Wear a smartwatch and you could cause a data breach that brings your organization to its knees. Install an anti-virus product on any one of your endpoints and you could compromise the security of key enterprise applications.
Smartwatches and certain anti-virus products are just a small sample of the growing number of shocking application security threats. Just like more familiar application security threats such as code injection, cross site scripting and buffer overruns, the threats they pose can be critical.
This article discusses five emerging application security threats:
- PIN and password inference software
- Mobile app collusion
- Anti-virus software
- Voice-activated attacks
The Ponemon Institute has published a new study ‘The 2016 Global Cloud Data Security Study.’ Commissioned by Gemalto, the study surveyed more than 3,400 IT and IT security practitioners worldwide to gain a better understanding of key trends in data governance and security practices for cloud-based services.
According to 73 percent of respondents, cloud-based services and platforms are considered important to their organization's operations and 81 percent said they will be more so over the next two years. In fact, 36 percent of respondents said their companies' total IT and data processing needs were met using cloud resources today and that they expected this to increase to 45 percent over the next two years.
Although cloud-based resources are becoming more important to companies' IT operations and business strategies, 54 percent of respondents did not agree that their companies have a proactive approach to managing security and complying with privacy and data protection regulations in cloud environments. This is despite the fact that 65 percent of respondents said their organizations are committed to protecting confidential or sensitive information in the cloud. Furthermore, 56 percent did not agree their organization is careful about sharing sensitive information in the cloud with third parties such as business partners, contractors and vendors.
Cloud security and shadow IT
According to respondents, nearly half (49 percent) of cloud services are deployed by departments other than corporate IT, and an average of 47 percent of corporate data stored in cloud environments is not managed or controlled by the IT department. However, confidence in knowing about all cloud computing services in use is increasing. 54 percent of respondents are confident that the IT organization knows all cloud computing applications, platform or infrastructure services in use - a 9 percent increase from 2014.
Conventional security practices do not apply in the cloud
In 2014, 60 percent of respondents felt it was more difficult to protect confidential or sensitive information when using cloud services. This year, 54 percent said the same. Difficulty in controlling or restricting end-user access increased from 48 percent in 2014 to 53 percent of respondents in 2016. The other major challenges that make security difficult include the inability to apply conventional information security in cloud environments (70 percent of respondents) and the inability to directly inspect cloud providers for security compliance (69 percent of respondents).
More customer information is being stored in the cloud and is considered the data most at risk
According to the survey, customer information, emails, consumer data, employee records and payment information are the types of data most often stored in the cloud. Since 2014, the storage of customer information in the cloud has increased the most, from 53 percent in 2014 to 62 percent of respondents saying their company was doing this today. 53 percent also considered customer information the data most at risk in the cloud.
Security departments left in the dark when it comes to buying cloud services
Only 21 percent of respondents said members of the security team are involved in the decision-making process about using certain cloud application or platforms. The majority of respondents (64 percent) also said their organizations do not have a policy that requires use of security safeguards, such as encryption, as a condition to using certain cloud computing applications.
Encryption is important but not yet pervasive in the cloud
Seventy-two percent of respondents said the ability to encrypt or tokenize sensitive or confidential data is important, with 86 percent saying it will become more important over the next two years, up from 79 percent in 2014. While the importance of encryption is growing, it is not yet widely deployed in the cloud. For example, for SaaS, the most popular type of cloud-based service, only 34 percent of respondents say their organization encrypts or tokenizes sensitive or confidential data directly within cloud-based applications.
Many companies still rely on passwords to secure user access to cloud services
67 percent of respondents said the management of user identities is more difficult in the cloud than on-premises. However, organizations are not adopting measures that are easy to implement and could increase cloud security. About half (forty-five percent) of companies are not using multi-factor authentication to secure employee and third-party access to applications and data in the cloud, which means many companies are still relying on just user names and passwords to validate identities. This puts more data at risk because 58 percent of respondents say their organizations have third-party users accessing their data and information in the cloud.
Recommendations for data security in the cloud
The new realities of Cloud IT mean that IT organizations need to set comprehensive policies for data governance and compliance, create guidelines for the sourcing of cloud services, and establish rules for what data can and cannot be stored in the cloud.
IT organizations can accomplish their mission to protect corporate data while also being an enabler of their Shadow IT by implementing data security measures such as encryption that allow them to protect data in the cloud in a centralized fashion as their internal organizations source cloud-based services as needed.
As companies store more data in the cloud and utilize more cloud-based services, IT organizations need to place greater emphasis on stronger user access controls with multi-factor authentication. This is even more important for companies that give third-parties and vendors access to their data in cloud.
