Tag Archives: SpiderOak

Protecting Medical Records in a New Era of Health Insurance

Courtesy of Greg Harbaugh/Feature Photo Service

With the healthcare system undergoing numerous changes, it’s important to make sure medical data is secure.
Courtesy of Greg Harbaugh/Feature Photo Service

Enterprises have scrambled to stay ahead of new regulations brought about by the Affordable Care Act, otherwise known as ObamaCare. The healthcare industry, however, is the most directly impacted by the law, as healthcare providers and insurance companies must prepare for an influx of new patients and a more widely insured populace. But as the insurance pool broadens, risk will be compounded as medical records and sensitive data becomes a brighter target for hacking and leaks. The best way to protect medical data in this new era of mandatory health insurance is through secure cloud storage and sync services that offer 100% data privacy and user anonymity. Anything less than full data privacy and security for medical records could result in damaged brands, exploited information, and increasingly costly HIPAA fines.

Continue reading

Digital Currency Concerns: Bitcoin Security in the Cloud

http://farm6.staticflickr.com/5544/10307542203_8ecae47c05.jpg

Bitcoin digital currency has been the focus of some attacks, but will it still gain traction among large enterprises?
Image Courtesy of Flickr User anatanacoins

For tech-savvy early adopters and enterprises seeking to stay ahead of technological innovations, Bitcoin has been presented as if it were a digital gold mine. This decentralized digital currency works through value transfers that are not yet regulated by any country, corporation, or bank. Bitcoin isn’t backed up by solid assets, so value tends to fluctuate with user investment, jumping from $150USD to $1,000USD in just a matter of months. While many enterprises have stayed away from Bitcoin use or investment until the legal issues are all cleared up, those that want to stay ahead of the curve can still take advantage of the currency while keeping their assets safe through private key storage and sync with a secure cloud service.

Continue reading

Don’t Wait For Data Legislation: Get Ahead of It

 

FCC Chairman Genachowski Speaks About Consumer Protection

In the wake of the stunning data breach suffered by Target late last year, proactive enterprises have already started to draft and enact better security standards to protect corporate and customer data. Such data breaches irreversibly tarnish brands by establishing a bad corporate reputation and losing consumer trust that can be incredibly hard to earn back. Congress has started to discuss legislation that would provide a federal security standard along with consumer protections, but instead of waiting around for legislation that must be responded to, the best enterprises will leverage technology in their favor by seeking out fully secure solutions to data storage and syncing. Being able to proactively protect data not only offers peace of mind, but also allows enterprises to market themselves as fierce defenders of their consumers’ privacy, earning lifelong trust and better branding.

Continue reading

Generational Risk: Millennials & Data Security

IT, Finance, & The Threat to Data Safety.
Image Source: Softchoice

Millennials are typically seen as the go-to generation for all things tech-related. So it may come as a big surprise that recent surveys indicate that lax generational views toward data security could jeopardize the safety of your enterprise’s data. This flies in the face of the recent trend of reverse mentoring, in which younger workers share their tech habits to older workers. When it comes to bad habits, such practices could cause entire organizations to adopt unsafe data storage and syncing techniques, leaving sensitive corporate information open to attack or leakage.

The best way to protect such data is through strong internal systems and the adoption of secure storage and sync services. A recent survey put out by Softchoice is changing the way enterprises view their Millennial workers. According to the research, 28.5% of 20-somethings have their passwords kept in plain sight. This is in comparison with 10.8% of Baby Boomers. So it’s clear that the common wisdom that younger generations are inherently more data-secure falls flat on its face. The survey also found that the lack of secure password storage went hand in hand with syncing sensitive files to unprotected devices for the convenience of working from home. As Millennials are more likely than other generations to push for mobile or work-from-home options, companies need to find secure solutions to handle this trend without putting their data at risk.

Continue reading

Calming the Biggest Cloud Fears

Small businesses have been stuck in a security limbo over the past few months. News of the NSA’s PRISM program has frustrated consumers and has complicated the international market. Widespread cloud fears and worries of government surveillance programs, as well as the prevalence of state-sanctioned hacking have prompted many businesses to cancel contracts and forgo the cloud altogether. But security fears shouldn’t keep you or your business from capitalizing on all that the cloud has to offer. With a secure cloud service that offers zero-knowledge storage, data privacy, strong encryption, and user anonymity, SMBs can leverage the cloud without worrying about dealing with the headache of a breach or leak.

