Fall World 2016

Conference & Exhibit

Attend The #1 BC/DR Event!

Spring Journal

Volume 29, Issue 2

Full Contents Now Available!

Jon Seals

Point of presence offers both company’s customers expanded capabilities and reach

LONDON, United Kingdom – LDeX Group has today announced that Zayo will be the latest connectivity provider to launch a point of presence (PoP) at its second carrier neutral data centre facility, LDeX2, in Trafford Park, Manchester.

As a global provider of communications infrastructure, Zayo delivers high quality dark fibre, wavelengths, Ethernet and IP services to customers in the enterprise and wholesale sectors. Zayo complements LDeX’s existing list of Tier 1 carriers and ISPs, which are already on-net in the facility, offering customers that require high capacity bandwidth access to key connectivity locations via diverse dark fibre routes.

 

Rob Garbutt, LDeX Group’s CEO, said: “This point of presence will enable LDeX2 as a carrier neutral data centre and allow its customers to connect to approximately 19,000 on-net locations across Zayo’s global network. Attracting infrastructure providers such as Zayo to the facility aligns with our strategic plans to be the best-connected data centre operator in the UK.

 

“Zayo is already a provider of connectivity services for customers at our first London-based colocation facility so this is a logical extension of our relationship.”

 

“By connecting to LDeX2, Zayo is demonstrating its commitment to working with existing customers and partners to extend our network and bring more data centres and buildings on-net,” Alastair Kane, Managing Director of the UK and Ireland said.. “It is a great opportunity to offer both company’s customers extended capabilities and services.”

 

 

About LDeX Group

LDeX Group is an independent national carrier neutral datacentre and colocation operator providing best in class colocation, network connectivity and satellite services to an array of customers across the globe.

The company owns, operates and manages facilities in both London and Manchester, providing colocation and network services to a range of industry sectors to protect the availability of data, applications, ecommerce and online presence.

For further information, please visit the website: www.ldexgroup.co.uk

 

About Zayo

Zayo Group Holdings, Inc. (NYSE: ZAYO) provides Communications Infrastructure services, including fibre and bandwidth connectivity, colocation and cloud services to the world’s leading businesses. Customers include wireless and wireline carriers, media and content companies and finance, healthcare and other large enterprises. Zayo’s 87,000-mile network in the U.S. and Europe includes extensive metro connectivity to thousands of buildings and data centres. In addition to high-capacity dark fibre, wavelength, Ethernet and other connectivity solutions, Zayo offers colocation and cloud services in its carrier-neutral data centres. Zayo provides clients with flexible, customized solutions and self-service through Tranzact, an innovative online platform for managing and purchasing bandwidth and services. For more information, visit zayo.com.

Air Canada, San Diego Zoo and easyJet amongst 16 companies that have exposed credit card data during payments to their mobile websites and apps

 

Wandera has identified a vulnerability – dubbed CardCrypt – where customers’ personal data is being transmitted unencrypted from mobile devices

 

SAN FRANCISCO – Customers’ credit card information, passport data, purchase data and other Personally Identifiable Information (PII) was being sent unencrypted from smartphones when users were purchasing items from major brands’ mobile websites and apps.

 

Companies identified include easyJet*, Air Canada**, San Diego Zoo, AirAsia, Aer Lingus and 11 other companies, ranging from taxi firms (KV Cars in the UK and American Taxi in the US) to giftcard and event ticket providers (Sistic in Singapore). Notes to editors – each company has been notified about the vulnerability and a full list is included below the release.

 

Wandera has detected payment information leaking unencrypted from smartphones when users were accessing these companies’ mobile websites and apps during the purchase and upgrade processes, for example when booking a ticket or choosing a seat. The data includes complete credit card details, CVV security code, customer names, full addresses, transaction amounts and contact details. The exact information that was being leaked varies according to what details the individual company requests in order for the transaction to take place, but in nearly all cases, complete credit card data was detected ‘in the clear’ and in one case even detailed passport information was also revealed.

 

The 16 companies that have been identified have a combined 500,000 passengers and customers per day.

Examples:

  • Complete credit card data and passport details such as name, date of birth, passport number, expiry date and issuing country code were unencrypted when sent to Air Canada’s mobile website during the booking process. Air Canada has 38.0 million passengers a year.
  • Complete credit card data, customer addresses and transaction details were unencrypted when sent to San Diego Zoo’s mobile website during the main purchase process. San Diego Zoo has 5 million visitors a year.
  • Complete credit card data and transaction details were unencrypted when sent to AirAsia’s website during the check in process. AirAsia has 45.6 million passengers a year.

