult to narrow down an exact figure where private and public cloud platforms are equal in cost, the company’s corporate IT manager Mohamed Saad said the public cloud option began to make more sense at the company’s growth began to outpace its ability to scale efficiently, both in terms to technology and personnel.

“The hardware was becoming too restrictive because we weren’t able to scale up.  We would have had to purchase more hardware and then deploy that and add more virtual servers with capacity for additional processing power. We would also have needed to employ the maintenance staff that went along with purchasing more hardware. Then we’d have to maintain all this equipment,” he explained.

“All of the maintenance and management headaches and the fact we needed rapid scalability helped us come to the decision that having our own private cloud infrastructure was just too much of a hassle.”

“What’s more, iland’s public cloud was considerably more economical than using our own equipment. We’re getting close to 35 to 40 per cent cost savings with iland’s cloud. iland now hosts all of our mission critical applications, allowing us to focus our IT efforts on activities that drive our business forward,” he added.

Enterprise Strategy Group, Funding, Gene Stevens, News & Analysis, Scott Chasin, Universal Music Group

ProtectWise scores $17m to bring cloud security DVR to the enterprise

ProjectWise has exited stealth and announced it has raised $17m in funding

ProjectWise has exited stealth and announced it has raised $17m in funding

ProtectWise, which specialises in providing cloud security services, has exited stealth mode and announced it has secured $17m. The company, which was founded by former McAfee executives Scott Chasin and Gene Stevens, said it will use the funding to expand its sales and marketing efforts.

ProtectWise offers what it’s essentially calling a “cloud network DVR” that the company says can recall and analyse traffic going back weeks, months and even years in a bid to uncover any threats.

“By creating a network memory in the cloud, we’re able to provide a time machine for threat detection,” said Stevens, the company’s chief technology officer. “It automatically replays and analyzes stored network traffic whenever new threats emerge to uncover threats that were previously unknown.  This makes it possible to continuously analyze what we observe in the past and the present together to refine and reveal the threats that matter most.”

It also applies machine learning algorithms in conjunction with a number of commercial intelligence feeds to generate a broad security posture overview of a company’s digital services.

Some of the company’s early customers (it claims over a dozen overall) include the Enterprise Strategy Group and Universal Music Group.

“Enterprises today are grappling with Defense in Doubt,” said Chasin, the company’s chief executive officer. “The traditional defence in depth approach has left security professionals with a costly daisy chain of endpoint solutions that provide only a point-in-time view of threats and emit a tidal wave of security alarms with no context or correlation across solutions. By shifting network security to the cloud, we make it possible to leave this outdated, ineffective model of enterprise network security behind.”

Cloud security firms have attracted significant funding over the past couple of years, a testament to a growing shift towards cloud services. Earlier this month cloud security provider Elastica announced it had secured $30m in series B funding, a year after the firm exited stealth mode and announced its first investment round.

Alan Kessler, Andrew Kellett, cloud security, encryption, Enterprise IT, News & Analysis, ovum, Vormetric

Ovum: Cloud service providers need to double down on security

Enterprises would be more willing to use cloud if providers focused more on security, compliance

Enterprises would be more willing to use cloud if providers focused more on security, compliance

A recently published Vormetric survey suggests over half of enterprises globally are using cloud-based services to store sensitive data, and many of the IT decision makers polled by the firm said they felt pressured into using cloud services over legacy alternatives. But respondents also showed an overwhelming willingness to use cloud services to store or analyse sensitive data if service providers could guarantee some essential security and information governance capabilities and measures.

Vormetric, which worked with Ovum to petition 818 ITDMs globally on their use of cloud and big data platforms, said about 54 per cent of respondents globally were keeping sensitive information in the cloud. Interestingly, 46 per cent of all respondents expressed concerns that market pressures are forcing them to use cloud services.

And though databases and file servers were typically rated by respondents as top risks for storage of sensitive information, they are now also joined by big data environments – with big data (31 per cent) seen by ITDMs as slightly more at risk than file servers (29 per cent).

In the US specifically, respondents seemed most concerned about lack of control over the location of data (82 per cent), increased vulnerability of shared infrastructure (79 per cent), and “privileged user” abuse of the cloud service provider (78 per cent).

“The data shows that US IT decision makers are conflicted about their cloud deployments,” said Alan Kessler, chief executive officer of Vormetric. “Market pressures and the benefits of cloud service use are strong, but enterprises have serious security concerns around these environments. There is enormous anxiety over how sensitive data and systems can best be protected, with lack of control listed as the number one worry among US respondents.”