SMBs in the Cloud

Consumer fallout following revelations of the National Security Agency’s PRISM program are set to cost U.S. cloud service providers up to 20% of the foreign cloud market for a potential combined loss of $35 billion. The Information Technology & Innovation Foundation (ITIF) recently put out a report that claims that lack of consumer trust could derail the American cloud for the long term. According to the report’s author Daniel Castro, “If U.S. companies lose market share in the short term, it will have long-term implications on their competitive advantage in this new industry. Rival countries have noted this opportunity and will try to exploit it.” And a report by the Cloud Security Alliance revealed that 10% of respondents cancelled contracts with U.S. cloud providers following news of the PRISM program leak.

Cloud Fears

Another survey of executive-level managers shows that 49% of respondents believe that the cloud will positively benefit their business but have been hesitant to adopt the technology due to security fears. According to cloud engineering specialist Ryan Stenhouse, the cloud actually can be more secure than what many businesses are currently using. Stenhouse says, “If anything, you have more control over what you’re deploying on, since you have no fixed allocation of resources – you use as much or as little as you need and that leads to savings. The biggest security concerns are around access to your data on your VM, you should carefully investigate the controls providers have in place to secure your environment. Big providers such as Amazon and Rackspace make this information available and are accredited to the highest industry standards.”

Sam Visner

Still, businesses should be wary of exactly which providers they trust with their sensitive data as companies offer a wide range of security protections, from the virtually nonexistent to the practically uncrackable. Vice president and general manager of Cybersecurity Sam Visner says, “Data protection is a particularly important concern. Organizations need to ensure that their cybersecurity policies and protections cover information assurance — particularly as they seek to unlock the value of information and big data and use it to make high-value decisions regarding customer strategy, public policy and national security. The survey shows we still have some way to go to allay these types of cybersecurity concerns.” One of the biggest blocks to adoption is lack of understanding of how to proactively protect data. According to Visner, “Information technology professionals in general, and CIOs in particular, need to be informed about the controls necessary to protect their operations and the providers’ approach to meeting those controls. Those contemplating the acquisition of cloud services should look carefully at how security certification or attestation is being performed, and who is performing it.” For SMBs looking for strong security protections, zero-knowledge data policies are essential. This way, only your company has access to your sensitive data.

SpiderOak for Small Businesses

For most SMBs, finding a truly protected third party cloud service can be a challenge as many “secure” services on the market have security gaps that leave data and private company info wide open to third party attacks, leaks, or hacking. One cloud storage and sync service that sets itself apart from the rest of the market is SpiderOak. This service provides businesses with fully private cloud storage and syncing, featuring all of the benefits of the cloud along with 100% data privacy. SpiderOak is available with onsite deployment and private servers or outsourced deployment through a private and secured public cloud server, so that users can tailor the service to fit their needs.

SpiderOak protects sensitive user data with 256-bit AES encryption so that data, files, and passwords stay private. Authorized accounts and network devices can store and sync sensitive data with complete privacy, because this cloud service has absolutely “zero-knowledge” of user passwords or data. And all plaintext encryption keys are exclusively stored on approved devices because SpiderOak never hosts any plaintext data. This way, even if programs like NSA’s PRISM continue to stand unchallenged, SMBs can rest easy knowing that their data is truly protected. SpiderOak’s cross-platform private cloud services are available for users on Windows, Mac, and Linux platforms, along with Android and iOS mobile devices, allowing for full flexibility and enabling a secure mobile workforce.

Secure Banking & the Cloud

The banking world has set out some of the tightest online security measures for secure banking transactions on the web. But as hosts of private customer knowledge, account numbers, and assets, online banking services are prime targets for hacking, leaks, and attacks. One of the best ways for banks to secure their information is to remap their services using the private development framework Crypton while exclusively storing and syncing sensitive data to a secure cloud service provider.

Courtesy of dailymail.co.uk

Santander

Recently a Santander bank branch in London was the victim of a sophisticated cyber-attack worthy of the silver screen. London police in conjunction with PCeU, Scotland Yard’s e-crime unit, detained twelve men on suspicion of conspiring to steal data and money from the bank. One of the suspects allegedly posed as a maintenance engineer and was able to install a keyboard video mouse device (iKVM) to a branch computer, which enabled the group to seize the desktop contents of the device through the bank’s network. According to PCeU Detective Inspector Mark Raymond, “This was a sophisticated plot that could have led to the loss of a very large amount of money from the bank, and is the most significant case of this kind that we have come across.”

