Cloud Security Archives - Page 3 of 13 - The Privacy Post

1

Cloud Security: Efficient and Reliable Encryption Key Management Crucial for Data Protection

Posted by on Mar 25, 2014

security in the cloud

It is important to manage encryption keys securely in the cloud.
Image from Flickr User FutUndBeidl

In our modern day and age, many enterprises are embracing cloud computing. However, one of the major concerns regarding cloud computing has always been security. Encryption in cloud computing is still in a state of flux and infancy. Some vendors provide encryption, while others don’t. There are different kinds of encryption schemes for securing data in the cloud, sometimes integrated within a system. Whenever a company decides it move its applications to the cloud, it considers several pros and cons before doing so. These are some of the questions that come to our minds before storing our data in the cloud- How the data is protected? Can we encrypt the data? How the encryption keys are managed? Who will have access to those keys?

The goal of encryption is to ensure that data stored in the cloud is protected against unauthorized access. Access to sensitive user data by third parties is a violation of privacy, and should never occur. In the light of PRISM revelations and major data breaches, like the recent Target breach, it is extremely important for enterprises to bolster cloud security. The surveillance programs by the U.S government have raised security concerns among many people. One of the things that worries end users the most is possible access to their personal data by parties without their knowledge or permission. Even globally, companies outside of U.S. have expressed security and privacy concerns regarding U.S.-based cloud companies. In order to restore the trust of their customers, companies need to take strides to strengthen their cloud security practices.

Continue reading…

Cloud Security Archives - Page 3 of 13 - The Privacy Post

0

Managing Disaster Recovery in the Cloud

Posted by on Mar 18, 2014

Cloud based disaster recovery is the most efficient and cost effective approach for data back up.
Image from www.clearpathsg.com.

Cloud computing is attracting many enterprises because of its easy deployment, cost effectiveness, and flexibility. One of the major advantages of cloud computing is its disaster recovery approach. With this system, enterprises have a cost effective disaster recovery plan in place, and do not have to worry about deployment and maintenance of IT infrastructure or resources for disaster recovery. Cloud computing gives a completely different approach to disaster recoveryIn this approach, the operating system, data and applications are integrated into a single software bundle or virtual server. This virtual server can be easily copied and backed up on an off-site data center within minutes. In comparison to the conventional disaster recovery approaches, this is extremely beneficial because it is hardware independent and therefore it is easy to transfer information from one data center to another without the burden of installing every component of the server. Cloud-based disaster recovery approach is extremely cost effective and dramatically reduces recovery time compared to traditional approaches.

Continue reading…

Cloud Security Archives - Page 3 of 13 - The Privacy Post

4

NSA Surveillance Taking a Toll on U.S. Cloud Computing Companies

Posted by on Feb 20, 2014

The NSA surveillance might affect U.S. cloud computing companies negatively.
Image from firmex.com/

Recently we have examined both the conveniences and concerns regarding cloud services, and the conversation is most likely far from over. National Security Agency surveillance has definitely raised concerns about privacy of user data in cloud services. Documents leaked by Edward Snowden indicate that the NSA has been collecting huge amounts of user data by cracking encryption technologies, using backdoor methods, and in some cases providing legal notice. As enterprises are using well-known cloud services like Amazon or Google, the PRISM revelations might lead to a negative impact on U.S. cloud storage companies, as the surveillance activities of the spy agency have taken a toll on the reputation of technology companies. People are becoming increasingly concerned about the privacy and security of their data stored in the cloud.

The NSA is basically devising all possible ways to break the security controls on the web to track and collect huge amounts of user data. The news about the NSA cracking encryption of common online security products and placing secret doors at the access points can further undermine the confidence of foreign businesses. The NSA has been successful in cracking the majority of the encryption codes on the Web, by using supercomputers, technical trickery, court orders, and behind-the-scenes persuasion. Apart from deciphering the encryption of online products, the NSA has devised programs to deliberately insert vulnerabilities in commercial products, so that they may collect more information by exploiting those vulnerabilities. The NSA asks these companies to deliberately make changes to their products in undetectable ways like leaking encryption keys, making random number generator less random, adding a common exponent to a public-key exchange protocol, and so on.

