Tag Archives: privacy

Protect Yourself From Hackers & PRISM In 3 Steps

Enterprises that already use the cloud have leveraged the technology to streamline massive amounts of data, increase productivity, and edge out the competition. But even with the cost-savings and convenience that comes with the cloud, lack of cloud standards and regulations have resulted in a market with an abundance of glaring security gaps. A single breach of security could stall production and result in intellectual property theft. But threats to cloud security can also come from within an organization in the form of internal data mining and leaks. Companies that want to fully capitalize on the cloud without sacrificing data security should rely on three important steps: good SLA (Service-Level Agreement), strong ERP (Enterprise Resource Planning), and private data storage and sync.

Cloud Security Measures

Image courtesy of cloudcomputingtopics.com

When seeking out a good SLA, remember that data security is ultimately your responsibility. Unfortunately that’s not how many enterprises see it, and many SMEs and Fortune 1000s sign bad SLAs that don’t offer protections for their hosted information. A recent NetIQ and IDG survey of IT security decision makers found that 69% of respondents “in organizations around the world believe consumer cloud services post a huge risk to sensitive data.” Primary concerns revolved around the lack of transparency in data security measures and current laws offer little protections for cloud adopters. Under Australia’s new data breach notification law, cloud adopters, and not cloud providers, are ultimately held accountable of the only guardians of their data. In the case of a data breach, an enterprise would be liable for any loss instead of the cloud service provider they employed.

Cloud Security Concerns

Image courtesy of internetevolution.com

All of this goes to show how important it is to be absolutely clear about how a potential service provider would protect your data. As it stands, most enterprises realize that they must proactively safeguard their data as shown by a report by the Ponemon Institute and commissioned by Thales e-Security. The survey of more than 4,000 cloud enterprises found that over half already stored sensitive data in the cloud. According to the survey, only a third of respondent believed that their cloud provider should be held responsible for protecting stored data and only 12% felt that users should be primarily responsible. The truth is that both are equally important. Secure begins onsite with strong enterprise resource management before sending off data to be cloud-sourced. When choosing a provider, read over any SLA contracts closely and negotiate any issues of concern before you sign. If a cloud service provider isn’t willing to negotiate or meet your needs, consider another provider that can offer greater levels of data security.

Private vs. Public Clouds

Image courtesy of resource.onlinetech.com

Enterprise resource planning helps keep data secured onsite from data mining and leaks before sending it off to be stored on the cloud. Strong ERP measures can keep everyone accountable for secure access, syncing, and storage. One of the most important things to establish is access control, this means determining which personnel and departments have access to different levels of secure data. Account management also helps enforce access control, once it has been determined. The common practice of simply giving out administrative access for simplicity’s sake has proven disastrous for many enterprises. All it takes is one disgruntled employee or one act of ignorance to spill a company’s secrets. Such leaks can wreak irrevocable damage on an enterprise’s reputation and can be avoided with strategic ERP.

The next step in establishing strong security is exclusively storing and syncing sensitive data with a cloud service provider that offers strong encryption, data privacy, and user anonymity. Whatever deployment model enterprises select, cloud providers should have zero-knowledge of company data. Through such privacy and data anonymity, enterprises can stay protected from all sides. Before settling on a provider, learn about their security measures and what steps they would take in the case of a breach.

Secure Storage With SpiderOak Blue

For many enterprises, finding a truly protected third party cloud service can be a challenge as many “secure” services on the market have security gaps that leave private corporate and consumer data wide open to third party attacks and even governmental spying, in the light of the ongoing NSA PRISM scandal. One cloud storage and sync service that sets itself apart from the rest of the market is SpiderOak Blue. This service provides enterprises with fully private cloud storage and sync, featuring all of the benefits of the cloud along with 100% data privacy. SpiderOak Blue is available with onsite deployment and private servers or outsourced deployment through a private and secured public cloud server.

SpiderOak protects sensitive enterprise data with 256-bit AES encryption so that files and passwords stay private. Authorized accounts and network devices can store and sync sensitive data with complete privacy, because this cloud service has absolutely “zero-knowledge” of user passwords or data. And all plaintext encryption keys are exclusively stored on approved devices because SpiderOak never hosts any plaintext data. This way, even if programs like NSA’s PRISM continue to stand unchallenged, consumers can rest easy knowing that their data is truly protected and brands can gain diehard customer loyalty by publicly securing consumer information. SpiderOak Blue’s cross-platform private cloud services are available for enterprises on Windows, Mac, and Linux platforms, along with Android and iOS mobile devices, allowing for full flexibility and enabling a mobile workforce.

The US Cloud Could Be Destroyed By Prism!

By now just about everyone that uses the internet knows about Edward Snowden and the leaks on the NSA’s controversial PRISM citizen surveillance program. According to Snowden’s leaks, the PRISM program is the National Security Agency’s ongoing collection of citizen data from U.S. tech companies for alleged counter-terrorism intelligence. News of the program has made international headlines for weeks and U.S. cloud companies and associated technology businesses fear a severe drop in international business due to security concerns. But with a private cloud service that encrypts data, doesn’t host encryption keys, and never stores plaintext, American companies, citizens, and international consumers can all still take advantage of U.S. technological innovations.

