Business & the Cloud Archives - Page 4 of 18 - The Privacy Post

1

Cloud Security: Efficient and Reliable Encryption Key Management Crucial for Data Protection

Posted by on Mar 25, 2014

security in the cloud

It is important to manage encryption keys securely in the cloud.
Image from Flickr User FutUndBeidl

In our modern day and age, many enterprises are embracing cloud computing. However, one of the major concerns regarding cloud computing has always been security. Encryption in cloud computing is still in a state of flux and infancy. Some vendors provide encryption, while others don’t. There are different kinds of encryption schemes for securing data in the cloud, sometimes integrated within a system. Whenever a company decides it move its applications to the cloud, it considers several pros and cons before doing so. These are some of the questions that come to our minds before storing our data in the cloud- How the data is protected? Can we encrypt the data? How the encryption keys are managed? Who will have access to those keys?

The goal of encryption is to ensure that data stored in the cloud is protected against unauthorized access. Access to sensitive user data by third parties is a violation of privacy, and should never occur. In the light of PRISM revelations and major data breaches, like the recent Target breach, it is extremely important for enterprises to bolster cloud security. The surveillance programs by the U.S government have raised security concerns among many people. One of the things that worries end users the most is possible access to their personal data by parties without their knowledge or permission. Even globally, companies outside of U.S. have expressed security and privacy concerns regarding U.S.-based cloud companies. In order to restore the trust of their customers, companies need to take strides to strengthen their cloud security practices.

Continue reading…

Business & the Cloud Archives - Page 4 of 18 - The Privacy Post

0

Managing Disaster Recovery in the Cloud

Posted by on Mar 18, 2014

Cloud based disaster recovery is the most efficient and cost effective approach for data back up.
Image from www.clearpathsg.com.

Cloud computing is attracting many enterprises because of its easy deployment, cost effectiveness, and flexibility. One of the major advantages of cloud computing is its disaster recovery approach. With this system, enterprises have a cost effective disaster recovery plan in place, and do not have to worry about deployment and maintenance of IT infrastructure or resources for disaster recovery. Cloud computing gives a completely different approach to disaster recoveryIn this approach, the operating system, data and applications are integrated into a single software bundle or virtual server. This virtual server can be easily copied and backed up on an off-site data center within minutes. In comparison to the conventional disaster recovery approaches, this is extremely beneficial because it is hardware independent and therefore it is easy to transfer information from one data center to another without the burden of installing every component of the server. Cloud-based disaster recovery approach is extremely cost effective and dramatically reduces recovery time compared to traditional approaches.

Continue reading…

Business & the Cloud Archives - Page 4 of 18 - The Privacy Post

3

A United Front: Credit Unions & Congress Fight Back Against Data Theft

Posted by on Mar 13, 2014

Capitol building

Congress is working on legislation for stronger data security standards.
Image Courtesy of Glyn Lowe Photoworks

When it comes to enacting new protections and punishments for massive data breaches, like the sort recently suffered by Target stores, Congress and credit unions are joining forces to fight back. Data theft threatens virtually every industry, from online gambling and alternate currencies like Bitcoin, to established healthcare providers and insurance companies. So when it comes to protecting customer data, everyone has a hand to play and a vested interest in the outcome. Major credit unions and their representatives are pushing for stronger penalties for data breaches so that they won’t have to keep recouping the costs of identity theft that is most often the direct result of such breaches. And congressional leaders are forging ahead to enact tougher laws and disclosure requirements to take advantage of the public’s wave of frustration over lost credit card information. While pushing for strong legislation is definitely a great step towards stronger universal data security standards and consumer protections, enterprises shouldn’t wait around for Congress to decide on a final plan. Instead, proactive businesses should stay ahead of the curve while gaining fierce brand loyalty by keeping consumer data private and anonymous through secure cloud storage and sync solutions.

Continue reading…

Business & the Cloud Archives - Page 4 of 18 - The Privacy Post

3

Protecting Medical Records in a New Era of Health Insurance

Posted by on Mar 11, 2014

Courtesy of Greg Harbaugh/Feature Photo Service

With the healthcare system undergoing numerous changes, it’s important to make sure medical data is secure.
Courtesy of Greg Harbaugh/Feature Photo Service

Enterprises have scrambled to stay ahead of new regulations brought about by the Affordable Care Act, otherwise known as ObamaCare. The healthcare industry, however, is the most directly impacted by the law, as healthcare providers and insurance companies must prepare for an influx of new patients and a more widely insured populace. But as the insurance pool broadens, risk will be compounded as medical records and sensitive data becomes a brighter target for hacking and leaks. The best way to protect medical data in this new era of mandatory health insurance is through secure cloud storage and sync services that offer 100% data privacy and user anonymity. Anything less than full data privacy and security for medical records could result in damaged brands, exploited information, and increasingly costly HIPAA fines.