About the survey
The survey was conducted by the Ponemon Institute on behalf of Gemalto and surveyed 3,476 IT and IT security practitioners in the United States, Brazil, United Kingdom, Germany, France, Russian Federation, India, Japan and Australia who are familiar and involved in their company's use of both public and private cloud resources.
Zscaler is warning organizations to plan ahead for security threats and network performance issues linked to coverage of the Olympic Games, which commence on 5th August in Rio.
Cybercriminals are aware that users will be searching for convenient ways to stay up-to-date with the latest sporting action, forcing enterprises to roll out revised security policies that ensure the security of users watching, searching for, or downloading associated sporting coverage.
Most critically, organizations need to consider their exposure to phishing and malware attempts, exploitation of mobile applications and how this will impact business continuity. ThreatLabZ research from past events found that 80 percent of ‘Olympic’ web domains were found to be scams or spam, pinpointing the need for increased business vigilance.
The legal profession is transforming itself, especially in the area of compliance. Lawyers are an invaluable part of a compliance program. They provide important perspective and understanding of risk, they help a company to assess and navigate legal risks and they interface with regulators and enforcement agencies.
The most effective compliance programs usually are built around a strong partnership between a chief compliance officer and a general counsel. They are natural partners, assuming that egos do not get in the way, and should work together to advance the company’s compliance program.
Lawyers have two very specific benefits that should be incorporated into an effective compliance program.
Charleston, W.Va. — If you were affected during the June storms and have questions about legal issues such as repair contracts, working with contractors, replacing wills and other legal documents, you might be eligible to get free legal counseling from a group of West Virginia lawyers who have volunteered limited legal help.
Disaster legal Services provides legal assistance to low-income individuals who, prior to or because of the disaster, have little recourse to legal services as a consequence of a major disaster.
A partnership among the Federal Emergency Management Agency (FEMA), the West Virginia State Bar, and Legal Aid of West Virginia provides eligible callers 24/7 access to a toll free legal hotline, 877-331-4259. Callers may leave a message and will be matched with a local attorney.
Local legal aid providers might help you with:
- Assistance with FEMA and other government benefits available
- Assistance with life, medical, and property insurance claims
- Help with home repair contracts and contractors
- Replacement of wills and other important legal documents lost or destroyed in the disaster
- Consumer protection issues such as price-gouging and avoiding contractor scams in the rebuilding process
- Counseling on mortgage-foreclosure problems
- Counseling on landlord-tenant problems
There are some limitations on disaster legal services. For instance, if a case might produce a fee, or where attorneys are paid as part of a court settlement, you’ll be referred to a local lawyer.
Understanding how the business climate is changing will allow to you start looking at how you may need to change your recovery and resiliency strategies.
I was recently talking with my father who was in the convenience store and gasoline distribution business his entire career. We were talking about planning and how the business climate changes over time. He mentioned that when pay-at-the-pump devices first came to stations, his company resisted implementing them. Their convenience store model was to get customers to walk into the store to pay so they would purchase additional items. Their money was not made on gas sales, but on the sale of store items (beverages, candy, etc.). My father was an advocate of putting the new pumps in. He saw it as being more important than just having customers walk into the store, but instead making sure that customers were comfortable using the store for both gas purchases and quick stops for other items. If they got in the habit of using a different store to get gas because of pay-at-the-pump, they would likely stop at that store for drinks and other items as well. The result: a lost customer.
Do you know how your business climate may be evolving? Do your current processes or paradigms still meet customer needs and desires? In previous blogs and presentations, we have encouraged those in continuity planning to learn about their business processes. Understanding how the business climate is changing – and how business processes and functions may be changing along with that – will allow to you start looking at how you may need to change your recovery and resiliency strategies.
Consider the items below as you identify how your business may be changing.
We know that ransomware is a menace for just about everyone, but the health care industry has been hit unusually hard by this particular type of attack. In fact, according to Solutionary’s Security Engineering Research Team (SERT) Quarterly Threat Report for Q2 2016, the health care industry represented 88 percent of all ransomware detections during the second quarter.
Think about that number for a moment. Ransomware seems to be everywhere, yet, 88 percent of detections were in one industry. Education and finance were second and third, at 6 and 4 percent, respectively.
Now, it must be noted that we may not be getting the full picture, as Solutionary threat intelligence communication manager Jon-Louis Heimerl told SC Magazine, after pointing out that the analysis was based on actual ransomware activities:
AUSTIN, Texas – Two important deadlines are ahead for Texans who are considering a loan through the U.S. Small Business Administration for recovery from the May-June storms and flooding.
