June 2013 - Page 2 of 2 - The Privacy Post

0

Safe Gaming: Staying Protected While Having Fun

Posted by on Jun 14, 2013

The gaming community is one of the most web-savvy and technologically informed demographics on the net. But that fact has unfortunately attracted the attention of some of the world’s most notorious hackers, which have made developers and gamers prime targets in their coordinated attacks. Recently, four British men were charged with taking part in the notorious 2011 LulzSec attacks. The hacking group targeting big organizations and companies like the CIA and Sony, boasting about their exploits publically on Twitter along the way. The four men sentenced were Ryan Cleary, Ryan Ackroyd, Mustafa Al-Bassam, and Jake Davis. All of the men hid behind the online aliases of ViraL, Kayla, tFlow, and Topiary.

LulzSec

Image courtesy of Twitter.com

LulzSec grew out of the libertarian hacktivist group Anonymous, but quickly dropped the political motivations behind Anonymous, adopting the slogan, “laughing at your security since 2011”. According to prosecutor Sandip Patel, “They are at the cutting edge of a contemporary, emerging species of international criminal offending known as cyber-crime,” adding that, “LulzSec saw themselves as latter-day pirates. After hacking into Sony and the CIA, LulzSec set their sights on gamers. On its Twitter account, the hacking group claimed that it had taken down the website and server for the massively multiplayer game EVE Online, the online strategy game League of Legends, and Minecraft.

Four convicted LulzSec hackers

Photo courtesy of Telegraph.co.uk

The group posted to @EveOnline, “our boats sunk your inferior spaceships, ujelly,” as well as, “Silly Eve have taken their entire network offline after our very simple DDoS attack. Oh well, another day, another lulz!” From PBS to Nintendo, it seems that no one is safe from these hackers. Even popular developers like Bethesda Softworks have fallen victim to LulzSec. In a recent breach, the hackers obtained the stored personal information of about 200,000 individual gamers. After successfully breaching the developer’s security, the hacking “group claimed that because it “liked” the development company it wouldn’t reveal the users’ personal information.” No one is sure as to why LulzSec would hack a company it likes in the first place, but this anomaly will do little to satisfy the concerns of most gamers looking to game in peace without the risk of losing their private data to hackers. And gamers should receive little consolation as the group has shown disdain in the past for hacked gamers, writing in a post, “If you’re mad about Minecraft, we’d love to laugh at you over the phone. Call 614-LULZSEC for your chance to reach Pierre Dubois! :3”.

Minecraft was hacked by LulzSec

Image courtesy of HacksRoom.com

Unfortunately, LulzSec is not the only offender to worry about. As a recent investigation by Kaspersky Lab analysts shows, cybercriminals are actively seeking systems to breach for exploitable source codes, digital certificates, and in-game currency. Hackers have discovered that gaming companies often store sensitive user information like addresses and financial records. This valuable data justifies the time and risks of an APT (advanced persistent threat) attack, which are normally reserved for hacks on government agencies. Hackers also look to take advantage of development secrets while using gaming networks to distribute malware to a massive amount of users. One simple way players can help guard their data is by never engaging in illegal black market gaming. Users connecting to unofficial servers ultimately reward such hackers while leaving their data vulnerable to attack.

Players that take advantage of modified games or stolen game source codes may think that they are cheating the system, but could ultimately damage their entire system through inadvertently downloading and spreading malware. According to PCAdvisor.co.uk, players that engage in such black market gaming put their data and systems at considerable risk. Research conducted by AVG Technologies revealed that 90% of hacked games are infected with malware. Gamers should demand that developers and gaming companies protect their data through private cloud storage.

Private Protection

Finding the right third party cloud service can be a challenge as many cloud services on the market have wide security gaps that leave sensitive data wide open to third party attacks from groups like LulzSec. One cloud service provider that sets itself apart from the market is SpiderOak. This private cloud provider offers the full benefits of cloud storage and sync along with 100% data privacy.

SpiderOak protects sensitive user data through two-factor password authentication and 256-bit AES encryption so that files and passwords stay private. Two-factor authentication is just like the process used by some banking services that require a PIN as an extra precaution along with a password in order to successfully log in. With SpiderOak, users that choose to use two-factor authentication must submit a private code through SMS along with their individual encrypted password. Users can store and sync sensitive information with complete privacy, because this cloud service has absolutely “zero-knowledge” of passwords or data. Plaintext encryption keys are exclusively stored on the user’s chosen devices, so businesses and users can rest easy knowing their data won’t be exploited by the latest hacking group. SpiderOak’s private cloud services are available on Windows, Mac, and Linux platforms, along with Android and iOS mobile devices, allowing for flexible solutions for both developers and gamers.

June 2013 - Page 2 of 2 - The Privacy Post

0

Cyber Wars & Business Security

Posted by on Jun 13, 2013

As the world continues to go digital, international spying has also gone to the web, with full-fledged cyber wars targeting innocent users along the way. In 2010, Google became the first company in the U.S. to disclose a major security breach to the public. In its statement, the company claimed that hackers had exfiltrated source code and attempted to crack the accounts of activists for Tibetan independence. And Google wasn’t the only major company targeted in the attacks. Only minutes after Google’s announcement, Adobe released a blog post revealing that they had been the target of a “sophisticated, coordinated attack against corporate network systems managed by Adobe and other companies.”

Cyber War

Image courtesy of thehackernews.com

After the dust settled from the collective shock of the market, government, and consumers, it soon surfaced that the attack targeted source code management systems of more than 30 major companies. The organized hackers sought out source code and other sensitive data from defense contractors and financial institutions. The breach was traced back to China and prompted Secretary of State Hillary Clinton to speak out against the breach. This major security breach was part of an orchestrated hacking campaign that targeted Berlin, London, and Washington companies and institutions. Evidence suggests that the campaign was sponsored, endorsed, or allowed by Beijing officials.

