Cloud Security Archives - Page 2 of 13 - The Privacy Post

4

Security in the Age of Telecommuting: Ensuring Remote Access Connections Are Protected

Posted by on May 13, 2014

There are security risks to address with remote data access. Make sure your company is taking the necessary steps.
Image from Ludovic.ferre via wikimedia.org

There has been significant growth in the number of individuals working remotely or telecommuting in recent years. Remote connections, also called VPNs, are an attractive alternative for many businesses; they increase employee productivity, save company expenses, and require less maintenance. In order for this large workforce to carry out business effectively and efficiently, it is important to focus on the security of remote access technologies. It is necessary to extend the concept of “confidentiality, integrity, and availability” to the remote access devices that have direct connections to corporations’ secure data and network resources.

There is no doubt about the fact that virtualization has made our life easier by providing access to corporate home bases, anytime from anywhere. The remote services allow us to get our tasks done without having to be physically present in the office. This is an excellent option for employees with a lengthy commute between office and home, and those who need to care for children or family members. Unfortunately, remote access services are one of the most exploited IT resources in today’s time and age. Enterprises invest huge amounts of money to provide remote services; however, much less is invested to make the connections secure. Vulnerable remote access connections provide easy access to any intruder hoping to gain entry to a company’s sensitive information. From a lack of secure network configuration, to weak passwords and poor endpoint security, there are several loopholes that can lead to major data breaches.

Let us take a look at the security risks associated with remote access services:

  • Use of third party services for data storage: Many businesses prefer to store their data on third party storage devices, requiring a remote connection to access this information. Oftentimes, it is seen that, when data is stored in cloud-based services, enterprises lose the control over the security of the information. It comes down to the security controls and defenses implemented by the third party vendor for the security of data in their storage systems. Whenever it is decided to move data to the cloud, it is important to go through the service level agreement thoroughly, determine what security controls are implemented by the provider, examine whether or not they comply with HIPAA or PCI DSS rules and regulations, and look closely at how they store and manage data. A few years back, a vulnerability left Dropbox user accounts open and accessible to anyone with the technical skill to exploit it. There was a significant lack of proper patch management. Imagine the amount of personal data somebody could have accessed by exploiting this technical glitch. The biggest lesson learned from this incident is that the remote connections need to be monitored continuously to keep track of vulnerabilities and implement the necessary mitigation strategies to resolve them.
  • Poor configuration: There are a variety of remote access solutions available, from command-line based to visually driven packages. Remote access solutions come with a certain level of security gaps that can be exploited to gain unauthorized access. Some of these vulnerabilities arise due to improper configuration of remote access connections. These devices need to configured in such a way that they comply with all security rules and regulations, like HIPAA and PCI DSS, just the same as the devices used within a company’s offices are set up.
  • Weak Passwords: Weak passwords are another major area of concern that could lead to remote access devices being compromised. In order to connect to the corporate network or data, employees are asked to provide credentials. Employees should have strong passwords to protect their accounts and corporate data from unauthorized access. These should be at least 8 characters long, and include a combination of letters, numbers, and special characters. They need to be changed frequently (after 30 or 60 days) in order to maintain strength against hackers. Enterprises should implement these practices in their security policies.
  • Lack of monitoring and patch management: Remote access connections should be monitored and scanned on a regular basis to detect any security loopholes and new threats. Software needs to be updated and patched as soon as new versions and fixes are released. Proper monitoring and patch management protects remote access solutions from being compromised by unauthorized users.

It appears that virtual workspaces and cloud computing are here to stay. As long as giving employees the option to work remotely pays off for companies, there will be a need fo remote access connections. Therefore, enterprises should invest in strengthening remote access solutions, in order to ensure better security and confidentiality of corporate data.

True Privacy with SpiderOak: Secure remote access requires implementation of best security practices for better security of data. SpiderOak believes in “zero-knowledge” privacy, and implements strong security controls, such as 256 bits AES and two factor authentication for protection of sensitive information. It allows you to encrypt your files and folders before sending them to the cloud. Even SpiderOak cannot read your data because the keys used for encryption only belong to you. It is impossible for someone to gain control of your data by hacking into SpiderOak. SpiderOak offers amazing products, like SpiderOak Hive and SpiderOak Blue, to help you secure consumer and enterprise data. SpiderOak Blue provides enterprises with a fully private cloud service featuring all of the benefits of cloud storage along with 100% data privacy. And for the average web user, SpiderOak offers the same protections with lower costs and smaller storage space. Sign up for this product today.

