Tag Archives: data

Protecting Medical Records in a New Era of Health Insurance

Courtesy of Greg Harbaugh/Feature Photo Service

With the healthcare system undergoing numerous changes, it’s important to make sure medical data is secure.
Courtesy of Greg Harbaugh/Feature Photo Service

Enterprises have scrambled to stay ahead of new regulations brought about by the Affordable Care Act, otherwise known as ObamaCare. The healthcare industry, however, is the most directly impacted by the law, as healthcare providers and insurance companies must prepare for an influx of new patients and a more widely insured populace. But as the insurance pool broadens, risk will be compounded as medical records and sensitive data becomes a brighter target for hacking and leaks. The best way to protect medical data in this new era of mandatory health insurance is through secure cloud storage and sync services that offer 100% data privacy and user anonymity. Anything less than full data privacy and security for medical records could result in damaged brands, exploited information, and increasingly costly HIPAA fines.

Continue reading

Waging the War for Online Privacy Rights

As governments crack down on whistleblowing around the world amidst revelations of massive citizen spying programs, everyday users wonder what they can do to protect their privacy rights. Some have backed strict privacy legislation while others migrate in large numbers to companies that provide strong encryption while protecting user data privacy and identities. But instead of waiting for large-scale systemic change, users can proactively safeguard their sensitive data and identities through secure cloud services. A good cloud service will never host plaintext, will always provide strong encryption, and will never host encryption keys. That way, even if the NSA served the cloud company a subpoena, all the legal snoops would be able to recover are unreadable blocks of data and no knowledge of which accounts belong to which users.

The NSA

Photo courtesy of huffpost.com

After learning about the NSA’s PRISM program, Internet users have grown to worry about the state of their online privacy rights. A recent study by Annalect surveyed online privacy concerns from June to July in 2013, the period in which news of the PRISM program broke out around the world. Concerns about online privacy amidst the PRISM program grew from 48% in June to 57% in July, for a big increase of 19%. This growth in security awareness has led to an increase in data encryption. As NSA director Keith Alexander testified before the U.S. Senate, “Strongly encrypted data are virtually unreadable.” That’s why the organization is trying to acquire private SSL keys. With such a key, the NSA could crack even the tightest encryption with ease.

According to Declan McCullagh of CNET, “The U.S. government has attempted to obtain the master encryption keys that Internet companies use to shield millions of users’ private Web communications from eavesdropping.” In the light of such revelations it becomes all the more important for cloud services to exclusively store encryption keys on user devices.

How PRISM Might Work

Image courtesy of mshcdn.com

One legislator fighting back against the rise on governmental snooping is Montana Republican Representative Daniel Zolnikov. His legislation, HB 603, is backed by the American Civil Liberties Union and reads “A government entity may not obtain the location information of an electronic device without a search warrant issued by a duly authorized court.” While this is a good first step, the legislation is limited to location information, and doesn’t apply to the actual content of data. Another step towards online privacy is the new stronger language in the Statewide Longitudinal Data System policy of Idaho’s Board of Education. According to the new stricter guidelines, “The privacy of all student level data that is collected by the SLDS will be protected. A list of all data fields (but not the data within the fields) collected by the SLDS will be publicly available. Only student identifiable data that is required by law will be shared with the federal government.” The board’s president Don Soltman, said, “The board recognizes it is essential to provide all the safeguards necessary to ensure that student data are handled with the greatest care, [the board is] committed to protecting the privacy of individual student data and will continue to closely monitor the collection and use of all data.”

PRISM’s Wide Reach

Image courtesy of cityweekly.net

Such measures are promising steps in the right direction, but don’t provide full protections for basic online privacy rights. Unfortunately, there still isn’t enough public outrage to fuel the wide-reaching legislation necessary to protect online privacy. According to a recent Pew Research survey, about 50% of respondents approve of governmental surveillance of citizen telephone and Internet use. Only 44% disapprove of such legal snooping, despite revelations of the NSA’s PRISM program. Instead of waiting for public outrage to grow or for legislation to enact a universal security standard, users should take privacy into their own hands through exclusively storing sensitive info to a secure cloud service.

Protecting Your Privacy in the Meantime

For most users, finding a truly protected third party cloud service can be a challenge as many “secure” services on the market have security gaps that leave data wide open to third party attacks, leaks, or hacking. One cloud storage and sync service that sets itself apart from the rest of the market is SpiderOak. This service provides colleges with fully private cloud storage and syncing, featuring all of the benefits of the cloud along with 100% data privacy. SpiderOak Blue is available with onsite deployment and private servers or outsourced deployment through a private and secured public cloud server, so that users and small businesses of all sorts and sizes can tailor the service to fit their needs.

SpiderOak protects sensitive user data with 256-bit AES encryption so that files and passwords stay private. Authorized accounts and network devices can store and sync sensitive data with complete privacy, because this cloud service has absolutely “zero-knowledge” of user passwords or data. And all plaintext encryption keys are exclusively stored on approved devices because SpiderOak never hosts any plaintext data. This way, even if programs like NSA’s PRISM continue to stand unchallenged, people can rest easy knowing that their data is truly protected. SpiderOak’s cross-platform private cloud services are available for users on Windows, Mac, and Linux platforms, along with Android and iOS mobile devices, allowing for full flexibility and mobile access.