Google hacked by China

Image courtesy of sureshatt.blogspot.com

The hackers were able to access a database containing information on U.S. surveillance targets. Government officials still don’t know how much the hackers were able to access, but the breach poses a major concern for national security. The hacked information contained court orders and warrants authorizing surveillance of suspected Chinese spies through their Gmail accounts. For the Chinese government, such information is essential, because as one official put it, “Knowing that you were subjects of an investigation allows them to take steps to destroy information, get people out of the country.” And the attacks haven’t stopped since then, with a recent attempted breach on Microsoft’s servers, in which hackers sought to crack the accounts of those flagged for surveillance by U.S. law enforcement and security agencies. According to the senior director of Microsoft’s Institute for Advanced Technology in Governments, David W. Aucsmith, “What we found was the attackers were actually looking for the accounts that we had lawful wiretap orders on.”

These attacks sourced in China have been dubbed the “Aurora attacks” and have brought national attention to the ongoing cyber war between the U.S. and China. With the backing of a national government, these coordinated attacks have become all the more dangerous. According to CIO.com, IT security workers, managers, and HR teams should “ensure that their systems are as dynamic as possible, narrowing the window for potential attacks and, in the process, making it more costly for the adversaries.” While these cyber wars don’t have physical casualties, unsuspecting consumers using popular services like Gmail could unknowingly find their data seized in the crossfire.

Global Cyber Wars

Image courtesy of securityaffairs.com

For businesses and users looking to keep their sensitive data out of the expanding battlefield of these cyber wars, several steps are in order. First, IT managers and individual users must do the work of securing any sensitive information onsite. That means data encryption and password protected desktop storage before submitting data to a third party cloud service provider. Then, IT teams and users must find and choose a truly private cloud service provider that can offer actual user anonymity. As the recent Operation Aurora attacks indicate, businesses and users cannot rely on the protections of the U.S. government to secure their data from international hackers backed by national governments.

The Protection of Privacy

Choosing the right third party cloud service can be a challenge as many cloud services on the market have wide security gaps that leave sensitive data wide open to third party attacks and even legal governmental snooping. One cloud service provider that sets itself apart from the market is SpiderOak. This private cloud provider offers the full benefits of cloud storage and sync along with 100% data privacy.

SpiderOak protects sensitive user data through two-factor password authentication and 256-bit AES encryption so that files and passwords stay private. Two-factor authentication is just like the process used by some banking services that require a PIN as an extra precaution along with a password in order to successfully log in. With SpiderOak, users that choose to use two-factor authentication must submit a private code through SMS along with their individual encrypted password. Users can store and sync sensitive information with complete privacy, because this cloud service has absolutely “zero-knowledge” of passwords or data. Plaintext encryption keys are exclusively stored on the user’s chosen devices, so businesses and users can rest easy knowing their data won’t get caught up in an international cyber war. SpiderOak’s private cloud services are available on Windows, Mac, and Linux platforms, along with Android and iOS mobile devices, allowing for flexible solutions for both businesses and private users.

June 2013 - Page 2 of 2 - The Privacy Post

0

Reporter Rights & Email Security

Posted by on Jun 12, 2013

From the Cyber Intelligence Sharing and Protection Act to recent news of governmental spying on reporters, legal snooping on citizens has become all too commonplace in recent news. After the 9/11 attacks, the NSA directed its surveillance programs on private citizens. This monitoring of citizens has scandalously been applied to reporters, threatening America’s free press and whistleblowers across the country.

Protect your data from the government

Image courtesy of NationalPost.com

In 2009, the Justice Department began investigating potential sources of leaks on North Korea. In the process, the government investigators seized the phone records and emails of an American journalist suspected of holding classified information. Chief Washington correspondent for Fox News, James Rosen, was implicated in the investigation through two months of obtained phone records. According to First Amendment lawyer Charles Tobin, Search warrants like these have a severe chilling effect on the free flow of important information to the public…That’s a very dangerous road to go down.” In its investigation, the Justice Department subpoenaed the records of at least 20 phone lines from AP offices in New York, Connecticut, and Washington. First Amendment watchdog groups, AP executives, and advocates of a free press have strongly criticized the investigator’s actions, calling on the Justice Department for greater transparency.

Eric Holder

Photo courtesy of HuffPo.com

According to the director of the ACLU’s Speech, Privacy and Technology Project, Ben Wizner, “Never in the history of the Espionage Act has the government accused a reporter of violating the law for urging a source to disclose information…This is a dangerous precedent that threatens to criminalize routine investigative journalism.” In the affidavit, FBI Agent Reginald Reyes was able to obtain a warrant to investigate Rosen’s phone records by convincing a judge that the reporter had acted as a co-conspirator in violation of the Espionage Act. This is the first time that the Obama administration has accused a U.S. journalist of violating the Espionage Act, which is what Army intelligence analyst Bradley Manning was accused of in his notorious leak to WikiLeaks. In addition to Rosen, the Justice Department also obtained the phone records of two White House staffers and five more numbers tied to Fox News. Ryan Lizza of The New Yorker recently uncovered a partially redacted list showing over 30 phone numbers with seized records.

James Rosen, victim of government snooping

Photo courtesy of NewYorker.com

Outrage from the scandal has spilled across wide sectors from journalists to legislators, prompting bipartisan lawmakers in the House to unveil a bill limiting such violations of privacy in the future. According to one of the bill’s sponsors, Representative Ted Poe (R – Texas), the seizure of journalist phone records and emails “was nothing short of, in my opinion, a massive intimidation fishing expedition….We believe it’s time for Congress to intervene and take action to preserve and protect the First Amendment that we all believe in. So we should revise and revisit U.S. law and require in all cases judicial review before the government can secretly investigate those who keep the public informed.” The bipartisan bill is called the Free Flow of Information Act of 2013 and is backed by Ted Poe, Representative Trey Radel (R – Florida), Representative John Conyers Jr. (D – Mich.), Representative Sheila Jackson Lee (D – Texas), and Representative Jerrold Nadler (D – N.Y.). The Free Flow of Information Act of 2013 would require the Department of Justice to demonstrate a viable national security threat and that all other investigative options have been exhausted before obtaining a warrant for seizing the private phone and email records of journalists.

