California breach report highlights need for secure data storage

/in , , /by

 

The California attorney general, Kamala D. Harris, recently released a study revealing the state’s current cyberthreat landscape.

According to the investigation, 167 data breaches were reported in California last year, jumping 28 percent from 2012. Those breaches exposed the information of more than 18.5 million residents, significantly more than the 2.5 million compromised in 2012.

The retail industry appears to have borne the brunt of the damage last year. Breaches targeting retail companies affected 84 percent of the total records compromised in 2013. The financial services sector came in a distant second, accounting for 20 percent of total breaches.

Theft of payment card and Social Security information also increased this year, resulting in financial losses for victims. While the report did not provide exact numbers on how much California residents have lost or what number have experienced fraud as a result of a breach, it did cite a Javelin Strategy and Research study that estimates more than one-third of breach victims will suffer financial fraud as a result.

In an interview with The New York Times, Harris said that 2014 is shaping up to be even worse for client data than last year, as breaches have already increased 30 percent in the first 10 months.

“We are increasingly adopting technology that is putting our data in systems that are ripe for penetration,”said Harris. “We have not sufficiently inoculated ourselves. The bad guys have figured out where the vulnerabilities are and learned there is much to be profited and gained from exploiting them.”

Organizations looking to protect sensitive personal information stored on their servers can implement cloud storage services to keep privileged data secure and private. Records kept within a cloud environment can be easily encrypted and kept off enterprise networks, increasing security and reducing the risk of hackers discovering sensitive data during a breach of a company system. Cloud services also provide organizations with enhanced business continuity, as records kept in the cloud are safe in case of a disaster or network outage.

Aid workers fight Ebola with unified communications

/in , , , /by

As Ebola continues to spread across West Africa, the International Federation of Red Cross and Red Crescent Societies is partnering with Airtel, an Indian service provider, and the government of Sierra Leone in order to send health reminders through widespread text messaging campaigns.

Since last April, when the Ebola outbreak first began, officials have been utilizing the Trilogy Emergency Relief Application system to send nearly 2 million texts a month in the country. The messages provide the citizens of Sierra Leone with important health information and facts about Ebola to help educate the public, such as to avoid physical contact with others if they believe they have been infected, not to resist the aid of health workers in the area and other potentially life saving tips. The system is designed to send messages at off-peak hours to prevent network overload and recipients can opt out of the messages at any time.

Messages received by cell phone users include "People with Ebola who go to the health center early have a better chance of survival" and "Healthcare workers who take of Ebola patients have to wear protective clothes, do not be afraid of them." The service also allows text recipients to reply with basic health questions and receive and automated response regarding information about medical help, cleaning tips or treatment options.

Unified communications solutions have proved to be extremely effective in disseminating critical information during times of crisis. The TERA messaging system was also used in Haiti after the country's devastating 2010 earthquake and was first brought to Sierra Leone in 2013 to educate citizens about a cholera outbreak. Similar programs are used in the U.S. to send out information about severe weather or on college campuses to alert students about dangerous situations. 

Text messages reach a wider audience than emails
The messaging system was set up by the IFRC and is capable of sending a text to any cell phone that is turned on within a certain region. In areas like Sierra Leone, Internet access is not nearly as widely available as cell phone service and mobile phones are a vital lifeline for those trying to communicate with a large audience in the midst of a crisis. More than two-thirds of those in Sierra Leone have cell phone service, while only 9 percent have access to a 3G or cellular Internet plan, NPR reported. Because the messages are sent to cell phone users located in specific regions, the IFRC and Sierra Leonean Ministry of Health can tailor the texts to certain populations and provide regional advice.

In an interview with NPR, IFRC mobile operator relations officer Robin Burton noted that the system can also be used to make aid services more effective through feedback from recipients.

"We hope this will empower people to help themselves," said Burton. "They could send a message back to us saying, 'Thanks for the rice, but we have no way to cook it,' or, 'We don't eat pork here.' We call it beneficial communications because it helps everyone do better."

Burton also noted that the information sent in texts is saved on the phone and can be used for later reference, unlike information shared through the television or radio which is often quickly forgotten.

So far, more than 4,000 people have died as a result of the Ebola epidemic in West Africa, and the rapid pace at which is has been spreading in the region has spurred the Red Cross into expanding the messaging program to seven other countries in the area; Tongo, Mali, Benin, Ghana, Guinea Bissau, Burkina Faso and Gambia. Once the Ebola outbreak subsides, the TERA system will remain in use in those countries during natural disasters or times of conflict. 