Continue reading…

Business & the Cloud Archives - Page 4 of 18 - The Privacy Post

0

Router Security In the Cloud: Enterprises Seek Data Protection for Remote Workers

Posted by on Mar 6, 2014

As router security becomes an increasing concern, companies with remote workers are seeking data protection in the cloud.
Image Source: Flickr User Cisco Hardware at Router-switch.com

For many enterprises, security has become a chief concern in the light of hacking, the spread of malware, and international cyber wars. The latest in the litany of worries over data safety comes from news of 300,000 compromised routers. While many enterprises operate on a much bigger scale than the small office and home office (SOHO) routers that were recently attacked, the growing popularity of enabling mobile workforce and work from home policies jeopardizes sensitive company data, due to the relative insecurity of such commonly used routers. Instead of scaling back worker mobility, enterprises can still take advantage of on-the-go work and work from home solutions by securing important corporate and consumer data in a private cloud service.

Continue reading…

Business & the Cloud Archives - Page 4 of 18 - The Privacy Post

7

Digital Currency Concerns: Bitcoin Security in the Cloud

Posted by on Mar 4, 2014

http://farm6.staticflickr.com/5544/10307542203_8ecae47c05.jpg

Bitcoin digital currency has been the focus of some attacks, but will it still gain traction among large enterprises?
Image Courtesy of Flickr User anatanacoins

For tech-savvy early adopters and enterprises seeking to stay ahead of technological innovations, Bitcoin has been presented as if it were a digital gold mine. This decentralized digital currency works through value transfers that are not yet regulated by any country, corporation, or bank. Bitcoin isn’t backed up by solid assets, so value tends to fluctuate with user investment, jumping from $150USD to $1,000USD in just a matter of months. While many enterprises have stayed away from Bitcoin use or investment until the legal issues are all cleared up, those that want to stay ahead of the curve can still take advantage of the currency while keeping their assets safe through private key storage and sync with a secure cloud service.

Continue reading…

Business & the Cloud Archives - Page 4 of 18 - The Privacy Post

4

Don’t Wait For Data Legislation: Get Ahead of It

Posted by on Feb 27, 2014

 

FCC Chairman Genachowski Speaks About Consumer Protection

In the wake of the stunning data breach suffered by Target late last year, proactive enterprises have already started to draft and enact better security standards to protect corporate and customer data. Such data breaches irreversibly tarnish brands by establishing a bad corporate reputation and losing consumer trust that can be incredibly hard to earn back. Congress has started to discuss legislation that would provide a federal security standard along with consumer protections, but instead of waiting around for legislation that must be responded to, the best enterprises will leverage technology in their favor by seeking out fully secure solutions to data storage and syncing. Being able to proactively protect data not only offers peace of mind, but also allows enterprises to market themselves as fierce defenders of their consumers’ privacy, earning lifelong trust and better branding.

Continue reading…

Business & the Cloud Archives - Page 4 of 18 - The Privacy Post

2

Generational Risk: Millennials & Data Security

Posted by on Feb 25, 2014

IT, Finance, & The Threat to Data Safety.
Image Source: Softchoice

Millennials are typically seen as the go-to generation for all things tech-related. So it may come as a big surprise that recent surveys indicate that lax generational views toward data security could jeopardize the safety of your enterprise’s data. This flies in the face of the recent trend of reverse mentoring, in which younger workers share their tech habits to older workers. When it comes to bad habits, such practices could cause entire organizations to adopt unsafe data storage and syncing techniques, leaving sensitive corporate information open to attack or leakage.

The best way to protect such data is through strong internal systems and the adoption of secure storage and sync services. A recent survey put out by Softchoice is changing the way enterprises view their Millennial workers. According to the research, 28.5% of 20-somethings have their passwords kept in plain sight. This is in comparison with 10.8% of Baby Boomers. So it’s clear that the common wisdom that younger generations are inherently more data-secure falls flat on its face. The survey also found that the lack of secure password storage went hand in hand with syncing sensitive files to unprotected devices for the convenience of working from home. As Millennials are more likely than other generations to push for mobile or work-from-home options, companies need to find secure solutions to handle this trend without putting their data at risk.

Continue reading…

Business & the Cloud Archives - Page 4 of 18 - The Privacy Post

4

NSA Surveillance Taking a Toll on U.S. Cloud Computing Companies

Posted by on Feb 20, 2014

The NSA surveillance might affect U.S. cloud computing companies negatively.
Image from firmex.com/

Recently we have examined both the conveniences and concerns regarding cloud services, and the conversation is most likely far from over. National Security Agency surveillance has definitely raised concerns about privacy of user data in cloud services. Documents leaked by Edward Snowden indicate that the NSA has been collecting huge amounts of user data by cracking encryption technologies, using backdoor methods, and in some cases providing legal notice. As enterprises are using well-known cloud services like Amazon or Google, the PRISM revelations might lead to a negative impact on U.S. cloud storage companies, as the surveillance activities of the spy agency have taken a toll on the reputation of technology companies. People are becoming increasingly concerned about the privacy and security of their data stored in the cloud.