PRISM’s Cost to the U.S. Cloud

Image courtesy of computerweekly.com

A survey of European companies conducted by the Information technology and Innovation Foundation, shows a surge of distrust in American cloud companies. According to the survey’s author, Daniel Castro, U.S. cloud companies could lose up to 20% of the market share to international rivals. Of the survey’s respondents 56% would be unlikely to contract a U.S. cloud service in the future while 10% had already cancelled projects with U.S. cloud providers out of NSA concerns. Inside the U.S., 36% of respondents claimed that news of the program has “made it more difficult” to conduct international business. The fallout is projected to cost American tech companies up to $35 billion in lost international contracts in the next three years.

How PRISM Works

Image courtesy of engtechmag.wordpress.com

Overseas, competitors are relishing the scandal, which has shown to be incredibly profitable for them. Simon Wardley, an executive at the British think-tank the Leading Edge Forum, wrote on his blog, “Do I like Prism … yes, and god bless America and the NSA for handing this golden opportunity to us… Do I think we should be prepared to go the whole hog, ban US services and create a €100bn investment fund for small tech startups in Europe to boost the market … oh yes, without hesitation.” And according to chairman of the ANS Group, Scott Fletcher, “People in the UK have been reticent for a while about putting data into the US because of the Patriot Act, which means the government there can pretty much get access to everything. Prism has put into peoples’ minds that there might be co-operation in the UK with that. People talk to us and want their own private cloud service, because they know we don’t have that sort of relationship with the government. They want all the services to be based in the UK, rather than using Google or Amazon Web Services.” Despite the common presence of governmental monitoring around the globe, such companies are capitalizing as best as they can on the recent scandal, even though many clouds in the UK and Europe are less secure than some of their American counterparts.

Security Concerns and the U.S. Cloud

Image courtesy of telco2.net

One way to try to address the scandal is through instituting a cloud security certification program for all cloud service providers. This is project is currently underway through the united efforts of the Cloud Security Alliance and the British Standards Institute. Through expanding the CSA’s STAR program this fall the organizations seek to set an international standard for data security. CSA’s executive director, Jim Reavis, explained the project further, “The CSA programmer is self-certified, while the BSI will have assessors who will scrutinize vendors’ practices once a year and issue a certificate.” But even if such standards and certifications are put in place, getting companies to adopt them will be a challenge. Rather than waiting around for potential certification programs to gain popularity, enterprises should rely on storing data to cloud providers that offer strong data encryption and user anonymity. That way, even in the case of cracking by the NSA, all they would be able to see is unreadable blocks of encrypted data, thus guaranteeing true privacy in an age of online insecurity.

Protection from PRISM

For many enterprises, finding a truly protected third party cloud service can be a challenge as many “secure” services on the market have security gaps that leave private corporate and consumer data wide open to third party attacks and even governmental spying, in the light of the ongoing NSA PRISM scandal. One cloud storage and sync service that sets itself apart from the rest of the market is SpiderOak Blue. This service provides enterprises with fully private cloud storage and sync, featuring all of the benefits of the cloud along with 100% data privacy. SpiderOak Blue is available with onsite deployment and private servers or outsourced deployment through a private and secured public cloud server.

SpiderOak protects sensitive enterprise data with 256-bit AES encryption so that files and passwords stay private. Authorized accounts and network devices can store and sync sensitive data with complete privacy, because this cloud service has absolutely “zero-knowledge” of user passwords or data. And all plaintext encryption keys are exclusively stored on approved devices because SpiderOak never hosts any plaintext data. This way, even if programs like NSA’s PRISM continue to stand unchallenged, consumers can rest easy knowing that their data is truly protected and brands can gain diehard customer loyalty by publically securing consumer information. SpiderOak Blue’s cross-platform private cloud services are available for enterprises on Windows, Mac, and Linux platforms, along with Android and iOS mobile devices, allowing for full flexibility and a mobile workforce.

Use the Cloud To Make Your Small Business a Success

Small businesses around the world utilize the cloud to gain an edge on the competition. Through leveraging cloud computing and storage, SMBs can level the global playing field, competing with large international enterprises and even Fortune 500s. Unfortunately, the unregulated cloud market and shady contracts have led some small businesses to trust their sensitive company and customer data to unsecured clouds. This lack of a cloud security standard has resulted in hacking, leaks, and data mining, all of which can be serious setbacks for small businesses. The good news is that secure cloud service providers can offer complete data privacy and protections along with absolute user anonymity. This way, SMBs can take advantage of all of the cloud’s benefits without having to worry about trading security for cost-savings and convenience.

Small Business Success & the Cloud

Image courtesy of cloud4computers.co.uk

According to Forrester predictions, SMBs will help fuel the forecasted growth in business reliance on the cloud from 22% in 2013 to 27% in 2014. Another report, the State of SMB IT 1H 2013 Semi-Annual Report On Small and Midsize Business Technology Plans & Purchase Intent, breaks down the current use of cloud along with those planning on using cloud services in the near future. The report shows that 61% of small to mid-size businesses are taking advantage of the cloud already, and an additional 5% of respondents plan to adopt some type of cloud service within the next year. For SMBs with 250 to 999 employees, 55% currently use the cloud. But for even smaller businesses with less than 20 employees, the cloud is even more vital, with 69% of respondents currently capitalizing on what the cloud has to offer. For businesses with small teams and tight budgets, the cloud is a convenient and cheap way to get more done with fewer resources.