Courtesy of techweekeurope.co.uk

KVM Switch

Santander responded through a spokesman, which assured customers that their assets were still safe. According to a statement the bank claims, “Santander was aware of the possibility of the attack connected to the arrests. The attempt to fit the device to the computer in the Surrey Quays branch was allegedly undertaken by a bogus maintenance engineer pretending to be from a third party. It failed and no money was ever at risk. No member of Santander staff was involved in this attempted fraud. We are pleased that we have been able, through the robustness of our systems, to prevent the fraud and help the police gather the evidence they needed to make the arrests.” But according to Dr. Eerke Boiten from the University of Kent, the failed plot should be cause for concern for all banks as it shows a ramped-up level of criminal sophistication. Boiten says that the iKVM “captures all the information that goes to the screen, keyboard and mouse. If you manage to get it installed inside the computer, it gives you a way of contacting the device through a remote computer. This is what people use for controlling a big server remotely. You basically can control a computer inside that bank branch. With one such device you can do as much damage as an individual teller can, within the bank. This is not just one guy trying to install this thing and see if he can get through to the Internet.” The foiled attempt at digital theft shows that thieves are willing to exploit any and all weaknesses in security, whether physical or digital.

Courtesy of cs.kent.ac.uk

Dr. Eerke Boiten

This case of attempted theft has caused a wave of concern to ripple through the tech security world. According to senior security researcher at Kaspersky Lab David Emm, “Like many other hacking attempts, the game plan of the hackers in this case was to be able to get information on transactional and customer data held on the computers within the bank to use for financial advantage. This attempt should remind organizations that a holistic approach needs to be taken toward security. It’s not just the IT security methods that need to be scrutinized, but the people within the organization as well.” Banks should make sure that all employees are brought up to date on security protocols and that no unauthorized personnel are allowed near branch devices.

As McAfee CTO Raj Samani says, “These arrests prove that the ease with which anybody can conduct what is described as a very significant and audacious cyber-enabled offence requires limited technical knowledge and [a] questionable moral compass. Simply plugging in a physical device that can be [acquired] from any number of legitimate outlets demonstrates that the bar required to be a ‘cyber-criminal’ is probably at its lowest level.” The fact that banks and security experts can’t agree on the level of sophistication that this foiled plot poses should worry customers that expect strong security measures for their assets. Through creating completely private infrastructures on Crypton and uploading sensitive information to a private cloud, banks can ensure that data is kept safe, even when accessed remotely from approved users.

Keeping Customer Data Safe With SpiderOak

For most banks, finding a truly protected third party cloud service can be a challenge as many “secure” services on the market have security gaps that leave data and private company info wide open to third party attacks, leaks, or hacking. One cloud storage and sync service that sets itself apart from the rest of the market is SpiderOak. This service provides banks with fully private cloud storage and syncing, featuring all of the benefits of the cloud along with 100% data privacy. SpiderOak is available with onsite deployment and private servers or outsourced deployment through a private and secured public cloud server, so that users can tailor the service to fit their needs.

SpiderOak protects sensitive customer data with 256-bit AES encryption so that data, files, and passwords stay private. Authorized accounts and network devices can store and sync sensitive data with complete privacy, because this cloud service has absolutely “zero-knowledge” of user passwords or data. And all plaintext encryption keys are exclusively stored on approved devices because SpiderOak never hosts any plaintext data. This way, even if programs like NSA’s PRISM continue to stand unchallenged, banks can rest easy knowing that their customer data is truly protected. SpiderOak’s cross-platform private cloud services are available for users on Windows, Mac, and Linux platforms, along with Android and iOS mobile devices, allowing for full flexibility and enabling a secure mobile workforce.

