August 2013 - The Privacy Post

0

Why Your Country’s Privacy Policy is Prehistoric

Posted by on Aug 30, 2013

Just about everyone that uses the web knows that online privacy is more important than ever. With escalating international cyber wars, governmental spying programs like PRISM, and the threat of hacking, users are concerned over the state of their security online. Unsecured websites can be prime sources for security breaches and malware, especially as many companies don’t even have a privacy policy in place. Enterprises should update their privacy policies to ensure security on their networks and sites, while protecting their users.

Online Privacy Policies

Image courtesy of itbusinessedge.com

The Global Privacy Enforcement Network, or GPEN, recently conducted their first Internet Privacy Sweep. This survey of website and mobile apps analyzed their privacy policies for strength and readability. Of the websites surveyed, 23% had no privacy policy in place, while 33% caused confusion due to readability issues. The world of mobile apps is even less secure with 54% displaying no privacy policy at all and 92% displaying lack of readability.

In the UK, users suffer from even murkier privacy policies than the sample surveyed by GPEN. According to a study by Deloitte, reading through the verbose and jargon-riddled policy statements of all the websites visited by the average user in a year would take about 31 hours. The study, called Data Nation 2013: Balancing Growth and Responsibility, estimates that the average website has a privacy policy that would take at least 25 minutes to read through. Some companies think that making policies difficult to navigate results in covering their end legally, while getting users to sign up for data mining and other data sharing programs.

But as research director of Deloitte Analytics, Harvey Lewis, says, “Organizations need to make it easier for individuals to understand why this information is collected and what benefit they will receive. Businesses are more likely to get maximum benefit from data if every customer interaction is based on the principles of transparency, trust and informed dialogue.” And in this current climate, offering users added privacy protections and transparency is sure to win over hearts as online privacy becomes more and more valued amidst security fears.

Users & Privacy Knowledge

Image courtesy of researchaccess.com

The U.S. and U.K. aren’t the only nations battling the problem of bad privacy policies. In Canada, Privacy Commissioner Jennifer Stoddart conducted a survey of Canadian website privacy policies to find that 10% didn’t even have a policy. According to Stoddart, many of the policies that were in place, “offered so little transparency to customers and site visitors that the sites may as well have said nothing on the subject. At the other extreme, we saw long, legalistic policies that simply regurgitated — word for word in some cases — federal privacy legislation. Neither approach is helpful to Canadians — nor necessary, as demonstrated by the many privacy policies we saw that were able to strike a balance between transparency and concision.”

Unfortunately, being willfully obscure seems to be commonplace around the world. In Australia, the Office of the Australian Information Commissioner (OAIC) found that 83% of websites in the country had a glaring privacy issue. In the words of Australian Privacy Commissioner Timothy Pilgrim, “It is a concern that nearly 50% of website privacy policies were difficult to read. On average, policies were over 2,600 words long. In my view, this is just too long for people to read through. Many policies were also complex, making it difficult for most people to understand what they are signing up to.”

The same holds true for New Zealand, which recently found that about 30% of websites in the country didn’t have a privacy policy in place. Given the current state of the market, those enterprises that choose to offer simple and transparent privacy policies will be the ones to earn lifelong user support. Combine a strong privacy policy with added consumer protections through a secure cloud service and you’ve got a recipe for success far into the future.

Jennifer Stoddart

Image courtesy of smh.com.au

Security Beyond Privacy Policies

Enterprises sometimes find that selecting a truly protected third party cloud service can be a challenge as most “secure” services on the market have glaring security gaps that leave their sensitive data wide open to third party attacks, leaks, and hacking. One rapidly expanding cloud storage and sync service that sets itself apart from the rest of the market is SpiderOak Blue. This service provides businesses with fully private cloud storage and syncing, featuring all of the benefits of the cloud along with 100% data privacy. SpiderOak is available with onsite deployment and private servers or outsourced deployment through a private and secured public cloud server, so that enterprises and businesses of all sorts and sizes can tailor the service to fit their needs.

SpiderOak Blue protects sensitive user data with 256-bit AES encryption so that files and passwords stay private. Authorized accounts and network devices can store and sync sensitive data with complete privacy, because this cloud service has absolutely “zero-knowledge” of user passwords or data. And all plaintext encryption keys are exclusively stored on approved devices because SpiderOak never hosts any plaintext data. This way, even if programs like NSA’s PRISM continue to stand unchallenged, users can rest easy knowing that their data is truly protected. SpiderOak Blue’s cross-platform private cloud services are available for users on Windows, Mac, and Linux platforms, along with Android and iOS mobile devices, allowing for full flexibility and syncing on the go.

August 2013 - The Privacy Post

0

Don’t Trust the NSA? How to Protect Your Privacy

Posted by on Aug 29, 2013

After the NSA’s PRISM program was leaked by Edward Snowden public backlash has been rapidly building. In an attempt to qualm concerns over lost online privacy rights, governmental officials have claimed that the NSA’s PRISM program has operated with clear privacy standards. Unfortunately, that’s far from the case, as recent news reveals that the NSA violated its own privacy standards without proper congressional oversight. Instead of waiting for governmental transparency and a universal standard for online security, small businesses and everyday users can protect their privacy through secure cloud storage and sync services.