But in the meantime, journalists can still protect their sensitive information by taking precautionary measures. According to Trevor Timm at the Electronic Frontier Foundation, In the digital age, where the government can use all sorts of surveillance to conduct leak investigations, it’s very important for journalists to be pro-active about fortifying their digital security. Poor opsec [operations security] can end up exposing a source and leading to even more of these investigations. The Committee to Protect Journalists’ Journalist Security Guide is an excellent place to start. It addresses concerns faced by journalists working inside the United States and internationally.”

Secure Email Storage

Along with the steps found in the Journalist Security Guide, investigative reporters can keep leaked information and any sensitive files safe with private cloud services. Many cloud services on the market have wide security gaps that leave sensitive data wide open to third party attacks and governmental snooping. But for SpiderOak, this private cloud service provider offers the full benefits of cloud storage along with 100% data privacy for journalists and whistleblowers.

As for just how SpiderOak protects sensitive user data, the service offers two-factor password authentication and 256-bit AES encryption so that files and passwords stay private. Two-factor authentication is just like the process used by some banking services that require a PIN as an extra precaution along with a password. Through SpiderOak, users that select two-factor authentication must submit their private code through SMS as well as an individual encrypted password. Journalists can store and sync sensitive information with complete privacy, because this cloud service has absolutely “zero-knowledge” of user data. Plaintext encryption keys are only stored on the user’s chosen devices, so journalists can keep rest easy knowing their data is protected. SpiderOak’s private cloud services are available for journalists on Windows, Mac, and Linux platforms, along with Android and iOS mobile devices, allowing for flexible solutions for reporters in the field.

June 2013 - Page 2 of 2 - The Privacy Post

0

A Security Checklist for SMBs

Posted by on Jun 11, 2013

As SMBs struggle to stay ahead of the game, one of the most popular ways to save money on IT budgets has been to transition from onsite security to cloud-based security solutions. According to Gartner, global spending on data security is expected to reach $86 billion by 2016. Such an increase in security spending makes sense especially given the prevalence of third party attacks that could put businesses under with a single breach. Attackers have recently exfiltrated more than 20 terabytes of protected data from the Department of Defense and several of its contractors, showing that even the government falls victim to these common place attacks. Many of the attacked institutions were unaware of the breaches as data flows were left unmonitored. To guard against such attacks in the future, businesses must monitor physical and electronic network boundaries to reduce exposure to attack.

Cloud Checklist

Image courtesy of Infogressive.com

Once a business falls victim to hacking, it can take weeks to fully recover, putting operations on pause and severely interrupting workflow. Small to midsize businesses looking to leverage technology in their favor can help secure their data by sticking to a checklist to protect data onsite, in transit, and on the cloud. One way to protect data is by sticking to the Twenty Critical Security Controls, which target key steps that are known to block popular attacks. These controls are already in place across wide sectors of the government to avoid the types of security breaches that have plagued everyone from the US Army Corp of Engineers to the Department of Defense. The Twenty Critical Security Controls were developed by the Center for Strategic and International Studies and John Gilligan, former CIO of the US Department of Energy and the US Air Force. Organizations that have already signed on to the controls include leading banking security experts, the NSA, Department of State, DoD Cyber Crime Center, and the Department of Energy Nuclear Laboratories. Through implementing such a checklist, SMBs can improve workflow while reducing IT costs. Under CISO John Streufert, the US State Department has shown a 94% reduction in “measured” security risks through implementing the checklist.

The Twenty Critical Security Controls are:

  1. Inventory of Authorized and Unauthorized Devices
  2. Inventory of Authorized and Unauthorized Software
  3. Secure Configurations for Hardware and Software on Mobile Devices, Laptops, Workstations, and Servers
  4. Continuous Vulnerability Assessment and Remediation
  5. Malware Defenses
  6. Application Software Security
  7. Wireless Device Control
  8. Data Recovery Capability
  9. Security Skills Assessment and Appropriate Training to Fill Gaps
  10. Secure Configurations for Network Devices such a Firewalls, Routers, and Switches
  11. Limitation and Control of Network Ports, Protocols, and Services
  12. Controlled Use of Administrative Privileges
  13. Boundary Defense
  14. Maintenance, Monitoring, and Analysis of Audit Logs
  15. Controlled Access Based on the Need to Know
  16. Account Monitoring and Control
  17. Data Loss Prevention
  18. Incident Response and Management
  19. Secure Network Engineering
  20. Penetration tests and Red Team Exercises
Cloud security spending

Image courtesy of CIOInsight.com

According to the Verizon Business 2013 Data Breach Investigations Report, 78% of initial breaches were easily avoidable with basic controls employed by IT administrators. Some of the standard precautions overlooked by IT teams include weak passwords, outdated software, and non-hardened configurations. IT managers should start the security process onsite before uploading data to a cloud service. Other ways businesses can secure their data include keeping all software up to date, prohibiting web surfing on admin accounts, and using two-factor authentication.

SMBs & the cloud

Image courtesy of GetApp.com

For businesses that have secured their data in house with proper IT precautionary measures, the next step is finding a truly protected cloud. Many SMBs can take advantage of the cost-effective cloud solutions on the market that offer better protections and storage services than onsite options would provide. But finding the right cloud service provider can be a challenge when security is a main concern. When searching for a good cloud service provider, SMBs should look for a provider that offers encryption for data in transit and in storage.