Growing digital health market highlights need for secure data storage solutions

/in , , , /by

A recently released study by Juniper Research revealed that the digital health market is making dramatic gains, especially in the area of wearable tech and mobile phones. According to the report, applications targeting healthcare will be a driving factor behind the digital market for that industry reaching more than $3 billion over the next five years. The market is rising so fast, in fact, that other research has suggested it may grow to more than twice that size in an even shorter amount of time, with Visiongain predicting the market will be worth $6.7 billion by the end of this year.

Wearable technology has found its way into a variety of industries, but healthcare shows the biggest opportunity for success, according to the study. Healthcare apps are being widely adopted because of the myriad benefits they offer. Wearable health devices can collect a massive amount of user data that can then be analyzed to track trends in a variety of healthcare populations. Having the ability to connect smartphones and tablets to medical devices like heart rate monitors and blood pressure cuffs offers a variety of benefits, like improved in-home monitoring and an enhanced ability to screen for related health issues.

The report suggests that the advancement of electronic health records will create an enhanced and widened digital health environment, as the records can provide a baseline for mobile health databases.The data collected through healthcare applications can also be used to help reduce the price of medical insurance for users. Existing federal laws allow information gathered by wearables and mobile devices to influence the price of health insurance as long as they meet a predefined set of requirements that constitute an employee wellness program. However, now that the growing amount of personal medical data can be integrated into insurance information, it's only a matter of time before more modern frameworks is developed to utilize this new data.

Protect sensitive medial data in the cloud
As more hospitals and healthcare providers adopt the use of wearable medical devices, the ability to store and protect the vast amounts of information created will become a top priority. A reliable way to increase the security of sensitive patient data is to employ cloud storage services. Storing sensitive information in the cloud provides organizations automatic encryption, as well as disaster recovery solutions that ensure necessary data will be available even a primary system were to fail or be damaged. Cloud services are also a cost-effective solution, as they are easy to scale to meet needs. 

Increase in healthcare data breaches highlight need for improved storage solutions

/in , , , /by

While much of the news on cybersecurity and data breaches has been focused on attacks aimed at retail stores, security experts are increasingly warning healthcare organizations that hackers are more frequently going after targets in this $3 trillion industry.

In the underground market where cybercriminals sell their stolen goods, medical information can go for more than 10 times what credit card numbers are worth. Due to the high price medical records can fetch, attacks are increasing at an alarming rate. Just last month the FBI warned healthcare providers to be on high alert after Community Health Systems, one of the U.S.'s largest hospital operators was hacked and the information of 4.5 million patients was compromised. A recent study by the Ponemon Institute found that the number of healthcare organizations reporting a data breach is rising, with 40 percent of providers reporting an intrusion in 2013 as opposed to 20 percent in 2009.

Lack of awareness makes healthcare great target
As opposed to retail data breaches or personal identity theft, fraud involving medical information is rarely detected in a timely manner, making it more worthwhile for hackers to go after healthcare records instead of credit card numbers.

"As attackers discover new methods to make money, the healthcare industry is becoming a much riper target because of the ability to sell large batches of personal data for profit," said Dave Kennedy, CEO of TrustedSEC LLC in an interview with Reuters. "Hospitals have low security, so it's relatively easy for these hackers to get a large amount of personal data for medical fraud."

According to an FBI estimate, one medical record can sell for as much as $50 in an underground marketplace, in stark contrast to the few dollars a stolen credit card might bring in. Stolen medical information commonly on sale on the black market includes names, dates of birth, billing information, diagnosis codes and policy numbers. This data is then used by cybercriminals to create fake IDs in order to purchase prescriptions or medical equipment that can be resold, or to make phony insurance claims.

Low funding, high risk
One of the major drivers in the increase in healthcare data breaches is the recent switch to electronic medical records. In an interview with the Boston Globe, Beth Israel Deaconess Medical Center CIO John Halamka said that IT departments in the healthcare industry commonly receive between only 2 and 3 percent of an organization's budget, compared with the 20 percent offered to those in retail and financial industries, yet organizations are being forced to rely on technical solutions. Perhaps because of the lack of funding, a recent study by security firm BitSight Technology found that healthcare providers respond more slowly to data breaches than any other sector, compounding the problem.