Dubbed ‘CardCrypt’ by Wandera, the flaw in all of the vulnerable websites and mobile apps is that they have not used a secure protocol (HTTPS) to secure and encrypt data connections between the browser or app on the user’s smartphone, and the company’s website, mobile website or backend web services. This means that the credit card information was instead transmitted ‘in the clear’, or unencrypted, over standard web connections i.e. HTTP. This weakness made the data freely available to be easily intercepted and used in wide-ranging identity theft and fraud.

 

It is a fundamental requirement of PCI DSS (Payment Card Industry Data Security Standards) to encrypt transmission of cardholder data across open public networks: “Sensitive information must be encrypted during transmission over public networks, because it is easy and common for a malicious individual to intercept and/or divert data while in transit”. Notes to editors - Reference Requirement 4, Page 46 of the latest PCI DSS v3.1 most recently updated April 2015.

 

“We believe there are two likely reasons why HTTPS has not been used, everywhere at all times.” comments Eldar Tuvey, CEO Wandera, the company that discovered the data leaks. “It could be a flaw in the coding, or it could be a case of relying on inadequate third party services or libraries. Either way, it’s astounding to me that these companies have failed to exercise sufficient care in the collection of their customers’ personal data.”

 

In one particular instance that Wandera has identified, a customer of Sistic, the Singapore-based ticket provider, purchased two tickets for Cirque du Soleil using the mobile app. Because he is an employee of a Wandera enterprise customer, Wandera secures his mobile device to protect against data leaks. In doing so, Wandera detected his entire credit card information, full name, address and transaction details being transmitted from the smartphone ‘in the clear’ and unencrypted. The employee was informed and has now cancelled his relevant credit cards.

 

Wandera has reported the issue to each company according to its responsible disclosure process prior to issuing this release. The company’s investigations are still ongoing and involve mobile users of other global brands, but it wanted to ensure users were alerted as soon as possible.

 

“The most alarming thing is that it is very likely that there are plenty of other brands who have made the same mistakes,” concludes Tuvey. “With lots of people booking journeys to go home for the Christmas holidays, it is worrying how much sensitive data could be put at risk.”

 

The 16 identified brands are:

 

UK & Europe

easyJet*

UK

Air travel

Aer Lingus

Ireland

Air travel

Chiltern Railways

UK

Rail travel

Dash Card services/parking****

UK

Parking services

KV Cars

UK

Taxis

Perfect Card.ie***

Ireland

Gift card

1 Robe.fr

France

Dress retailer

Oui Car

France

Taxis

US & Canada

Air Canada**

Canada

Air travel

San Diego Zoo

US

Tourist destination

CN Tower

Canada

Tourist destination

American Taxi

US

Taxis

Get Hotwired

US

Broadband provider

Tribeca Med Spa

US

Health spa

Rest of World

AirAsia

Malaysia

Air travel

Sistic

Singapore

Event ticket provider

 

* We are pleased to say that as of 9th December, 14:05, easyJet has confirmed there is no ongoing issue.

** Did not include the CVV code but did include Passport details

*** Only included card number and CVV

**** Included car registration, email address, mobile phone number

 

More information:

About Wandera

Wandera is the leader in mobile data security and management, protecting enterprises with real-time threat prevention, compliance and data cost management. Wandera’s multi-level architecture, which includes a pioneering cloud gateway for mobile, offers unrivalled visibility and control. With the industry’s largest mobile dataset, Wandera analyzes billions of daily inputs across its network in real-time to detect emerging mobile attacks and protect sensitive company data. Founded in 2012, Wandera is headquartered in San Francisco and London. For more information visit the website www.wandera.com

Wednesday, 09 December 2015 00:00

How the Colo Industry is Changing

LAS VEGAS – The business of providing colocation data center services is changing in numerous ways and for different reasons. Customers are getting smarter about what they want from their data center providers; enterprises use more and more cloud services, and the role of colocation data centers as hubs for cloud access is growing quickly as a result; technology trends like the Internet of Things and DCIM are impacting the industry, each in its own way.