Keeping the Scoop Safe in the Field: Protecting Journalism

Lately, the cloud has been a favorite buzzword for businesses, but journalists in the field can also use the cloud to keep sources safe while reporting with ease from the field. The cloud also is revolutionizing the business of journalism, as reporting moves from print to the screen. From staying one step ahead of the decline of beat reporting to securing leaks from NSA snooping, private cloud solutions offer journalists options for reporting live from the field and safely storing the latest stories.

Journalist Protections In the Cloud

Image courtesy of owni.fr

According to Lisa Williams, founder of Placeblogger, the cloud is largely responsible for journalism’s shift away from dedicated news models towards an on-demand model. Williams said, “I think sites like GlobalPost, Spot.us and many others I could name are the first inklings of ‘journalism in the cloud.’ Just as many tech outfits have figured out that it’s too expensive to have too many fixed assets, many news outlets are faced with the fact that they can’t support the same number of foreign correspondents or beat reporters. The fundamental experiment that these sites are running, each with their own protocol, is this: How can we make journalism happen where it’s needed, when it’s needed, and then redeploy elsewhere when things change?” Through the cloud, reporting is becoming more dynamic and democratic. While some might expect the cloud to displace reporters, Williams claims, “A reporter could stay in the same location. If it worked, though, it would mean they’d report on more different subjects. I think what’s dying are beats, because beats are expensive.”

Lisa Williams

Photo courtesy of vimeocdn.com

Instead of waiting around for beat reporting to gasp its last breath, reporters can jump to the cloud and protect their careers long before journalism makes the switch. One way journalists are already using the cloud is through SoundCloud. As a public cloud storage and sound sharing service, SoundCloud is traditionally used by music artists and producers to release new songs to fans. But journalists have increasingly flocked to the service as a way to quickly report interviews from the field. With just a smartphone and SoundCloud, anyone can be a field reporter, allowing news services to tap the unlimited potential of thousands of amateur journalists.

Another way that journalists are using the cloud is through private cloud storage and sync services. Such clouds provide strong data protections and user anonymity, allowing reporters to safeguard sources and stories. Using secured cloud storage is quickly becoming a standard for journalists that have become all too wary as of late of the threat of hacking. Last year, Wired reporter Mat Honan was a victim of hacking. Using basic techniques, hackers were able to retrieve Honan’s e-mail and home addresses. Using the information, the hackers duped both Amazon and Apple support into giving up Honan’s credit card number as well as iCloud and .Me accounts. As the .Me account was Honan’s backup for his Gmail, the hackers were then able to get into his Gmail account as well as Twitter accounts, through a simple password reset.

Mat Honan

Photo courtesy of arstechnica.com

According to Honan, “The thing about trusting the cloud is you shouldn’t trust it too much. They didn’t hack into my account in the traditional bad movie way where they are trying a million different passwords. They made a phone call to tech support and tech support gave them a temporary password.” The hacked reporter now cautions online users to backup sensitive information to secure clouds while taking extra precautions like two-factor authentication for email verification. In response to the hack, Apple offered an official statement, “Apple takes customer privacy seriously and requires multiple forms of verification before resetting an Apple ID password. In this particular case, the customer’s data was compromised by a person who had acquired personal information about the customer. In addition, we found that our own internal policies were not followed completely. We are reviewing all of our processes for resetting account passwords to ensure our customers’ data is protected.” In the case of Honan, both the reporter and the companies that he trusted share the blame for leaving his data vulnerable to hacking.

SpiderOak in the Field

To keep sensitive sources and stories private while ensuring reporter anonymity, journalists of all sorts should stick to the suggestions in the Journalist Security Guide. After this basic step, be sure to keep any secrets safe through a private third party cloud service. Most cloud services on the market have security gaps that leave sensitive information vulnerable to hacking. But with SpiderOak, journalists and reporters in the field can enjoy 100% data privacy and user anonymity.

As for just how SpiderOak protects sensitive data, the service offers two-factor password authentication and 256-bit AES encryption so that files and passwords stay private. Two-factor authentication is just like the process used by some banking services that require a PIN as an extra precaution along with a password. Through SpiderOak, users that select two-factor authentication must submit their private code through SMS as well as an individual encrypted password. Journalists can store and sync stories and sources with complete privacy, because this cloud service has absolutely “zero-knowledge” of user data and plaintext encryption keys are only stored on the user’s chosen devices. SpiderOak’s private cloud services are available on Windows, Mac, and Linux platforms, along with Android and iOS mobile devices, offering reporters flexible options.

Leaving a Place for Whistleblowers in the Private Cloud

The NSA PRISM scandal has sent a wave of caution and paranoia through both the public and private sectors. Journalists now must worry about being indicted for reporting on “sensitive information” and government whistleblowers now fear imprisonment for leaking illegal government activities. For whistleblowers in the private sector, protections are uncertain and the current governmental climate of aggression against leaks provides few incentives for revealing exploitative practices. But that doesn’t mean that the practice of whistleblowing is lost. Private cloud services hold a place for leakers of all sorts, protecting sensitive information and shielding whistleblower identities.