The Ponemon Institute report found that the healthcare industry loses $5.6 billion a year due to security incidents. As cybercriminals continue to find more sophisticated attack methods and target larger amounts of information, healthcare providers will have to find a more secure way of storing their electronic medical records. A reliable way to protect patient data is to utilize cloud storage services. Data saved in the cloud can be easily encrypted and kept in a separate place from other enterprise information. Business continuity procedures are also improved by keeping health records in the cloud, as duplicate data can be stored offsite and kept safe in case a system is compromised or a disaster were to occur. Cloud services are a cost-effective storage option as they are highly scalable and require healthcare providers to only pay for the amount of service being used. This allows cash-strapped organizations to protect sensitive information without breaking the bank. 

Companies find increased reliability, flexibility with desktop virtualization

/in , , /by

As bring-your-own-device policies and remote working have become increasingly popular and resource optimization has become more necessary, keeping enterprise IT current and efficient is growing more complex all the time. Between PCs and each employee's personal devices, upgrading the applications and operating systems on individual endpoints can consume time and resources that most companies just don't have. Luckily, desktop virtualization and remote application delivery have emerged as reliable alternatives to traditional network delivery.

As Tech Radar contributor David Howell noted, moving to a virtual desktop environment offers small- and medium-sized businesses dramatic gains in control, as well as being an effective way to future-proof IT systems. A recent study by VMware found that 90 percent of enterprise IT departments spend at least half of their time completing routine administrative tasks. SMBs that have implemented virtualization, however, reported experiencing an increase in productivity and 73 percent said they witnessed significant improvements in the amount of time spent completing administrative tasks.

When an office transitions to a virtual desktop environment, it means that the computers employees use have desktops delivered and controlled directly from a central server room. This offers centralized management of the office's desktops, since each one is virtualized and provided in an isolated state, creating a highly secure network environment. 

"Desktop, or endpoint, virtualization enables a centralized server to deliver and manage individual desktops remotely," according to Symantec. "While users enjoy full access to their systems, IT staff can provision, manage, upgrade, and patch them virtually, instead of physically. This also means that users can access files and applications on a central server. Companies might also opt for a hybrid scenario where users can access some applications through a central virtualized server and others through their local computers."

Enterprises see a variety of benefits with virtualization
Transitioning to a virtual environment and leaving behind traditionally installed OSs and applications enables businesses to be more flexible and agile, as virtual desktops can change in real time to reflect the work at hand while all being managed from a single, central location. Virtualization also allows companies to offer their employees more mobility, being able to access data and applications from the same work environment no matter where they are. Workers can easily connect to servers from multiple devices as all the necessary components are available at login.

Adopting desktop virtualization is also cost-effective and provides a high return on investment, as it offers a customized user experience that is more scalable and reliable than traditional options. Business continuity is improved with the use of desktop virtualization, with all data saved in an off-site data center that prevents lost, stolen or damaged devices from having a damaging impact on the organization's daily processes. At the same time virtualization makes for a logical addition to any enterprise disaster recovery plan, as desktop applications are being offered through an off-site server, so power outages or extreme weather won't affect business. Running operating systems and applications through a virtual machine increases enterprise security by allowing employees a safe way to access sensitive corporate information.

Companies embracing cloud for increased flexibility, lower costs

/in , /by

 

As technology becomes an increasingly important part of doing business, companies are realizing the benefits of the cloud. Utilizing cloud-based applications is a great way to enhance business operations by reducing costs, increasing flexibility and improving collaboration and productivity.

While traditional software can only be used by the device it was uploaded to, cloud applications can be accessed from any Internet-connected device. The accessible nature of the cloud makes it much more convenient for companies with employees who are frequently on the go or like to telecommute.

The cloud also allows organizations to break free from traditional software and the associated upgrades and high licensing fees for a more cost-effective option. Cloud applications work on a simpler subscription model, making it easier for enterprises to scale their service and pay only for what they really need. Small businesses can especially benefit from implementing a cloud infrastructure, as the lower costs and increased flexibility are ideal for companies with tighter budgets and smaller IT departments.

Another benefit of the cloud is an increase in collaboration between coworkers. The cloud’s ease-of-use and its ability to make documents and services available from anywhere with an Internet connection improves editing and sharing capabilities. Employees who might be miles away from one another physically can be on the same page virtually through the cloud, easily and effectively making edits to documents or changing presentations together over the Internet.