Cloud Benefits for SMBs

Image courtesy of unleashed-hosting.com

Many cloud providers also allow small businesses to rent their clouds. This gives SMBs access to top-notch cloud technology, a tool that was once the exclusive privilege of established enterprises and corporations. Businesses can tap the cloud services that fit their unique needs, while enjoying scalability by paying for only the services they actually use. In a survey conducted by Oxford Economics, 43% of SMBs prefer cloud-sourcing to cloud providers rather than purchasing expensive and complicated onsite servers. Over the next five years, projected SMB spending on the cloud is expected to steadily grow by nearly 20%, showing that businesses are ready to invest in technologies that truly payoff. But unless SMBs can ensure that their cloud providers offer true data security and strict privacy measures, trusting sensitive data to unsecure cloud providers is a risky investment.

Cloud Services for SMBs

Image courtesy of unleashed-hosting.com

Africa is one of the fastest growing continents for cloud adoption, but according to the latest numbers from the Business Software Alliance, software piracy is at an incredible high of 80%. This rampant piracy costs small businesses millions in investments and threatens intellectual copyright. But with private cloud solutions, businesses can secure their projects without fear of hacking or leaks. As it stands, small businesses around the world haven’t made data security a priority. But improving security measures for company and customer data is a necessity for two main reasons. First, even if your business doesn’t hold any production secrets, a single security breach could significantly halt production or even damage company networks and computers if malware was introduced.  Second, in the wake of revelations on the NSA’s PRISM program, customers will reward those companies that can guarantee privacy and anonymity with loyalty. But before choosing a third party cloud service provider, make sure your business has a strong internet connection or your own web servers, as you won’t be able to access stored information in the case of a downed connection.

Small Business in the Private Cloud

For many small businesses, finding a truly protected third party cloud service can be a challenge as many “secure” services on the market have security gaps that leave sensitive company and consumer data wide open to third party attacks and even governmental spying, in the light of the ongoing NSA PRISM scandal. One cloud storage and sync service that sets itself apart from the rest of the market is SpiderOak. This service provides SMBs with fully secure cloud storage and syncing, featuring all of the benefits of the cloud along with 100% data privacy. SpiderOak is available with onsite deployment for businesses that want their own private servers or through the cloud-sourcing to a private and strongly secured public cloud server.

SpiderOak protects sensitive business data with 256-bit AES encryption so that files and passwords stay private. Authorized accounts and network devices can store and sync sensitive data with complete privacy, because this cloud service has absolutely “zero-knowledge” of user passwords and data. All plaintext encryption keys are exclusively stored on approved devices and SpiderOak never hosts any plaintext data. This way, even if programs like NSA’s PRISM continue to stand unchallenged, customers can rest easy knowing that their data is truly protected and SMBs can gain diehard customer loyalty by publically securing consumer information. SpiderOak cross-platform private cloud services are available for businesses on Windows, Mac, and Linux platforms, along with Android and iOS mobile devices, allowing for full flexibility and a mobile workforce.

Launching Your Business With the Cloud: Storage for Startups

Starting your own business can be a challenge in any market, but in the face of increased global competition, it’s harder than ever to create a company with staying power. One way to jumpstart success is by leveraging technology to better compete with bigger international enterprises. Through cloud computing and storage, startups have been able to gain a cutting edge, bringing their products and services to new markets and targeting key demographics through big data analytics. But storing sensitive startup data to the cloud can be a security risk that makes new company data vulnerable to data mining, hacking, and even internal leaks. With private cloud services, startups can take advantage of all that the cloud has to offer without sacrificing security and privacy in the process.

Startup Success Through the Cloud

Image courtesy of venturebeat.com

The cloud market is currently muddled with controversy over security and pricing, making the process of selecting a service provider even more difficult for startups. But that shouldn’t scare new companies away from the cloud, as the technology can be one of the best assets for startups with limited staff and resources. One of the biggest ways that the cloud can be an asset to businesses is in the area of hiring. For startups, hiring can be a risky investment and many look to freelance contract workers to help smoothly transition newer companies through periods of growth. The cloud enables businesses to tap a massive network of freelance workers, as well as professionals in a wide range of sectors, to meet their shifting needs. Another way that clouds can help startups is by drastically cutting IT costs. Instead of hiring large IT teams and buying expensive onsite servers cloud-sourcing to a third party provider offers smaller businesses the same capabilities that were once exclusively the privilege of top enterprises. And cloud services are fully scalable, so that startups only have to pay for what they actually need, with the option of scaling services up or down depending on monthly demand.