Amazon Cloud Suffers Another Outage

Startups of all sorts use the cloud to leverage technology in their favor in order to compete on the rapidly changing international market. New companies have fewer resources and less customer loyalty, so the ability to change gears on a moment’s notice is essential. Large and expensive onsite servers and IT infrastructures require costly maintenance and can become obsolete the minute a new technological development hits the shelves. To save time and money, many startups have flocked to Amazon’s popular cloud services. Unfortunately, this popular service is far from secure and has been marred by outages. For startups looking to secure their data while capitalizing on the cloud, only a provider that offers a zero-knowledge privacy policy along with strong encryption and user anonymity will do the twin tasks of conveniently storing and securing data.

Courtesy of digitaltrends.com

Amazon Cloud Outage

Despite Amazon’s frequent problems, its popularity has drawn business from organizations as large and varied as NASA and Netflix. When Amazon goes down, it takes down all organizations and companies that rely on its services, halting productivity and dipping into profits. The company notoriously experiences latencies and error rates for EBS-backed instance launches and the APIs for Elastic Block Storage. This technological failure has frustrated companies that heavily rely on the Amazon cloud for daily production. One such company is Wuaki.tv, which utilizes the cloud’s B availability for its integral production system. Systems operations engineer Rhommel Lamas said, “We have a complex architecture and this is just one tiny part of it. We saw how all of our Region B on US-East was failing with increasing latency issues and errors between machines in different zones.” This type of failure is unacceptable for startups that often depend on a cloud service’s reliability. Unfortunately, this is just par for the course for Amazon, which notoriously leaves large security gaps that are easily exploited by hackers and disgruntled employees.

Courtesy of blogs-images.forbes.com

Netflix Outage

All of this comes on the heels of recent market numbers that show Amazon’s dominance with developers. According to the study, 62% of developers use Amazon for processing power. This is compared to 39% that use Microsoft Azure and 29% that use Google’s Cloud Platform. Luckily for startups, new programming frameworks like SpiderOak’s Crypton offer the ability to develop fully private applications while protecting sensitive projects from hacking and leaks until it’s time for a marketed release. Even when pressed, Amazon can’t provide clear answers to where user data is stored and whether or not backups are deleted. This means that sensitive information could just be floating around, ready to be hacked, seized, or leaked at the first opportunity.

Courtesy of i2.cdn.turner.com

Amazon Outage Results

One thing that startups should look for when choosing a cloud provider is transparency. Just how is your data protected? Are there any protections for your company’s identity? And what about the case of a subpoena? What sensitive information would the company have access to? Make sure that whatever cloud your business chooses offers strong encryption to protect your data. A good cloud provider should also user anonymity to protect projects in development as well as a zero-knowledge policy so that only your authorized users have access to the data you upload. You should also be able to access a yearly report on data disclosures from the cloud provider so you know just what to expect in the case of a subpoena or security breach.

Securing Data Online With SpiderOak

For most startups and businesses, finding a truly protected third party cloud service can be quite a challenge as many “secure” services on the market have security gaps that leave data and private company info wide open to third party attacks, leaks, or hacking. One cloud storage and sync service that sets itself apart from the rest of the market is SpiderOak. This service provides users with fully private cloud storage and syncing, featuring all of the benefits of the cloud along with 100% data privacy. SpiderOak is available with onsite deployment and private servers or outsourced deployment through a private and secured public cloud server, so that users can tailor the service to fit their needs.

SpiderOak protects sensitive user data with 256-bit AES encryption so that data, files, and passwords stay private. Authorized accounts and network devices can store and sync sensitive data with complete privacy, because this cloud service has absolutely “zero-knowledge” of user passwords or data. And all plaintext encryption keys are exclusively stored on approved devices because SpiderOak never hosts any plaintext data. This way, even if programs like the NSA’s PRISM continue to stand unchallenged, startups can rest easy knowing that their data is truly protected while earning diehard customer support for securing their information. SpiderOak’s cross-platform private cloud services are available for users on Windows, Mac, and Linux platforms, along with Android and iOS mobile devices, allowing for full flexibility and enabling safe mobile access.

SpidedOak’s Crypton & The Promise of Secure Apps

For applications and software developers, the idea of a truly private application framework has been a pipedream. Developers have had to contend with countless leaks, attacks, and instances of hacking that severely dip into profits and halt production. But with SpiderOak’s new Crypton application framework, developers can build applications and programs that private and cryptographically secure. This ensures that projects stay secret until they are ready to be unveiled and that nothing is stolen. Along with Crypton, developers can keep data secure through SpiderOak’s private cloud services.