Some of the trends are having a profound effect on the competitive makeup of the market, where even some of the largest players are making big strategic changes and spending lots of money on acquisitions to adjust to the new world they are doing business in.

Bob Gill, a research director at Gartner, outlined eight of the most consequential current trends in the colocation industry at the research and consulting giant’s annual data center operations summit here this week:

...

http://www.datacenterknowledge.com/archives/2015/12/09/whats-driving-change-in-the-colocation-data-center-industry/

If you don't want to send the wrong message, watch how you punctuate your texts. Text messages that end with a period are perceived to be less sincere than messages that do not, according to newly published research from Binghamton University. This finding has interesting implications for crisis communications messages.

A team of researchers led by Celia Klin, associate professor of psychology and associate dean at Binghamton University's Harpur College, recruited 126 Binghamton undergraduates, who read a series of exchanges that appeared either as text messages or as handwritten notes. In the 16 experimental exchanges, the sender's message contained a statement followed by an invitation phrased as a question. The receiver's response was an affirmative one-word response (Okay, Sure, Yeah, Yup). There were two versions of each experimental exchange: one in which the receiver's response ended with a period and one in which it did not end with any punctuation. Based on the participants' responses, text messages that ended with a period were rated as less sincere than text messages that did not end with a period.

...

http://www.continuitycentral.com/index.php/news/business-continuity-news/733-university-study-makes-interesting-finding-for-crisis-communications-messages

On 7th December 2015, the Luxembourg presidency of the Council reached an informal agreement with the European Parliament on common rules to strengthen network and information security across the EU.

The new directive will set out cybersecurity obligations for operators of essential services and digital service providers. These operators will be required to take measures to manage cyber risks and report major security incidents, but the two categories will be subject to different regimes.

Xavier Bettel, Luxembourg's Prime Minister and Minister for Communications and the Media, and President of the Council, said: "This is an important step towards a more coordinated approach in cybersecurity across Europe. All actors, public and private, will have to step up their efforts, in particular by increased cooperation between member states and enhanced security requirements for infrastructure operators and digital services".

The directive lists a number of critical sectors in which operators of essential services are active, such as energy, transport, finance and health. Within these sectors, member states will identify the operators providing essential services, based on clear criteria laid down in the directive. The requirements and supervision will be stronger for these operators than for providers of digital services. This reflects the degree of risk that any disruption to their services may pose to society and the economy.

...

http://www.continuitycentral.com/index.php/news/technology/736-agreement-made-on-eu-wide-rules-to-improve-cybersecurity

It’s been said that in the near future the enterprise won’t need to worry about hardware – data productivity will be driven by software-defined architectures sitting atop dumb, commodity boxes.

It’s also been said that before too long the enterprise won’t have to worry about architectures or middleware either – just push everything into the cloud and let someone else deal with service provisioning.

And now we have knowledge workers accessing enterprise resources through their own preferred client devices, easing up on the requirement to supply everyone with a PC.

...

http://www.itbusinessedge.com/blogs/infrastructure/its-role-in-an-automated-software-driven-enterprise.html

Pharmaceutical companies operate with a singular objective: bring drugs to market. This is how they profit, how they ensure that their products help the most people, and how they maintain the resources to continue innovating.

The lifecycle of drug development can be complex and onerous, despite improvements to the regulatory approval process over the past several years. Now, a trend sweeping the industry is forcing many pharmaceutical companies to decide under which circumstances they’re willing to divert resources from their mission of helping the masses.

Expanded Access, or “Compassionate Use,” refers to the use of an experimental drug not yet approved by the FDA to treat a critically ill patient outside of a clinical trial. The FDA received more than 1,800 requests for access to experimental drugs last year and, over the last five years, it has approved 99% of these requests.

...

http://www.riskmanagementmonitor.com/balancing-risk-and-compassion-life-sciences-companies-face-new-risks-from-expanded-access/

Nir Polak is CEO and Co-founder of Exabeam.

There’s one thing every heavily publicized data breach has in common: It wasn’t uncovered until it was too late. The breach at the U.S. Office of Personnel Management (OPM) in February was still active more than three months after security workers learned of it. In fact, many of them have another thing in common, preventative security measures weren’t enough to stop them.

