Posted by Kalyani M. on May 13, 2014
There has been significant growth in the number of individuals working remotely or telecommuting in recent years. Remote connections, also called VPNs, are an attractive alternative for many businesses; they increase employee productivity, save company expenses, and require less maintenance. In order for this large workforce to carry out business effectively and efficiently, it is important to focus on the security of remote access technologies. It is necessary to extend the concept of “confidentiality, integrity, and availability” to the remote access devices that have direct connections to corporations’ secure data and network resources.
There is no doubt about the fact that virtualization has made our life easier by providing access to corporate home bases, anytime from anywhere. The remote services allow us to get our tasks done without having to be physically present in the office. This is an excellent option for employees with a lengthy commute between office and home, and those who need to care for children or family members. Unfortunately, remote access services are one of the most exploited IT resources in today’s time and age. Enterprises invest huge amounts of money to provide remote services; however, much less is invested to make the connections secure. Vulnerable remote access connections provide easy access to any intruder hoping to gain entry to a company’s sensitive information. From a lack of secure network configuration, to weak passwords and poor endpoint security, there are several loopholes that can lead to major data breaches.
Let us take a look at the security risks associated with remote access services:
It appears that virtual workspaces and cloud computing are here to stay. As long as giving employees the option to work remotely pays off for companies, there will be a need fo remote access connections. Therefore, enterprises should invest in strengthening remote access solutions, in order to ensure better security and confidentiality of corporate data.
True Privacy with SpiderOak: Secure remote access requires implementation of best security practices for better security of data. SpiderOak believes in “zero-knowledge” privacy, and implements strong security controls, such as 256 bits AES and two factor authentication for protection of sensitive information. It allows you to encrypt your files and folders before sending them to the cloud. Even SpiderOak cannot read your data because the keys used for encryption only belong to you. It is impossible for someone to gain control of your data by hacking into SpiderOak. SpiderOak offers amazing products, like SpiderOak Hive and SpiderOak Blue, to help you secure consumer and enterprise data. SpiderOak Blue provides enterprises with a fully private cloud service featuring all of the benefits of cloud storage along with 100% data privacy. And for the average web user, SpiderOak offers the same protections with lower costs and smaller storage space. Sign up for this product today.
Posted by Kalyani M. on May 8, 2014
Cloud computing provides effective connectivity and easy access to the latest computing resources. This technology has become extremely popular among businesses because of its flexibility and cost effectiveness. Gradually, the education sector is also making a transition to cloud services. Many school districts are embracing cloud computing to improve academic delivery and learning, provide personalized student attention, and reduce infrastructure costs. Schools are encouraging students to use commercial cloud services for sending emails, storing and sharing documents, and for other educational purposes. By outsourcing email and data storage services, school districts are saving a lot of money that was earlier spent on server space, hardware, software, and technical support. Continue reading…
Posted by Kalyani M. on May 6, 2014
Credit card hacks and data breaches are on the rise these days. Recently, retail giant Target became a victim of a massive data breach that affected millions of customers. Cyber criminals are also using the cloud environment for launching cyber attacks. As more businesses are moving towards adopting cloud-based services, the risk of security breaches increases.
Posted by Kalyani M. on May 1, 2014
Despite its numerous benefits, security has always been a major concern in cloud computing. The more that enterprises rely on cloud services, the more new security risks will appear on the horizon. Many times security researchers have expressed their concern regarding insider threats to the cloud. Insider threats pose a major security risk to clients. These days we are seeing major data breaches due to abuse of privileged user rights and other internal threats. Given the widespread adoption of cloud computing, it won’t be long before all of our assets and applications are residing there. Therefore, we need to understand the scope of insider attacks in order to develop defense mechanisms against them.
Posted by Kalyani M. on Apr 22, 2014
Cloud computing is considered a game changer in terms of how organizations plan, implement, and execute their IT strategies. The flexibility to add more resources and applications at a reasonable price seems unbeatable. While cloud computing offers so many benefits to businesses, its security and trustworthiness has always been in question. Security is an extremely important requirement for any IT application, as nobody wants their data to be accessed by unauthorized users. The multi-tenant nature of cloud computing platform has made it an attractive target for cyber criminals. An attacker can exploit the security gaps in the cloud-computing environment to launch attacks, and can remain undetected. The ability to leave no trace of an attack is the biggest security challenge for this service. Cloud computing simply has not achieved thorough readiness in the digital forensic area. The lack of resources and evidence makes it difficult to conduct research and analysis of cloud-based cyber attacks.