Crypton

Crypton

Many developers have previously been wary of the cloud as it once meant sacrificing privacy for convenience. But with Crypton, everyone can take full advantage of the cloud while enjoying the privacy and zero-knowledge that SpiderOak users have come to love. This new framework comes equipped with complex layers of cryptography to befuddle any would-be hackers. According to SpiderOak co-founder and CEO Ethan Oberman, “We can now start a true dialogue around privacy online as Crypton makes it possible for anyone to build ‘zero-knowledge’ cloud-based applications.

Most companies out there aren’t making money by mining through your uploaded content; rather, they are providing a service and charging a monthly or yearly fee. Through Crypton, these companies can now give privacy back to their user base and further protect themselves against potential liabilities and/or outside attacks.” Especially in the wake of the NSA’s PRISM program, consumers are more demanding of privacy rights and data protections then ever. According to Oberman, “Ultimately– we believe that privacy is a right in this country. And inherent in privacy is the concept of ownership. We own our information and therefore can make decisions about when and with whom we share it. This issue has been severely complicated by the growing nature of cloud technologies, as the data you upload had to be accessible by that 3rd party company in order for that service to be useful. But the world is evolving and Crypton gives the conversation a meaningful place to start.”

Courtesy of computerweekly.com

Prevalence of Hacking

This revolutionary framework promises to put data security back into the hands of developers. Projects no longer need to fear tapping the cloud for its convenience and cost-savings as Crypton has zero-knowledge of any user data. SpiderOak first developed the tool internally to meet their extremely high security standards in software development. Through the tool, the company was able to encrypt data without using a different program. The fact that Crypton doesn’t store any plaintext keeps developments safe from all eyes, even SpiderOak’s. As CEO Ethan Oberman says, “If you’re business model doesn’t rely on monetizing user data, then why store that data in plaintext? The liability of storing data is increasing daily.

“The PRISM story awoke people to the growing and associated risks around ‘big data’ and how it can be abused. And there will, of course, always be the threat of data leakage or theft. Whereas previously there was no accessible solution, Crypton represents a new way forward by providing a ‘privacy-first’ approach to application design and implementation. It is time to stop thinking of privacy as a feature and start thinking of privacy as a platform. Previously, privacy could only live in the belly of a downloaded client, which limits adoption and creates obstacles — especially as the world shifts toward the web. Now armed with a way to push privacy further into the web than previously possible, the Crypton framework can serve as a necessary cornerstone in the development and continued advancement of this new privacy platform.”

SpiderOak’s Commitment to Transparency

The company’s high regard for user privacy has earned them diehard support and has even gained recognition by The Information and Privacy Commissioner of Ontario, Canada, Dr. Ann Cavoukian. The commissioner recently named CEO Ethan Oberman and SpiderOak a Privacy by Design ambassador. This recognition indicates the level to which SpiderOak has remained committed to user privacy across all levels, from consumers to businesses to developers. Along with the Crypton framework, SpiderOak also offers businesses and development teams secure storage and syncing services.

Securing Data With SpiderOak

For most SMBs and developers, finding a truly protected third party cloud service can be a challenge as many “secure” services on the market have security gaps that leave data and private company info wide open to third party attacks, leaks, or hacking. One cloud storage and sync service that sets itself apart from the rest of the market is SpiderOak. This service provides businesses with fully private cloud storage and syncing, featuring all of the benefits of the cloud along with 100% data privacy. SpiderOak is available with onsite deployment and private servers or outsourced deployment through a private and secured public cloud server, so that users can tailor the service to fit their needs.

SpiderOak protects sensitive user data with 256-bit AES encryption so that data, files, and passwords stay private. Authorized accounts and network devices can store and sync sensitive data with complete privacy, because this cloud service has absolutely “zero-knowledge” of user passwords or data. And all plaintext encryption keys are exclusively stored on approved devices because SpiderOak never hosts any plaintext data. This way, even if programs like NSA’s PRISM continue to stand unchallenged, developers can rest easy knowing that their data is truly protected. SpiderOak’s cross-platform private cloud services are available for users on Windows, Mac, and Linux platforms, along with Android and iOS mobile devices, allowing for full flexibility and enabling a secure mobile workforce.

