Archivo de la etiqueta: security

Game of Thrones: Five Takeaways for IT

By Ben Stephenson, Journey to the Cloud

After a long wait, Game of Thrones Season 4 has officially started (no spoilers for the first episode of season 4 – I wouldn’t wish that on my worst enemy).  Amidst the action and excitement, there are some lessons IT can take away from seasons 1-3 of the show. Here are five of them:

The War Lies to the North

After Robert Baratheon dies, there is all out war for rule of the Iron Throne and control of the Seven Kingdoms. Joffrey Lannister usurps power after the passing of the king and executes the Lord of Winterfell, Ned Stark. This sparks Ned’s son Robb to march on King’s Landing to attempt to overthrow Joffrey. Meanwhile Robert Baratheon’s younger brother Renly, his older brother Stannis, and Daenerys Targaryen are also all raising armies to try and defeat Joffrey. By the end of season 3 however, it becomes known that the deadly “White Walkers” are back after thousands of years. Some people realize that the war everyone is fighting right now is insignificant because the real war lies to the north.

The lesson for IT: There is often a good amount of unrest between the IT Department and other business units. Maybe Accounting gets frustrated and places the blame for a systems failure on IT, but IT claims it was the Accounting Department’s fault for not following proper protocols. Maybe there is unrest between Marketing and IT around budget allocation for new tradeshow equipment. The lesson here is that IT needs to partner with the business and work together in order to achieve the overall goals that will determine the success of the company.

Liberate Your Users

Daenerys Targaryen, or Khaleesi, is looking to take back the throne that used to belong to her family. Without an army, she purchases a large number of slave soldiers. Instead of treating them poorly and forcing them to fight for her, she frees them all and says it’s their decision if they would like to stay and fight by her side. She then goes from city to city freeing slaves. The result? An extremely loyal and passionate army.

The lesson for IT: People will respond better if you give them choices as opposed to dictating how everything is going to work. Employees are going to bring their own devices to the workplace whether you allow it or not, so empower them to do so by implementing a BYOD program. Shadow IT is going to happen. Employees are going to bypass IT and use AWS. Provide them with a way to do so while you control costs, security, and governance.

Innovation Is Key

When Stannis Baratheon launches a full scale attack on King’s Landing with a large fleet of ships, things look pretty dim for the Lannister family. Stannis has more man power and weapons and has the advantage of being able to cut off supply lines to the capital. Tywin Lannister, King Joffrey’s uncle, is forced to think outside the box to try and defend his city. He ends up catapulting barrels of deadly wild fire onto the attacking ships, successfully fending off Stannis’ forces. 

The lesson for IT: Continue to innovate and look for creative ways to solve problems. It can be difficult to get to the strategic initiatives when your team is bogged down by day-to-day mundane tasks. IT leaders need to make innovation a top priority in order to keep pace with the needs of the business and the rapidly evolving technology landscape.

The Wall of Security

Security is critical to the survival of any organization. Winterfell and the North always relied on “The Wall” to keep out marauding Wildlings. The Wall is hundreds of feet high, made of sheer ice, and guarded by the Men of the Night’s Watch. Getting a large group of people past The Wall is extremely difficult. However, when an assembly of the Night’s Watch has to abandon their posts to head out beyond the wall, a group of Wildlings is able to scale it and cross to the other side.

The lesson for IT: It’s obviously important to have the proper security measures in place in your organization.  The lesson from the Wall though is that no matter what security you have in place, there are always ways to infiltrate your environment no matter how secure it may appear. This is why you need to proactively monitor and manage your environment.

Choose Your Partners Wisely

As the war with the Lannisters drags on, Robb Stark is in desperate need of more soldiers. Robb strikes a deal with Walder Frey to have one of his uncles marry one of Frey’s daughters to unite the families. Robb chose the wrong partner and things don’t go according to plan (and by not “going according to plan” I mean Robb, his wife, his mother, and his countrymen are brutally murdered during the wedding ceremony…).

