Business & the Cloud Archives - Page 3 of 18 - The Privacy Post

2

Managing PCI DSS Compliance in Cloud Computing

Posted by on May 6, 2014

It’s important for cloud services to comply with PCI DSS standards.
Image from Flickr user Sean MacEntee

Credit card hacks and data breaches are on the rise these days. Recently, retail giant Target became a victim of a massive data breach that affected millions of customers. Cyber criminals are also using the cloud environment for launching cyber attacks. As more businesses are moving towards adopting cloud-based services, the risk of security breaches increases.

Continue reading…

Business & the Cloud Archives - Page 3 of 18 - The Privacy Post

5

Threats from Within: Dealing with Insider Attacks in Cloud Computing

Posted by on May 1, 2014

unlocked padlock

Insider threats pose a significant risk to enterprise security.
Image from Flickr user: elhombredenegro

Despite its numerous benefits, security has always been a major concern in cloud computing. The more that enterprises rely on cloud services, the more new security risks will appear on the horizon. Many times security researchers have expressed their concern regarding insider threats to the cloud. Insider threats pose a major security risk to clients. These days we are seeing major data breaches due to abuse of privileged user rights and other internal threats. Given the widespread adoption of cloud computing, it won’t be long before all of our assets and applications are residing there. Therefore, we need to understand the scope of insider attacks in order to develop defense mechanisms against them.

Continue reading…

Business & the Cloud Archives - Page 3 of 18 - The Privacy Post

1

Avoiding Lost Profits: How to Minimize Downtime in the Cloud

Posted by on Apr 29, 2014

It’s important to evaluate downtime costs when using cloud services.
Image source: Flickr user Tax Credits

Many enterprises are turning towards cloud services because of the benefits it offers in terms of price and effectiveness. Another reason behind the widespread adoption of cloud services is mitigation of downtime cost. Businesses cannot afford downtime of even a few minutes, as it will have a negative financial impact. As any IT professional knows downtime costs money. We might not have the exact calculations or estimates, but it is certainly significant. With cloud computing, there is a belief that third party providers deploy all sorts of business continuity technologies to guarantee maximum uptime. The service level agreements with cloud service providers promises that there will be minimal downtime due to unscheduled interruptions. The combined flexibility of cloud computing platform and service level agreements improves the sense of security and encourages businesses to move to the cloud.

Continue reading…

Business & the Cloud Archives - Page 3 of 18 - The Privacy Post

0

Exploring the Digital Forensic Challenges that Come with Cloud Computing

Posted by on Apr 22, 2014

Digital forensics challenges in the cloud.
Image from ccfis.net.

Cloud computing is considered a game changer in terms of how organizations plan, implement, and execute their IT strategies. The flexibility to add more resources and applications at a reasonable price seems unbeatable. While cloud computing offers so many benefits to businesses, its security and trustworthiness has always been in question. Security is an extremely important requirement for any IT application, as nobody wants their data to be accessed by unauthorized users. The multi-tenant nature of cloud computing platform has made it an attractive target for cyber criminals. An attacker can exploit the security gaps in the cloud-computing environment to launch attacks, and can remain undetected. The ability to leave no trace of an attack is the biggest security challenge for this service. Cloud computing simply has not achieved thorough readiness in the digital forensic area. The lack of resources and evidence makes it difficult to conduct research and analysis of cloud-based cyber attacks.

Continue reading…

Business & the Cloud Archives - Page 3 of 18 - The Privacy Post

4

“Heartbleed” Security Flaw Affects Millions of Users and Sends Internet into Panic Mode

Posted by on Apr 15, 2014

heartbleed

Security bug “Heartbleed” allows hackers to access sensitive user information. Image from Wikimedia Commons

A major security bug, “Heartbleed”, has been making major headlines recently. The security vulnerability has infiltrated many well-known websites, and affected millions of users. It was discovered in some versions of OpenSSL, utilized by thousands of websites. OpenSSL is an encryption technology that uses TLS/ to secure communication over the Internet, and protect sensitive user information like usernames, passwords, credit card numbers, and financial data. Therefore, the exploitation of this critical bug allows cyber criminals to gain access to personal details of millions of Internet users. More information makes an attacker stronger, and opens the door to many more intrusions.

The bug was identified by a group of security engineers at Codenomicon while they were working on improving the security features of the company’s security testing tools. Heartbleed could be considered as one of the biggest security threats in Web security, because it exposes the contents of a server’s memory, where most sensitive user data is stored. This vulnerability allows anyone on the Internet to read the memory of systems protected by vulnerable versions of OpenSSL. It can compromise the private keys used for encrypting communication and identifying trusted sources on the Internet. The most worrisome aspect of this news is that this vulnerability existed for two years and was not detected until recently.

Continue reading…

Business & the Cloud Archives - Page 3 of 18 - The Privacy Post

1

The Impact of Internet of Things on Enterprise Security

Posted by on Apr 10, 2014

internet of things

The Internet of Things
Image from www.thomasvanmanen.nl/

The  “Internet Of Things” (IoT)  was once an emerging term in the technology market, but it’s safe to say we’ve reached a point in which many, households and businesses are significantly affected by this concept. IoT gives you the power to control anything in your home or office from anywhere. Whether adjusting the light or temperature of your living room or managing daily chores, these things are now easily manageable with minimal human interaction. The concept of integrating millions of devices into a virtual world, and communicating with them at anytime from anywhere, makes IoT an attractive technology for enterprises as well. There are huge expectations for the IoT in terms of solving business challenges, increasing productivity, and improving customer experience.