NSA

Image courtesy of nytimes.com

A recent audit of the NSA shows that the agency consistently broke their established privacy rules. According to journalist Barton Gellman on The Washington Post, “The National Security Agency has broken privacy rules or overstepped its legal authority thousands of times each year since Congress granted the agency broad new powers in 2008…Most of the infractions involve unauthorized surveillance of Americans or foreign intelligence targets in the United States, both of which are restricted by law and executive order. They range from significant violations of law to typographical errors that resulted in unintended interception of U.S. e-mails and telephone calls.” The journalist goes on to claim that these breaches also involve unauthorized access to private content and unwarranted surveillance on the general populace, adding fuel to paranoia raised from the PRISM leaks. As Jameel Jaffer, Deputy Legal Director at the ACLU, says, “The rules around government surveillance are so permissive that it is difficult to comprehend how the intelligence community could possibly have managed to violate them so often.”

NSA Violations

Image courtesy of washingtonpost.com

Privacy advocates turning to the White House have been frustrated in trying to establish some sort of transparency around the program. Deputy Attorney General James Cole testified before congress with information on the PRISM program’s compliance record saying, “Every now and then, there may be a mistake.” Just how many? According to the NSA audit, 2,776 separate incidents from the previous year. Such breaches of the organization’s privacy policy range from the collection of legally protected communications to the illegal distribution of such private data. A senior NSA official recently spoke out on the breaches, “We’re a human-run agency operating in a complex environment with a number of different regulatory regimes, so at times we find ourselves on the wrong side of the line.” But for Senator Dianne Feinstein (D-Calif.), Chairman of the Senate Intelligence Committee, such audits haven’t gone far enough. In a statement the senator claimed that the committee “should do more to independently verify that NSA’s operations are appropriate, and its reports of compliance incidents are accurate.”

As for President Obama, new proposals to increase transparency have stopped at mere political rhetoric. Shahid Buttar, executive director of the Bill of Rights Defense Committee, recently criticized the federal government, “It was great to hear [President Obama] acknowledge the need for an adversarial process at the FISA court — that was the one meaningful thing that he said — everything else was either papering over, or outright misrepresenting the truth. The idea of an orderly process, and a Congress that’s been fully briefed — that’s total BS, and I was disappointed to hear the President make so factually and demonstrably untrue a claim as to say that Congress has been engaged in oversight of the NSA, because the executive branch as been impeding oversight at every turn.” Given these developments, SMBs and average users shouldn’t rely on the government to be a source of security standards. Instead, be sure to keep any sensitive information exclusively uploaded to a secure cloud provider. Otherwise small businesses and users would be vulnerable to legal snooping.

Keeping PRISM Out of Your Cloud

Users sometimes find that selecting a truly protected third party cloud service can be a challenge as most “secure” services on the market have glaring security gaps that leave their sensitive data wide open to third party attacks, leaks, and hacking. One rapidly expanding cloud storage and sync service that sets itself apart from the rest of the market is SpiderOak. This service provides users with fully private cloud storage and syncing, featuring all of the benefits of the cloud along with 100% data privacy. SpiderOak is available with onsite deployment and private servers or outsourced deployment through a private and secured public cloud server, so that users and small businesses of all sorts and sizes can tailor the service to fit their needs.

SpiderOak protects sensitive user data with 256-bit AES encryption so that files and passwords stay private. Authorized accounts and network devices can store and sync sensitive data with complete privacy, because this cloud service has absolutely “zero-knowledge” of user passwords or data. And all plaintext encryption keys are exclusively stored on approved devices because SpiderOak never hosts any plaintext data. This way, even if programs like NSA’s PRISM continue to stand unchallenged, users can rest easy knowing that their data is truly protected. SpiderOak’s cross-platform private cloud services are available for users on Windows, Mac, and Linux platforms, along with Android and iOS mobile devices, allowing for full flexibility and syncing on the go.

August 2013 - The Privacy Post

0

Waging the War for Online Privacy Rights

Posted by on Aug 28, 2013

As governments crack down on whistleblowing around the world amidst revelations of massive citizen spying programs, everyday users wonder what they can do to protect their privacy rights. Some have backed strict privacy legislation while others migrate in large numbers to companies that provide strong encryption while protecting user data privacy and identities. But instead of waiting for large-scale systemic change, users can proactively safeguard their sensitive data and identities through secure cloud services. A good cloud service will never host plaintext, will always provide strong encryption, and will never host encryption keys. That way, even if the NSA served the cloud company a subpoena, all the legal snoops would be able to recover are unreadable blocks of data and no knowledge of which accounts belong to which users.

The NSA

Photo courtesy of huffpost.com

After learning about the NSA’s PRISM program, Internet users have grown to worry about the state of their online privacy rights. A recent study by Annalect surveyed online privacy concerns from June to July in 2013, the period in which news of the PRISM program broke out around the world. Concerns about online privacy amidst the PRISM program grew from 48% in June to 57% in July, for a big increase of 19%. This growth in security awareness has led to an increase in data encryption. As NSA director Keith Alexander testified before the U.S. Senate, “Strongly encrypted data are virtually unreadable.” That’s why the organization is trying to acquire private SSL keys. With such a key, the NSA could crack even the tightest encryption with ease.

According to Declan McCullagh of CNET, “The U.S. government has attempted to obtain the master encryption keys that Internet companies use to shield millions of users’ private Web communications from eavesdropping.” In the light of such revelations it becomes all the more important for cloud services to exclusively store encryption keys on user devices.

How PRISM Might Work

Image courtesy of mshcdn.com

One legislator fighting back against the rise on governmental snooping is Montana Republican Representative Daniel Zolnikov. His legislation, HB 603, is backed by the American Civil Liberties Union and reads “A government entity may not obtain the location information of an electronic device without a search warrant issued by a duly authorized court.” While this is a good first step, the legislation is limited to location information, and doesn’t apply to the actual content of data. Another step towards online privacy is the new stronger language in the Statewide Longitudinal Data System policy of Idaho’s Board of Education. According to the new stricter guidelines, “The privacy of all student level data that is collected by the SLDS will be protected. A list of all data fields (but not the data within the fields) collected by the SLDS will be publicly available. Only student identifiable data that is required by law will be shared with the federal government.” The board’s president Don Soltman, said, “The board recognizes it is essential to provide all the safeguards necessary to ensure that student data are handled with the greatest care, [the board is] committed to protecting the privacy of individual student data and will continue to closely monitor the collection and use of all data.”