The lesson for IT: There are a lot of factors to take into consideration when you’re deciding who to align yourself with. Choosing the right vendor for your organization depends on many factors including the specific project you’re working on, your existing environment, your budget, your goals, your future plans, etc. You don’t want to make a hasty decision on a specific vendor or product without thinking it through very carefully. This is where a company such as GreenPages can act as a trusted advisor to help guide you down the right path.

Any other lessons you can think of?

 

Download this whitepaper to learn how corporate IT can manage its environment as if it is “deployed to the cloud.” So, if and when different parts of the environment are deployed to the cloud, day-to-day management of the environment remains unchanged—regardless of where it is running.

 

 

Developers Hit With Big, Unexpected AWS Bills, Thousands on GitHub Exposed

Amazon Web Services (AWS) is urging developers using the code sharing site GitHub to check their posts to ensure they haven’t inadvertently exposed their log-in credentials.

When opening an account, users are told to “store the keys in a secure location” and are warned that the key needs to remain “confidential in order to protect your account”. However, a search on GitHub reveals thousands of results where code containing AWS secret keys can be found in plain text, which means anyone can access those accounts.

From a security perspective it means they can basically go in and gain access to any of the files that are stored in the AWS account.

According to an AWS statement,  ”When we become aware of potentially exposed credentials, we proactively notify the affected customers and provide guidance on how to secure their access keys,”

There is more detail (and some cautionary tales involving big, and unexpected, AWS bills) here.

90 Second Tech News Recap for the Week of 2/3/2014

 

Get your weekly technology new recap for the week of 1/27 in 90 seconds!

 

http://www.youtube.com/watch?v=BXOIAD_gFik

 

Download our whitepaper to learn how corporate IT can manage its environment as if it is “deployed to the cloud.” So, if and when different parts of the environment are deployed to the cloud, day-to-day management of the environment remains unchanged—regardless of where it is running: on premises or at a service provider.

«Syrian Electronic Army» Reminds Us of Importance of Internet Security

by Elliot Curtis, Senior Director, Mass Market Hosting Sector, Parallels

 

The recent attack by the “Syrian Electronic Army” on media outlets including the New York Times and Huffington Post websites are a renewed reminder of the challenges around internet security. While SMB websites are an unlikely target for organized hacking or distributed-denial-of-service (DDOS) attacks, these highly visible and widely reported security issues raise a wareness and concerns for everyone. Most SMBs are exposed to risks from malicious viruses and hacks, as well as, problems caused by bot-nets or even simple content control.

 

Awareness of internet security continues to rise, but high-profile incidents like this presents a specific opportunity for Web Hosters and Service Providers to have a discussion with their customers about solutions to protect their Web presence and cloud applications. Parallels products and ecosystem of partners enables a variety of security solutions including; hacking protection, anti-virus, anti-spam, email security, DDOS prevention, backup & disaster recovery. Our SMB Cloud InsightsTM research shows that security solutions are the most popular and the fastest growing add-on to both Web Hosting and VPS core services, so every Web Hoster and Service Provider should have a security bundle as part of both their core offering and their up-sell strategy.

 

Survey Shows Extent of NSA/PRISM’s Damage to US Cloud Companies

A survey by the Cloud Security Alliance  found that 56% of non-US residents were now less likely to use US-based cloud providers, in light of recent revelations about government access to customer information.

During June and July of 2013, news of a whistleblower, US government contractor Edward Snowden, dominated global headlines. Snowden provided evidence of US government access to information from telecommunications and Internet providers via secret court orders as specified by the Patriot Act. The subsequent news leaks indicated that allied governments of the US may have also received some of this information and acted upon it in unknown ways. As this news became widespread, it led to a great deal of debate and soul searching about appropriate access to an individual’s digital information, both within the United States of America and any other country.

CSA initiated this survey to collect a broad spectrum of member opinions about this news, and to understand how this impacts attitudes about using public cloud providers.