“For cloud service providers to increase their footprint in the enterprise, they must address enterprise requirements around security, data protection and data management. More specifically, cloud service providers need to provide better protection and visibility to their customers,” Kessler said.

Andrew Kellett, lead analyst for Ovum and author of the 2015 Vormetric Insider Threat Report said the results demonstrate “both hope and fear” when it comes to cloud and big data technologies, which could slow the pace at which enterprises refresh their technology platforms.

“But, there are steps enterprises can take and changes providers can make that will increase adoption. For example, more than half of global respondents would be more willing to use cloud services if the provider offers data encryption with key access control,” he said.

About 52 per cent also said they would be more likely to use cloud services if service level commitments and liability terms for a data breach were established, 48 per cent said the same if explicit security descriptions and compliance commitment were established.

Alan Kessler, Andrew Kellett, cloud security, encryption, Enterprise IT, News & Analysis, ovum, Vormetric

Ovum: Cloud service providers need to double down on security

Enterprises would be more willing to use cloud if providers focused more on security, compliance

Enterprises would be more willing to use cloud if providers focused more on security, compliance

A recently published Vormetric survey suggests over half of enterprises globally are using cloud-based services to store sensitive data, and many of the IT decision makers polled by the firm said they felt pressured into using cloud services over legacy alternatives. But respondents also showed an overwhelming willingness to use cloud services to store or analyse sensitive data if service providers could guarantee some essential security and information governance capabilities and measures.

Vormetric, which worked with Ovum to petition 818 ITDMs globally on their use of cloud and big data platforms, said about 54 per cent of respondents globally were keeping sensitive information in the cloud. Interestingly, 46 per cent of all respondents expressed concerns that market pressures are forcing them to use cloud services.

And though databases and file servers were typically rated by respondents as top risks for storage of sensitive information, they are now also joined by big data environments – with big data (31 per cent) seen by ITDMs as slightly more at risk than file servers (29 per cent).

In the US specifically, respondents seemed most concerned about lack of control over the location of data (82 per cent), increased vulnerability of shared infrastructure (79 per cent), and “privileged user” abuse of the cloud service provider (78 per cent).

“The data shows that US IT decision makers are conflicted about their cloud deployments,” said Alan Kessler, chief executive officer of Vormetric. “Market pressures and the benefits of cloud service use are strong, but enterprises have serious security concerns around these environments. There is enormous anxiety over how sensitive data and systems can best be protected, with lack of control listed as the number one worry among US respondents.”

“For cloud service providers to increase their footprint in the enterprise, they must address enterprise requirements around security, data protection and data management. More specifically, cloud service providers need to provide better protection and visibility to their customers,” Kessler said.

Andrew Kellett, lead analyst for Ovum and author of the 2015 Vormetric Insider Threat Report said the results demonstrate “both hope and fear” when it comes to cloud and big data technologies, which could slow the pace at which enterprises refresh their technology platforms.

“But, there are steps enterprises can take and changes providers can make that will increase adoption. For example, more than half of global respondents would be more willing to use cloud services if the provider offers data encryption with key access control,” he said.

About 52 per cent also said they would be more likely to use cloud services if service level commitments and liability terms for a data breach were established, 48 per cent said the same if explicit security descriptions and compliance commitment were established.

Featured, Hacking

The Hacking Industry isn’t Just Getting Bigger, it’s Getting Smarter

In this video, Solutions Architect Dan Allen talks about the growth and evolving sophistication of the hacking industry. There was a large uptick in data breaches in late 2013 and throughout 2014. Dan discusses the importance of having visibility into your environment to address breaches as quickly as possible and to make sure they got resolved properly.

 

http://www.youtube.com/watch?v=pM4vw_Tyzjg

 

 

Interested in learning more? Reach out to us!

End-User Computing, Featured

2015 Predictions: End User Computing and Security

Earlier in the week, we posted some 2015 predictions from Chris Ward and John Dixon. These predictions covered cloud, the internet of things and software defined technologies. Here are a few quick predictions around end user computing and security from Francis Czekalski and Dan Allen.