PRISM’s Wide Reach

Image courtesy of cityweekly.net

Such measures are promising steps in the right direction, but don’t provide full protections for basic online privacy rights. Unfortunately, there still isn’t enough public outrage to fuel the wide-reaching legislation necessary to protect online privacy. According to a recent Pew Research survey, about 50% of respondents approve of governmental surveillance of citizen telephone and Internet use. Only 44% disapprove of such legal snooping, despite revelations of the NSA’s PRISM program. Instead of waiting for public outrage to grow or for legislation to enact a universal security standard, users should take privacy into their own hands through exclusively storing sensitive info to a secure cloud service.

Protecting Your Privacy in the Meantime

For most users, finding a truly protected third party cloud service can be a challenge as many “secure” services on the market have security gaps that leave data wide open to third party attacks, leaks, or hacking. One cloud storage and sync service that sets itself apart from the rest of the market is SpiderOak. This service provides colleges with fully private cloud storage and syncing, featuring all of the benefits of the cloud along with 100% data privacy. SpiderOak Blue is available with onsite deployment and private servers or outsourced deployment through a private and secured public cloud server, so that users and small businesses of all sorts and sizes can tailor the service to fit their needs.

SpiderOak protects sensitive user data with 256-bit AES encryption so that files and passwords stay private. Authorized accounts and network devices can store and sync sensitive data with complete privacy, because this cloud service has absolutely “zero-knowledge” of user passwords or data. And all plaintext encryption keys are exclusively stored on approved devices because SpiderOak never hosts any plaintext data. This way, even if programs like NSA’s PRISM continue to stand unchallenged, people can rest easy knowing that their data is truly protected. SpiderOak’s cross-platform private cloud services are available for users on Windows, Mac, and Linux platforms, along with Android and iOS mobile devices, allowing for full flexibility and mobile access.

August 2013 - The Privacy Post

0

Teens & The Trouble With Online Privacy

Posted by on Aug 27, 2013

These days almost everyone is plugged into social media. Even with age restrictions, children and teens find ways of working around barriers to set up their own social media accounts, often without parental permission or knowledge. Teenagers can unwittingly give away sensitive information like home addresses, schools, and more through status updates, photos, and geotags. One way to keep sensitive data safe is through secure clouds services that offer full privacy and user anonymity. Through the private cloud, teens can safely use the web, provided that parents have access to passwords and encryption keys.

Teens & Online Privacy

Image courtesy of govtech.com

The recent kidnapping of 16-year-old Hannah Anderson alarmed parents all around the world. After being rescued, the teen wrote about her murdered family on her now disabled ask.fm account, “I wish I could go back in time and risk my life to try and save theirs. I will never forgive myself for not trying harder to save them.” Close friends of Hannah urged her to take down some of her postings and reported that the account was real and that the postings did come from the teen. Hannah even posted a photo of herself when asked to by a questioner on ask.fm. Turning to social media so quickly after such a traumatizing experience may seem strange to some, but we shouldn’t be so quick to judge according to trauma expert and psychologist Nora Baladerian. According to Baladerian, “I think what’s she’s doing is connecting, and that’s a good thing.” But Lawrence Calhoun, psychology professor at University of North Carolina at Charlotte, worries that seeking support from strangers is misguided. Calhoun said, “As a parent, I would want her to be more careful.”

How Advice Seeking Correlates to Stronger Privacy

Image courtesy of forbesimg.com

And just how careful is the average American teenager when it comes to online privacy? According to a study conducted by Harvard’s Berkman Center and the Pew Research Center, Where Teens Seek Online Privacy Advice, some of our fears are unwarranted. The study shows that 70% of teens reach out for advice on securing their online privacy. 42% have asked a peer for advice, while 41% have asked a parent. It also showed that most teen social media accounts are already utilizing strong privacy settings. Senior researcher and director of teens and technology at Pew, Amanda Lenhart, said, “At first, the finding that 41% of online teens have asked for advice about online privacy from a parent seems surprising — particularly given that many teens are motivated to protect their privacy specifically from their parents.

But for a subset of teens, often younger ones, their parents were heavily involved in helping them set up their social media accounts (often as a precondition to use) and so it’s not so surprising that those teens would be seeking advice from their parents.” But the fact that most teens turn to someone they know for advice on online privacy still doesn’t protect teens from potential predators. Parents and guardians should proactively guard their teens’ social media accounts and online presence through secure cloud storage and syncing. That way, strangers won’t be able to find sensitive information or steal photos from unprotected accounts.

What Teens Share Online

Image courtesy of csmonitor.com

Peers can be a good place to turn to when considering online privacy advice, but the primary point of contact should always be parents or guardians. Unfortunately, that’s not how most teens see it. The majority of survey respondents from the study indicated that they would not seek online privacy advice from adults. One respondent replied, “I think parents don’t understand that we can apply life skills onto the Internet, whereas it’s a little more confusing, maybe, for them, that switch [from life to Internet]. But because we’ve grown up with it, we can easily see, OK, stranger in real life, stranger on the computer, same thing.” But it’s not the same thing. Online privacy requires an entirely different set of skills and resources that simple street smarts don’t cover. With threats ranging from hackers to predators, online privacy should rest in the hands of the people paying for the web in the first place, parents and guardians. With a secure cloud service, parents can control access to passwords and encryption keys so that they can talk teens through what things are appropriate to upload.