How Startups Choose Cloud Providers

Image courtesy of yourstory.in

The cloud offers flexible solutions for startups, from public and private deployment models, to unique hybrid clouds that fulfill the security and storage requirements of businesses. With the ability to tackle everything from IT infrastructure to data storage, the cloud can be one of the best cost-effective tools for any startup. One of the greatest challenges though, is finding the right cloud provider that can provide quality services along with strong data security and user privacy. As it stands, the market it still a little chaotic. According to Stu Minima, senior analyst at Wikibon, “It is by no means, kind of a steady state market.  There’s logic turn going on, lots of changes, lots of players coming into the market, lots of companies radically changing their environment, and most enterprises have some play in the cloud.  But it’s definitely early, early days still despite the fact that we’ve been talking about it for over five years now.” But that’s no excuse for opting out of the cloud all together. As Minima states, “companies have to be looking at cloud environments.  Turn the clock back to those early days, five years ago in 2008, when IT had significant pressures on being able to take that fixed IT cost and change that to a flexible model.  Moving today, it’s more about business agility and being able to deploy things faster.  CIOs today, it’s not if they should be using cloud environments, it’s imperative that they do this or they will be left behind with what competitors are doing.”

Start Up Costs & Success

Image courtesy of fundersandfounders.com

For startups, timing is everything and flexibility is one of the few leveraging points new businesses have on established competitors. So finding a secure cloud service as soon as possible should be on every startup’s list of priorities. Making the switch to the cloud also can help secure vital venture capital funding, which can be hard to come by in the current economic climate. Vice president at Forrester Research, James Staten, says, “First and foremost, startups that offer software or online services have to prove their business model works in the cloud before they are likely to get any venture capital funding these days. That means their business starts in the cloud.”

SpiderOak Blue for Startups

For startups looking to turn a profit through the cloud, SpiderOak Blue offers fully private “public” and onsite server options for full flexibility. But choosing the right third party cloud service can be a challenge as many services on the market have security gaps that leave private company data vulnerable to third party attacks, NSA snooping, and even internal leaks. But SpiderOak sets itself apart from the rest of the market by providing a fully private cloud service featuring all of the benefits of cloud storage along with 100% data anonymity.

SpiderOak protects sensitive startup data through 256-bit AES encryption so that files and passwords stay private. Authorized accounts can store and sync sensitive data with complete privacy, because this cloud service has absolutely “zero-knowledge” of user passwords or data. And all plaintext encryption keys are exclusively stored on approved devices, as SpiderOak never hosts plaintext data of any kind. SpiderOak Blue’s private cloud services are available for startups on Windows, Mac, and Linux platforms, along with Android and iOS mobile devices, making this one of the only flexible cross-platform solutions on the market.

What’s Lurking Behind Your Cloud? The Threat of Malware

The spread of malware through popular cloud services has scared some users into staying away from the cloud altogether. Hackers and malware creators have used various clouds and cloud services as vehicles for malware, using the prestige of cloud providers like Dropbox as a disguise for their malicious software. Businesses that employ unprotected cloud services could be vulnerable to attack while jeopardizing the entire network’s safety. But with a private cloud service, users can take advantage of all the cloud has to offer without worrying about hacking, leaks, or data mining.

Malware Lurking in the Cloud

Image courtesy of betanews.com

According to Commtouch’s Q2 Internet Threats Trend Report, spam distribution around the world is becoming even more narrowly targeted. Avi Turiel, director of threat research and market analysis at Commtouch, says, “The spam and email security landscape in general became much more diversified according to region during the second quarter of 2013. The discrepancies between the development of spam levels globally and in specific regions such as Germany show that that the growing trend toward targeted spam and malware distribution has started to affect spam levels in a significant way. This trend has begun to transform the way spam and malware distribution works, posing new detection challenges for security vendors.” This means that as malware evolves to take on new cloud models, it becomes harder and harder to detect.

Malware Around the World

Image courtesy of cioinsight.com

The threat of malware challenges security experts from all around the world. A recent report by Kaspersky Lab of Indian participants of the Kaspersky Security Network (KSN), found that 35.6% of users suffered some sort of malware attack. And a report by the Hong Kong Computer Emergency Response Team (HKCert) shows that instances of online security breach have risen 12% from last year. Along with hacking, about half of the attacks also came from botnets, infected computers that are networked into malicious robots. The other half of the attacks came from a combination of viruses, phishing, denial-of-service (DoS), and spyware. Leung Siu-cheong, senior consultant at HKCert’s Coordination Centre, said, “Enterprises and internet users should make it a habit to maintain the security patches on their personal computers, keep servers up to date and adopt firewalls and anti-malware software. Businesses, in particular, should establish policies on the classification and protection of sensitive data [and] manage both mobile devices at work and the service level of cloud service providers. In short; they should be well-prepared for large-scale attacks.” It short, it seems that for now protecting data from the threat of malware is just the newest security standard as attacks continue to rise.

Data Loss and Malware

Image courtesy of cioinsight.com

Malware creators are getting creative in finding new channels for their attacks. At a recent Black Hat conference in Las Vegas, security experts discussed the growing trend of malware writers using cloud services and file hosting website as tools for spreading malware. According to Michael Sutton, vice president of research at ZScaler, “Attackers are starting to leverage hosting services. It used to be that [attackers] would set up their own servers. Then we saw them infecting legitimate third-parties. Now they are using hosting services. They are no longer paying for hosting [malware] and are less likely to get blacklisted.” This new strategy seems to be working, as indicated by the growth in numbers of attacks this year. And the threat of malware is only sure to grow. The recent Def Con Hacking Conference in Las Vegas showed the world the threat of malware from official malware businesses like the Russian Malware Headquarters. But black hats and malware factories shouldn’t keep anyone from enjoying the benefits of the cloud. With a private cloud service, anyone can store and sync with full security as long as the service provides strong encryption and doesn’t host encryption keys or plaintext

Safety in the Cloud

Users looking for a third party cloud service that offers true protection, can find it a challenge as many “secure” services out on the market still have glaring security gaps that leave sensitive data wide open to third party attacks and even governmental spying, under the shadow of the controversial NSA PRISM program. A cloud storage and sync service that stands out with strong protections is SpiderOak. This private cloud service offers fully secure cloud storage and syncing, with all of the benefits of the cloud along with 100% data privacy.