A Private Cloud Solution

Many cloud services on the market have security gaps that leave company and user data wide open to third party attacks and even internal data mining. One service leading the way in transparency is the anonymous cloud storage and sync company, SpiderOak. This private cloud service provider offers the full benefits of the cloud along with 100% data privacy for businesses and the average user looking for trustworthy online storage.

As for just how they protect sensitive data, SpiderOak offers two-factor password authentication and 256-bit AES encryption so that user files and passwords stay private. Two-factor authentication is just like the process used by some banking services that require a PIN to log on in as an extra precaution along with a password. With SpiderOak, users that select two-factor authentication can submit their private code through SMS as well as their individual encrypted password. Users can store and sync with complete privacy, because this cloud service touts its “zero-knowledge” of user data. Plaintext encryption keys are only stored on the user’s chosen devices, so users are put back in full control of their data. SpiderOak’s private cloud services are available for users on Windows, Mac, and Linux platforms, along with Android and iOS mobile devices.

June 2013 - Page 2 of 2 - The Privacy Post

0

Transparency & The Cloud

Posted by on Jun 10, 2013

Everyday users looking for convenient backup solutions and businesses looking to leverage technology in their favor have turned to cloud services. And cloud growth is only expected to expand in the years ahead. In a recent study, Gartner predicts that total cloud service market growth will expand from $76.9 billion in 2010 to $210 billion in 2016. In 2012, total spending on cloud services grew 18.6% and the expected compound annual growth rate (CAGR) for cloud spending through 2016 is 17.7%. While such numbers might invite consumer trust, they’re unfortunately paired with almost daily news of cloud hacking, data mining, and user exploitation. To truly take advantage of the cloud without having personal information leaked, stolen, or even sold, users should demand cloud transparency while proactively protecting their data from third party attacks with a private cloud service that can offer true data anonymity.

Transparant clouds

Image courtesy of Wallpaperswala.com

As whole sectors of the market take to the cloud, service providers have widely marketed themselves as secure. Many users don’t fully understand the complexities of data security and unfortunately, some service providers have exploited this fact, shrouding their protection processes in secrecy. But as more businesses rely on cloud services for their infrastructure and daily operations, it’s vital for service providers to enact proper security measures. According to the Cloud Security Alliance, true data security comes from “adopting and adhering to best practices and standards that create a secure environment – secrecy is best left to end users protecting their passwords and login credentials.” This means that security must be established in partnership between users and cloud service providers. Users must do the work of securely hosting their plaintext encryption keys while encrypting and highly sensitive data before uploading it to the cloud. For cloud service providers, they should be upfront with consumers in their marketing efforts when describing their security measures.

5-year CAGR

Image courtesy of Gartner.com

Unless cloud providers can offer truly secure solutions, businesses may abandon the cloud trend altogether. Recently at the MIT Sloan CIO Symposium, CIO Scott Blanchette of Vanguard Health Systems Inc., claimed that “the traditional argument that cloud-based software is beneficial because it allows IT leaders to tap into their operating budgets rather than requesting capital for software and hardware investments hold less water in a low-interest-rate environment when ‘money is essentially free.’” Cloud service providers must find a way to provide actually private storage, protecting user anonymity otherwise as Mr. Blanchette says, “If the solution isn’t better, faster or cheaper than what I have organically, it’s not an attractive alternative other than risk transference.” Fundamentally, as GigaOM contributor James Urquhart puts it, when it comes to the cloud “transparency is essential.”

Executive Director of the Cloud Security Alliance (CSA), Jim Reavis

Photo courtesy of Evvochannel.com

With open source technology like OpenStack and movements like the OpenGov Foundation, consumer demand for transparency is on the rise. While cloud providers can’t realistically or safely disclose their codes, they can at least be honest about the level of security they provide, while helping their users understand how their data and passwords are being protected. As it stands, many security experts are still uncertain as to cloud safety and have held off on advising businesses to make the switch. At the SecTor security conference, Executive Director of the Cloud Security Alliance (CSA), Jim Reavis, answered the question of whether or not clouds provide better security for businesses than traditional IT. As Reavis said, “It’s not like we think that any outsourced cloud provider is less secure than our own infrastructure…It’s just that we don’t have the same transparency…The informed consumer is a missing component in making cloud providers more transparent in terms of what they are doing…That is the only way we’d be able to know and provide assurance that that appropriate service is being delivered.” Once again, transparency is highlighted as the missing component keeping companies back from switching to the convenience and cost savings of the cloud. But as Reavis says, the demand must come from consumers, “We can’t do it as individual companies, where we have less and less ability to influence a cloud provider…So we have to work together.”

Cloud adoption

Infographic courtesy of TrackVia.com

Transparency & Private Cloud Solutions

Most cloud services on the market have security gaps that leave company and user data wide open to third party attacks and even internal data mining. One company leading the way in transparency is the anonymous cloud storage and sync service SpiderOak. This cloud service provider offers the full benefits of the cloud along with 100% data privacy for businesses and the average user looking for reliable online storage.

As for just how they protect user data, SpiderOak offers two-factor password authentication and 256-bit AES encryption so that user files and passwords stay private. Two-factor authentication is just like the process used by some banking services that require a PIN to log on in as an extra precaution along with a password. With SpiderOak, users that select two-factor authentication submit their private code through SMS as well as their individual encrypted password. Users can store and sync with complete privacy, because this cloud service touts its “zero-knowledge” of user data. User plaintext encryption keys are only stored on the user’s chosen devices, so users are put back in control of their data. SpiderOak’s private cloud services are available for users on Windows, Mac, and Linux platforms, along with Android and iOS mobile devices.