Sean McAllister

Photo courtesy of closeupfilmcentre.com

One journalist that could have protected himself and his sources through the private cloud is Sean McAllister. While interviewing a Syrian dissident going by the pseudonym “Kardokh”, in Damascus, McAllister jeopardized the dissident’s security through the careless lack of data protections. While Kardokh and his fellow dissidents encrypted their communications, they “started to feel that Sean was careless. He was using his mobile and SMS, without any protections.” A few months later, McAllister was arrested and held for five days. Once returned to the UK, the journalist said, “I didn’t realize exactly what they were risking until I went into that experience.” Although no rebels were directly imprisoned as a result of McAllister’s actions, simple precautionary measures could have avoided the entire situation. Iinstead of risking their lives and the lives of their sources, journalists can remain anonymous through exclusively storing sensitive data and sources in a private cloud that secures user anonymity. According to Frank Smyth, senior advisor for journalist security at the Committee to Protect Journalists, “I think that the journalism community in the US, and to some degree elsewhere, is just beginning to grasp the fact that they need to protect their information and, by extension, their sources. It’s just too easy to get in and lift their information or monitor their communications without them ever knowing they were compromised.”

Syrian Dissidents Protecting Online Identities

Photo courtesy of hotforsecurity.com

Journalists, whistleblowers, and dissidents in conflict zones have a place in all democratic societies that value transparency. In an op-ed for USA Today, blogger and University of Tennessee Professor of Law, Glenn Reynolds, Said, “What does matter is that the Snowden affair occurs in the context of an unprecedented administration war on whistleblowers. And that’s a bad idea because whistleblowing is one of the things that maintains the legitimacy of a government as big, and otherwise unaccountable, as ours. The freer people are to blow the whistle on wrongdoing, the more we can assume that when no whistle is blown, things aren’t so bad. The more the government cracks down on whistleblowers, the more likely it is that they’ve got something to hide.” Whistleblowing preserves freedom around the planet, and is thus an act that should be protected as stated by the Declaration of the Nuremberg War Crimes Tribunal. Part of the Declaration reads, “Individuals have international duties which transcend the national obligations of obedience. Therefore individual citizens have the duty to violate domestic laws to prevent crimes against peace and humanity from occurring.”

Julian Assange

Photo courtesy of infowars.com

As the United States government continues to defend programs like PRISM while attacking whistleblowers, journalists have turned to technology to safeguard sources and secrets. The notorious whistleblower Julian Assange criticized the Obama administration’s aggression and lack of transparency, claiming, “In the Obama administration’s attempt to crush these young whistleblowers with espionage charges, the US government is taking on a generation, a young generation of people who find the mass violation of the rights of privacy and open process unacceptable. In taking on the generation, the Obama administration can only lose.” Such sentiments are echoed in a statement put out by Edward Snowden while hiding in Hong Kong. The controversial whistleblower said, “[Other whistleblowers] are all examples of how overly-harsh responses to public-interest whistleblowing only escalate the scale, scope, and skill involved in future disclosures. Citizens with a conscience are not going to ignore wrongdoing simply because they’ll be destroyed for it: the conscience forbids it. Instead, these draconian responses simply build better whistleblowers.”

Even former CIA agent and whistleblower, John Kiriakou, voiced his support for Snowden from prison, “Thank you for your revelations of government wrongdoing over the past week.  You have done the country a great public service. I know that it feels like the weight of the world is on your shoulders right now, but as Americans begin to realize that we are devolving into a police state, with the loss of civil liberties that entails, they will see your actions for what they are: heroic.” Time will tell whether or not history deems Snowden a criminal or hero, but in the face of governmental crackdowns on whistleblowers, one of the only hopes for transparency is through third party cloud services.

Whistleblowers in the Private Cloud

In order keep sensitive secrets private while protecting sources, whistleblowers and journalists should stick to the Journalist Security Guide. After following basic security protocols, store any sensitive information and contact lists exclusively through a private third party cloud service. Most cloud services on the market have security gaps that leave sensitive information vulnerable to snooping, hacking, or even subpoenas. But through SpiderOak, journalists and whistleblowers can rest easy with 100% user anonymity.

As for just how SpiderOak protects sensitive data, the service offers two-factor password authentication and 256-bit AES encryption so that files and passwords stay private. Leakers can store and sync sensitive information with complete privacy, because this cloud service has absolutely “zero-knowledge” of user data. And plaintext encryption keys are only stored on the user’s chosen devices. SpiderOak’s private cloud services are available on Windows, Mac, and Linux platforms, along with Android and iOS mobile devices.

Straight “A” Hackers: Keeping School Records Safe

Hackers have set their sights on universities and school records. With a single security breach, hackers have been able to access sensitive school records, alter grades, and severely damage the brands of cherished academic institutions. But schools and universities can proactively protect their students and reputations from hacking through securing student data with a private cloud storage and sync service.