SpiderOak protects sensitive user data with 256-bit AES encryption so that files and passwords stay private. Authorized accounts and approved devices can store and sync sensitive data with complete privacy, because this cloud service has absolutely zero-knowledge of user passwords or data. All plaintext encryption keys are exclusively stored on approved devices and SpiderOak never hosts any plaintext data. SpiderOak’s cross-platform private cloud services are available for users on Windows, Mac, and Linux platforms, along with Android and iOS mobile devices, allowing for full flexibility.

Private and encrypted storage for Bitcoin? SpiderOak gives it a try!

Unfortunately, our testing has now concluded. We had a great response and plan to take bitcoin payment hopefully at the beginning of next year, but will be unable to integrate that into our system at this very moment. If you want a personal email notifying you when it is set up, please email erin[at]spideroak[dot]com. Thanks!

 

 

We at SpiderOak believe in privacy. And we believe in always pushing the bounds of privacy further and further into the Internet. To that end, we have made the decision to do a proof-of-concept around accepting Bitcoins as payment for SpiderOak service. As Bitcoin becomes a more ‘mainstream’ method of currency exchange, we thought it only natural to extend it’s concept to SpiderOak as another privacy promoting element.

For this initial test, we will be manually accepting payment for 100GB/1-year accounts. We are conducting this initial test to gauge interest and if the demand is present we will possibly implement an actual API-based Bitcoin payment system. This would of course enable anyone to make payment for their SpiderOak accounts with Bitcoins.

Our Trial Offering: 

  • We offer a total of 25 x 100GB SpiderOak account upgrades for 1 year ($100 value) to customers wishing to use Bitcoin as payment.
  • The cost per 100GB account during this trial period will be 0.75 BTC (a 25% discount vs. Fiat)
  • To purchase a 100GB account upgrade, you need only email bitcoin@spideroak.com for your personal Bitcoin deposit address for the payment. Once payment is made, we will send you an email with an upgrade-code to use for the 100GB upgrade.

Ultimately this is our way of helping to support both the concept of privacy as well as promoting the Bitcoin community by proving that business are indeed taking Bitcoin seriously. We are eager and curious to hear feedback so please feel free to reach out to us anytime with additional reactions or thoughts.

Risk Free BYOD: Keeping Convenience & Security

If you haven’t yet heard of BYOD, you soon will. The growing policy trend is transforming work culture around the world and will likely become the next standard for workplace technology. BYOD stands for Bring Your Own Device, meaning that offices with this policy allow or require employees to conduct official work on their personal devices such as laptops, tablets, and smartphones. Enabling BYOD has allowed enterprises and businesses to appeal to top-tier candidates while establishing a more flexible office culture. However, BYOD policies don’t come without their risks, as unsecured devices could become sources of hacking, malware, and leaks. But with a private third party cloud service, companies can permit employees to use their own devices without having to sacrifice data security.

BYOD Policies & the Cloud

Image courtesy of business.bt.com

According to a survey of CIOs conducted by Gartner about 40% of enterprises will stop providing devices to employees by 2016. Instead, almost half of major enterprises will rely on BYOD policies to conduct business. The technology behind this rapidly growing trend is secure cloud storage. According to CTO and founder of iSpaces, Dermot Doherty, cloud computing creates “the framework from which BYOD can function. It also eases the burden from IT departments to find proper devices for their employees, manage service plans, and maintain the latest software and hardware upgrades.” Furthermore, Doherty asserts that cloud storage offers “a safe and manageable storage place for company information that is not stored on any particular device, but merely accessible from it.” But in order to capitalize on the benefits of Bring Your Own Device policies, “Companies need to change their current hardware security policies to accommodate BYOD, while utilizing the latest cloud-based services to manage their information,” says Doherty.

Employees & BYOD

Image courtesy of baselinemag.com

BYOD policies are also transforming the world of higher education. A recent survey of higher education CIOs shows that about a quarter of respondents already have BYOD policies in place at their college. Such policies also enable work from home positions and a more mobile workforce. With the cloud and BYOD, some businesses can do away with traditional office spaces altogether, interacting over the Internet and phone when needed. Through this new trend, companies can also tap the skills and resources of workers from all over the world, letting enterprises competitively shop for the best skills at the best price. To many modern workers time and comfort are just as important as salary and benefits. Ultimately, those businesses that can offer the greatest flexibility will be able to keep employee morale high, resulting in greater personal investment and more productivity.