June 2013 - Page 2 of 2 - The Privacy Post

0

Managing the Cloud for IT & HR Teams

Posted by on Jun 7, 2013

Cloud services are the latest rage for companies looking for cost savings and worker mobility. But many popular cloud services still leave open security gaps that could leave your company open to attack! IT and HR teams must proactively seek out truly private cloud services while maintaining proper security measures onsite. With proper IT policies and secure cloud solutions, companies of all sizes can enjoy the benefits of the cloud without worrying about data breaches. And with the right measures in place, private clouds can help soften the common cloud security concerns held by many cautious IT managers and HR teams.

Cloud management

Image courtesy of TechWireAsia.com

The main reason for the market shift towards cloud solutions boils down to tightening budgets and increased demands for employee productivity. As SMEs and large corporations quickly turn to the benefits of the cloud, HR policies will likely need to be updated. Traditional IT infrastructure is simply outdated and requires too large of a staff for companies to stay competitive and relevant. But trusting third party cloud providers with your business data and sensitive customer information can be risky unless you choose a truly private cloud provider. However, a quick look at the cost savings and convenience of the cloud show that the untapped benefits of the private cloud far outweigh the minor inconvenience of updating IT policies and making the switch.

Cloud savings

Infographic courtesy of Microsoft.com

In a recent survey of small businesses conducted by Brother International Corp., 75% of small businesses claimed that a crashed computer is more of a workflow disruption that a sick employee. While an individual employee can be responsible for quite a bit in a day, a downed computer means stalled productivity, lost data, and missed deadlines. As CEO of Eagle Feather Enterprises, Patrick Rardin says, “The consequences of a crash can leave a business operation fully exposed to the danger of costly system downtime and data recovery fees that come with technology failures…Hurricane Sandy, for example, cost businesses billions of dollars in downtime and lost revenues.” Data drives profits for many SMBs, so IT and HR teams must keep good systems in place to protect such data. Onsite servers are costly and require large IT teams for routine maintenance and upgrades. And in the case of a power outage, attack, or server crash, a company’s entire operations could be stalled, meaning severe loss of revenue and a damaged brand.

Cloud benefits

Image courtesy of IBM.com

A solution is found in private cloud storage. Private cloud backup services grant businesses unlimited remote and secure access at a much lower cost than owning servers onsite. As Gene Marks, the founder of The Marks Group, says, “Small businesses are really making heavy use of online backup…If your server goes down or there’s a fire, your stuff is stored somewhere else.” So in the case of a crash, businesses that employ private cloud services will have virtually no downtime as the cloud can be accessed from any approved device with the appropriate credentials. With Bring Your Own Device policies, even if company desktops are down, employees can maintain productivity through mobile devices and laptops.

According to John Wandishin, Vice President of Marketing at Brother, “Small businesses can use the cloud to store things, to retrieve things and to send things…Having your business in the cloud means if you need a contract or proposal you don’t need a PC to download it.” And in the event of a company-wide crash, businesses with smart scanners and printers that are plugged into the cloud can work around downed PCs by accessing and printing files straight from the cloud. As Wandishin says, “An all-in-one printer has the capability to go up in the cloud and pull down documents to print without using a PC…Scanners can connect directly to [the] cloud which keeps business moving.”

HR & Private Cloud Solutions

Along with the convenience and savings on IT the cloud provides, companies that engage in this technology can also streamline their human resource tasks. From payroll to hiring, more and more HR tasks are moving to the cloud. Cloud services have become the standard in affordable options for small businesses looking to leverage technology in their favor. With automatic updates and streamlined data-entry, the cloud also frees up staff from busywork. But IT managers and HR teams looking to make the switch to the cloud should still be cautious in regards to security. As Stephen Hayne, professor of computer information systems at CSU Fort Collins, says, “The cloud gives multiple entry points. Now you are vulnerable from everywhere, not just your tight layer of defense in your own organization.”

Many cloud services presenting themselves as “secure” still have massive vulnerabilities leaving company data open to hacking and even data mining. For businesses looking for absolute data security, an anonymous cloud storage and sync service like SpiderOak provides the benefits of the cloud along with complete data privacy. This service offers two-factor password authentication and 256-bit AES encryption so that sensitive user files and passwords stay private. Two-factor authentication is similar banking services that require a PIN to log on in addition to a password. For SpiderOak, users can submit their private code through SMS along with their individual encrypted password. Once logged in, users can store and sync files with complete anonymity, because this cloud service has “zero-knowledge” of user data and plaintext encryption keys, which are only stored on the user’s chosen devices. SpiderOak’s services are available for businesses of all sizes on Windows, Mac, and Linux, along with Android and iOS.

June 2013 - Page 2 of 2 - The Privacy Post

0

Is Your Cloud Safe?

Posted by on Jun 6, 2013

Cloud services have completely changed IT for businesses across a wide range of sectors. But as more and more companies rely on the cloud for storage, syncing, and computing, hackers have started to target popular cloud services for the trove of sensitive data hosted there. IT departments struggle to stay ahead of hackers seeking to exploit sensitive information through data theft or disrupt operations through distributed denial of service attacks. While the cloud and Bring Your Own Device policies have granted businesses cost savings, convenience, and worker mobility, some IT departments have not considered the security risks inherent in employing public cloud services.

Cloud safety

Image provided by cloudtweaks.com

Non-private cloud services are vulnerable to third party attack and even legal snooping from governmental organizations ranging from the IRS to the Department of Defense. Recently, U.S. Attorney General Eric Holder announced his support for changes in current laws to require all governmental institutions to obtain a warrant based on probable cause before seizing cloud-based emails, documents, and other uploaded files. Holder stated, “the more general notion of having a warrant to obtain the content of communications from a service provider is something that we support.” As it stands, the Electronic Communications Privacy Act (ECPA) grants the government legal access to personal emails that have been opened as well as unopened emails older than six months. Such a legal violation of privacy rights is permissible with only a subpoena signed by any federal prosecutor, as opposed to a legal warrant signed by a judge, which is the case for physical mail.