Protecting Teens in the Cloud

For many parents and guardians, finding a truly protected third party cloud service can be a challenge as many “secure” services on the market have security gaps that leave their children’s data and photos wide open to theft, leaks, or hacking. One cloud storage and sync service that sets itself apart from the rest of the market is SpiderOak. This service provides users with fully private cloud storage and syncing, featuring all of the benefits of the cloud along with 100% data privacy.

SpiderOak protects sensitive data with 256-bit AES encryption so that files and passwords stay private. Authorized accounts and network devices can store and sync sensitive data with complete privacy, because this cloud service has absolutely “zero-knowledge” of user passwords or data. And all plaintext encryption keys are exclusively stored on approved devices because SpiderOak never hosts any plaintext data. SpiderOak’s cross-platform private cloud services are available for users on Windows, Mac, and Linux platforms, along with Android and iOS mobile devices, allowing for full flexibility and mobile security.

 

August 2013 - The Privacy Post

0

Google Shocks the World With Lax Security

Posted by on Aug 27, 2013

Google recently made headlines for all the wrong reasons when word of its approach to user privacy broke out. These days, most everyone has some sort of Google account, whether it’s through Gmail or linked social media sites like YouTube. So when a company as large and reputable as Google flat out denies any responsibility in protecting user privacy, it gives rise to concern all around the world. But instead of relying on large corporations to protect your data, be proactive in guarding your info by exclusively uploading to a secure cloud service that offers true data privacy and user anonymity.

Google & Privacy Concerns

Image courtesy of digitallifeplus.com

In a recent court filing, Google claimed that its 425 million Gmail users should have no “reasonable expectation” of confidentiality in their communications. The lawsuit against Google was filed in reaction to a quote by the company’s executive chairman, Eric Schmidt. The chairman reportedly said, “Google policy is to get right up to the creepy line and not cross it.” The suit asserts that Google “unlawfully opens up, reads, and acquires the content of people’s private email messages.” Furthermore, it claims that “Unbeknown to millions of people, on a daily basis and for years, Google has systematically and intentionally crossed the ‘creepy line’ to read private email messages containing information you don’t want anyone to know, and to acquire, collect, or mine valuable information from that mail.”

What Google Knows About You

Image courtesy of personalprotectionsystems.ca

Consumer Watchdog first released news of this ongoing litigation back in July. According to part of Google’s motion for dismissal of the class action suit, “Just as a sender of a letter to a business colleague cannot be surprised that the recipient’s assistant opens the letter, people who use Web-based email today cannot be surprised if their emails are processed by the recipient’s [email provider] in the course of delivery… a person has no legitimate expectation of privacy in information he voluntarily turns over to third parties.” The company’s attorneys claim that the plaintiffs in this case are trying “to criminalize ordinary business practices” and that, “While plaintiffs go to great lengths to portray Google in a sinister light, the complaint actually confirms that the automated processes at issue are Google’s ordinary business practices implemented as part of providing the free Gmail service to the public.”

John M. Simpson

Image courtesy of USAtoday.com

Essentially, Google is telling its users that simply by using their service, they are permitting the company to scan, read, and data mine emails for advertising purposes. According to John M. Simpson, Privacy Project director at Consumer Watchdog, “Google has finally admitted they don’t respect privacy. People should take them at their word; if you care about your email correspondents’ privacy don’t use Gmail.” In a statement put out by Consumer Watchdog, Simpson continued, “Google’s brief uses a wrong-headed analogy; sending an email is like giving a letter to the Post Office. I expect the Post Office to deliver the letter based on the address written on the envelope. I don’t expect the mail carrier to open my letter and read it. Similarly when I send an email, I expect it to be delivered to the intended recipient with a Gmail account based on the email address; why would I expect its content will be intercepted by Google and read?”

This case confirms privacy concerns that first came to light at Gmail’s launch back in 2004. And when looked at in the light of the NSA’s PRISM program, it might seem like online privacy is simply a fantasy. The climate of justified paranoia has even prompted two encrypted email services to shut down rather than face governmental subpoenas. Gone are the days when companies would try to outdo each other with stronger privacy statements. Today, privacy is entirely in the hands of the user. One of the best ways that users can protect their data and identities is to use a secure cloud service instead of public cloud services like Gmail.

Scared of Google? Move to the Private Cloud!

Users sometimes find that selecting a truly protected third party cloud service can be a challenge as most “secure” services on the market have glaring security gaps that leave their sensitive data wide open to third party attacks, leaks, and hacking. One rapidly expanding cloud storage and sync service that sets itself apart from the rest of the market is SpiderOak. This service provides users with fully private cloud storage and syncing, featuring all of the benefits of the cloud along with 100% data privacy. SpiderOak is available with onsite deployment and private servers or outsourced deployment through a private and secured public cloud server, so that users and small businesses of all sorts and sizes can tailor the service to fit their needs.

SpiderOak protects sensitive user data with 256-bit AES encryption so that files and passwords stay private. Authorized accounts and network devices can store and sync sensitive data with complete privacy, because this cloud service has absolutely “zero-knowledge” of user passwords or data. And all plaintext encryption keys are exclusively stored on approved devices because SpiderOak never hosts any plaintext data. This way, even if programs like NSA’s PRISM continue to stand unchallenged, users can rest easy knowing that their data is truly protected. SpiderOak’s cross-platform private cloud services are available for users on Windows, Mac, and Linux platforms, along with Android and iOS mobile devices, allowing for full flexibility and syncing on the go.

