Category: Data protection

Data protectionUse cases

Threats to Cloud Security

Posted on

Although most organizations are shifting their data to the cloud, security of such data has remained a serious challenge. For you to plan on how to handle the risks, it is good for you to first understand the risks posed to your data in the cloud service. The on-demand nature of this service poses a threat to the data. As it has been noted, with cloud services, one can bypass the organization and setup their own accounts in the cloud, and this has to be handled.
The following are the threats to cloud security:

1. Data breaches
Most of the threats faced by the cloud are similar to those of a traditional corporate network, but because of the huge amounts of data stored in the cloud servers, the providers themselves are highly targeted. The sensitive of the cloud data determines how severe the breach can be in case it occurs. Breaches regarding health information, intellectual property and trade secrets can be more severe compared to breaches on financial information. In case a data breach happens, the company may end up facing criminal charges, lawsuits or fines. Investigating a breach and notifying customers about the same can be too expensive for the organization. It can lead to damaging of a brand and losing of a business, which might cost the organization for a number of years. Although cloud providers have implemented measures against security breaches, the organization should take responsibility of protecting their own data from leaking to unauthorized individuals.

2. Broken authentication
When a data breach occurs, the result may be weak passwords, lax authentication, and poor management of key or certificate. Identity management is a great challenge to organizations as they find it hard for them to assign roles to users based on their job. In some cases, the organization forgets to remove access for a particular user once they have left the organization or in case their job has changed.
Systems with multi-factor authentication mechanisms such as phone authentication, one-time passwords and smartcards are a great way of securing the cloud since they make it impossible for anyone to login through stolen or guessed passwords.
Some software developers leave cryptographic keys and other credentials in the source code and then leave these in public repositories such as the Github. There is a need for us to keep keys well secured, Keys should be rotated on a regular basis to make sure that attackers do not use them.

3. Hacked APIs and Interfaces
Each cloud service has APIs. These APIs and interfaces are used by IT geeks for management of the cloud service.
The availability and security of the cloud will be determined by how secure the APIs are. Third parties who rely on these APIs and interfaces pose a security risk. When you have weak APIs and interfaces, your organization will be exposed to security issues related to integrity, confidentiality, accountability and availability.
Since interfaces and APIs can be accessed from the outside internet, they form the most exposed part of the cloud.

4. Exposed system vulnerabilities
When program bugs and system vulnerabilities are exposed, they pose challenges to cloud computing. Organizations share databases, memory and some other resources, and this creates new surfaces for attacks.
Basic IT processes can be used or mitigation attacks based on system vulnerabilities. Some of the practices for countering this include prompt patch management, vulnerability scanning, and swift follow-up on matters which are reported.

5. Account hijacking
Cloud services are prone to phishing, software exploits and frauds since the attackers are capable of manipulating transactions, eavesdropping on their activities and even modify data in transmission. Some attackers know how to use the cloud service for the purpose of launching attacks.
Organizations should not allow account credentials to be shared between users and services, and multifactor authentication mechanisms should be implemented if possible. Each transaction which occurs should be monitored and ensure that it is traceable back to the owner. The credentials of each account should be highly protected from getting stolen.

6. Malicious insiders
This can be from a system administrator, former employee, business partner or a contractor. The agenda behind this may be a revenge or data theft. The insider can choose to manipulate the organization data or maybe destroy the whole infrastructure.
The best solutions include minimizing the level of access to accounts by users and control the process of key encryption.

Data protectionUse cases

The Need for Standards in Cloud Computing Security

Posted on

For enterprises to view cloud computing as the best choice for storage of their data, standards are of great essence. Most IT enterprises are working hard to ensure that they get a cloud which will help them cut on their expenses while achieving their business needs.

Today, most organisations allow only a percentage of their daily operations to be supported by the cloud. Although IT experts expect that the adoption of the cloud should accelerate in the near future, many enterprises are still wondering whether the cloud is the best solution for storing their data. The main source of fear is security. The enterprises are not sure of whether their data will be secure in the cloud.

They are also in need of creating an on-demand service while keeping compliance and industry compliance. The enterprises shy away from storing g their data in the cloud for fear that they are not protected. The cloud is porous in nature, and this makes it an attractive target by attackers and securing it has become more complex as the site.

Currently, there is no definition on what an effective cloud security is. There exist no standards defining what an effective cloud security might, and what is expected from both the providers and the users to ensure that the cloud data has been well secured. Instead of having these, the enterprises and providers are left to rely on data center standards, list of auditing specifications, industry mandates and regulatory requirements for provision of guidance on how the cloud environments should be protected.