Discarded school records

Photo courtesy of Berkelyside.com

Recently, three former Purdue University students were charged with 58 felonies and misdemeanors for allegedly running a grade hacking scheme. The hackers allegedly changed incomplete marks and failing grades to high marks including A’s and B’s. According to the prosecution, the suspects broke into the offices of professors and switched out their keyboards with ones that had key-logging devices installed. With the key-logging devices in place, the students were able to discern the passwords for each professor’s computer, ultimately granting access into grade programs. While grade inflation has been a topic of concern in higher education, the threat of grade hacking undermines the entire educational process.

Roy Sun and Sujay Sharma

Photo courtesy of fox59.com

Hacking even disrupts extracurricular activities and impacts prestigious institutions without prejudice. The most recent elections for president of the Oxford University Union have been a source of much controversy, especially with allegations of hacking. The Oxford University Union was forced to step down amidst a scandal involving his attempted hacking attempts, showing that students will not tolerate hacking in their institutions, even in the case of student election. Other universities that have been the victim of hacking include Chinese institutions like Fudan University, Shanghai University of Engineering Science, and the Shanghai Jiao Tong University. With a simple SQL injection, hackers have attacked Chinese college website about 113 times a day on average.

Edward Snowden

Photo courtesy of abcnews.com

Controversial whistleblower Edward Snowden has claimed, along with the notorious revelation of the NSA’s PRISM program, that the U.S. has routinely attacked a Hong Kong university, whose systems help route all of Hong Kong’s web traffic. According to Snowden, the National Security Agency currently has over 60,000 active hacking targets all around the world, many of which include schools and universities. Instead of holding up student data as collateral damage in the international cyber wars, universities can guard student records against attacks of all sorts by trusting sensitive data to a private cloud service that offers good encryption as well as user anonymity.

Universities around the world have turned to the cloud for savings on servers, server space, large IT staff, and maintenance fees. The scalability of the cloud makes it an obvious option for institutions with fluctuating class sizes and data needs. Recently, the University of the Philippines kicked of its first wave of cloud adoption, with promises of moving even further to the cloud in the future. Through the Google Apps for Education program, email and collaborative applications have moved to the cloud, offering UP students greater storage capacity, reliable servers, and mobile collaboration. UP Assistant Vice President for Development Jaime Caro said, “the rollout of these Google Apps for Education services is just one of the many things underway from the eUP project. In time, these accounts will be synced with the user credentials needed to access the information systems that will be deployed in phases to the campuses. Once completely rolled out to all campuses, this is expected to benefit more than 70,000 members of the UP community (students, faculty, staff): with Google Apps for Education, they will be able to boost their online productivity with 30 GB inbox space, greater file sharing capacity, and a supportive environment for online collaboration.” Elvira Zamora, UP Vice President for Development, further highlighted the benefits of the switch, “The best part is that these tools support and encourage sharing and group work online, much like physically working together in class or in the office. Through these applications, UP students, faculty, staff, and even us administrators will have greater opportunities for collaboration despite geographic constraints.” In a digital age in which more and more of traditional education is taking place online, such flexibility is essential to the survival of higher education institutions. But unless schools choose private cloud services that protect both data and identity, hackers could seize sensitive student information that could undermine the potential of both the student and the university.

SpiderOak Blue

For schools looking to the cloud, SpiderOak Blue offers fully private “public” and onsite server options for full flexibility. Choosing the right third party cloud service can be a challenge as many services on the market have security gaps that leave private student and school data vulnerable to third party attacks. But SpiderOak sets itself apart from the rest of the market by providing a fully private cloud service featuring all of the benefits of cloud storage along with 100% data anonymity.

SpiderOak protects sensitive enterprise data through 256-bit AES encryption so that files and passwords stay private. Authorized accounts can store and sync sensitive data with complete privacy, because this cloud service has absolutely “zero-knowledge” of user passwords or data. And all plaintext encryption keys are exclusively stored on approved devices, as SpiderOak never hosts plaintext data of any kind. SpiderOak Blue’s private cloud services are available for schools and universities on Windows, Mac, and Linux platforms, along with Android and iOS mobile devices, making this one of the only flexible cross-platform solutions on the market.

Staying One Step Ahead of the Shifting Market

Cloud infrastructure has become the new standard for SMEs wanting to use technology to stay ahead of the competition. Unfortunately, the lack of a standard set of cloud security regulations has led to many SMEs missing out on the benefits of the cloud out of privacy concerns. While many smaller enterprises are kept from the cloud due to fears of data loss or a security breach, once they make the switch, most find that their data is even more secure and private than when all data was hosted onsite.

Cloud Infrastructure

Image courtesy of amadeusconsulting.com

A recent Comscore survey of 211 small to medium-sized U.S., German, U.K., and French companies, found that before cloud adoption, 60% of respondents viewed the cloud as insecure, 42% were concerned about reliability, and 45% believed that cloud adoption would result in loss of privacy control. After having made the switch to the cloud, 94% claimed they now enjoyed a greater level of security than previously held onsite. 75% of respondents said that their company experienced improved service reliability, 61% claimed that the length and frequency of downtimes decreased after the adoption, and 62% found that privacy levels increased with their cloud service. According to Trustworthy Computing General Manager, Adrienne Hall, “There’s a big gap between perception and reality when it comes to the cloud. SMBs that have adopted cloud services found security, privacy and reliability advantages to an extent they didn’t expect. The real silver lining in cloud computing is that it enables companies not only to invest more time and money into growing their business, but to better secure their data and to do so with greater degrees of service reliability as well.”