But companies can protect their data from both hackers and legal snoops through employing a private cloud service while engaging in safe internal IT policies. Once way to secure sensitive company data in house is through implementing persistent encryption technology to protect data on its way to the cloud. This “on-promise gateway” allows businesses to ensure that data stays encrypted from the internal gateway proxy to the storing process with the cloud service provider. Starting off with encrypted data is an important first step in helping to secure vital data.

Encrypting data before sending it over to a private cloud service is essential to standard business security, especially when considering the threat of hacking or even viruses, which could rapidly spread across private user devices. According to McAfee, popular cloud storage services like Dropbox and Apple’s iCloud can leave users vulnerable to “cross-device infection” when users download storage interfaces on multiple devices. EMEA CTO Raj Samini said, “The attack surface has increased…You get cross-device threats. What if you have an infected file transferred from your iPhone to iCloud, which then finds its way onto your PC? A threat can traverse multiple devices.”

Cloud concers

Image provided by orange-business.com

Just last year, an iOS app was embedded with Windows malware. Users that plugged the iOS device into a Windows PC would effectively transfer the file to the machine, resulting in an infection. As more businesses employ cloud services, Samani predicts the rise of such instances of cross-device infection. The risk is heighted by mobile workers and Bring Your Own Device policies, which raise privacy issues for both workers and businesses that employ non-private cloud services. As an information and communication technologies research analyst stated, “The popularity of social media and the substantial increase in social website threats, such as identity thefts, have prompted several companies to scout for security applications capable of meeting their security needs.” Through encrypting data in house and employing private cloud services, companies can take full advantage of the cloud’s many benefits without worrying about third party attacks, legal snooping, or cross-device infection.

Endpoint security

Image provided by kaspersky.com

According to Daniel Lai, CIO for Hong Kong’s Special Administrative Region, Hong Kong’s market uptake in cloud computing increased 20.9% in 2011 to 33% in 2012. Larger enterprises took up 53% of the market share and small businesses comprised the remaining 47%, showing that companies of all sizes have enjoyed the cost savings and convenience that the cloud affords. But some companies still are wary of making the switch to the cloud due to security concerns, with half of companies surveyed citing security as the most important reason keeping them from the cloud. And there is some reason to fear most of the cloud services on the market, as frequent news of hacks and data breaches reveal the massive security gaps spread throughout the industry. But this vulnerability has only left the door wide open to emerging solutions that can offer true privacy and user anonymity.

Cloud Privacy in a Crowded Market

Most cloud services presenting themselves as “secure” still have massive vulnerabilities leaving company data open to hacking and even data mining. For businesses looking for absolute data security, an anonymous cloud storage and sync service like SpiderOak provides the benefits of the cloud along with complete data privacy. This service offers two-factor password authentication and 256-bit AES encryption so that sensitive user files and passwords stay private. Two-factor authentication is similar banking services that require a PIN to log on in addition to a password. For SpiderOak, users can submit their private code through SMS along with their individual encrypted password. Once logged in, users can store and sync files with complete anonymity, because this cloud service has “zero-knowledge” of user data and plaintext encryption keys, which are only stored on the user’s chosen devices. SpiderOak’s services are available for businesses and individual users on Windows, Mac, and Linux, along with Android and iOS.

June 2013 - Page 2 of 2 - The Privacy Post

0

Cutting Costs through the Cloud

Posted by on Jun 5, 2013

For companies looking for ways to stay ahead of the curve, cloud services are all the rage. Cloud storage and sync services can allow small businesses to tighten their budgets through smaller staff needs and reduced IT costs. Unfortunately, as a recent UK report from the Federation of Small Businesses shows, while almost 60% of small and medium enterprises (SMEs) say that investment in technology is “important”, only 26% actively take part. While security concerns have kept some businesses at bay, a private cloud service can offer all of the cost savings of the cloud with peace of mind, knowing that private company data won’t be breached.

Cloud benefits

Image courtesy of de.sap.info

In place of in-house servers and software maintained by large IT departments, cloud services require little onsite organization and management. According to Marketing Director for Preact, Warren Butler, “when a customer calls you, the last thing they want to do is explain their situation to a new person every time. It’s frustrating. What they want is a seamless operation, and cloud technology is enabling this. Customer Relationship Management systems these days give customer service representatives a full 360-degree view of the customer – all tweets, all e-mails, all phone calls, all complaints, every single interaction in one screen. This shortens the call, improves resolution, and helps businesses reduce frustration and improve customer retention.” This cloud revolution in business benefits all sectors from manufacturing to marketing and customer service resulting in cut costs, better workflow, and improved employee morale.

Cloud savings

Image provided by CIOInsight.com

Cloud services help small businesses leverage technology in their favor to enjoy infrastructure previously only available to big corporations. Through such services, businesses of all sizes can improve productivity through enabling worker mobility and flexible Bring Your Own Device policies. Backing up sensitive data to a private cloud also helps ensure resiliency as over half of small businesses are put out of operation within just a year of a major security breach. But with cloud storage and syncing, essential company information will be protected on cloud servers even in the case of an internal outage. In the face of a difficult economy, rapid technological developments, and unpredictable shopping patterns, SMEs can capitalize on the benefits of the cloud to help stay ahead of the game.

According to DataOne Asia President and CEO Cyril Rocke, “Businesses that migrate their IT systems to the cloud could save at least 50 percent of their expenses on infrastructure, management and support.” This massive reduction in expenses requires the upfront work of IT reorganization, but the overall savings far outweigh the hassle of restructuring. As Rocke says, “Most IT users tend to underestimate the cost of procuring infrastructure. Companies cannot do it in a snap and they need to follow a long procurement process that is costly and could last more than a year. This process severely damages businesses, and reduces their ability to react and roll out new ideas and solutions.” Rather than trying to catch up, SMEs can proactively position themselves to securely stay ahead of market trends and consumer demands through private cloud services.