Although this approach can make cloud computing to be somehow complex, it is a good approach to ensure that the cloud data is well secured. There is a need for both the enterprises and the cloud providers to ensure that they focus on the core elements of well secured cloud such as identity and access management, virtualisation security, content security, threat management and data privacy.

It is also good for the industry to consider the NIST (National Institute of Standards and Technology) specifications regarding the cloud security, so as to form a good foundation for protection of the data and services which are running in the cloud. Although most of the principles here were meant for the government organisations, they are very relevant and applicable in the private sector.

The guidelines provided by NIST are good for addressing serious issues regarding cloud security such as identity and access management, architecture, trust, data protection, software isolation, incidence response, availability and compliance. The body also states the factors which organisations have to consider in relation to public cloud outsourcing. The CSA (Cloud Security Alliance) is a good source of knowledge for rules regarding how to secure data running in on-demand environment. Here, you will know more about the best practices for securing such data. With CSA, all the necessary guidelines which can help you know whether your cloud provider is doing what they can to secure your data are provided.

Working through such organisations is good as they will help both the customers and the provide in laying of a good groundwork for the purpose of creating a secure cloud environment. Security principles should be applied as much as possible when we are securing our cloud environments. With good standards for cloud computing, the enterprises will be much guaranteed that their data is safe in the cloud. This will improve their trust for the cloud provider, and they will make cloud computing the best solution to their IT needs. The current customers will be much assured of the security of their data.

Data protectionForensics

Logging Framework for Forensic Environments in Cloud Computing

Posted on

The field of cloud computing has attracted many researchers. It is good for you to know the conditions under which the data is stored in data centres or is processed, and then it becomes an interest for cloud computing forensics. The use of cloud computing in forensics has increased, and this is as a result of emergence of new technologies. The architecture of a cloud logging system is layered, and is composed of 5 layers, each with its own task. Let us discuss these layers:

The management layer
The modules which are responsible for most operations in the cloud can be found in this level, together with the ones targeted for the forensics, like the “Cloud Forensic Module”.

Virtualisation layer
This is the second layer in the architecture, and this is the layer in which we can find the servers and workstations which host our virtual machines. Although the virtual machines are the main building blocks in our environment, it is good for us to have virtualisation enabled in the hardware. A Local Logging Module should be installed in the Cloud Forensic Interface in the physical machine that we have. This will be the one tasked with gathering of the raw data from the virtual machines which are being monitored. The investigator can choose to adjust the amount of data, and they can select a particular virtual machine to monitor it, or maybe choose to monitor the whole activity which is taking place in the virtual machine.
For the data to be gathered reliably from your virtual machine, the local logging module has to be fully integrated with the running hypervisor inside our physical machine. We have to be keen on the kind of data which we intercept from the virtual machine, and then send it for further processing. It is possible for any activity to be intercepted, you will experience some penalties in terms of processing speed and timer.

Storage layer
This is the third layer in the logging architecture. It is where the RAW data which has been send from the modules which exist in the virtualisation layer is stored. The RAW data will be send by the logging modules in the form that it has been gathered from the hypervisor. From this, we can say that the layer has functionality similar to one of a distributed storage.

Analysing Layer
This is the fourth layer in the logging architecture. It is responsible for ordering, analysing, aggregating and processing the data which has been stored in our previous layer. As you might have noticed, the processes will use the computing resources intensively, and this calls for the analysing process to be done in an offline manner, and it is made available to the investigators immediately the job is ready. Once the process is completed, the investigators will be having all the relevant information regarding what happened in the remotely monitored machine, and they will be capable of navigating throughout the activities of the virtual machine so as to know what happened. In most cases, the layer is implemented in the form of distributed computing applications. This is mostly the case when the application needs a great computing power

Storage layer
This is the fifth layer in the architecture. This is where the results published from the rest of the layers is stored. This is the layer at which the forensics investigator will interact with the virtual machine snapshots they are monitoring, and this is done by use of the Cloud Forensic Module which is obtained from the Management layer.

Data protection

Improving SOC Efficiencies to Bridge the Security Skills gap

Posted on

Security alert storms are on the rise. Most organisations have chose to deploy more products for security and you have to know that each of the product will be having its own security alerts, workflows and interfaces.

These enterprises have gone ahead to recruit more security analysts so that they can deal with the increasing security alerts. However, most IT professionals lack security skills, and this is why enterprises have not found enough security analysts. Research has shown that the need for security analysts is increasing by 18% on an annual basis.