 

Cloud Security Archives - Page 2 of 13 - The Privacy Post

1

Protecting Student Data in the Cloud

Posted by on May 8, 2014

college students working in computer lab

Educational institutions should take measures to make sure student data in the cloud is protected.
Image source: University of Salford Press Office via wikimedia.org

Cloud computing provides effective connectivity and easy access to the latest computing resources. This technology has become extremely popular among businesses because of its flexibility and cost effectiveness. Gradually, the education sector is also making a transition to cloud services. Many school districts are embracing cloud computing to improve academic delivery and learning, provide personalized student attention, and reduce infrastructure costs. Schools are encouraging students to use commercial cloud services for sending emails, storing and sharing documents, and for other educational purposes. By outsourcing email and data storage services, school districts are saving a lot of money that was earlier spent on server space, hardware, software, and technical support. Continue reading…

Cloud Security Archives - Page 2 of 13 - The Privacy Post

2

Managing PCI DSS Compliance in Cloud Computing

Posted by on May 6, 2014

It’s important for cloud services to comply with PCI DSS standards.
Image from Flickr user Sean MacEntee

Credit card hacks and data breaches are on the rise these days. Recently, retail giant Target became a victim of a massive data breach that affected millions of customers. Cyber criminals are also using the cloud environment for launching cyber attacks. As more businesses are moving towards adopting cloud-based services, the risk of security breaches increases.

Continue reading…

Cloud Security Archives - Page 2 of 13 - The Privacy Post

5

Threats from Within: Dealing with Insider Attacks in Cloud Computing

Posted by on May 1, 2014

unlocked padlock

Insider threats pose a significant risk to enterprise security.
Image from Flickr user: elhombredenegro

Despite its numerous benefits, security has always been a major concern in cloud computing. The more that enterprises rely on cloud services, the more new security risks will appear on the horizon. Many times security researchers have expressed their concern regarding insider threats to the cloud. Insider threats pose a major security risk to clients. These days we are seeing major data breaches due to abuse of privileged user rights and other internal threats. Given the widespread adoption of cloud computing, it won’t be long before all of our assets and applications are residing there. Therefore, we need to understand the scope of insider attacks in order to develop defense mechanisms against them.

Continue reading…

Cloud Security Archives - Page 2 of 13 - The Privacy Post

0

Exploring the Digital Forensic Challenges that Come with Cloud Computing

Posted by on Apr 22, 2014

Digital forensics challenges in the cloud.
Image from ccfis.net.

Cloud computing is considered a game changer in terms of how organizations plan, implement, and execute their IT strategies. The flexibility to add more resources and applications at a reasonable price seems unbeatable. While cloud computing offers so many benefits to businesses, its security and trustworthiness has always been in question. Security is an extremely important requirement for any IT application, as nobody wants their data to be accessed by unauthorized users. The multi-tenant nature of cloud computing platform has made it an attractive target for cyber criminals. An attacker can exploit the security gaps in the cloud-computing environment to launch attacks, and can remain undetected. The ability to leave no trace of an attack is the biggest security challenge for this service. Cloud computing simply has not achieved thorough readiness in the digital forensic area. The lack of resources and evidence makes it difficult to conduct research and analysis of cloud-based cyber attacks.

Continue reading…

Cloud Security Archives - Page 2 of 13 - The Privacy Post

4

“Heartbleed” Security Flaw Affects Millions of Users and Sends Internet into Panic Mode

Posted by on Apr 15, 2014

heartbleed

Security bug “Heartbleed” allows hackers to access sensitive user information. Image from Wikimedia Commons

A major security bug, “Heartbleed”, has been making major headlines recently. The security vulnerability has infiltrated many well-known websites, and affected millions of users. It was discovered in some versions of OpenSSL, utilized by thousands of websites. OpenSSL is an encryption technology that uses TLS/ to secure communication over the Internet, and protect sensitive user information like usernames, passwords, credit card numbers, and financial data. Therefore, the exploitation of this critical bug allows cyber criminals to gain access to personal details of millions of Internet users. More information makes an attacker stronger, and opens the door to many more intrusions.

The bug was identified by a group of security engineers at Codenomicon while they were working on improving the security features of the company’s security testing tools. Heartbleed could be considered as one of the biggest security threats in Web security, because it exposes the contents of a server’s memory, where most sensitive user data is stored. This vulnerability allows anyone on the Internet to read the memory of systems protected by vulnerable versions of OpenSSL. It can compromise the private keys used for encrypting communication and identifying trusted sources on the Internet. The most worrisome aspect of this news is that this vulnerability existed for two years and was not detected until recently.