When considering rolling out new BYOD policies, it’s important to secure sensitive company data exclusively on a private cloud. Otherwise, corrupted employee devices could spread malware throughout company infrastructure. Disgruntled employees and hackers can take advantage of loose BYOD policies to wreak havoc on company data and infrastructure. But instead of holding onto ancient office policies forbidding private devices, enterprises and businesses should seek out cloud services that offer user anonymity and strong data encryption. That way, even in this case of a security breach, sensitive company data would be protected. And don’t allow employees to upload company data to any other clouds, as many free public cloud services are highly vulnerable to data mining and hacking. IT departments should insist on universal cloud standards as a security measure in any BYOD policy.

BYOD Today

Image courtesy of tuinnovates.com

BYOD in the Private Cloud

For many enterprises, finding a truly protected third party cloud service can be a challenge as many “secure” services on the market have security gaps that leave private corporate and consumer data wide open to third party attacks and even governmental spying, in the light of the ongoing NSA PRISM scandal. One cloud storage and sync service that sets itself apart from the rest of the market is SpiderOak. This service provides enterprises with fully private cloud storage and sync, featuring all of the benefits of the cloud along with 100% data privacy. SpiderOak Blue is available with onsite deployment and private servers or outsourced deployment through a private and secured public cloud server.

SpiderOak protects sensitive enterprise data with 256-bit AES encryption so that files and passwords stay private. Authorized accounts and network devices can store and sync sensitive data with complete privacy, because this cloud service has absolutely “zero-knowledge” of user passwords or data. And all plaintext encryption keys are exclusively stored on approved devices because SpiderOak never hosts any plaintext data. This way, even if programs like NSA’s PRISM continue to stand unchallenged, consumers can rest easy knowing that their data is truly protected and brands can gain diehard customer loyalty by publically securing consumer information. SpiderOak Blue’s cross-platform private cloud services are available for enterprises on Windows, Mac, and Linux platforms, along with Android and iOS mobile devices, allowing for full BYOD flexibility.

Drifting Off to College: Universities & the Cloud

The cloud has helped countless businesses and enterprises gain a competitive edge on the market. From nonprofits to the largest Fortune 500s, cloud storage and syncing offers secure solutions that are both cost-effective and convenient. For universities and colleges, private cloud services offer streamlined admissions, secure grading, and protections for student records. The cloud also grants universities the capabilities to offer online education opportunities, from real-time feedback over the web to entire courses, like in the example of Open Yale.

Admission Office at Tulane University

Photo courtesy of asergeev.com

Recently, Far Eastern University switched to NetSuite SuiteAcademy, a program that brings cloud-enabled management to global classrooms. Through the program, the Philippines-based institution has enabled offsite learning through online modules. Instead of having to purchase a wide range of software, NetSuite’s SuiteAcademy offers students flexibility in being able to learn anywhere with an Internet connection on their own devices. According to Dean Celito C. Macachor of the FEU Institute of Accounts, Business and Finance (IABF), “We see the cloud as the future of software. Introducing cloud-based business instruction through NetSuite SuiteAcademy can enable us to give students highly sought-after skills that today’s employers covet as more companies migrate to NetSuite cloud business management. Being in the cloud, NetSuite makes anytime/anywhere learning and education possible for both our students and faculty.”

Cloud Technology and Education

Image courtesy of edtechmagazine.com

The recent switch also makes marketing admission much easier for the university. As James Dantow, NetSuite’s Vice President of Worldwide Support and General Manager for the Philippines, told DigitalJournal, “FEU has staked out a leadership position in preparing students for a fast-changing business world with hands-on instruction of the world’s leading cloud financials/ERP software suites. FEU’s partnership with SuiteAcademy can not only make FEU graduates more appealing to employers, it makes the university itself more appealing to students looking for an outstanding business and accountancy education, and the practical cloud computing experience that employers demand.” Even software language giant Rosetta Stone, has put its weight behind the cloud, investing in the cloud-based online learning programs like Livemocha and Lexia Learning Systems.

The Potential Future of the Cloud for Education

Image courtesy of edtechmagazine.com

Along with online learning, colleges can leverage the cloud for better admission operations. Before online admissions, colleges and universities would be flooded with loads of paper applications to keep track of. With cloud-based admission procedures, institutions can store and sort thousands of applicants online instead of having to hire hordes of temp workers. While system shutdowns can derail an entire admissions season, angering applicants and their families, the private cloud offers a safe space for application storage. One recent cloud adopter is the Undergraduate Admissions department at Tulane University. With over 30,000 applicants each year, Tulane found a solution in the cloud. As Tulane’s Vice President for Enrollment Management, Earl Retif, told PRWeb, “We pride ourselves on our evaluation process as well as the support we provide to students and their parents. Over time, we realized we’d reached a tipping point where a more robust infrastructure was essential to sustain a quality admissions experience. Increased application numbers meant increased call volume, which strained resources while posing challenges to an equitable and comprehensive review….[the cloud is] a superb solution, not only as a secure place to store our data, but as a strategic, low-cost cornerstone of our disaster recovery plan. We’ve seen the kind of results we were hoping for. Increased efficiencies and automation are allowing staff to focus more time than ever on problem solving and admission decisions. We’ve also seen a significant increase in the percentage of completed applications, adding even greater equity and opportunity to our process. We made the right move at just the right time.”