The Cloud Infrastructure Market

Image courtesy of sentilla.com

The current approach leaves consumer data in a virtual wild west, in which enterprises and consumers much proactively seek out secure cloud solutions that can provide consumer data protections and user privacy. A recent paper in the Washington and Lee Law Review proposes the establishment of legal frameworks that could tackle the absence of cloud security standards by requiring companies to adhere to strict privacy regulations, while offering consumers greater control over their sensitive data. According to co-author Jay Kesan, the H. Ross & Helen Workman Research Scholar in the College of Law, “Our goal with this piece is to raise awareness of the privacy of online information, which is something that people seem to care about a lot more once they actually know what companies are doing with their personal information and data. If you think it’s a fair trade to receive an email service in exchange for letting a company track what Web pages you visit and show you relevant advertisements, by all means, you should continue to do so. But there are always security risks involved when information is stored, electronically or not. Users must weigh the advantages and disadvantages of the available options.”

How Cloud Infrastructure Works

Image esds.co.in

The situation has propelled many consumers and lawmakers to action. In Australia, lawmakers are addressing the issue by considering national cloud security regulations. With 71% of Australians using a cloud service, the Australian Communications and Media Authority cites privacy and security concerns as its chief concern in considering the implementation of consumer data protections and cloud regulations. But regulations do have a downside in stalled growth and many consumers are just as wary of the government as they are of the cloud service providers, especially in the wake of the NSA PRISM scandal. A safer, cheaper, and easier alternative than rolling out national or global cloud regulations is through exclusively using a private cloud service to store and sync any sensitive data.

Protecting Data in the Meantime with SpiderOak

When selecting a secure service, there are several factors to keep in mind. For one, server location matters. Do you want to the convenience of public cloud deployment, with servers located offsite, or would you trade convenience for more ownership of your data security by keeping cloud services close at hand with an onsite server? Another thing to consider is that many services on the market have security gaps that leave private data vulnerable to third party attacks, malware, and legal snooping.

For enterprises looking for a truly private cloud, SpiderOak Blue offers fully private “public” and onsite server deployment options for full flexibility. SpiderOak sets itself apart from the rest of the market by providing a private cloud service featuring all of the benefits of cloud storage along with 100% data anonymity.

SpiderOak protects sensitive enterprise data through 256-bit AES encryption so that sensitive files and passwords stay private. Authorized accounts can store and sync sensitive data with complete privacy, because this cloud service has absolutely “zero-knowledge” of user passwords or data. And all plaintext encryption keys are exclusively stored on approved devices, as SpiderOak never hosts plaintext data. SpiderOak Blue’s private cloud services are available for enterprises on Windows, Mac, and Linux platforms, along with Android and iOS mobile devices, making this one of the only cross-platform solutions on the market.

Is Your Government A Source of Malware?

Many enterprises are already familiar with malware. IT teams regularly provide maintenance on devices and best practices for avoiding contracting malware on a corporate network. But according to recent news, malware isn’t just coming from hackers these days, but from big governments around the world. Protect your sensitive company and consumer data from government backed malware and legal snoops by shielding information in a private cloud service that provides user anonymity.

Government Malware

Photo courtesy of cnmeonline.com

According to a recent Reuters special report, the United States government has become the largest single buyer of malware in the world, sparking a wave of protest and concern from both consumers and enterprises. The securities industry has voiced concerns over the government’s refusal to register purchased vulnerabilities, which would help enterprises and consumers to fight against malware developments. Instead, the government has used such exploits to develop spy technologies and cyber weapons to wage an ongoing cyber war against foreign networks. However, according to former White House cyber security advisor Richard Clarke, this aggressive cyber defense strategy has left American consumers and enterprises vulnerable to hacking and security breaches from their own government. Clarke said, “If the U.S. government knows of a vulnerability that can be exploited, under normal circumstances, its first obligation is to tell U.S. users.” And a recent New York Times report revealed that the Obama administration has established the right to stage a pre-emptive cyber attack against any perceived threat under the guise of defense.

Malware Infections

Image courtesy of Microsoft.com

Such developments have whittled away at consumer confidence in the possibility of a more private Internet. And the justified paranoia doesn’t just stop at the NSA’s notorious PRISM program, with reports that such data mining isn’t limited to those nine major technology firms, with thousands of finance, technology, and manufacturing companies willingly handing data over to the U.S. government on a routine basis in return for benefits like access to classified data. According to Bloomberg’s Michael Riley, such companies and firms have ongoing agreements with agencies like the NSA, FBI, and CIA to provide data the could potentially bolster national security while helping develop offensive strategies against suspected enemies of the U.S. Even programs that purportedly only cover infrastructure can undermine privacy as shown in the NSA program called Einstein 3. Originally developed to protect government devices against hackers, Einstein 3 monitors billions of emails between government computers to check for malware.