According to research done by the information technology and innovation foundation (IITIF), NSA surveillance may end up costing U.S. cloud service companies $22 billion through 2016. The prediction by IITIF assumes that the U.S. might lose about 10% of its cloud computing market to European and Asian competitors. The United States is considered a leader in cloud computing usage and innovation, but PRISM revelations might cause a shift away from leading data storage providers like Google, Yahoo, and IBM. Salesforce.com recently lost one of their major clients due to government surveillance activities. This is just one example showing the negative impact of surveillance on cloud services. In the future, if the government does not take a stand on reforming the surveillance programs, cloud service companies in this country might have to bear huge loss.

Taking all of the security concerns into consideration, many companies have requested the government to allow them to publish a transparent report of mass data collection requests made my the NSA. In order to gain the trust of their customers, it is extremely important for cloud service providers to be transparent regarding the storage and sharing of sensitive user information. The government needs to take action towards reforming the surveillance program, and allow companies to reveal more details about what data has been requested of them by the government. It also needs to establish international transparency to gain the trust of foreign customers.

Similarly, cloud service providers also need to implement strong security controls to ensure better safety of their customers from surveillance programs. It would be wide for them to construct strong encryption standards such as 256 bit-AES for better security. Encryption has time and again proved to be the most secure method for protecting data in the cloud. The keys used for encrypting sensitive customer data should be managed effectively by periodic key rotation and re-encryption of data with new keys. Employees should be not be given more access than what is needed to complete their tasks. Cloud storage companies should require strong passwords, longer keys, or complex hash algorithms to make it difficult for anyone to access user data.

I believe by implementing security measures and being transparent data usage, companies can gain the trust of their customers, and those who have been enjoying the benefits of U.S. cloud services might think twice before moving to alternate services. Under the light of NSA surveillance, cloud startups whose prime goal is to secure their customer data will see a huge growth in their business in the near future.

Protect your personal data from NSA surveillance with SpiderOak: SpiderOak encrypts the files in your computer before uploading them to the server. As a result, you, and only you, have access to your unencrypted data. Even SpiderOak cannot read your data because the keys used for encryption only belong to you. It is impossible for someone to gain control of your data by hacking into SpiderOak. This way, even if programs like NSA’s PRISM continue to stand unchallenged, people can rest easy knowing that their data is truly protected. SpiderOak offers amazing products like SpiderOak Hive and SpiderOak Blue to secure consumer and enterprise data. SpiderOak Blue provides enterprises with a fully private cloud service featuring all of the benefits of cloud storage along with 100% data privacy. And for the average web user, SpiderOak offers the same protections with lower costs and smaller storage space. You can sign up for this product now.

 

Cloud Security Archives - Page 3 of 13 - The Privacy Post

3

Cloud Computing and Denial of Service Attacks: Examining the Vulnerability of NTP Servers

Posted by on Feb 18, 2014

Denial of Service Attacks on Cloud Services are becoming increasingly frequent.
Image from livehacking.com

Cloud services are becoming increasingly popular these days, both among the public and business enterprises. While convenient, Cloud services can be extremely vulnerable to Denial of Service attacks (DoS). As more organizations are relying on cloud computing technology for their business operations, denial of service attacks, one of the most common forms of attack on the cloud, can prove extremely damaging. A DoS attack makes your network or machine unavailable to the intended users by flooding them with connection requests. Within the eighth annual Worldwide Infrastructure Security Report from security provider Arbor Networks, it was revealed how cloud services increase the risk of attacks. The report indicated: “94% of data center operators reported security attacks, 76% had suffered distributed denial of service (DDoS) attacks towards their customers, while just under half (43%) had partial or total infrastructure outages due to DDoS and yet only 14% of respondents had seen attacks targeting any form of cloud service.”

Continue reading…

Cloud Security Archives - Page 3 of 13 - The Privacy Post

3

Healthcare Data Security: Is Your Cloud Service Provider HIPAA compliant?