Securing Records & Grades in the Private Cloud

Universities and colleges must protect student records and grades to preserve the integrity of higher learning. But hacking attempts and privacy concerns brought on by the PRISM program can severely damage institutional brands. Instead of relying on drastic systemic change, universities should exclusively seek out cloud services that offer user anonymity and strong data encryption. That way, even in this case of a security breach, student and school data would be protected.

For many universities, finding a truly protected third party cloud service can be a challenge as many “secure” services on the market have security gaps that leave private school and student data wide open to third party attacks and even governmental spying, in the light of the ongoing NSA PRISM program. One cloud storage and sync service that sets itself apart from the rest of the market is SpiderOak Blue. This service provides enterprises with fully private cloud storage and sync, featuring all of the benefits of the cloud along with 100% data privacy. SpiderOak Blue is available with onsite deployment and private servers or outsourced deployment through a private and secured public cloud server.

SpiderOak protects sensitive school data with 256-bit AES encryption so that files and passwords stay private. Authorized accounts and network devices can store and sync sensitive data with complete privacy, because this cloud service has absolutely “zero-knowledge” of user passwords or data. And all plaintext encryption keys are exclusively stored on approved devices because SpiderOak never hosts any plaintext data. This way, even if programs like NSA’s PRISM continue to stand unchallenged, universities can rest easy knowing that their data is truly protected while earning diehard alumni loyalty by publically securing student information. SpiderOak Blue’s cross-platform private cloud services are available for colleges and universities on Windows, Mac, and Linux platforms, along with Android and iOS mobile devices, allowing flexible solutions for online and mobile classrooms.

Hackers in the Cloud

Big business and the government have turned to the cloud in droves to take advantage of the technology’s cost savings and convenience. But as the money trails off to the cloud, hackers of all sorts have followed, exploiting weaknesses to make a point or a profit. From phishing attacks to data mining, hackers have found creative ways to get a hold of user identities and sensitive information including financial documents, health records, and personal addresses. However, with a private cloud service that offers both user anonymity and strong data encryption, enterprises and private users alike can still take advantage of the cloud’s convenience and cost savings without worrying about the threat of hacking, data mining, or leaks.

Hackers Could Be Lurking In Your Cloud

Image courtesy of lerablog.org

Recently Dropbox, a popular cloud storage service, suffered a breach by a Chinese cyber-spying team called Comment Crew. Through publicly shared folders, the Comment Crew were able the spread malware to political targets. According to Cyber Squared, “The attackers have simply registered for a free Dropbox account, uploaded the malicious content and then publicly shared it with their targeted users. The attackers could mask themselves behind the trusted Dropbox brand, increasing credibility and the likelihood of victim interaction with the malicious file from either personal or corporate Dropbox users.”

Comment Crew Attacks Around the World

Image courtesy of wired.com

Another way that hackers are utilizing cloud technology for their attacks is through the popular scam known as phishing. A phishing attack is when criminals target user information through fake emails that look legitimate, but are really meant to get users to give up sensitive data that could be used to access various online accounts. According to Lockheed Martin’s chief information security officer, Chandra McMahon, Lockheed’s employees must continually be wary about phishing attacks that purportedly stem from sites that employees visit regularly. McMahon said that common phishing attacks on Lockheed, “are compromised by adversaries because they are the perfect spot to put malware because a lot of the employees from the industry will go there.” Phishing attacks jeopardize company data and open up sensitive channels to security vulnerabilities. And unless an enterprise chooses to exclusively store sensitive data on a private cloud, safeguards from phishing are left in the hands of employees.

Common Phishing Categories

Image courtesy of commontouch.com

When it comes to healthcare providers, proactively guarding against hacking, data mining, and leaks is vital to patient privacy and HIPAA compliance. According to researchers Frank Pasquale and Tara Adams Ragone, “Patients are rightly concerned about critical health data being lost or inappropriately accessed.  On the one hand, cloud service providers may reduce those risks by deploying their unique expertise. On the other hand, the more entities access data, the more chances there are for something to go wrong. Risks along many dimensions—legal, reputational, medical, among others—need to be addressed.” In this case, healthcare providers should be wary of any cloud service that doesn’t provide true privacy and data encryption.

Currently, MIT students Xiangyao Yu, Ling Ren, and Christopher Fletcher, along with scientist Marten van Dijk, are working on a program that could address cloud security concerns in the future. The Ascend program shields cloud data by randomizing cloud connections, so that would-be hackers would have to solve the impossible task of remapping the data. Another way that enterprises can keep data safe in the meantime is to set up proxy servers or gateways to prohibit any connections that aren’t SSL. All uploads should be done over SSL and any sensitive data should be encrypted. And cloud service providers should have absolutely zero knowledge of uploaded data through encryption at the block level and user-hosted encryption keys.

Protect Yourself With the Private Cloud

For many enterprises, finding a truly protected third party cloud service can be a challenge as many “secure” services on the market have security gaps that leave private corporate and consumer data wide open to third party attacks and even governmental spying, in the light of the ongoing NSA PRISM program. One cloud storage and sync service that sets itself apart from the rest of the market is SpiderOak Blue. This service provides enterprises with fully private cloud storage and sync, featuring all of the benefits of the cloud along with 100% data privacy. SpiderOak Blue is available with onsite deployment and private servers or outsourced deployment through a private and secured public cloud server.