In the past few months, we have seen many examples of companies embracing this new technology to improve their businesses. Google acquired the maker of the Nest Learning Thermostat for 3.2 billion dollars. IBM and AT&T joined hands to develop IoT solutions for municipalities and medium-sized utilities. They will focus on integrating and analyzing data collected from transport vehicles, cameras, and other connected devices. Many tech companies have also taken new initiatives toward the development of IoT by creating a foundation called AllSeen Alliance to encourage adoption of new standards to be used in devices and services for IoT. Cisco predicts that by 2020, over 50 billion devices will be connected to the Internet. This does not include just computers, Smartphones, and tablets, but cars, watches, vending machines, and many more devices. Cisco has already started working on developing new technologies and services to adapt to this new trend, creating an entirely new department dedicated to IoT.

Continue reading…

Business & the Cloud Archives - Page 3 of 18 - The Privacy Post

3

Protection Against Phishing Attacks in the Cloud

Posted by on Apr 8, 2014

Implement strong security practices to protect your critical resources from phishing attacks.
Image from Flickr user Richzendy

With the growth in Internet, there has been an increase in security attacks. It is almost safe to say that these days nothing is secure in the electronic medium. “Phishing attacks” are one of the major security issues that lead to massive data breaches. In a phishing attack the attacker attempts to gather sensitive user information such as usernames, passwords, or credit card details by pretending as a legitimate entity in the electronic communication. Phishing attacks are typically carried out by spoofing a legitimate website or an email, and it directs the user to provide details to the fake website or email. Attackers usually spoof popular banking sites, online payment processors, or social networking sites. According to security experts, generally twenty to thirty thousand phishing attacks occur everyday.

Continue reading…

Business & the Cloud Archives - Page 3 of 18 - The Privacy Post

2

Newly Discovered Vulnerability in Microsoft Word May Allow for Remote Cyber Attacks

Posted by on Apr 3, 2014

The zero day vulnerability of Microsoft word targets RTF files.
Image from Trirat P’s photobucket

Microsoft Word is a widely used application. For many of us, a day does not go by without typing in something in the word document. Whether we are working on a school project or developing a report for office presentation, we tend to use this popular word processing program. Just imagine if the security of such a widely used application came under question. Recently, a vulnerability was found in all versions of Microsoft Word which allows attackers to take control of user’s computer remotely. The attack is triggered my maliciously crafted Rich Text Format (RTF) document in Microsoft Word or by opening a document in Outlook. The attacker can take advantage of this flaw to execute random codes on the targeted machine. Although Microsoft Word has some security features, like password protection, that  prevents unauthorized users from opening, modifying, and editing a word document, it is not enough to protect users against this new form of attack.

Continue reading…

Business & the Cloud Archives - Page 3 of 18 - The Privacy Post

1

Access Control Issues in a Cloud Computing Environment

Posted by on Apr 1, 2014

It is imperative that enterprises have secure access to data in the cloud.
Image from res.sys-con.com

Cloud computing allows enterprises to scale resources up and down as their needs require. The “pay-as-you-go” model of computing has made it very popular among businesses. However, one of the biggest hurdles in the widespread adoption of cloud computing is security. The multi-tenant nature of the cloud is vulnerable to data leaks, threats, and malicious attacks. Therefore, it is important for enterprises to have strong access control policies in place to maintain the privacy and confidentiality of data in the cloud. The cloud computing platform is highly dynamic and diverse. Current access control techniques, like firewalls and VLAN, are not exactly well-suited to meet the challenges of cloud computing environment. They were originally designed to support IT systems in an enterprise environment. In today’s cloud computing platform, thousands of physical and virtual machines are added and removed every day, and the current access control mechanisms are not enough to handle this dynamic environment.

Continue reading…

Business & the Cloud Archives - Page 3 of 18 - The Privacy Post

3

The Ploutus Predicament: New ATM Malware Allows Hackers to Remotely Access Cash

Posted by on Mar 27, 2014

Ploutus malware

Ploutus malware allows attacker to take control of  ATM machines remotely.
Image source: symantec.com

The recent major data breach at Target has been an eye-opener that showed how malware infected Point-Of-Sale (PoS) devices can be exploited to gather huge amounts of credit and debit card data. Malware attacks are on the rise these days. The reason why most of these attacks are successful is because most of the malware being used is new and unknown, and no defense mechanisms are in place to counter it. Another new form of malware, called Ploutus, is targeting ATM machines and allowing cyber criminals access cash. In order to install this malware, the hacker needs to be able to physically access the ATM machine. Therefore, in the majority of cases it is seen that standalone ATM machines, especially the ones in convenience stores, become victims of data breaches. The ATM machines in banks are usually more secure than standalone ATM machines, and have a heavy physical shield protecting them from unauthorized access.

Continue reading…