 

Francis Czekalski, Practice Manager, End User Computing

Short and sweet – here are four things to keep an eye on in 2015 around end user computing:

  • More integration with mobile devices
  • Wrappers for Legacy Applications to be delivered to IOS devices
  • Less and less dependency for traditional desktops and more focus of delivery on demand
  • Heightened focus on data security

 

end user computing and security

 

Francis presenting at GreenPages’ annual Summit event

Dan Allen, Solutions Architect

Hacktimonium! Remember when only big companies got spam? Then small companies? Then individuals? The same is happening with hacking and digital intrusion. This trend will continue into 2015. Having a Firewall isn’t going to be enough; you need to have some sort of implemented Intrusion Prevention Services like an ASA with sourcefire, Radware appliance, or even some of the smaller brands have a Unified Threat Management piece.

A Year in review: Who got hacked last year?

The Big Ones

  • Apple’s iCloud – Individual accounts hacked.
  • JP Morgan Chase – Enterprise network hacked
  • Sony – Individual and then enterprise hack
  • UPS
  • Target

A list of others you might know.

  • AOL
  • Ebay
  • Living Social
  • Nintendo
  • Evernote
  • USPS
  • Blizzard
  • SnapChat
  • NeimanMarcus
  • Home Depot
  • Washington State Justice Computer Network
  • Yahoo-Japan
  • Dominos-France

The final word here? You Won’t Know You’ve Been Hacked Until It’s Already Gone.

What do you think 2015 has in store around end user computing and security?

 

By Ben Stephenson, Emerging Media Specialist

Cloud Security Alliance, HCL Technologies, Open Source, Scalability, Standards

6 Cloud Computing Standards to Watch Out For

Of the numerous platforms available, cloud computing is slowly becoming the next big wave to hit industries and computing professionals around the globe, after Android applications. The cloud computing platform is one of the only ways in which that companies can reach new levels within their industry. One of the growing trends in the world is the rise in open-source cloud computing. Although very handy and easily available, there are factors that one needs to consider before implementing it across the company. We discuss the various problems associated with cloud computing compliance issues.

Plugging the holes in the cloud while you can

Open source cloud has rapidly increased as a mode of communication and storage for most companies around the world. Yet, due to the fact they are open source, there are certain regulatory factors that need come into the purview. Although, open source cloud computing is a conducive and a viable option compared to existing facilities, there are several factors that should be taken care of while on the cloud.

Standards-to-watch-for

  1. How secure is your cloud: One of the primary organisations that is ensuring the compliance to security issues is met, is the Cloud Security Alliance (CSA). The latter is a global coalition that represents businesses, apart from industry and subject matter experts. This organization is the reason why most companies are ensuring that they achieve the best practices within their cloud, across the world.
  2. Is the cloud compliant: When placing workloads on the cloud, make sure that you have conducted certain risk assessments before you go on the cloud. Cloud security compliance standards, once implemented is one of the factors that deals with virtualization issues.
  3. Does it have a license? Per user, device and enterprise licensing models for the cloud are essentially factors that impact companies. Licensing issues are also present in the open-source cloud models and they need to address at the outset. There may issues to be dealt with such as proprietary licenses, and other traditional licenses.
  4. Is It Interoperable? Portability within your cloud should be the reason that you are sticking to the cloud. Transferring data from one cloud to another should be the reason that you have selected the convenience provided by the cloud. This will bring forth other important factors to the purview which involves certain standards such as those laid down by the Institute of Electrical and Electronics Engineers or IEEE.
  5. How Scalable is your cloud: The faster you can connect and transfer data on your server, the faster it can upload workloads and store other data. Ensure that you cloud is scalable and brings you the convenience of uploading heavy workload without changing too much in the service contract.
  6. Evaluate the performance: Your SLA with the cloud should involve factors that allow you the convenience of business continuity and disaster recovery. This will help you measure the performance of the cloud in those critical moments.

It’s vital to have some levels of compliance in any technological advancement to enhance your business prospects. HCL Technologies is one of the technological giants that adhere to the cloud computing standards which is the reason it is in the forefront while delivering innovative SAP Solutions for its clients be it on the cloud, on premise, or through a hybrid approach.

To know more about cloud computing standards and services please visit HCL Technologies.

Cloud & IT Management, Cyberoam, Denial-of-service attack, Guest Post, High Tech Security, Network security, Unified threat management

CyberOam Provides Critical Insight for Virtual Datacenter Administrators

Guest Post by Natalie Lehrer, a senior contributor for CloudWedge.

Organizations must provide reliable technical resources in order to keep a business running in an efficient manner. Network security is one of the chief concerns of all companies regardless of size. Although corporations are often pressed to earn profits, the need to protect all company related data at any cost should be a top priority.