Cloud adoption

Image provided by techtarget.com

When small business CEO Gary Peterson first launched his business, he paid $15,000 for a top of the line server, spending another $400 monthly for secure hosting services. Now, the server that was once high performance is now prehistoric, gathering dust and taking up much needed office space while Peterson turns to cloud services to take advantage of the convenience and savings the cloud provides. According to his article on Forbes.com, through cloud services Peterson’s company “has the same infrastructure, server capacity and overall data security as companies 1,000 times our size.” The savings and security that cloud services offer to small businesses should wake up IT managers and HR teams that have previously been wary of turning to the cloud. With convenient scalability, private cloud services are quickly becoming the standard solution for businesses of all sizes looking for a competitive edge.

Cost reductions

Image provided by CIOInsight.com

A Private Cloud Solution for SMEs

Many cloud services that present themselves as “secure” are anything but, with large security gaps leaving user data vulnerable to hacking, data mining, and internal exploitation. For true security, only anonymous cloud storage and sync services like that provided by SpiderOak offers all the convenience and cost savings of the cloud while guarding against security breaches. SpiderOak stands apart in the crowded cloud market through complete data privacy and user anonymity. With 256-bit AES encryption and two-factor password authentication, SpiderOak ensures that sensitive company data, folder names, filenames, and passwords cannot be read or even accessed by SpiderOak and its employees.

As for two-factor authentication, this is just like the process used by some banking and financial services that require a PIN or correct answer to a secret question. For SpiderOak, this means sending a private code through SMS along with the encrypted password to log in. Once logged in, users can store and sync files with complete privacy, as SpiderOak has “zero-knowledge” of uploaded data and plaintext encryption keys. Individual data encryption keys are exclusively stored on each user’s computer. This way, sensitive data is kept fully anonymous and kept in-house. SpiderOak’s services are available on Windows, Mac, and Linux desktop environments, along with Android and iOS mobile platforms, granting SMEs a competitive edge in an uncertain future.

June 2013 - Page 2 of 2 - The Privacy Post

0

Hollywood, Piracy, & Secure Cloud Solutions

Posted by on Jun 4, 2013

As Hollywood struggles to stay ahead of the curve, the film industry increasingly turns to cloud computing. Cloud solutions give studios and production companies the leverage to fight back against digital pirating and early film leaks, which threaten to derail the entire film industry. And as Carole Di Tosti of Technorati writes, in regards to film making, “Cloud computing is enabling a revolution.”

Hollywood & the Cloud

Photo courtesy of DiscoverLosAngeles.com

There are many ways that the cloud is helping to save Hollywood. Through cloud computing services, media service providers can collaborate with massive digital files, from file conversions and encoding to secure media file storage. And such cloud services grant workers in the film industry greater flexibility and mobility, ensuring smoother workflow and better morale. As long as workers have adequate mobile devices and a strong Internet connection, partners can collaborate from anywhere in the world, with instant access to secure servers.

One popular way that filmmakers can tap into the digital shift is by offering encrypted streaming videos online to purchasers of DVDs. As it stands, the copyright laws surrounding encrypted DVDs is complex, often leaving consumers confused, leading to copyright breaches out of ignorance of the law. According to technology legal expert Maria Crimi Speth of Jaburg & Wilk, It is a violation of Copyright law, specifically the Digital Millennium Copyright Act (DMCA), to circumvent the encryption of a DVD (or any technology). There are exceptions, but they do not include “space shifting.” The Library of Congress defines ‘space shifting’ as the copying of complete works to permit personal use on alternative devices. So, when you purchased your DVD, it was intended to be viewed on a DVD player and fair use laws do not extent that viewing to your non-DVD devices.”

FBI Warning

Image courtesy of FilmSchoolRejects.com

The only exceptions to this copy protection are for digital uploads of clips for non-commercial purposes, education, or to research or make players for the visually impaired, blind, deaf, and hard of hearing. Essentially, unless users make digital copies or uploads of protected DVD content for one of the exceptions listed above, any copy is a technical violation of the law. To circumvent the legal complications surrounding digital uploads and DVD copies, many movie fans have turned to the convenience of piracy and illegal streaming.

Two popular cloud services that have become recently caught up in the legal confusion surrounding film copyright laws are Dotcom and Megaupload. In a claim against the U.S., Dotcom’s lawyers state that Chris Dodd, the head of the Motion Picture Association of America, “openly threatened to withhold donations to Barack Obama’s 2012 re-election campaign unless the administration took action against Hollywood’s perceived copyright threats…The US government acted illegally when it took down one of the world’s largest cloud storage services without any notice or chance for Megaupload to be heard in a court of law and by omitting exculpatory evidence in their submissions to the court…The result ignores substantial non-infringing uses of cloud storage and is both offensive to the rights of Megaupload and to the rights of millions of consumers worldwide, who stored personal data with the service.”

Film has gone digital

Image courtesy of LATimes.com

As the dust settles and litigators clear up the current legal conundrum surrounding film copyright law, studios and filmmakers can preempt the push towards illegal film uploads by offering secure streaming services with DVD purchases while heavily encrypting DVDs against download, a popular trend spreading quickly through the industry. Another way to secure films is by protecting films from piracy and leaks through fully private cloud storage.

Currently, the industry hasn’t tapped the total potential of secure cloud solutions. Filmmakers have used the cloud to analyze big data to predict major award winners as well as for file storage and transcoding, but security gaps still threaten studio profits. As two industry workers reveal, cloud storage and sharing services like Dropbox and Google Docs are already being utilized for projects. The problem with relying on such services is that they are not fully private, which leaves the door wide open to hacking and leaks.