But the threat of malware doesn’t just come from the U.S. government as malware has been traced to governmental sources all around the world. One example is found in the discovery by Trend Micro researchers of Brazilian government websites that have served malware variants to site visitors under the guise of Flash Player and Adobe updates. The malware drops an executable and Java file disguised as a generic .GIF file. Once the malware alters the system’s security settings, it begins downloading additional files including a .JAR file that establishes a new administrator account. This account enables multiple remote desktop sessions, giving hackers remote access over the computer.

Malware Around the World

Image courtesy of securelist.com

Another instance of government-backed malware is the dangerous NetTraveler, which has infiltrated the systems of more than 300 victims in forty countries. Targets included government agencies and private organizations involved in sectors like communications, nanotechnology, and nuclear power. According to Kaspersky, NetTraveler dates back to 2004 and is likely traced to China as a cyber-spying tool. Many targets are Uigher and Tibetan activists and according to a Kaspersky spokesperson, “Based on collected intelligence, we estimate the group size to about 50 individuals, most of which speak Chinese natively and have working knowledge of the English language,” said a spokesperson for Kaspersky. The Kaspersky spokesperson also said, “NetTraveler is designed to steal sensitive data as well as log keystrokes, and retrieve file system listings and various Office or PDF documents.” NetTraveler infiltrates victims through spear-phishing emails with Microsoft Office attachments. The malicious attachments targeted the CVE-2010-3333 and CVE-2012-0158 vulnerabilities that have since been patched by Microsoft.

Shielding Private Data with SpiderOak

A great way to shield sensitive consumer and corporate data from any snooping eyes is through storing and syncing with a private cloud service provider. For enterprises looking for a truly private cloud, SpiderOak Blue offers fully private “public” and onsite server deployment options for full flexibility. Choosing the right third party cloud service can be a challenge as many services on the market have security gaps that leave private data vulnerable to third party attacks, malware, and legal snooping. But SpiderOak sets itself apart from the rest of the market by providing a fully private cloud service featuring all of the benefits of cloud storage along with 100% data anonymity.

SpiderOak protects sensitive enterprise data through 256-bit AES encryption so that sensitive files and passwords stay private. Authorized accounts can store and sync sensitive data with complete privacy, because this cloud service has absolutely “zero-knowledge” of user passwords or data. And all plaintext encryption keys are exclusively stored on approved devices, as SpiderOak never hosts plaintext data. SpiderOak Blue’s private cloud services are available for enterprises on Windows, Mac, and Linux platforms, along with Android and iOS mobile devices, making this one of the only cross-platform solutions on the market.

Crunching Big Numbers in the Cloud

Big data has transformed everything from manufacturing to the service sectors. But as companies rely more and more on big data, secure storage has become vitally important. Don’t let your enterprise’s sensitive data fall victim to hacking or exfiltration! With a truly private third party cloud service, enterprises of all sorts and sizes can take full advantage of the cloud without having to worry about outsourcing security or losing control of their most important data.

Cloud Computing & Big Data

Image courtesy of wikibon.com

The cloud offers enterprises more flexibility and greater cost savings through reduced need for large IT staff and functions. And the cloud also gives businesses the choice over whether or not to host data onsite through expensive servers, or offsite through a secure cloud storage service. This trend continues to grow as enterprises opt for flexibility, cost savings, and easy scalability. According to Gartner, traditional OEMs on the server market have seen shares decline by 5 percent in the first quarter of 2013. With the rise of mobile technology around the world, IDC predicts a 44-fold growth in data from 2009 through 2020. And according to the Canadian bank, CIBC, information-generation growth is expected to increase by 50 times in the next ten years. CEO of Mixpanel, Suhail Doshi says, “Data is the next design. Products that don’t consider data will founder.” Big data allows enterprises to store and analyze relevant company and consumer information in terms of velocity, volume, and variety.

Growth of Cloud-Based Big Data

Image courtesy of infochimps.com

All around the world, established enterprises and global startups have leveraged big data and the cloud to compete in a rapidly shifting international market. In India, IT investments by EMC started with a meager $100 million in 2000, which is expected to grow to around $2 billion by 2014, making it the biggest Indian investment in data, IT, and the cloud by a multinational company. According to EMC President, Asia Pacific and Japan, David Webster, “ During 2010 to 2020, digital information in India will grow from 40,000 petabytes to 2.3 million petabytes (a measure of memory or storage capacity. One petabyte is enough to store the DNA of a large country and then clone them twice).” And such growth is only expected to continue, as Webster says, “ Companies will have responsibility for the storage, protection and management of 80 per cent of the Digital Universe’s data, and this liability will only increase as social networking and Web 2.0 technologies continue to impact the enterprise.” As it stands, half of Indian digital data goes missing due to lack of storage and the number is predicted to expand to 80 percent in the next ten years. The big data market in India is expected to jump from $80 million in 2013 to over $153 million in 2014. And the cloud computing market is growing right alongside big data. A recent EMC Zinnov study predicts cloud market growth to around $4.5 billion by 2015, with private cloud services accounting for $3.5 billion of the market share.