August 2013 - The Privacy Post

0

Hacking Back at Hackers? Think Twice

Posted by on Aug 23, 2013

After years of hackers, leaks, and data mining, businesses have had enough. But instead of seeking out strong defensive measures to prevent attacks, some aggressive businesses are hacking back. The rise of hacking back is leading to ramped-up hacking around the world as hackers and businesses wage an all out cyber war over data security. While hacking back might sound like a good way to punish cyber criminals, many security experts caution against the practice, warning that it causes more harm than good. As it stands, most laws don’t offer protections for businesses that hack back, and organizations that employ the practice can even suffer criminal prosecution. Instead of hacking back, businesses and enterprises can protect themselves with secure cloud storage that offers data privacy and user anonymity.

The Rise of Hacking Back

Image courtesy of pcworld.com

Hacking is so prevalent that most businesses have suffered at least some sort of security breach. According to a recent study of American firms, respondents suffered over 100 successful instances of hacking and cyber attacks every week through 2012. This rampant hacking shows a stark 42% rise from 2011 and has prompted some aggressive tactics. Hacking back essentially means using hacking techniques to recover stolen data while exacting some sort of digital revenge on the suspected source of hacking. But such tactics are often costly and complicated, when simple defensive measures would have prevented hacking in the first place. A Verizon report from early this year showed that more than 75% of network breaches and intrusion were the fault of bad passwords or user names. Rather than swinging back wildly at hackers, taking simple precautionary measures against hacking and cracking will take care of most potential security breaches.

Instances of Cyber Attacks

computerweekly.com

As it stands, hacking back will get your organization in deep legal trouble. The position of the Justice Department is to consider any instance of accessing another party’s network without their explicit permission a violation of the law. According to cyber-security expert Greg Hoglund, “This literally is a wild west out there. When I think of hack back, I think of more of a counterstrike, or a mitigative action to stop an imminent or ongoing attack. You’re not going out and trying to find trouble, you’re in trouble and trying to stop the pain right then.” In this case, hacking back would mean shutting down an attack in progress or reaching into suspected networks to try to retrieve, alter, or delete potentially stolen data. But Joel Reidenberg, a law professor at Fordham University, warns, “Reverse hacking is a felony in the United States, just as the initial hacking was. It’s sort of like, if someone steals your phone, it doesn’t mean you’re allowed to break into their house and take it back.”

Safer Passwords

Image courtesy of graphs.net

This hasn’t deterred businesses and enterprises from such defensive attacks on cyber criminals as law enforcement isn’t likely to prosecute instances of hacking back. As Reidenberg says, “If the only organization that gets harmed is a number of criminals’ computers, I don’t think it would be of great interest to law enforcement.” But this shouldn’t give companies encouragement to engage in illegal activity. According to James Andrew Lewis from the Center for Strategic and International Studies, hacking back is “a remarkably bad idea that would harm the national interest.” Furthermore, Lewis asserts that trying to out-hack international hacking rings “is not a contest American companies can win.” And companies can’t even guarantee the sources of hacking as many savvy attackers mask their IPs. This could lead to an instance of “hacking back” on a completely innocent user, which would result in severe brand damage as well as potential litigation.

A Proactive Defense Against Hacking With SpiderOak

Instead of hacking back, protect your company data proactively through secure cloud services. For many enterprises, finding a truly protected third party cloud service can be a challenge as many “secure” services on the market have security gaps that leave private corporate and consumer data wide open to third party attacks and even governmental spying, in the light of the ongoing NSA PRISM scandal. One cloud storage and sync service that sets itself apart from the rest of the market is SpiderOak Blue. This service provides enterprises with fully private cloud storage and sync, featuring all of the benefits of the cloud along with 100% data privacy. SpiderOak Blue is available with onsite deployment and private servers or outsourced deployment through a private and secured public cloud server.

SpiderOak protects sensitive enterprise data with 256-bit AES encryption so that files and passwords stay private. Authorized accounts and network devices can store and sync sensitive data with complete privacy, because this cloud service has absolutely “zero-knowledge” of user passwords or data. And all plaintext encryption keys are exclusively stored on approved devices because SpiderOak never hosts any plaintext data. This way, even if programs like NSA’s PRISM continue to stand unchallenged, consumers can rest easy knowing that their data is truly protected and brands can gain diehard customer loyalty by publically securing consumer information. SpiderOak Blue’s cross-platform private cloud services are available for enterprises on Windows, Mac, and Linux platforms, along with Android and iOS mobile devices, allowing for full flexibility and enabling a mobile workforce.

August 2013 - The Privacy Post

0

The Inside Scoop on Free School & Online Education

Posted by on Aug 22, 2013

Schools are ushering in the digital future as more and more colleges and universities turn to cloud computing and storage for online education opportunities. From free online Ivy League courses to continuing education programs for IT professionals that need to stay current on the latest innovations, the cloud enables convenient and cheap learning from home or on the go. Unfortunately, as schools turn to the cloud in large numbers, hackers have followed, eager to exploit security gaps along with sensitive student records. Colleges and universities looking to expand online course offerings should first ensure that student and school data is kept safe and private. The best way to ensure data security is through secure cloud services that offer full privacy and user anonymity.

Learning in the Cloud

Image courtesy of blog.mashery.com

One of the fastest growing areas for investment and educational development is in the cloud. Technology companies seeking to expand into the education sector should seek out opportunities in the cloud. From Chromebooks and Google Drives to MOOCs (massive open online courses), the cloud offers online education for all ages and levels. Young students can reinforce classwork through online modules while gaining real-time feedback from instructors while college students can take advantage of flexible online classes that can be taken from anywhere. IT professionals, senior managers, and C-level executives have a wide range of online educational opportunities to tap, for continued learning and career growth. These tech-oriented programs tap some of the brightest business and technological minds in the world. For instance, Stanford University’s CS309A course features CEO speakers like Godrey Sulliva of Splunk, Aaron Levie of Box.net, and Dr. Timothy Chou of Oracle. Other online offerings like Open Yale and Coursera feature free online courses from all over the world that are offered to anyone for enrichment and lifelong education.