PRISM Scandal Generates Renewed Interest in Non-US Cloud Providers

Guest Post by Mateo Meier, founder of Swiss hosting provider Artmotion

Businesses vote with their feet, in light of the recent PRISM scandal. Up until recently, the US had been considered the leading destination for cloud services with its vast infrastructures and innovative service offerings, but recent leaks have sparked panic amongst many business owners and is driving demand for Non US cloud providers.

The most concerning aspect for many is the wide ranging implications of using US-controlled cloud services, such as AWS, Azure and Dropbox. As a result, businesses are now turning to Switzerland and other secure locations for their data hosting needs.

Swiss ‘private’ hosting companies are seeing huge growth because privacy in Switzerland is enshrined in law. As the country is outside of the EU, it is not bound by pan-European agreements to share data with other member states, or worse, the US. Artmotion, for example, has witnessed 45 per cent growth in revenue amid this new demand for heightened privacy.

Until now the PRISM scandal has focused on the privacy of the individual, but the surveillance undertaken by NSA and Britain’s own GCHQ has spurred corporate concern about the risks associated with using American based cloud providers to host data. It is especially troubling for businesses with data privacy issues, such as banks or large defence and healthcare organisations with ‘secret’ research and development needs.

Before PRISM, the US was at the forefront of the cloud computing industry and companies worldwide flocked to take advantage of the scalable benefits of cloud hosting, as well as the potential cost savings it offered.

However the scandal has unearthed significant risks to data for businesses, as well as for their customers. With US cloud service providers, the government can request business information under the Foreign Intelligence Surveillance Act (FISA) without the company in question ever knowing its data has been accessed.

For businesses large and small, data vulnerabilities and the threat of industrial espionage from US hosting sites can present real security risks or privacy implications, and it’s causing a real fear. Business owners are worried that by using US based systems, private information could potentially be seen by prying eyes.

The desire for data privacy has therefore seen a surge in large corporations turning to ‘Silicon’ Switzerland to take advantage of the country’s renowned privacy culture. Here they can host data without fear of it being accessed by foreign governments.

Mateo-Meier

Mateo Meier, founder of Artmotion, spent the early stages of his career in the US before returning home to Switzerland to start Artmotion. Artmotion was started in early 2000 and provides highly bespoke server solutions to an international set of clients.

Breaking: US Cloud Companies To Lose Billions In EU Due To PRISM

The European Commission’s vice president Neelie Kroes said in statement that reports of the US government spying on servers held by US cloud providers are creating an “atmosphere of distrust” around cloud services.

“Why would you pay someone else to hold your commercial or other secrets, if you suspect or know they are being shared against your wishes?” Kroes said. “Front or back door – it doesn’t matter – any smart person doesn’t want the information shared at all.”

“If European cloud customers cannot trust the United States government or their assurances, then maybe they won’t trust US cloud providers either. That is my guess. And if I am right then there are multi-billion euro consequences for American companies.”

Big Data Without Security = Big Risk

Guest Post by C.J. Radford, VP of Cloud for Vormetric

Big Data initiatives are heating up. From financial services and government to healthcare, retail and manufacturing, organizations across most verticals are investing in Big Data to improve the quality and speed of decision making as well as enable better planning, forecasting, marketing and customer service. It’s clear to virtually everyone that Big Data represents a tremendous opportunity for organizations to increase both their productivity and financial performance.

According to WiPro, the leading regions taking on Big Data implementations are North America, Europe and Asia. To date, organizations in North America have amassed over 3,500 petabytes (PBs) of Big Data, organizations in Europe over 2,000 PBs, and organizations in Asia over 800 PBs. And we are still in the early days of Big Data – last year was all about investigation and this year is about execution; given this, it’s widely expected that the global stockpile of data used for Big Data will continue to grow exponentially.

Despite all the goodness that can stem from Big Data, one has to consider the risks as well. Big Data confers enormous competitive advantage to organizations able to quickly analyze vast data sets and turn it into business value, yet it can also put sensitive data at risk of a breach or violating privacy and compliance requirements. Big Data security is fast becoming a front-burner issue for organizations of all sizes. Why? Because Big Data without security = Big Risk.