SpiderOak protects sensitive enterprise data with 256-bit AES encryption so that files and passwords stay private. Authorized accounts and network devices can store and sync sensitive data with complete privacy, because this cloud service has absolutely “zero-knowledge” of user passwords or data. And all plaintext encryption keys are exclusively stored on approved devices because SpiderOak never hosts any plaintext data. This way, even if programs like NSA’s PRISM continue to stand unchallenged, consumers can rest easy knowing that their data is truly protected and brands can gain diehard customer loyalty by publically securing consumer information. SpiderOak Blue’s cross-platform private cloud services are available for enterprises on Windows, Mac, and Linux platforms, along with Android and iOS mobile devices.

Could PRISM Be Hurting Your Business?

Internet privacy advocates and transparency activists have been up in arms since June over the NSA’s PRISM program. According to whistleblower Edward Snowden, while working as a contractor for the US government he monitored private online use and telecommunications under the auspices of the Patriot Act. The controversy has started a global conversation over the state of online access, user privacy, and governmental monitoring. But the ripples of the PRISM program are far-reaching, and many enterprises and businesses have suffered as a result of the scandal. However, this loss is unnecessary, as there are plenty of ways to protect corporate data even in the light of the PRISM program.

PRISM Program

Image courtesy of ruvr.ru

According to a sample survey of 500 members recently conducted by the Cloud Security Alliance, awareness of the official U.S. cyber-spying program has already hurt American cloud businesses. Of the global businesses surveyed, 10% have already had to cancel projects using US cloud providers out of security concerns, while 56% claimed that they had no future plans to use a US-based cloud for business. Roughly one-third of U.S. respondents asserted that doing business with other countries has now become incredibly difficult due to privacy issues revealed by Snowden’s leak of the NSA PRISM program. Such findings follow the claims of EC digital chief Neelie Kroes, “If European cloud customers cannot trust the United States government or their assurances, then maybe they won’t trust US cloud providers either. That is my guess. And if I am right then there are multi-billion euro consequences for American companies.”

How PRISM May Work

Image courtesy of Mashable.com

Such prospects of severe loss in profits should alarm all industries and show that the PRISM scandal is not just a privacy issue, but an important economic one as well. Those sectors that rely on American cloud companies should be concerned over revenue drops due to fears raised by PRISM and the Patriot Act. Some European consumers and companies have all but blacklisted known participants of the PRISM program, and Estonian President Toomas Hendrik Ilves has even called on other European nations to collaborate on a European cloud that could provide citizens protections from governmental monitoring. And according to Sebastian-Hendrick Picklum, marketing chief at CloudControl, “Companies here in Germany fear already when using public infrastructure that somehow the NSA or other government agencies might be able to intercept the communications between the public cloud and their corporate computers. They like continuing to use their data centers and having control from the server to the user.”

German Interior Minister Hans-Peter Friedrich

Photo courtesy of wikimedia.org

As Cloud Sigma CEO Robert Jenkins predicted, the news of the PRISM program has been “really damaging for U.S. companies in terms of competing abroad.” U.S. companies have had to compete in the face of recent messages like that given by German Interior Minister Hans-Peter Friedrich. The government official said, “Whoever fears their communication is being intercepted in any way should use services that don’t go through American servers.” And CEO of City Network from Sweden, Johan Christenson, admitted that they received “a lot of customers that come to us because they want to store their data in Sweden.” While this all may sound discouraging, U.S. enterprises and businesses can still rely on private American clouds. But with no universal standards in sight, enterprises should only trust services that can provide user anonymity and strong data encryption.

Market Safety in the Private Cloud

In the globalized age, enterprises can’t afford to lose out international profits. Privacy concerns brought on by PRISM can stall projects and dip into global profits. Instead of relying on drastic systemic change and governmental transparency, enterprises should seek out cloud services that offer user anonymity and strong encryption. That way, even in this case of a security breach, sensitive data would be protected, allowing U.S. companies to once again compete on the global market.

For many enterprises, finding a truly protected third party cloud service can be a challenge.  Many “secure” services on the market have security gaps that leave private corporate and consumer data wide open to third party attacks and even governmental spying, as shown by the ongoing NSA PRISM scandal. One cloud storage and sync service that sets itself apart from the rest of the market is SpiderOak Blue. This service provides enterprises with fully private cloud storage and sync, featuring all of the benefits of the cloud along with 100% data privacy. SpiderOak Blue is available with onsite deployment and private servers or outsourced deployment through a private and secured public cloud server.

SpiderOak protects sensitive enterprise data with 256-bit AES encryption so that files and passwords stay private. Authorized accounts and network devices can store and sync sensitive data with complete privacy, because this cloud service has absolutely “zero-knowledge” of user passwords or data. And all plaintext encryption keys are exclusively stored on approved devices because SpiderOak never hosts any plaintext data. This way, even if programs like NSA’s PRISM continue to stand unchallenged, consumers can rest easy knowing that their data is truly protected and brands can gain diehard customer loyalty by publically securing consumer information. SpiderOak Blue’s cross-platform private cloud services are available for enterprises on Windows, Mac, and Linux platforms, along with Android and iOS mobile devices.