Private Film Storage

For true privacy, only anonymous cloud storage and sync services like SpiderOak can provide all the convenience of the cloud while guarding against hacking and leaks. SpiderOak stands out from the crowded cloud market by offering complete data privacy and user anonymity. Through 256-bit AES encryption and two-factor password authentication, SpiderOak makes sure that videos, folder names, filenames, and passwords cannot be read or even accessed by SpiderOak and its employees.

As for two-factor authentication, this is just like banking and financial services that require a PIN or correct answer to a secret question as a precautionary measure. For SpiderOak, this means sending a private code through SMS along with the encrypted password to log in. Once logged in, filmmakers can store and sync films and clips with complete privacy, as SpiderOak has “zero-knowledge” of uploaded data and plaintext encryption keys. This means that the data encryption key for individual passwords is exclusively stored on each user’s computer. That way, every clip and bit of sensitive data is kept fully anonymous. SpiderOak’s services are available with Windows, Mac, and Linux desktop environments, along with Android and iOS mobile platforms, granting studios flexible and secure solutions to stay ahead in the digital age.

June 2013 - Page 2 of 2 - The Privacy Post

0

Connecting SMBs to the Cloud

Posted by on Jun 3, 2013

As companies look to gain a competitive edge while scrambling to stay ahead of technological innovations, the latest standard in IT is third party cloud storage and sync services. Cloud solutions can drive up profits and streamline workflow for a wide range of SMBs. Through private clouds SMBs can take advantage of savings and worker flexibility previously only accessible to larger enterprises. According to McKinsey’s SMB Cloud Report, the public cloud market is projected to hit $40 to $50 billion by 2015, with SMBs making up 65 percent of the public cloud spending.

Sanjay Ravi, Managing Director of Discrete Manufacturing for Microsoft Corp.

Photo courtesy of Microsoft.com

Currently, small businesses remain divided as to their approach to the cloud, as shown by a recent RightScale survey. About 75 percent of businesses surveyed are involved to some degree in cloud projects. And around 17 percent of the market is currently planning on making the switch, but nearly 10 percent still choose to opt out of cloud services altogether out of security concerns or lack of understanding. But there’s no reason to stay out of the game, especially when private clouds can offer the benefits of cloud computing without the risk of a security breach.

SMBs and the cloud

Infograph courtesy of RingCentral.com

With all of the benefits that cloud computing promises for all sectors of the market, don’t risk falling behind just out of ignorance. Proper protections through private cloud services can help you push profits while giving you peace of mind. In a recent interview about cloud computing and the manufacturing sector, Sanjay Ravi, Managing Director of Discrete Manufacturing for Microsoft Corp., talked about the common fears some SBMs still have. “There is the fear that the time, money and resources invested into previous IT systems would be wasted, or the systems would need to be thrown out. There are also a lot of security and compliance concerns about the public cloud.  While some existing IT components may need to be adjusted, the overall benefits far outweigh the cost of this adjustment,” said Ravi.

Benefits of the cloud

Infograph courtesy of Microsoft.com

But as he put it, the benefits offer far too much to be ignored. Despite security fears, Ravi asserts, “Smaller Companies can leverage cloud services to bring sophisticated enterprise-level security, backup, and redundancy capabilities to their solutions – capabilities they might not have been able to afford with their limited IT resources…Cloud provides companies of all sizes the opportunity to innovate and either migrate existing solutions to a cloud environment to reduce cost and gain increased agility, or implement new business models and processes at high velocity and at lower costs.”

Furthermore, cloud computing gives small businesses the leverage to offer competitive flexible work solutions for the modern mobile employee. Though Yahoo has recently made headlines for going against the stream by requiring the company’s previously mobile employees to come back into the office, the benefits of a mobile workforce has unleashed even greater employee productivity. According to Michael Goodenough, writing for Forbes, mobile employees are “more efficient and willing to work longer hours because they have the privilege and flexibility of working remotely.” And private cloud services even allow smaller businesses to unlock Bring Your Own Device (BYOD) policies.

While BYOD policies normally pose a security risk due to the possibility of third party attacks and data theft, through private cloud services, proper protections can be put in place so that employees can safely and conveniently access encrypted corporate systems with their own devices. Employees enjoy greater mobility, employers get more productivity, and IT teams will have a lighter load without having to maintain as much on-site hardware and infrastructure. Through the cloud, SMBs cut costs on server capacity and large IT teams, while enjoying greater flexibility, productivity, and ultimately more profits. But to fully capitalize on the cloud, it’s essential to make the switch to a truly private service.

Connecting to the cloud

Image courtesy of BalboaCapital.com

Privacy for Patients

For true user privacy, only anonymous cloud storage and sync services like SpiderOak provide all the convenience and savings of the cloud while guarding against hacking and security breaches. SpiderOak stands out from the crowded cloud market by offering complete data privacy and user anonymity. Through 256-bit AES encryption and two-factor password authentication, SpiderOak makes sure that business records, folder names, filenames, and passwords cannot be read or even accessed by SpiderOak and its employees.

As for two-factor authentication, this is similar to banking and financial services that require a PIN or correct answer to a secret question as an extra precaution. For SpiderOak, this means submitting a private code through SMS in addition to the encrypted password to log in. Once successfully logged in, SMBs can store and sync with 100 percent privacy, as SpiderOak has “zero-knowledge” of uploaded data and plaintext encryption keys. This means that the data encryption key for individual passwords is exclusively stored on each user’s computer. That way, every bit of sensitive company data is kept fully anonymous. SpiderOak’s services are available with Windows, Mac, and Linux desktop environments, along with Android and iOS mobile platforms, granting SMBs flexibility along with security.