Posted by Kalyani M. on Apr 15, 2014
A major security bug, “Heartbleed”, has been making major headlines recently. The security vulnerability has infiltrated many well-known websites, and affected millions of users. It was discovered in some versions of OpenSSL, utilized by thousands of websites. OpenSSL is an encryption technology that uses TLS/ to secure communication over the Internet, and protect sensitive user information like usernames, passwords, credit card numbers, and financial data. Therefore, the exploitation of this critical bug allows cyber criminals to gain access to personal details of millions of Internet users. More information makes an attacker stronger, and opens the door to many more intrusions.
The bug was identified by a group of security engineers at Codenomicon while they were working on improving the security features of the company’s security testing tools. Heartbleed could be considered as one of the biggest security threats in Web security, because it exposes the contents of a server’s memory, where most sensitive user data is stored. This vulnerability allows anyone on the Internet to read the memory of systems protected by vulnerable versions of OpenSSL. It can compromise the private keys used for encrypting communication and identifying trusted sources on the Internet. The most worrisome aspect of this news is that this vulnerability existed for two years and was not detected until recently.
Posted by Kalyani M. on Apr 10, 2014
The “Internet Of Things” (IoT) was once an emerging term in the technology market, but it’s safe to say we’ve reached a point in which many, households and businesses are significantly affected by this concept. IoT gives you the power to control anything in your home or office from anywhere. Whether adjusting the light or temperature of your living room or managing daily chores, these things are now easily manageable with minimal human interaction. The concept of integrating millions of devices into a virtual world, and communicating with them at anytime from anywhere, makes IoT an attractive technology for enterprises as well. There are huge expectations for the IoT in terms of solving business challenges, increasing productivity, and improving customer experience.
In the past few months, we have seen many examples of companies embracing this new technology to improve their businesses. Google acquired the maker of the Nest Learning Thermostat for 3.2 billion dollars. IBM and AT&T joined hands to develop IoT solutions for municipalities and medium-sized utilities. They will focus on integrating and analyzing data collected from transport vehicles, cameras, and other connected devices. Many tech companies have also taken new initiatives toward the development of IoT by creating a foundation called AllSeen Alliance to encourage adoption of new standards to be used in devices and services for IoT. Cisco predicts that by 2020, over 50 billion devices will be connected to the Internet. This does not include just computers, Smartphones, and tablets, but cars, watches, vending machines, and many more devices. Cisco has already started working on developing new technologies and services to adapt to this new trend, creating an entirely new department dedicated to IoT.
Posted by Kalyani M. on Apr 8, 2014
With the growth in Internet, there has been an increase in security attacks. It is almost safe to say that these days nothing is secure in the electronic medium. “Phishing attacks” are one of the major security issues that lead to massive data breaches. In a phishing attack the attacker attempts to gather sensitive user information such as usernames, passwords, or credit card details by pretending as a legitimate entity in the electronic communication. Phishing attacks are typically carried out by spoofing a legitimate website or an email, and it directs the user to provide details to the fake website or email. Attackers usually spoof popular banking sites, online payment processors, or social networking sites. According to security experts, generally twenty to thirty thousand phishing attacks occur everyday.
Posted by Kalyani M. on Apr 3, 2014
Microsoft Word is a widely used application. For many of us, a day does not go by without typing in something in the word document. Whether we are working on a school project or developing a report for office presentation, we tend to use this popular word processing program. Just imagine if the security of such a widely used application came under question. Recently, a vulnerability was found in all versions of Microsoft Word which allows attackers to take control of user’s computer remotely. The attack is triggered my maliciously crafted Rich Text Format (RTF) document in Microsoft Word or by opening a document in Outlook. The attacker can take advantage of this flaw to execute random codes on the targeted machine. Although Microsoft Word has some security features, like password protection, that prevents unauthorized users from opening, modifying, and editing a word document, it is not enough to protect users against this new form of attack.
Posted by Kalyani M. on Apr 1, 2014
Cloud computing allows enterprises to scale resources up and down as their needs require. The “pay-as-you-go” model of computing has made it very popular among businesses. However, one of the biggest hurdles in the widespread adoption of cloud computing is security. The multi-tenant nature of the cloud is vulnerable to data leaks, threats, and malicious attacks. Therefore, it is important for enterprises to have strong access control policies in place to maintain the privacy and confidentiality of data in the cloud. The cloud computing platform is highly dynamic and diverse. Current access control techniques, like firewalls and VLAN, are not exactly well-suited to meet the challenges of cloud computing environment. They were originally designed to support IT systems in an enterprise environment. In today’s cloud computing platform, thousands of physical and virtual machines are added and removed every day, and the current access control mechanisms are not enough to handle this dynamic environment.