The question now is, how do enterprises solve this problem? Automation is the best solution to the problem. It will work by reducing on the amount of work that an analyst is expect to perform, but it will be hard for a junior to know the tricks of the trade.

The following are some of the measures which have been taken for the purpose of alleviating the skill-set gap:

Sharing knowledge and collaboration
Most tools for sales and marketing are focused on collaboration. Identify a tool which has succeeded in sales and marketing as this will give you any necessary information about the actions of the customers. Also, anyone who makes use of the system can share their experience with other users. Each SOC has to be ready to learn from the peer analysts and then take part in the operations workflow for SOC. When you build the collaboration as part of the SOC workflow, you will be in a position to detect any duplicate incidences which under investigation, and the junior analysts should be educated so that they can learn from the senior analysts.

Training and play-books
Creation of play-books is good as these will help the analysts read the process described therein and then adhere to them in their daily practices. Most tools for sales and marketing will make the individual work hard and in the proper way by reminding what their next step constantly, and the time they are expected to involve or collaborate with the others in the team. In SOC, this has to be done correctly so that the work of the analyst will not be interfered with in any way. The playbook should always be geared towards promoting the best practices which should be followed and these must have been developed over a period of time rather than in a faster manner. The play-books should not been seen as a static file sitting in your documents, but they should be seen as a repository which represent events which have taken place overtime. These will improve the productivity of the analyst, and at the same time make it easy for them to track future events.

Automation
This is best when some tasks have been repeated and they do not require any intervention by human beings. There are numerous such tasks in security and they just take us unnecessary time. In some cases, some cases will go un-investigated since the number of alerts will overwhelm the available videos porno security personnel. It is always good for us to automate the tasks which are complex for us to perform.

Searching and Learning Historically
The analyst can easily and quickly make decisions from the historical data they have from security incidences of the past. The data should be more than the log data, and should be analysed very well. When it comes to issues of security, you don’t need complex tasks for the purpose of alerts.
Tracking incidences using a closed loop
It is good for you to analyse metrics the response to an incidence, workload imposed on the analyst and the required skills over time and this will help you improve on your security posture in the organisation.

Data protection

Encryption of Data in the Cloud

Posted on

Many organisations are nowadays looking on how to take advantage of cloud computing, but security of their data remains a serious concern. However, there are several mechanisms which can help you in encrypting your data in cloud and ensure there is effective data protection.

As organisations grow in size, they experience security challenges which they lack knowledge and experience to handle. Although most IT experts conclude that encryption of cloud data is the key to security, the approach can be daunting, and especially for small to mid-sized businesses. The process of managing encryption keys in a cloud environment is not easy. The encryption key should be kept separate from the encrypted data, and this is a challenge, especially in a cloud environment with an asymmetrical growth.

Encryption keys should be stored in a separate storage block or server. To stay protected against disasters, the encryption keys should be backed up in offline storage. The backup needs to be audited on a regularly basis, probably each month to ensure that it is free from corruption. Although some of the keys will expire automatically, others need to be refreshed, thus, calling for the need for a refresh schedule. For improved security, the key themselves should be encrypted, while the master and recovery keys should be given a multi-factor authentication.

It is good for any organisation to let a third party manage the encryption keys rather than the IT department of the organisation. If you encrypt the data before uploading it to your cloud storage provider, and then it happens that the same data is needed on a remote or mobile device having no decryption keys, the downloaded data will be useless. In case the company is in need of sharing the data with their business partner, and they don’t need the partner to access the decryption keys directly, this will become complex.

The following are some of the criteria which can be used for encrypting data in the cloud:

Exercise discretion
You have to determine the percentage of your organisation data which is considered as being sensitive. You will find that majority of your organisation data does not need to be encrypted. With a ubiquitous encryption, the functionality of the application can be interrupted, most probably the search and report functionality, and these are very important in the today’s cloud model. A discretionary approach to encryption should ensure that the sensitive data has been secured without interference with the advantages associated with emerging technologies.

Adherence to security policy of the corporate
The security policy for your organisation can help you determine the sensitive information in the environment and then make use of the strategy to create a strategy for the encryption strategy. Both the internal and external regulations in relation to the business have to be considered.

Automation-ready encryption
Once you have agreed on what needs to be encrypted, an action should be taken. Security technologies should be leveraged for identification of sensitive information in the corporate, and the encryption should be used as a remediation tool for risky situations. Once this process has been automated, inappropriate exposure of data will have been mitigated in a content-aware manner.

Consider the human element
Any data security mechanisms must consider the needs of the end users. If the security program of the corporate interferes with the normal workflow of the users, they will have to seek for alternatives to bypass the corporate network entirely.