Most survivors who registered with FEMA for disaster assistance were contacted by the SBA with information on the agency’s low-interest disaster loans, as well as instructions on how to complete the loan application.
The deadline to submit the application for physical damage is Aug. 10. The deadline for businesses to submit a loan application for economic injury is March 11, 2017.
The SBA is the federal government’s primary source of money for the long-term rebuilding of disaster-damaged private property, offering low-interest disaster assistance loans to businesses of all sizes, private nonprofit organizations, homeowners and renters.
Survivors may apply online using the electronic loan application via SBA’s secure website at disasterloan.sba.gov/ela.
Disaster loan information and application forms are also available from SBA’s customer service center by calling 800-659-2955 or emailing email@example.com. Individuals who are deaf or hard‑of‑hearing may call 800-877-8339. For more disaster assistance information or to download applications, visit sba.gov/disaster.
Completed applications should be mailed to:
U.S. Small Business Administration
Processing and Disbursement Center
14925 Kingsport Rd.
Fort Worth, TX 76155
SBA loan applications should be submitted even as disaster survivors await an insurance settlement. The loan balance is reduced by the settlement. SBA loans may also be available for losses not covered by insurance.
The SBA encourages Texans who suffered damage or loss from the May-June storms and flooding complete the SBA loan application they received. There is no obligation to take a loan if offered. If approved, and a survivor does not accept the loan, it may make one ineligible for additional federal assistance.
Homeowners may borrow up to $200,000 from SBA to repair or replace their primary residence.
Homeowners and renters may borrow up to $40,000 to repair or replace personal property.
Businesses may borrow up to $2 million for any combination of property damage or economic injury. SBA offers low-interest working capital loans—called Economic Injury Disaster Loans—to small businesses and most private nonprofit organizations of all sizes.
# # #
FEMA’s mission is to support our citizens and first responders to ensure that as a nation we work together to build, sustain, and improve our capability to prepare for, protect against, respond to, recover from, and mitigate all hazards.
Download fema.gov/mobile-app to locate open shelters and disaster recovery centers, receive severe weather alerts, safety tips and much more.
Your organization probably already has more data than it knows what to do with. Yet, it's quite likely you're overlooking, disregarding, unaware of, or unable to access important information that could directly affect analyses and business outcomes.
It doesn't matter what your universe of data is -- enterprise data or a combination of internal and external data sources -- important nuggets of information may be missing.
"Companies are collecting more data, but often struggle with what to do with it," said Dave Hartman, president and founder of technology advisory firm Hartman Executive Advisors. "Data can be extremely overwhelming in its raw form."
A 12 Month Look Back at Business Transformation Through True Software Defined Storage
MELVILLE, NY – FalconStor Software® Inc. (NASDAQ: FALC), a 16-year innovator of software-defined storage solutions, has enjoyed an unprecedented response from enterprise customers, MSPs, and OEMs since first releasing its groundbreaking FreeStor® software platform one year ago. Globally, FreeStor now manages the data of more than 250 customers, representing a who's who of companies including Nintendo, Fujitsu, Volkswagen, and Hitachi, and numerous organizations through MSP and OEM partners.
"The industry is moving toward storage environments built on commodity hardware and will continue to be differentiated by software and services. Technologies like the FreeStor platform are crucial at not only simplifying data management and protection but freeing the organizations from vendor-specific solutions and constraints," said Lynda Stadtmueller, Vice President Cloud Computing Services at Frost & Sullivan. "Technology leadership that contributes to the ongoing adoption of software-defined storage is welcomed by the market, and in particular by MSPs, CSPs and storage suppliers who need greater flexibility in designing modern storage solutions."
FreeStor's horizontal, heterogeneous software-defined storage platform helps these organizations attain maximum flexibility, operational efficiency, and economic value out of existing storage environments, future storage investments, and seamlessly transition to new paradigms like public cloud, hybrid cloud, as well as heterogeneous flash and disk storage. Cloud and Managed Service Providers in FalconStor's ecosystem use FreeStor to deliver these benefits to their end users. FreeStor's predictive analytics provides real-time and historical analytics across heterogeneous storage systems to better manage capacity, performance, and availability. FreeStor's unified data services are also delivered across the entire storage infrastructure with always-on availability and continuity, enabling users to move, synchronize and protect data seamlessly across virtual and physical storage platforms.