The NSA is basically devising all possible ways to break the security controls on the web to track and collect huge amounts of user data. The news about the NSA cracking encryption of common online security products and placing secret doors at the access points can further undermine the confidence of foreign businesses. The NSA has been successful in cracking the majority of the encryption codes on the Web, by using supercomputers, technical trickery, court orders, and behind-the-scenes persuasion. Apart from deciphering the encryption of online products, the NSA has devised programs to deliberately insert vulnerabilities in commercial products, so that they may collect more information by exploiting those vulnerabilities. The NSA asks these companies to deliberately make changes to their products in undetectable ways like leaking encryption keys, making random number generator less random, adding a common exponent to a public-key exchange protocol, and so on.

According to research done by the information technology and innovation foundation (IITIF), NSA surveillance may end up costing U.S. cloud service companies $22 billion through 2016. The prediction by IITIF assumes that the U.S. might lose about 10% of its cloud computing market to European and Asian competitors. The United States is considered a leader in cloud computing usage and innovation, but PRISM revelations might cause a shift away from leading data storage providers like Google, Yahoo, and IBM. Salesforce.com recently lost one of their major clients due to government surveillance activities. This is just one example showing the negative impact of surveillance on cloud services. In the future, if the government does not take a stand on reforming the surveillance programs, cloud service companies in this country might have to bear huge loss.

Taking all of the security concerns into consideration, many companies have requested the government to allow them to publish a transparent report of mass data collection requests made my the NSA. In order to gain the trust of their customers, it is extremely important for cloud service providers to be transparent regarding the storage and sharing of sensitive user information. The government needs to take action towards reforming the surveillance program, and allow companies to reveal more details about what data has been requested of them by the government. It also needs to establish international transparency to gain the trust of foreign customers.

Similarly, cloud service providers also need to implement strong security controls to ensure better safety of their customers from surveillance programs. It would be wide for them to construct strong encryption standards such as 256 bit-AES for better security. Encryption has time and again proved to be the most secure method for protecting data in the cloud. The keys used for encrypting sensitive customer data should be managed effectively by periodic key rotation and re-encryption of data with new keys. Employees should be not be given more access than what is needed to complete their tasks. Cloud storage companies should require strong passwords, longer keys, or complex hash algorithms to make it difficult for anyone to access user data.

I believe by implementing security measures and being transparent data usage, companies can gain the trust of their customers, and those who have been enjoying the benefits of U.S. cloud services might think twice before moving to alternate services. Under the light of NSA surveillance, cloud startups whose prime goal is to secure their customer data will see a huge growth in their business in the near future.

Protect your personal data from NSA surveillance with SpiderOak: SpiderOak encrypts the files in your computer before uploading them to the server. As a result, you, and only you, have access to your unencrypted data. Even SpiderOak cannot read your data because the keys used for encryption only belong to you. It is impossible for someone to gain control of your data by hacking into SpiderOak. This way, even if programs like NSA’s PRISM continue to stand unchallenged, people can rest easy knowing that their data is truly protected. SpiderOak offers amazing products like SpiderOak Hive and SpiderOak Blue to secure consumer and enterprise data. SpiderOak Blue provides enterprises with a fully private cloud service featuring all of the benefits of cloud storage along with 100% data privacy. And for the average web user, SpiderOak offers the same protections with lower costs and smaller storage space. You can sign up for this product now.

 

Business & the Cloud Archives - Page 4 of 18 - The Privacy Post

3

Cloud Computing and Denial of Service Attacks: Examining the Vulnerability of NTP Servers

Posted by on Feb 18, 2014

Denial of Service Attacks on Cloud Services are becoming increasingly frequent.
Image from livehacking.com

Cloud services are becoming increasingly popular these days, both among the public and business enterprises. While convenient, Cloud services can be extremely vulnerable to Denial of Service attacks (DoS). As more organizations are relying on cloud computing technology for their business operations, denial of service attacks, one of the most common forms of attack on the cloud, can prove extremely damaging. A DoS attack makes your network or machine unavailable to the intended users by flooding them with connection requests. Within the eighth annual Worldwide Infrastructure Security Report from security provider Arbor Networks, it was revealed how cloud services increase the risk of attacks. The report indicated: “94% of data center operators reported security attacks, 76% had suffered distributed denial of service (DDoS) attacks towards their customers, while just under half (43%) had partial or total infrastructure outages due to DDoS and yet only 14% of respondents had seen attacks targeting any form of cloud service.”

Continue reading…