Cloud providers and their potential SaaS partners should be asked about the protocol they use when transmitting their data. The SSL (Secure Socket Layer) protocol is now not the best since the discovery of a man-in-the-middle attack discovered in 2014. This can only be solved by implementation of TLS rather than the SSL, but the problem comes in that systems running older operating systems such as Windows XP are not able to implement the TLS. This has made some businesses to continue using SSL despite the risk it poses of exposing confidential data. The main solution to this problem is disabling the SSL completely, either on the server or client side, but this will make it inaccessible by systems which rely only on SSL.

Data protectionSoftware

DLP (Data Loss Prevention) in the Cloud

Posted on

Most organizations have moved their sensitive data to the cloud, but they lack policy controls for the cloud data. Research has shown that 21% of the documents uploaded to the cloud have sensitive data such as protected health information (PHI), personally identifiable information (PII), intellectual property or payment card data and this creates concerns in terms of cloud compliance. In the year 2014, breaches in cloud data rose.
Most organizations have made an investment in tools for data loss prevention so as to protect loss or theft of their on-promise information and adhere to data compliance laws. The problem is that most of these tools have been made to protect data contained in emails and file servers, meaning that they address issues to do with mobile security and cloud governance since the data will always be passed to unsanctioned cloud services which are regularly accessed by unsecured devices. It has been found each average organizations will upload 3.1GB of data each day, and it is expected that 1/3 of organization data will be in the cloud by 2016. You have to recognize that migration of unprotected data to the cloud is risky, thus, there is a need for any organization to extend data prevention policies to take care of the data in the cloud to protect against being exposed.
Whenever you are addressing DLP, consider the following requirements:
1. Know the activity-level usage in your apps, and then use DLP to identify the activities dealing with sensitive data, anomalies and non-compliant behavior.
2. The cloud DLP software to be used should know the context which surrounds all the activity whenever you are dealing with sensitive data.
3. Restrictions and controls should be formulated in the organization to ensure that sensitive data is used safely.
4. Cloud activities should be tracked at app, user and activity level for compliance and auditing purposes.
5. Sensitive content which is residing in the cloud or moving to the cloud apps has been encrypted.

 

A number of tools for preventing data loss in the cloud have been developed. With NetScope Active Cloud, sensitive data for an organization can be protected from breaches and leaks. The tool provides advanced mechanisms for data loss prevention such as custom regular expressions, over 3000 data identifiers, support for over 500 file types, double-byte characters for international support, proximity analysis, exact match and fingerprinting. Once the tool detects some sensitive data, it use context for narrowing the content down, increasing the accuracy of detection and in reducing false positives.
Skyhigh is another DLP tool, and it extends the ability of an organization to protect against loss of data to the data stored in the cloud. With Skyhigh, DLP policies are enforced in a real-time manner, and we are provided with the capability to carry out an on-demand scan for the data which has been stored in the cloud so as to know whether we have some data outside the cloud policy. When configuring the DLP policies, you can choose a number of policy actions such as quarantine, alert, tombstone, or maybe choose to block the sensitive data from being uploaded to the cloud service. With Skyhigh, you are free to leverage the policies which you have created in other DLP solutions such as the EMC, Symantec, Websense and Intel McAfee using a closed loop remediation.
Symantec is also another tool which provides mechanism for data loss prevention in the cloud. It has partnered with Box, which is an online tool for file sharing and this improves the functionality of the tool. The tool is also expected to extend the data loss prevention of sensitive data which has been stored on mobile devices.

Data protection

Cloud computing security: things you must know

Posted on

One of the best game-changing revolutions of this particular era is Cloud Computing. The shift far from original on-premises applications and also data storage is undoubtedly well underway, with customers, small and middle sized companies, and big businesses putting data and applications into the cloud. The current issue is will it be secure to do this? Cloud Computing protection is undoubtedly the greatest concern amongst all those who are thinking about the technology. And when you are an IT manager, then it is great to be paranoid. Massive Losses from attack and cyber crime can be tremendous, and also the 2008 CSI Computer Security and Crime Survey demonstrate a standard average yearly damage of just below $300,000.

It might appear like the leap of trust to place your precious applications and data in the cloud, and even to believe in Cloud Computing security and safety to a 3rd party. However, belief is not a part of the situation, and neither ought it to be. Each and every business requirements to realize that its applications and data are safe and secure and the issue of the cloud computing protection should be tackled. The cloud comes with several security benefits.