Since its debut only one year ago, FreeStor's accomplishments include:
- Added the industry's first intelligent predictive analytics across heterogeneous storage with real-time and over time insights from a single dashboard, regardless of storage vendor or location
- Developed cloud-connected Backup-as-a-Service (BaaS) and Disaster-Recovery-as-a-Service (DRaaS) offerings for more value to MSPs and Cloud Service Providers without cloud vendor lock-in or added hardware and complexity
- Delivered integration with OpenStack, Oracle VM, and SAP HANA
- Hypervisor agnostic support for VMWare, Hyper-V, Xen, and KVM
- FalconStor's total number of FreeStor customers in the first half of 2016 is up over 50 percent compared to all of 2015.
- FreeStor capacity sold in 1H16 is 1100% more than what was sold in all of 2015
- One of the top global accounting firms is now using FreeStor to deliver data protection, recovery, business continuity and data migration
- German utility service provider Saarbrücker Stadtwerke deployed FreeStor to build its state-of-the-art data centers and data services offerings
- 15 worldwide MSPs now use FreeStor to deliver top-tier services for their clients
IT Service Provider LG CNS is using FreeStor to deliver Korea's first enterprise-class DRaaS deployment with global follow-the-sun availability
- Received nearly a dozen media and industry awards, including four Product of the Year awards
"FreeStor helps us to provide infrastructure services that support our business to provide the highest levels of availability and data security," said Sandor Orban, Technical Lead Infrastructure Services at Sunrise Communications Group AG, the largest private telecommunications provider in Switzerland. "While the future is always changing, we know that FreeStor will be able to help us further optimize our environment, continuing the trend to consolidate and reduce costs without compromising our customer values."
"Our customers in the three verticals we support, especially in finance, are looking for differentiators -- ways to separate out the various managed service providers and pick the one with the most critical technologies and varied support," said Gabriel Enzo Gagliardi, CEO of Imptech, one of Latin America's largest MSPs. "Our clients needed a solution that could promote better utilization, reducing overall storage costs and migrate data seamlessly when the need arises. We felt the FreeStor platform could provide our customers with an intelligent and flexible technology layer that enables common, efficient and cost-effective storage services, and centralized management of storage resources across an organization."
"In an era of hardware commoditization, it can be difficult for end users to distinguish one product from another, so integration and partnerships are critical for demonstrating innovation and value," said Yann Rolland, CEO of Synerway, a vendor of storage appliances based in France. "FalconStor has developed a truly groundbreaking portfolio that transforms data center operations and gives end users the unified and modernized approach to protection and recovery that enterprises want."
"This past year has been one of remarkable success in both our technology development and the embrace of some very distinct market segments -- enterprises, service providers, and hardware vendor partners -- each of which have different requirements, yet each find FreeStor to be the best solution for modernizing their storage environments," said Gary Quinn, FalconStor President and CEO. "The introduction of FreeStor also signified a remarkable new shift or pivot point for the company, and while any progress comes with unique growing pains, I have confidence in our team and our vision for making enterprise storage more efficient and available, without regard to growing data volumes or architectural complexity. FreeStor is setting these users free."
FreeStor is sold via subscription pricing to enable users to pay-as-they-grow, based on capacity, eliminating the unpredictability of capacity expansion and renewal costs often associated with traditional storage platforms. MSPs resell FreeStor as a branded service to their own clients or use FreeStor internally to manage client data across disparate systems and environments. OEMs integrate FreeStor, often private-labeled, to gain the competitive edge of a far more sophisticated and powerful storage management option than they could develop in-house. For more information visit https://falconstor.com/page/630/why-freestor.
FalconStor Software® Inc. (NASDAQ: FALC) is a leading software-defined storage company offering a converged data services software platform that is hardware agnostic. Our open, integrated flagship solution, FreeStor®, reduces vendor lock-in and gives enterprises the freedom to choose the applications and hardware components that make the best sense for their business. We empower organizations to modernize their data center with the right performance, in the right location, all while protecting existing investments. FalconStor's mission is to maximize data availability and system uptime to ensure nonstop business productivity while simplifying data management to reduce operational costs. Our award-winning solutions are available and supported worldwide by OEMs as well as leading service providers, system integrators, resellers and FalconStor. The Company is headquartered in Melville, N.Y. with offices throughout Europe and the Asia Pacific region. For more information, visit www.falconstor.com or call 1-866-NOW-FALC (866-669-3252).
FalconStor, FalconStor Software, FreeStor, and Intelligent Abstraction are trademarks or registered trademarks of FalconStor Software, Inc., in the U.S. and other countries. All other company and product names contained herein may be trademarks of their respective holders.