Continue reading…

Cloud Security Archives - Page 2 of 13 - The Privacy Post

1

The Impact of Internet of Things on Enterprise Security

Posted by on Apr 10, 2014

internet of things

The Internet of Things
Image from www.thomasvanmanen.nl/

The  “Internet Of Things” (IoT)  was once an emerging term in the technology market, but it’s safe to say we’ve reached a point in which many, households and businesses are significantly affected by this concept. IoT gives you the power to control anything in your home or office from anywhere. Whether adjusting the light or temperature of your living room or managing daily chores, these things are now easily manageable with minimal human interaction. The concept of integrating millions of devices into a virtual world, and communicating with them at anytime from anywhere, makes IoT an attractive technology for enterprises as well. There are huge expectations for the IoT in terms of solving business challenges, increasing productivity, and improving customer experience.

In the past few months, we have seen many examples of companies embracing this new technology to improve their businesses. Google acquired the maker of the Nest Learning Thermostat for 3.2 billion dollars. IBM and AT&T joined hands to develop IoT solutions for municipalities and medium-sized utilities. They will focus on integrating and analyzing data collected from transport vehicles, cameras, and other connected devices. Many tech companies have also taken new initiatives toward the development of IoT by creating a foundation called AllSeen Alliance to encourage adoption of new standards to be used in devices and services for IoT. Cisco predicts that by 2020, over 50 billion devices will be connected to the Internet. This does not include just computers, Smartphones, and tablets, but cars, watches, vending machines, and many more devices. Cisco has already started working on developing new technologies and services to adapt to this new trend, creating an entirely new department dedicated to IoT.

Continue reading…

Cloud Security Archives - Page 2 of 13 - The Privacy Post

3

Protection Against Phishing Attacks in the Cloud

Posted by on Apr 8, 2014

Implement strong security practices to protect your critical resources from phishing attacks.
Image from Flickr user Richzendy

With the growth in Internet, there has been an increase in security attacks. It is almost safe to say that these days nothing is secure in the electronic medium. “Phishing attacks” are one of the major security issues that lead to massive data breaches. In a phishing attack the attacker attempts to gather sensitive user information such as usernames, passwords, or credit card details by pretending as a legitimate entity in the electronic communication. Phishing attacks are typically carried out by spoofing a legitimate website or an email, and it directs the user to provide details to the fake website or email. Attackers usually spoof popular banking sites, online payment processors, or social networking sites. According to security experts, generally twenty to thirty thousand phishing attacks occur everyday.

Continue reading…

Cloud Security Archives - Page 2 of 13 - The Privacy Post

2

Newly Discovered Vulnerability in Microsoft Word May Allow for Remote Cyber Attacks

Posted by on Apr 3, 2014

The zero day vulnerability of Microsoft word targets RTF files.
Image from Trirat P’s photobucket

Microsoft Word is a widely used application. For many of us, a day does not go by without typing in something in the word document. Whether we are working on a school project or developing a report for office presentation, we tend to use this popular word processing program. Just imagine if the security of such a widely used application came under question. Recently, a vulnerability was found in all versions of Microsoft Word which allows attackers to take control of user’s computer remotely. The attack is triggered my maliciously crafted Rich Text Format (RTF) document in Microsoft Word or by opening a document in Outlook. The attacker can take advantage of this flaw to execute random codes on the targeted machine. Although Microsoft Word has some security features, like password protection, that  prevents unauthorized users from opening, modifying, and editing a word document, it is not enough to protect users against this new form of attack.

Continue reading…

Cloud Security Archives - Page 2 of 13 - The Privacy Post

1

Access Control Issues in a Cloud Computing Environment

Posted by on Apr 1, 2014

It is imperative that enterprises have secure access to data in the cloud.
Image from res.sys-con.com

Cloud computing allows enterprises to scale resources up and down as their needs require. The “pay-as-you-go” model of computing has made it very popular among businesses. However, one of the biggest hurdles in the widespread adoption of cloud computing is security. The multi-tenant nature of the cloud is vulnerable to data leaks, threats, and malicious attacks. Therefore, it is important for enterprises to have strong access control policies in place to maintain the privacy and confidentiality of data in the cloud. The cloud computing platform is highly dynamic and diverse. Current access control techniques, like firewalls and VLAN, are not exactly well-suited to meet the challenges of cloud computing environment. They were originally designed to support IT systems in an enterprise environment. In today’s cloud computing platform, thousands of physical and virtual machines are added and removed every day, and the current access control mechanisms are not enough to handle this dynamic environment.

Continue reading…