The DEA, AT&T, And Your Right to Privacy

It wasn’t that long ago that Edward Snowden blew the lid off the NSA’s now notorious PRISM program. This digital spying program has caused a fierce backlash against participating companies and may even result in lost revenue for many U.S. cloud companies. Recently, the New York Times revealed that AT&T has partnered with the DEA in offering law enforcement officials access to a massive database of phone records. Civil liberties groups are enraged and promise to battle this encroachment of citizen privacy in the courts. In the meantime, mobile users should be wary of information they disclose through their phones. And any sensitive data hosted online should be exclusively stored through a secure cloud that offers data privacy and user anonymity.

Courtesy of static.rappler.com

The Hemisphere Project

The DEA program is called The Hemisphere Project and is enabled through a close partnership with AT&T. According to the NYT release, the U.S. government pays AT&T to merge some of their employees with drug enforcement units around America. Officials are aided by AT&T employees in accessing phone data from 1987 until today. According to the American Civil Liberties Union’s deputy legal director Jameel Jaffer, “the integration of government agents into the process means there are serious Fourth Amendment concerns.” The program has remained secret until relatively recently and Jaffer wonders if “one reason for the secrecy of the program is that it would be very hard to justify it to the public or the courts”.

 

Image courtesy of publicintelligence.net

How the Project Works

The Hemisphere project uses a complex algorithm to track users across different phone devices so that investigations remain fluid even if someone gets a new phone. Law enforcement officials, the DEA, and detectives can tap the project to find the exact location of phones as well as call logs from as old as one hour. The ACLU’s Jameel Jaffer claims that “The government appears to have had a significant role in developing the program, and apparently it’s even paying the salaries of some AT&T employees…To the extent that this is a government program, it’s subject to the Fourth Amendment. In any event, the fact that AT&T is playing such a big role here should be alarming, not reassuring. AT&T is looking out for its shareholders, not ordinary citizens, and its conduct isn’t governed by the Constitution.”

Courtesy of networkworld.com

Disclosure Statement

Digital privacy groups, consumer advocates, and 4th Amendment defenders echo Jaffer’s concerns. The government claims that the outrage is unwarranted and that this program isn’t simply a telecommunications version of PRISM. According to Justice Department spokesman Brian Fallon, “Subpoenaing drug dealers’ phone records is a bread-and-butter tactic in the course of criminal investigations…The records are maintained at all times by the phone company, not the government. This program simply streamlines the process of serving the subpoena to the phone company so law enforcement can quickly keep up with drug dealers when they switch phone numbers to try to avoid detection.” But consumers are wary of such data collection and monitoring programs, especially as the PRISM leak shows that the government isn’t always honest when asked about the extent of their privacy breaches.

Marc Rotenberg is the Electronic Privacy Information Center’s executive director voiced concern over the high potential for abuse in the program. According to Rotenberg, “One of the points that occurred to me immediately is the very strong suspicion that there’s been very little judicial oversight of this program,” Rotenberg said. “The obvious question is: Who is determining whether these authorities have been properly used?” When it comes to any data you want to keep safe, be careful of what you disclose over unsecured telecommunication servers. And for any online data you need to store or sync, be sure to exclusively upload to a secure cloud provider.

Securing Data Online With SpiderOak

For most users, finding a truly protected third party cloud service can be a challenge as many “secure” services on the market have security gaps that leave data and private company info wide open to third party attacks, leaks, or hacking. One cloud storage and sync service that sets itself apart from the rest of the market is SpiderOak. This service provides users with fully private cloud storage and syncing, featuring all of the benefits of the cloud along with 100% data privacy. SpiderOak is available with onsite deployment and private servers or outsourced deployment through a private and secured public cloud server, so that users can tailor the service to fit their needs.

SpiderOak protects sensitive user data with 256-bit AES encryption so that data, files, and passwords stay private. Authorized accounts and network devices can store and sync sensitive data with complete privacy, because this cloud service has absolutely “zero-knowledge” of user passwords or data. And all plaintext encryption keys are exclusively stored on approved devices because SpiderOak never hosts any plaintext data. This way, even if programs like NSA’s PRISM continue to stand unchallenged, users can rest easy knowing that their data is truly protected. SpiderOak’s cross-platform private cloud services are available for users on Windows, Mac, and Linux platforms, along with Android and iOS mobile devices, allowing for full flexibility and enabling safe mobile access.