State of Online Education

Image courtesy of cloudtweaks.com

The first official MOOC (massive open online course), was offered by the University of Manitoba, as the 2008 “Connectivism and Connective Knowledge” course. The class had 25 students from the University and 2,300 students connecting from all around the world. Today, popular MOOCs can draw student populations numbering in the hundreds of thousands. One instance of the rise of MOOCs can be found in Stanford’s Dr. Sebastian Thrun, whose Fall 2011 computer science course, “Introduction to Artificial Intelligence”, drew a class size of more than 160,000 students. While MOOCs still have a long way to go before replacing traditional in-class educational models, the continued rise of participating reputable institutions like Stanford and Yale indicate that MOOCs are a dominant force driving the turn to the cloud.

Online Education By the Numbers

Image courtesy of dashburst.com

For one, most MOOC students approach online education for far different reasons than the typical undergraduate trying to complete a degree. The majority of MOOC students are older professionals that already carry advanced degrees pertinent to their field. The free and convenient courses attract these curious thinkers that seek to learn a new skill or gain a basic understanding of a new subject. This shows that MOOCs don’t necessarily provide a threat to traditional education and are more of an educational supplement for lifelong learning. According to Bryon Deeter at Bessemer Venture Partners, these courses “will co-exist with a lot of core educational institutions…One of the big hopes of MOOCs is that they could democratize education and bring the costs of advanced degrees down. That’s exciting and totally unproven.” While the future place of MOOCs is yet to be determined, online education is here to stay. In an age of hacking and cyber-espionage, protecting student and school records online should be a priority for any college looking to switch to the cloud.

Protecting Student Data in the Cloud

For many universities, finding a truly protected third party cloud service can be a challenge as many “secure” services on the market have security gaps that leave college data and student records wide open to third party attacks, leaks, or hacking. One cloud storage and sync service that sets itself apart from the rest of the market is SpiderOak Blue. This service provides colleges with fully private cloud storage and syncing, featuring all of the benefits of the cloud along with 100% data privacy. SpiderOak Blue is available with onsite deployment and private servers or outsourced deployment through a private and secured public cloud server, so that schools of all sorts and sizes can tailor the service to fit their needs.

SpiderOak protects sensitive school data with 256-bit AES encryption so that files and passwords stay private. Authorized accounts and network devices can store and sync sensitive data with complete privacy, because this cloud service has absolutely “zero-knowledge” of user passwords or data. And all plaintext encryption keys are exclusively stored on approved devices because SpiderOak never hosts any plaintext data. This way, even if programs like NSA’s PRISM continue to stand unchallenged, students can rest easy knowing that their records are truly protected and colleges can gain diehard loyalty by publically securing student information. SpiderOak Blue’s cross-platform private cloud services are available for colleges and universities on Windows, Mac, and Linux platforms, along with Android and iOS mobile devices, allowing for full flexibility and enabling mobile learning.

August 2013 - The Privacy Post

0

Protect Yourself From Hackers & PRISM In 3 Steps

Posted by on Aug 21, 2013

Enterprises that already use the cloud have leveraged the technology to streamline massive amounts of data, increase productivity, and edge out the competition. But even with the cost-savings and convenience that comes with the cloud, lack of cloud standards and regulations have resulted in a market with an abundance of glaring security gaps. A single breach of security could stall production and result in intellectual property theft. But threats to cloud security can also come from within an organization in the form of internal data mining and leaks. Companies that want to fully capitalize on the cloud without sacrificing data security should rely on three important steps: good SLA (Service-Level Agreement), strong ERP (Enterprise Resource Planning), and private data storage and sync.

Cloud Security Measures

Image courtesy of cloudcomputingtopics.com

When seeking out a good SLA, remember that data security is ultimately your responsibility. Unfortunately that’s not how many enterprises see it, and many SMEs and Fortune 1000s sign bad SLAs that don’t offer protections for their hosted information. A recent NetIQ and IDG survey of IT security decision makers found that 69% of respondents “in organizations around the world believe consumer cloud services post a huge risk to sensitive data.” Primary concerns revolved around the lack of transparency in data security measures and current laws offer little protections for cloud adopters. Under Australia’s new data breach notification law, cloud adopters, and not cloud providers, are ultimately held accountable of the only guardians of their data. In the case of a data breach, an enterprise would be liable for any loss instead of the cloud service provider they employed.

Cloud Security Concerns

Image courtesy of internetevolution.com

All of this goes to show how important it is to be absolutely clear about how a potential service provider would protect your data. As it stands, most enterprises realize that they must proactively safeguard their data as shown by a report by the Ponemon Institute and commissioned by Thales e-Security. The survey of more than 4,000 cloud enterprises found that over half already stored sensitive data in the cloud. According to the survey, only a third of respondent believed that their cloud provider should be held responsible for protecting stored data and only 12% felt that users should be primarily responsible. The truth is that both are equally important. Secure begins onsite with strong enterprise resource management before sending off data to be cloud-sourced. When choosing a provider, read over any SLA contracts closely and negotiate any issues of concern before you sign. If a cloud service provider isn’t willing to negotiate or meet your needs, consider another provider that can offer greater levels of data security.