Virtual datacenters can be susceptible to a variety of threats including hyperjacking, DoS attacks and more. The importance of keeping up to date on the latest server patches, security bulletins and being aware of the latest malware threats is more important than ever. Therefore, it is critical that all incoming network traffic is properly scanned in search of viruses and malicious code that could possibly corrupt or cause the malfunction of the virtual datacenter.

What is the Solution?

Network appliances such as Cyberoam can act as a unified threat management suite. In addition, Cyberoam scans as all incoming and outgoing traffic while producing detailed reports for system administrators. These granular reports list all virtual datacenter activity while providing logs that give forensic computer scientists direction on where to focus their investigations. Since any activities performed on virtual servers can be retained using Cyberoam, the audit process can provide a clear trail which will lead you to the culprit incase of a data breach. Cyberoam is not a reactive solution. Cyberoam proactively scans all incoming and outgoing data incase viruses and other harmful programs try to compromise and corrupt your entire virtual datacenter.

Security intricacies include intrusion protection services, specialized auditing applications and robust firewall features. Firewalls play an important role in keeping all harmful material from compromising virtual servers. Firewalls essentially block intruders while simultaneously allowing legitimate TCP or UDP packets to enter your system. Cyberoam allows administrators the ability to easily construct firewall rules that keep internal data safe and secure.

When you setup your virtual datacenter, it is important to utilize all of the features at your disposal. Sometimes the most obscure features are the most valuable. The best way to keep your virtual datacenter is safe is be on top of the latest knowledge. There have been reports that many IT professionals find themselves intimidated by new technology simply have not taken the initiative to learn all about the latest datacenter hardware and software available to them today. If you are trying to stay one step ahead of the game, your best bet is to learn all about the tools on the market and make your decision accordingly. Be sure to scrutinize any appliance you decide to utilize inside of your datacenter before adding it into your arsenal of IT weaponry.

Headshot

Natalie Lehrer is a senior contributor for CloudWedge.

In her spare time, Natalie enjoys exploring all things cloud and is a music enthusiast.

Follow Natalie’s daily posts on Twitter: @Cloudwedge, or on Facebook.

Advertising, Box, DropBox, File Sharing, Filesharing, Google, Google Adword, Intralink

How an Adwords Campaign Accidentally Exposed Dropbox and Box User’s Confidential Files

We previously reported on a Dropbox Security Snafu (and their correction for it). Now we’re learning more about how it came about, and how it was discovered.

There are several ways users can inadvertently leak confidential files, but the one that is the real head-scratcher is a combination of a user entering the URL of a Dropbox or Box file-sharing link in their browser’s “search box” rather than the “URL box”, combined with Google AdWords campaigns by competitors who want their ads to appear with people “search” for Dropbox or Box (pretty standard stuff).

The sites running such a campaign then — completely innocently — see what users are searching for, and what they are “searching for” turns out to be fully-clickable URLs to files that often contain sensitive personal or company data.

If you think that’s too rare a scenario to worry about, think again:

In one short and entirely innocently designed ad campaign alone, we found that about 5 per cent of hits represented full links to shared files, half of which required no password to download. This amounted to over 300 documents from a small campaign, including several tax returns, a mortgage application, bank information and personal photos. In one case, corporate information including a business plan was uncovered.

That’s from Richard Anstey of Intralink, the people who stumbled on the issue.

Look at this to see (redacted) images of one person’s tax return, and another’s mortgage application. Identity theft, anyone?

Read more about how Intralink discovered all this, along with some good advice on protecting yourself.

TL;DR: sensitive file? Use a sharing application that offers a password or PIN option.

DropBox, File Sharing, HTTP referer, Storage, Vulnerability

Dropbox Forced to Kill Shared Links Due to Security Snafu

Oops! Dropbox announced it is killing existing shared links where documents include ordinary hyperlinks to websites. The problem is the plain old referrer in the header tells that website the URL the inbound link came from. That’s a standard way sites know where their non-direct traffic is coming from. In this scenario, however, the referrer is the URL of the shared dropbox document.

The symptom Dropbox users will experience? Complaints from recipients that the link they were given doesn’t work (if in doubt check the link yourself).

From the Dropbox post on the issue:

While we’re unaware of any abuse of this vulnerability, for your safety we’ve taken the following steps to make sure this vulnerability can’t be exploited:

  • For previously shared links to such documents, we’ve disabled access entirely until further notice. We’re working to restore links that aren’t susceptible to this vulnerability over the next few days.
  • In the meantime, as a workaround, you can re-create any shared links that have been turned off.
  • For all shared links created going forward, we’ve patched the vulnerability

Here’s how to rebuild affected links.