How to Reduce Your Risk in the Cloud

Small businesses have been somewhat hesitant to switch to cloud service providers, especially after the NSA PRISM program leaks. International backlash threaten many U.S. cloud services, as users are suspicious of governmental citizen espionage. But there are ways for businesses to still leverage all of the cloud’s benefits while securing their data from legal snoops. From better practices onsite to exclusive storage through a secure cloud service, there are plenty of options for SMBs to protect themselves from all sides.

 

Courtesy of risk.net

Cloud Warning

 

Some businesses are already aware of cloud services that protect user data through strong encryption and zero-knowledge policies, but many still don’t know hot to protect data onsite. Encryption should begin at home through Virtual Private Network (VPN) and TLS (HTTPS) tunnels. Through proactively protecting data before it reaches your secure cloud provider you can ensure that you have all of your bases covered. Don’t let government overreach scare you away from capitalizing on the cloud, with a service that offers data privacy and user anonymity, you can reach the right combination of convenience and security.

 

Courtesy of online-backup.choosewhat.com

Data Encryption

 

Aside from employing a secure cloud and encrypting onsite, there are other ways to help keep your data safe while using the cloud. Gretchen Marx is the manager of cloud security strategy at IBM and recently offered The Guardian six keys steps to protecting your data while using a secure cloud:

1. Know who’s accessing what
People within your organization who are privileged users, – such as database administrators and employees with access to highly valuable intellectual property – should receive a higher level of scrutiny, receive training on securely handling data, and stronger access control.

2. Limit data access based on user context
Change the level of access to data in the cloud depending on where the user is and what device they are using. For example, a doctor at the hospital during regular working hours may have full access to patient records. When she’s using her mobile phone from the neighborhood coffee shop, she has to go through additional sign-on steps and has more limited access to the data.

3. Take a risk-based approach to securing assets used in the cloud
Identify databases with highly sensitive or valuable data and provide extra protection, encryption and monitoring around them.

4. Extend security to the device
Ensure that corporate data is isolated from personal data on the mobile device. Install a patch management agent on the device so that it is always running the latest level of software. Scan mobile applications to check for vulnerabilities.

5. Add intelligence to network protection
The network still needs to be protected – never more so than in the cloud. Network protection devices need to have the ability to provide extra control with analytics and insight into which users are accessing what content and applications.

6. Build in the ability to see through the cloud
Security devices, such as those validating user IDs and passwords, capture security data to create the audit trail needed for regulatory compliance and forensic investigation. The trick is to find meaningful signals about a potential attack or security risk in the sea of data points

Following the six steps laid out above will go a long way in keeping your company’s data safe. Another way that privacy advocates are fighting for your security is in the world of development. Crypton is an open source software project that offers a way for developers to make encrypted cloud-based developments in a collaborative and mobile-enabled environment. According to the Crypton website, “To our knowledge there is no other existing framework that handles all the encryption, database storage and private user-to-user communication needed to build a zero knowledge cloud application.” The company behind this effort to encourage secure app development is SpiderOak, a leader in secure cloud solutions.

Courtesy of irec.executiveboard.com

Security Concerns

Securing Data With SpiderOak

For most SMBs, finding a truly protected third party cloud service can be a challenge as many “secure” services on the market have security gaps that leave data and private company info wide open to third party attacks, leaks, or hacking. One cloud storage and sync service that sets itself apart from the rest of the market is SpiderOak. This service provides businesses with fully private cloud storage and syncing, featuring all of the benefits of the cloud along with 100% data privacy. SpiderOak is available with onsite deployment and private servers or outsourced deployment through a private and secured public cloud server, so that users can tailor the service to fit their needs.

SpiderOak protects sensitive user data with 256-bit AES encryption so that data, files, and passwords stay private. Authorized accounts and network devices can store and sync sensitive data with complete privacy, because this cloud service has absolutely “zero-knowledge” of user passwords or data. And all plaintext encryption keys are exclusively stored on approved devices because SpiderOak never hosts any plaintext data. This way, even if programs like NSA’s PRISM continue to stand unchallenged, SMBs can rest easy knowing that their data is truly protected. SpiderOak’s cross-platform private cloud services are available for users on Windows, Mac, and Linux platforms, along with Android and iOS mobile devices, allowing for full flexibility and enabling a secure mobile workforce.