Collecting Consumer Data

Image courtesy of cloudtweaks.com

Essentially, big data and the cloud offer enterprises the chance to develop customer intimacy. This focus on the relationship with the customer moves beyond transactional models to a long-term model based on understanding both the spoken and latent needs of customers. Through analyzing and securing customer data, enterprises can fill gaps in service, stay ahead of market trends, and anticipate consumer demand. And most important of all, such an approach builds brand value and long-term customer trust, which are vital for enterprises wanting to build and expand through this period of economic uncertainty and rapid technological growth.

SpiderOak Blue for Enterprises

But finding a truly protected third party cloud service can be a challenge as many “secure” services on the market have security gaps that leave private company and consumer data vulnerable to third party attacks and even internal exploitation. One cloud storage and sync service that sets itself apart from the rest of the market is SpiderOak Blue. This service provides enterprises with fully private cloud storage and sync, featuring all of the benefits of the cloud along with 100% data privacy. SpiderOak Blue is available with onsite deployment and private servers or outsourced deployment through a private and secured public cloud server.

SpiderOak protects sensitive enterprise data through two-factor password authentication and 256-bit AES encryption so that files and passwords stay private. Two-factor authentication is just like the process used by some financial services that require a PIN as an extra precaution along with a password in order to log in. With SpiderOak, enterprises that choose to use two-factor authentication must submit a private code through text along with their unique encrypted password. Authorized accounts can store and sync sensitive data with complete privacy, because this cloud service has absolutely “zero-knowledge” of user passwords or data. And all plaintext encryption keys are exclusively stored on approved devices (SpiderOak never hosts any plaintext data). SpiderOak Blue’s private cloud services are available for enterprises on Windows, Mac, and Linux platforms, along with Android and iOS mobile devices, making this a uniquely cross-platform cloud solution.

The Cloud & Global Development

Globalization has ushered in a period of shifting dynamics in which new power players are sure to come to the forefront as leaders of the world market. One of the key technologies being utilized by developing nations and global industries is cloud storage and sync. Through the cloud, developing nations and workforces are empowered to leverage technology in their favor, allowing them to not only rapidly develop new products and services, but to market them as global competitors in the digital marketplace.

Cloud development

Image courtesy of CloudAve.com

According to a study performed by Cisco, worldwide cloud computing traffic is expected to jump twelve-fold from 2010 numbers by the year 2015. Much of this growth if pushed by tech hubs like London, New York City, and the Silicon Valley, but the developing world has also been driving monumental cloud adoption around the planet. Cloud computing has granted developing global businesses a flexible, fast, and convenient solution to international competition. In countries where infrastructure is lacking and even electrical grids are unreliable, battery-powered smartphones and third party cloud service providers give developers and enterprises the security and stability they need to thrive.

One of the positives of being an enterprise in a developing nation is that there isn’t a burden of old infrastructures that must be replaced, giving the impression of lost investment doubled by the impact of conversion costs. Instead, developers and enterprises can start off on the cloud using mobile devices. As Chris Haydon, Vice President of Solutions Management for Ariba, says, “Africa has joined the networked economy…it is almost like in some parts of the economy, they are bypassing the PC and going to the device – whether it be a smartphone or tablet. We see that type of uptake, there is a huge demand in being able to get transactions, notifications or alerts via mobile devices to acquire access (to that information). Africa is also predisposed to cloud solutions as well.”

In a study titled, “Unlocking the Benefits of Cloud Computing For Emerging Economies”, Peter Cowhey and Michael Kleeman of UC San Diego assert, “cloud computing can greatly strengthen small and medium enterprises (SMEs), thereby stimulating job creation…One study in Mexico showed typical reductions in total fixed cost of about 3% in a 45 person firm that switches to cloud computing…Lowering costs stimulates growth and jobs, perhaps to the tune of 190,000 new jobs in Mexican SMEs if they adopted cloud computing.”

Cheki

Image courtesy of 1mobile.com

The same holds true for developing enterprises in Africa. The African used car classifieds service, Cheki, has a market that encompasses Ethiopia, Rwanda, Malawi, Kenya, and Nigeria. The site serves a million users and has over a billion visits every month. According to Michael Kleeman, “most dramatic thing in terms of scale is the widespread use of cloud-based services like Google… Two-thirds of the people I work with across Africa use Gmail. Ten years ago they’d have to have in-house email services, and software like Microsoft Office…Now, all of those applications are there with a decent Internet connection.”

In fact, emerging economies like Argentina, Thailand, and Peru already use the cloud more so that more mature economies like Germany, the United States, and France. In a recent BSA study, 33% of global cloud users utilize the cloud for business and 88% use the cloud for personal purposes like emails. And governments from the United States to Australia have committed to making the switch of data storage to the cloud. Ultimately, enterprises of all sizes and developmental stages utilize the cloud for three main reasons. The first is the massive cost savings the cloud enables through cutting the need for big IT staff and onsite servers. The second main reason for switching to the cloud is flexibility through scalability and worker mobility. Finally, the cloud attracts enterprises through the ability to globalize development. Through the cloud, developing enterprises can tap the resources of workers from all around the world regardless of infrastructure.