The fact is, today’s cyber attacks are getting more sophisticated and attackers are changing their tactics in real time to get access to sensitive data in organizations around the globe. The barbarians have already breached your perimeter defenses and are inside the gates. For these advanced threat actors, Big Data represents an opportunity to steal an organization’s most sensitive business data, intellectual property and trade secrets for significant economic gain.

One approach used by these malicious actors to steal valuable data is by way of an Advanced Persistent Threat (APT). APTs are network attacks in which an unauthorized actor gains access to information by slipping in “under the radar” somehow. (Yes, legacy approaches like perimeter security are failing.) These attackers typically reside inside the firewall undetected for long periods of time (an average of 243 days, according to Mandiant’s most recent Threat Landscape Report), slowly gaining access to and stealing sensitive data.

Given that advanced attackers are already using APTs to target the most sensitive data within organizations, it’s only a matter of time before attackers will start targeting Big Data implementations. Since data is the new currency, it just makes sense for attackers to go after Big Data implementations because that’s where big value is.
So, what does all this mean for today’s business and security professionals? It means that when implementing Big Data, they need to take a holistic approach and ensure the organization can benefit from the results of Big Data in a manner that doesn’t negatively affect the risk posture of the organization.
The best way to mitigate risk of a Big Data breach is by reducing the attack surface, and taking a data-centric approach to securing Big Data implementations. These are the key steps:

Lock down sensitive data no matter the location.

The concept is simple; ensure your data is locked down regardless of whether it’s in your own data center or hosted in the cloud. This means you should use advanced file-level encryption for structured and unstructured data with integrated key management. If you’re relying upon a cloud service provider (CSP) and consuming Big Data as a service, it’s critical to ensure that your CSP is taking the necessary precautions to lock down sensitive data. If your cloud provider doesn’t have the capabilities in place or feels data security is your responsibility, ensure your encryption and key management solution is architecturally flexible in order to accommodate protecting data both on-premise and in the cloud.

Manage access through strong polices.

Access to Big Data should only be granted to those authorized end users and business processes that absolutely need to view it. If the data is particularly sensitive, it is a business imperative to have strong polices in place to tightly govern access. Fine-grained access control is essential, including things like the ability to block access by even IT system administrators (they may have the need to do things like back up the data, but they don’t need full access to that data as part of their jobs). Blocking access to data by IT system administrators becomes even more crucial when the data is located in the cloud and is not under an organization’s direct control.

Ensure ongoing visibility into user access to the data and IT processes.

Security Intelligence is a “must have” when defending against APTs and other security threats. The intelligence gained can support what actions to take in order to safeguard and protect what matters – an organization’s sensitive data. End-user and IT processes that access Big Data should be logged and reported to the organization on a regular basis. And this level of visibility must occur whether your Big Data implementation is within your own infrastructure or in the cloud.

To effectively manage that risk, the bottom line is that you need to lock down your sensitive data, manage access to it through policy, and ensure ongoing visibility into both user and IT processes that access your sensitive data. Big Data is a tremendous opportunity for organizations like yours to reap big benefits, as long as you proactively manage the business risks.

CJRadford

You can follow C.J. Radford on Twitter @CJRad.

Survey Infographic: Customer Relying on Virtualization Vendors For Security

BeyondTrust has released a survey, Virtual Insecurity, that reveals organizations are relying heavily on virtualization vendors for security if for any security at all. Key survey takeaways from the 346 respondents that participated include:

  • 42 percent do not use security tools regularly as part of their virtual systems administration
  • 34 percent lean heavily on antivirus protection as a primary security tool
  • 57 percent often use existing image templates for new virtual images
  • Nearly 3 out of every 4 respondents say that up to a quarter of virtual guests are offline at any given time
  • 64 percent have no security controls in place that require a security sign off prior to releasing a new virtual image or template

Here’s an infographic based on these results:

Virtual Insecurity Infographic FINAL