Posted by on Feb 13, 2014

HIPAA

Cloud service providers must comply with HIPAA guidelines. Image from qliqsoft.com

With healthcare data doubling every year, it can be extremely difficult for medical institutions to manage such a huge amount of information using traditional IT systems. This is one of the reasons why the healthcare industry is gradually moving towards the use of cloud services.  A cloud storage system allows organizations to place data on a centralized electronic system that can be accessed anytime from anywhere. Cloud services can help the healthcare industry to access and manage health records effectively in order to provide better patient care. A properly implemented cloud storage system allows hospitals to process tasks effectively and quickly, without causing a drop in performance. Cloud computing has proven extremely beneficial and cost effective for patients and healthcare providers.

Continue reading…

Cloud Security Archives - Page 3 of 13 - The Privacy Post

0

How Can Enterprises Ensure Security Against Cloud Security Breaches?

Posted by on Feb 11, 2014

Secure cloud storage for better security.
Image from transitionaldata.com

Cloud computing has become the driving force of today’s IT industry. More and more enterprises are moving towards this technology because of its flexibility, cost effectiveness, and easy deployment. According to the technology researchers at Gartner, the cloud services are expected to grow to $210 million by 2016. However, cloud computing is vulnerable to several security breaches and cyber attacks. The fact that the cloud hosts a tremendous amount of data makes them an attractive target for the cyber criminals. It is also extremely difficult to track or investigate cyber attacks on cloud services because of an ever changing set of users and data centers.

Continue reading…

Cloud Security Archives - Page 3 of 13 - The Privacy Post

2

New Security Technology “Honey Encryption” Deceives Hackers

Posted by on Feb 7, 2014

bee hive

Honey Encryption tricks hacker from getting access to your data.
Image from welivesecurity.com.

Security researchers have devised a unique method to trick the hackers trying to crack encrypted information. As you may know, encryption is one of the most effective methods of protecting data. However, it is seen that in many cases intruders are successful in getting into the system by trying different encryption-cracking methods. There are several sophisticated pieces of software that are capable of deciphering secure data. Keeping these security concerns in the forefront, two security researchers, Ari Juels and Thomas Ristenpart, from the University of Wisconsin Madison, have come up with a new encryption system called “Honey Encryption”.

Continue reading…

Cloud Security Archives - Page 3 of 13 - The Privacy Post

2

Wookie Gone Wrong: Tor-Enabled Malware ChewBacca Infects Dozens of Retailers

Posted by on Feb 4, 2014

Chewbacca infects Point of Sale terminals of retail stores.
Image from Arstechnica.com

The Point-of-Sale (PoS) malware attacks seem to be on the rise since last year. Many retailers like Target and Neiman Marcus became victims of such attacks. Recently, the RSA brought into light another PoS malware called “ChewBacca”. In the past three months, this Trojan has stolen credit and debit card information from dozens of retailers. While the majority of the retailers are based in the U.S., the attack has also been noticed in few other countries like Russia, Canada, and Australia. Due to lack of security controls on the PoS machines, they have become the easy target of financially motivated attacker, who is able to access millions of customer’s data. Let’s take a look at how the ChewBacca malware works. Continue reading…

Cloud Security Archives - Page 3 of 13 - The Privacy Post

7

Security Concerns with “The Internet of Things”

Posted by on Jan 28, 2014

There have been many recent security risks with connected devices.
Image from Cdn.decoist.com.

The Internet of Things has become an emerging trend in today’s age. As the number of devices connected via Internet grows, the risk of cyber attacks also increases. By connecting so many unsecured smart devices like TVs, refrigerators, etc. to the Internet, we are opening the doors to many malicious activities. Recently, a security research firm, Proofpoint, revealed an Internet of Things cyber attack that compromised more than 100,000 Smart TVs, refrigerators, and other smart appliances; 750,000 malicious email communications were sent out from these devices. Proofpoint noticed this attack during the holiday season, from December 23,2013, to January 6, 2014. The researchers observed thousands of malicious email messages coming a particular range of IP addresses. When they conducted further investigation, they realized that these messages are not coming from PCs, which are the most common medium for launching these attacks, but from unidentified devices running on the standard Linux platform. On pinging those devices, they found out that they were smart appliances connected within households.