Cloud adoption

Image courtesy of coresolution.com

Security through a Private Cloud Solution

Whether developing or firmly established, enterprises looking to adopt the cloud must make data security a priority. But choosing truly secure third party cloud service can be a challenge as many services on the market have security gaps that leave private data vulnerable to third party attacks. One service that sets itself apart is SpiderOak Blue. This service provides enterprises with a fully private cloud service featuring all of the benefits of cloud storage along with 100% data privacy.

SpiderOak protects sensitive enterprise data 256-bit AES encryption so that files and passwords stay private. Authorized accounts can store and sync sensitive data with complete privacy, because this cloud service has absolutely “zero-knowledge” of user passwords or data. And all plaintext encryption keys are exclusively stored on approved devices (SpiderOak never hosts plaintext data). SpiderOak Blue’s private cloud services are available for enterprises on Windows, Mac, and Linux platforms, along with Android and iOS mobile devices, making this cross-platform solution perfect for both developing and established enterprises.

Finding the Right Server Solution for Your Enterprise

Enterprises looking to leverage technology to help stay ahead of the game have turned to secure cloud solutions for both convenience and cost savings. Cloud services can offer public hosting or private servers, depending on the particular needs of an enterprise, but each method of cloud deployment has its benefits and drawbacks. To fully capitalize on the cloud, enterprises must decide which method of hosting makes the most sense for their needs and budget.

Server solutions

Photo courtesy of CloudAve.com

Essentially, public hosting is like sharing an apartment complex with many residents. With public shared hosting, all accounts utilize the same resources like disk space, CPU time, and memory, and any available resources are shared. Public storage servers are very cost effective and diminish the need for a large IT staff. Maintenance and monitoring are handled by third party cloud service providers, which usually provide tech support as well. And enterprises can save even more money by not having to purchase, maintain, and upgrade servers onsite. Such on premise solutions require special attention, security, and expertise that many enterprises would rather outsource. And servers generally take up quite a bit of much needed office space.

Deployment Plans

Image courtesy of BlackIronData.com

But public servers have their downsides as well. Recently, a massive storm took out servers resulting in downed sites for major companies like Netflix, Instagram, and Pinterest. While unpredictable weather can strike onsite servers as well, this example just illustrates the fact that outsourced servers means a degree of outsourced security. One way enterprises can protect themselves while using a public server is by enacting better practices like requiring server administrators to login exclusively onsite. If logging in locally is impractical, procedures should be established that limit access to approved IPs and accounts, and security tokens should be used whenever practical. And of course, tunneling and encryption should be standard security protocols.

Enterprises must decide for themselves whether they would have more convenience and cost savings or more control. As Kelly Clay at Forbes writes, “It’s easy to blame AWS and public cloud services in general for the downtime we occasionally see, but even traditional infrastructures fail. Maybe instead it’s time to think differently about the interconnected nature of the services we rely on. Everything is intertwined.” This intertwining means that enterprises can’t skirt cost and security, and must choose between less costs and more convenience through public servers or more control through an onsite server.

For enterprises looking to retain full control of their data by keeping servers in house, dedicated or onsite hosting is the solution. Such servers don’t share space or resources with anyone else and give enterprises root access to their environments. This way, IT teams don’t have to rely on third party tech support for upgrades and internal tweaks. While onsite servers take up much more space and require dedicated staff for maintenance, upgrade, and security, they also grant enterprises greater flexibility. Many third party cloud services do not support multiple platforms, so enterprises that want to switch platforms or even build their own environments through Linux, might be stuck with one particular platform until the third party service adds cross-platform functionality. Having a private server onsite helps to sidestep these potential issues.

Onsite or public servers?

Image courtesy of tps.unh.edu

As with any deployment option, data security is of primary importance. Data drives most enterprises, so a single security breach could potentially ruin an entire brand. Trusting a third party cloud to secure your data should only be done if the cloud is fully private, otherwise the cloud service’s employees could have access to your enterprise’s valuable data. This is where having an onsite server can bring peace of mind, especially if your third party cloud server doesn’t provide “zero-knowledge” data privacy. Such onsite private servers put security ownership and control back into the hands of IT staff. Ultimately, enterprises must take full ownership of their data security, deciding which method of cloud deployment makes the most sense for their needs and concerns.

SpiderOak Blue

For enterprises looking to the cloud, SpiderOak Blue offers fully private “public” and onsite server options for full flexibility. Choosing the right third party cloud service can be a challenge as many services on the market have security gaps that leave private data vulnerable to third party attacks. But SpiderOak sets itself apart from the rest of the market by providing a fully private cloud service featuring all of the benefits of cloud storage along with 100% data anonymity.

SpiderOak protects sensitive enterprise data through 256-bit AES encryption so that files and passwords stay private. Authorized accounts can store and sync sensitive data with complete privacy, because this cloud service has absolutely “zero-knowledge” of user passwords or data. And all plaintext encryption keys are exclusively stored on approved devices (SpiderOak never hosts plaintext data). SpiderOak Blue’s private cloud services are available for enterprises on Windows, Mac, and Linux platforms, along with Android and iOS mobile devices, making this one of the only flexible cross-platform solutions on the market.