Prevention has always been a major component of security. Firewalls stand at the perimeter of sensitive, private networks and attempt to keep every malicious file out. As the OPM breach and countless other disasters prove, though, it’s just not enough. More than 21 million records were compromised before the breach was detected in the first place. Prevention-focused initiatives have a place in cybersecurity, but there needs to be more. As we move into 2016 and confront new threats, detection needs to become an equally significant component of enterprise IT security standards. Like so many other parts of the enterprise, the answer to improving the approach to network security and eliminating disasters comes in the form of analytics derived from big data.

...

http://www.datacenterknowledge.com/archives/2015/12/08/detection-v-prevention-the-next-step-in-enterprise-security/

More organizations across a number of industries are looking at different ways to control storage and their data. Traditional storage solutions still have their place, but new methods are allowing IT shops a lot more flexibility in how they design their storage solutions, and flash is one of the most popular options. So is it really catching on? Is the world really going to solid-state?

Let’s examine one use case that’s been seeing a resurgence in the modern enterprise: VDI.

In the past, technologies like VDI were seen as heavy fork-lift projects which required time, resources, dedicated infrastructure, and big budgets. That has all changed with advancements within network, compute, and storage. Today, strong VDI offerings provide five-nines availability and greater scalability, as well as non-disruptive operations. With this in mind, it’s important to note that for a truly successful VDI deployment, all-flash storage should be part of the change in the VDI ecosystem. Ultimately, this will enable much higher performance for end users.

Often times, with sub-millisecond performance user experience with all-flash storage in the background is even better than the performance they had with physical devices and definitely better than VDI with spinning disks or even hybrid storage solutions. This type of technology has become one of the big change factors which now enable successful VDI deployments.


...

http://www.datacenterknowledge.com/archives/2015/12/08/understanding-role-flash-storage-enterprise/

Solid Business Development, Global Data Growth through Video and Smartphones Drive Milestone

 

FRANKFURT, Germany – For the second time in its 20th anniversary year, DE-CIX has broken traffic records at its Frankfurt Internet exchange. On December 8, 2015, DE-CIX measured the new active data traffic peak of 5 Terabit per second (Tbps). The milestone 4 Tbps-mark was first cracked in April of this year.

 

DE-CIX management attributes this strong increase to the excellent development of its business. An additional cause is the unending rapid data growth worldwide, which is driven predominantly by video content and the fast-moving expansion of Internet-enabled mobile devices like smartphones and tablets.

 

DE-CIX Customers Increase Capacity by Over 40 Percent

“We are surprised ourselves how strongly our customer capacities have ramped up this year and how much the data traffic on our Internet exchange in Frankfurt has grown,” states Harald A. Summa, DE-CIX CEO. “In total, the capacity booked by our customers at DE-CIX Frankfurt has increased by 40.3  percent, from 12.9 Terabit at the beginning of the year to 18.1 Terabit today. So far this year, we’ve also booked more than 50 100GE connections – that is double the number we’d expected for the entire year. Additionally, through the end of the year, we will have connected more than approximately 100 new networks.”

 

Despite this remarkable growth, DE-CIX is not bursting at its seams: the exchange’s infrastructure was completely modernized in 2013 and has a total capacity of 48 Terabit.

 

Video Content and Mobile Devices Drive Data Traffic Worldwide

A large driver for global data growth is primarily video content, which results from video streaming, HDTV via Internet, online gaming and user-generated content in social networks like YouTube or Facebook. In addition, the constantly growing number of mobile devices is clearly pushing worldwide data traffic higher, since these devices enable access to content from anyone, anywhere and at any time.

 

As an example, in its current Visual Networking Index, Cisco predicts that mobile data traffic will grow 10-fold between 2014-2019, which will be three times as fast as the traffic on fixed line networks. While mobile data traffic in 2014 represented only four percent of total IP traffic, the Cisco report predicts that that figure will grow to 14 percent by 2019.

 

About DE-CIX

DE-CIX provides premium Internet exchange (IX) services and operates several carrier-neutral and independent Internet exchanges internationally. Founded in 1995, DE-CIX has established an environment for the bilateral settlement-free exchange of Internet traffic, called peering. The company serves 800+ carriers, ISPs and content networks from 60+ countries, including all leading international players in various metro markets in Europe, the Middle East and North America. With 5+ Terabits per second of peak traffic, DE-CIX Frankfurt is the world’s leading Internet exchange. DE-CIX is your one-stop-shop for Peering, Interconnection and additional IX services. For more information, please visit www.de-cix.net.