According to Proofpoint, just as personal computers are compromised by botnets to launch attacks, cyber criminals are exploiting the vulnerabilities in smart home appliances by transforming them into “thingbots” to carry out malicious activities. One of the major intentions behind such kinds of attacks is to collect personal information about the victim. The more information the attackers have in their hands, the more powerful they become. Another reason why Internet connected devices have become more appealing to the attackers is because they have poor security controls and can be infected easily. The researchers of Proofpoint noticed during their investigation that the majority of the smart appliances were not configured properly or used default passwords. Unfortunately, when we talk about Internet security, most people visualize securing their laptops or tablets. We forget that other than our laptops, PCs, or Tablets, there are many more household appliances that are connected to the Internet, and it is equally important to implement security controls to protect them from attacks.

Lack of security awareness among the users of smart appliances it the most important reason why connected devices are more attractive to cyber criminals than PCs or laptops. People need to educate themselves about the vulnerabilities in the Smart appliances and implement recommended security controls to ensure protection. They should make sure that they change the default passwords of these devices before putting them to use. Users should always choose strong and complex passwords for better security, and change them on a regular basis. Often times, the industries developing these devices find it difficult to find and fix vulnerabilities compared to PCs and software appliances. They do not have the expertise or ability to patch the weaknesses in these devices. According to security expert Bruce Schneier, most common home routers run on old version of Linux operating system. The vulnerabilities may have been patched earlier, but it is extremely important to apply patches to them more frequently, because as the systems age their security vulnerabilities increases.

Implement security controls to protect smart homes from cyber attacks.
Image from Insurancejournal.com

In order to apply patches the users need to manually download and apply them. It is rarely done because the users are never alerted about security updates, nor do they have the expertise to monitor the systems regularly and update patches. So, the best way to ensure protection from malicious attacks is to change your default password, and replacing them with strong, difficult-to-crack passwords. Keep your appliances connected to the Internet only as long as required; if you do not need your devices, disconnect them from the Internet. The 24/7 availability of connected devices makes them more vulnerable to attacks. Lastly, take the security precautions of connected devices just as seriously as your PCs or laptops.

Secure cloud storage service that protects your data

SpiderOak is a secure cloud storage service that protects its user data from government surveillance. This service provides users with fully private cloud storage and syncing, featuring all of the benefits of the cloud along with 100% data privacy. SpiderOak is available with onsite deployment and private servers or outsourced deployment through a private and secured public cloud server, so that users and small businesses of all sorts and sizes can tailor the service to fit their needs.

SpiderOak protects sensitive user data with 256-bit AES encryption so that files and passwords stay private. Authorized accounts and network devices can store and sync sensitive data with complete privacy, because this cloud service has absolutely “zero-knowledge” of user passwords or data. And all plaintext encryption keys are exclusively stored on approved devices because SpiderOak never hosts any plaintext data. This way, even if programs like NSA’s PRISM continue to stand unchallenged, people can rest easy knowing that their data is truly protected. SpiderOak’s cross-platform private cloud services are available for users on Windows, Mac, and Linux platforms, along with Android and iOS mobile devices, allowing for full flexibility and mobile access. SpiderOak offers amazing products like SpiderOakHive and SpiderOak Blue to secure consumer and enterprise data. You can sign up for this product now.

 

Cloud Security Archives - Page 3 of 13 - The Privacy Post

7

Beware: Malware Distributors are Moving Towards Cloud Computing Services

Posted by on Jan 21, 2014

malware detection

Cloud services have become an attractive place for hackers.
Image from Cloudtimes.org

As has been the trend of businesses, the makers of malware are also moving towards cloud services because of its flexibility, cost effectiveness, and easy maintenance. Malware distributors are embracing cloud services as a method of hosting malicious codes and adware. They are doing so either by buying services directly from the cloud service providers, or by compromising them. By hiding behind the names of legitimate cloud service providers like Amazon and GoDaddy, they can effectively serve malware to millions of Internet users. Hackers can use the trusted IP addresses of these major cloud service providers to initiate malicious activities without getting blacklisted. The cloud enables them to quickly  and cheaply develop malware-infected sites, and bring them online. Some of these benefits of cloud computing have made cloud one of the attractive places for these malicious actors.

Continue reading…