Based on NIST, this particular cloud computing security benefits consist of:

-Moving public data to an external cloud decreases the publicity of delicate inner data
-Cloud homogeneity tends to make security testing/auditing easier
-Clouds allow automatic security management
-Disaster/Redundancy Recovery

All factors are effectively used. Cloud companies normally have a tendency to consist of rigorous cloud computing security as a part of their particular company models, frequently a lot more than an individual user might perform. To that end, it is not only an issue of the cloud computing companies implementing greater security measure, but the thing is, instead, that they deploy the safety precautions which individual companies ought to, however frequently do not.

The majority of application providers enforce a few standard of security for their applications, even though whenever cloud application providers apply their amazing strategies to Cloud Computing protection. Issues happen across international privacy laws and regulations, exposure of data to international choices, stovepipe solutions to authentication and role- dependent accessibility, and even leaks in the multi-tenant architectures.

Exceptional physical security from the Cloud Computing companies:
Deficiency of physical security is the trigger of a huge quantity of damage, and also insider attacks are the reason for the remarkably big percentage of damage. Even though the specter of the black hats cracking into your network from an underdeveloped country is certainly much real, it’s not uncommon that, the “black hat” is, in fact, a dependable employee. It is the person from accounting department with whom you have lunch. It is the woman who else gives you coffee early in the morning and remembers that you prefer two sugars. It is the latest college grad with a lot possible, who else does this type of great work on that final report.

Outstanding security from the cloud:
Apart from physical security measure, technical security is of the highest value. Hosting your individual applications and servers needs additional steps. A bigger business may need to employ dedicated IT employees for protection exclusively. Cloud computing, on the Furthermore, forms cloud computing protection straight into the cloud platform. While the business nevertheless should maintain private security in any situation, the provider makes sure that the data and applications are secure from attack. You no need to be worried about your data protection if you have cloud-based technology. Your data and applications will be risk-free.

Data protection

Different Solutions to Data Protection

Posted on

Data protection reliability and solutions are top points for any company with vision crucial digital information. Security and safety for digital resources include numerous components working in agreement, such as disaster recovery, accessibility protection from attack devastating damage, and also archival services. Quite simply, reliable data should be safe from both illegal accessibility or even vandalism and also the damage of physical devices, plus it is easily accessible to fulfill company requirements.

Data protection solutions can be found in numerous levels and will be offering company continuity and even data management effectiveness. IP or Intellectual property, protection is a supporting aim to make sure the company continuity.

At Application Level:

Security and safety can happen at the program or application level. This particular level relates to all those security solutions that are invoked in the interface among applications. Like an application may safeguard data without having an encrypted password; the security support provides this data. Whenever the information is used by receiving an application, an additional element of the particular service can quickly authenticate the user, permitting security protocols to occur in the code of an application.

Some other good examples of data protection solutions present in the application level are privacy services and data integrity solutions. Data could be encrypted by a program after that it is just decrypted whenever entered once again by that application to determine privacy parameters. Transmitted data could be examined by a receiving application for changes to the content to make sure the data integrity.

The IT Level and the Middleware:

Data protection solutions in this particular level might appear like ERP (enterprise resource planning) programs which might work as an umbrella across the organizational systems. This particular umbrella offers a constant security definition for every element, even though you may not this is a useful resource for significantly various department functions, for example, customer relationship versus accounting management or even distribution. Data access processes might almost all happen below this unique umbrella without having an activity of data outdoors of the limitations of the business network and even IT infrastructure.

Within Data Itself:

One potential upcoming way of data protection solutions concentrates on the incorporation of the security features in data files themselves. Security and authorization systems could be packed with a data file, including a level of security that might stay even though a file was jeopardized. Like several PDF files consist of an internal password and encryption challenges which safeguard its content, despite the fact that the file by itself will be or else available with a secure PDF reader.

Attempts for Your Data Protection:

Data protection solutions could be concentrated on more IP protection. Getting entry to mission crucial data is a primary element of company continuity. For that reason disaster recovery is an essential portion of data dependability.

Data that is available on an individual physical device or even in several media that are situated in the similar building operates the threat of enormous damage can be it from vandalism, fire or even natural disaster.

Remote solutions could be reached via safe internet connections, and they are an ideal supplement to dependability issues. Like a prolonged power outage or even equipment failure may make the data on the server useless for the time. Getting a backup that could be accessible to any laptop with an internet connection which returns data to the users’ hands rapidly and more efficiently.

As the data protection solutions carry on to develop together with IT technology, companies may much better depend on the dependability and protection of very sensitive data and even intellectual property. There are numerous solutions to data protection that can make you safe regarding your data and company privacy.