Private vs. Public Clouds

Image courtesy of resource.onlinetech.com

Enterprise resource planning helps keep data secured onsite from data mining and leaks before sending it off to be stored on the cloud. Strong ERP measures can keep everyone accountable for secure access, syncing, and storage. One of the most important things to establish is access control, this means determining which personnel and departments have access to different levels of secure data. Account management also helps enforce access control, once it has been determined. The common practice of simply giving out administrative access for simplicity’s sake has proven disastrous for many enterprises. All it takes is one disgruntled employee or one act of ignorance to spill a company’s secrets. Such leaks can wreak irrevocable damage on an enterprise’s reputation and can be avoided with strategic ERP.

The next step in establishing strong security is exclusively storing and syncing sensitive data with a cloud service provider that offers strong encryption, data privacy, and user anonymity. Whatever deployment model enterprises select, cloud providers should have zero-knowledge of company data. Through such privacy and data anonymity, enterprises can stay protected from all sides. Before settling on a provider, learn about their security measures and what steps they would take in the case of a breach.

Secure Storage With SpiderOak Blue

For many enterprises, finding a truly protected third party cloud service can be a challenge as many “secure” services on the market have security gaps that leave private corporate and consumer data wide open to third party attacks and even governmental spying, in the light of the ongoing NSA PRISM scandal. One cloud storage and sync service that sets itself apart from the rest of the market is SpiderOak Blue. This service provides enterprises with fully private cloud storage and sync, featuring all of the benefits of the cloud along with 100% data privacy. SpiderOak Blue is available with onsite deployment and private servers or outsourced deployment through a private and secured public cloud server.

SpiderOak protects sensitive enterprise data with 256-bit AES encryption so that files and passwords stay private. Authorized accounts and network devices can store and sync sensitive data with complete privacy, because this cloud service has absolutely “zero-knowledge” of user passwords or data. And all plaintext encryption keys are exclusively stored on approved devices because SpiderOak never hosts any plaintext data. This way, even if programs like NSA’s PRISM continue to stand unchallenged, consumers can rest easy knowing that their data is truly protected and brands can gain diehard customer loyalty by publicly securing consumer information. SpiderOak Blue’s cross-platform private cloud services are available for enterprises on Windows, Mac, and Linux platforms, along with Android and iOS mobile devices, allowing for full flexibility and enabling a mobile workforce.

August 2013 - The Privacy Post

0

The US Cloud Could Be Destroyed By Prism!

Posted by on Aug 21, 2013

By now just about everyone that uses the internet knows about Edward Snowden and the leaks on the NSA’s controversial PRISM citizen surveillance program. According to Snowden’s leaks, the PRISM program is the National Security Agency’s ongoing collection of citizen data from U.S. tech companies for alleged counter-terrorism intelligence. News of the program has made international headlines for weeks and U.S. cloud companies and associated technology businesses fear a severe drop in international business due to security concerns. But with a private cloud service that encrypts data, doesn’t host encryption keys, and never stores plaintext, American companies, citizens, and international consumers can all still take advantage of U.S. technological innovations.

PRISM’s Cost to the U.S. Cloud

Image courtesy of computerweekly.com

A survey of European companies conducted by the Information technology and Innovation Foundation, shows a surge of distrust in American cloud companies. According to the survey’s author, Daniel Castro, U.S. cloud companies could lose up to 20% of the market share to international rivals. Of the survey’s respondents 56% would be unlikely to contract a U.S. cloud service in the future while 10% had already cancelled projects with U.S. cloud providers out of NSA concerns. Inside the U.S., 36% of respondents claimed that news of the program has “made it more difficult” to conduct international business. The fallout is projected to cost American tech companies up to $35 billion in lost international contracts in the next three years.

How PRISM Works

Image courtesy of engtechmag.wordpress.com

Overseas, competitors are relishing the scandal, which has shown to be incredibly profitable for them. Simon Wardley, an executive at the British think-tank the Leading Edge Forum, wrote on his blog, “Do I like Prism … yes, and god bless America and the NSA for handing this golden opportunity to us… Do I think we should be prepared to go the whole hog, ban US services and create a €100bn investment fund for small tech startups in Europe to boost the market … oh yes, without hesitation.” And according to chairman of the ANS Group, Scott Fletcher, “People in the UK have been reticent for a while about putting data into the US because of the Patriot Act, which means the government there can pretty much get access to everything. Prism has put into peoples’ minds that there might be co-operation in the UK with that. People talk to us and want their own private cloud service, because they know we don’t have that sort of relationship with the government. They want all the services to be based in the UK, rather than using Google or Amazon Web Services.” Despite the common presence of governmental monitoring around the globe, such companies are capitalizing as best as they can on the recent scandal, even though many clouds in the UK and Europe are less secure than some of their American counterparts.

Security Concerns and the U.S. Cloud

Image courtesy of telco2.net

One way to try to address the scandal is through instituting a cloud security certification program for all cloud service providers. This is project is currently underway through the united efforts of the Cloud Security Alliance and the British Standards Institute. Through expanding the CSA’s STAR program this fall the organizations seek to set an international standard for data security. CSA’s executive director, Jim Reavis, explained the project further, “The CSA programmer is self-certified, while the BSI will have assessors who will scrutinize vendors’ practices once a year and issue a certificate.” But even if such standards and certifications are put in place, getting companies to adopt them will be a challenge. Rather than waiting around for potential certification programs to gain popularity, enterprises should rely on storing data to cloud providers that offer strong data encryption and user anonymity. That way, even in the case of cracking by the NSA, all they would be able to see is unreadable blocks of encrypted data, thus guaranteeing true privacy in an age of online insecurity.

Protection from PRISM

For many enterprises, finding a truly protected third party cloud service can be a challenge as many “secure” services on the market have security gaps that leave private corporate and consumer data wide open to third party attacks and even governmental spying, in the light of the ongoing NSA PRISM scandal. One cloud storage and sync service that sets itself apart from the rest of the market is SpiderOak Blue. This service provides enterprises with fully private cloud storage and sync, featuring all of the benefits of the cloud along with 100% data privacy. SpiderOak Blue is available with onsite deployment and private servers or outsourced deployment through a private and secured public cloud server.

SpiderOak protects sensitive enterprise data with 256-bit AES encryption so that files and passwords stay private. Authorized accounts and network devices can store and sync sensitive data with complete privacy, because this cloud service has absolutely “zero-knowledge” of user passwords or data. And all plaintext encryption keys are exclusively stored on approved devices because SpiderOak never hosts any plaintext data. This way, even if programs like NSA’s PRISM continue to stand unchallenged, consumers can rest easy knowing that their data is truly protected and brands can gain diehard customer loyalty by publically securing consumer information. SpiderOak Blue’s cross-platform private cloud services are available for enterprises on Windows, Mac, and Linux platforms, along with Android and iOS mobile devices, allowing for full flexibility and a mobile workforce.

August 2013 - The Privacy Post

0

Use the Cloud To Make Your Small Business a Success

Posted by on Aug 19, 2013

Small businesses around the world utilize the cloud to gain an edge on the competition. Through leveraging cloud computing and storage, SMBs can level the global playing field, competing with large international enterprises and even Fortune 500s. Unfortunately, the unregulated cloud market and shady contracts have led some small businesses to trust their sensitive company and customer data to unsecured clouds. This lack of a cloud security standard has resulted in hacking, leaks, and data mining, all of which can be serious setbacks for small businesses. The good news is that secure cloud service providers can offer complete data privacy and protections along with absolute user anonymity. This way, SMBs can take advantage of all of the cloud’s benefits without having to worry about trading security for cost-savings and convenience.

Small Business Success & the Cloud

Image courtesy of cloud4computers.co.uk

According to Forrester predictions, SMBs will help fuel the forecasted growth in business reliance on the cloud from 22% in 2013 to 27% in 2014. Another report, the State of SMB IT 1H 2013 Semi-Annual Report On Small and Midsize Business Technology Plans & Purchase Intent, breaks down the current use of cloud along with those planning on using cloud services in the near future. The report shows that 61% of small to mid-size businesses are taking advantage of the cloud already, and an additional 5% of respondents plan to adopt some type of cloud service within the next year. For SMBs with 250 to 999 employees, 55% currently use the cloud. But for even smaller businesses with less than 20 employees, the cloud is even more vital, with 69% of respondents currently capitalizing on what the cloud has to offer. For businesses with small teams and tight budgets, the cloud is a convenient and cheap way to get more done with fewer resources.

Cloud Benefits for SMBs

Image courtesy of unleashed-hosting.com

Many cloud providers also allow small businesses to rent their clouds. This gives SMBs access to top-notch cloud technology, a tool that was once the exclusive privilege of established enterprises and corporations. Businesses can tap the cloud services that fit their unique needs, while enjoying scalability by paying for only the services they actually use. In a survey conducted by Oxford Economics, 43% of SMBs prefer cloud-sourcing to cloud providers rather than purchasing expensive and complicated onsite servers. Over the next five years, projected SMB spending on the cloud is expected to steadily grow by nearly 20%, showing that businesses are ready to invest in technologies that truly payoff. But unless SMBs can ensure that their cloud providers offer true data security and strict privacy measures, trusting sensitive data to unsecure cloud providers is a risky investment.

Cloud Services for SMBs

Image courtesy of unleashed-hosting.com

Africa is one of the fastest growing continents for cloud adoption, but according to the latest numbers from the Business Software Alliance, software piracy is at an incredible high of 80%. This rampant piracy costs small businesses millions in investments and threatens intellectual copyright. But with private cloud solutions, businesses can secure their projects without fear of hacking or leaks. As it stands, small businesses around the world haven’t made data security a priority. But improving security measures for company and customer data is a necessity for two main reasons. First, even if your business doesn’t hold any production secrets, a single security breach could significantly halt production or even damage company networks and computers if malware was introduced.  Second, in the wake of revelations on the NSA’s PRISM program, customers will reward those companies that can guarantee privacy and anonymity with loyalty. But before choosing a third party cloud service provider, make sure your business has a strong internet connection or your own web servers, as you won’t be able to access stored information in the case of a downed connection.

Small Business in the Private Cloud

For many small businesses, finding a truly protected third party cloud service can be a challenge as many “secure” services on the market have security gaps that leave sensitive company and consumer data wide open to third party attacks and even governmental spying, in the light of the ongoing NSA PRISM scandal. One cloud storage and sync service that sets itself apart from the rest of the market is SpiderOak. This service provides SMBs with fully secure cloud storage and syncing, featuring all of the benefits of the cloud along with 100% data privacy. SpiderOak is available with onsite deployment for businesses that want their own private servers or through the cloud-sourcing to a private and strongly secured public cloud server.

SpiderOak protects sensitive business data with 256-bit AES encryption so that files and passwords stay private. Authorized accounts and network devices can store and sync sensitive data with complete privacy, because this cloud service has absolutely “zero-knowledge” of user passwords and data. All plaintext encryption keys are exclusively stored on approved devices and SpiderOak never hosts any plaintext data. This way, even if programs like NSA’s PRISM continue to stand unchallenged, customers can rest easy knowing that their data is truly protected and SMBs can gain diehard customer loyalty by publically securing consumer information. SpiderOak cross-platform private cloud services are available for businesses on Windows, Mac, and Linux platforms, along with Android and iOS mobile devices, allowing for full flexibility and a mobile workforce.