Companies of all sizes will also benefit from the cloud’s ability to serve as a disaster recovery center. Duplicate files can be easily stored in the cloud and kept offsite in case of an emergency at a much lower cost than employing a physical data center for disaster recovery services. Utilizing a cloud disaster recovery solution dramatically improves enterprise data security, ensuring critical information and systems won’t disappear because of a natural disaster. The cloud also increases protection from cyberattacks, as all data stored on the platform is encrypted to make it impossible for hackers to steal sensitive information.

Hybrid cloud ideal for enterprise use
For companies interested in implementing a cloud environment, a hybrid cloud is a good option to consider. Hybrid clouds offer organizations a mix of private and public infrastructures, making it possible to utilize the best of both platforms. Applications can be run on a public platform while critical services and data can be stored privately to add an extra level of security. Hybrid clouds also offer service scalability, making it easier to meet business demands. When traffic is slow, companies can focus on the more critical platform and increase service on the secondary cloud when demand picks up.

Recent Postal Service data loss highlights need for disaster recovery solutions

/in , , /by

It was discovered in a recent government audit of the U.S. Postal Service that the agency lost sensitive data after the device containing both the original and backup copies of the information suffered a hardware failure. The machine that crashed contained the database for the Computer Incident Response Team, which was "used to record and monitor computer incidents." The database was lost in April after an unspecified malfunction occurred. The information was considered essential, meaning it was necessary to the maintenance of daily operations.

"…[T]he Postal Service did not ensure all database backups were being stored on separate hardware," stated the audit report. 'Specifically, the CIRT database was lost due to a hardware failure and the data was not recovered due to the absence of a backup on a separate piece of hardware."

Currently, the security standards for the Postal Service do not require separate devices for storing backup and original files to maintain information resources. Ironically, the USPS was given an award by CSO Magazine earlier this year for innovative use of online security. The award was accepted by the CIRT's Information Systems Security Manager Andrew Kotynski.

Disaster recovery: More important than you think 
​While it may seem like what happened to the USPS was just an embarrassing oversight, hundreds of companies make the same mistake each year. Even if duplicate copies of information aren't stored together, they can still be lost if the appropriate disaster recovery and business continuity policies aren't implemented. A recent survey conducted by Forrester found that 33 percent of companies have declared a disaster in the last five years. Four years ago, that number was 20 percent. The study also found that the downtime caused by disasters can be extremely expensive, with respondents reporting costs of up to $3.5 million.

When putting disaster recovery and business continuity plans in place, it is important for organizations to consider where documents and important information are currently stored and how employees access them. For critical information that is used frequently and by many different people, cloud storage services are the best choice.

Using content management systems and cloud-based solutions allow companies to store important data in an easily accessible place that will stay safe during a disaster and keep business running as usual. Employing managed services also lets small- and medium-sized businesses enjoy the same benefits as large companies while having lower costs and the security of a fully redundant, reliable data center.

Top 4 benefits of cloud storage services

/in , , , , /by

As technology becomes an increasingly important part of business, many companies are looking for solutions that will provide the most advantages for the least amount of money, time and complexity. One technology that is growing in popularity is cloud computing, and specifically cloud storage services. While there are many benefits to storing sensitive documents and information in the cloud, keep reading to find out the top four.

1) Cost-Effectiveness:
Backing up data can be extremely expensive, especially when considering the necessary equipment and hardware. Labor costs become an issue too, as manual backups are time-consuming and complicated. Cloud storage solves these problems by leaving the maintenance and equipment costs to a third party provider. Cloud storage solutions are easily scaled, allowing businesses to only pay for the amount of storage necessary for their business and making it simple to increase or reduce space as client needs change.

2) Security:
Storing information in the cloud is much more secure than keeping paper documents or using physical devices for file storage. Hard drives and USBs can be stolen or lost, while information in the cloud will always stay put. At the same time, security is not a core competency for many companies, but it is for cloud service providers. Because of this, providers who are mainly focused on data security are much more adept at keeping information protected than a business with an IT team focused on dozens of projects and problems at once.

Cloud storage also creates an extra layer of security between privileged data and cybercriminals. Backup files are kept separate from originals so hackers cannot steal everything at once.

3) Disaster Recovery:
In the same way that it is safer to keep duplicate files away from the originals to protect them from malicious actors, it also helps to protect against natural disasters. After a storm or fire, regular systems may not be accessible, but information stored in the cloud will be.

4) Accessibility:
Professionals are using more devices than ever before and cloud storage allows files to be accessed from any of them. Sharing is also made easier with this increased flexibility, as files can be put in the cloud and then accessed by any authorized party. This helps to increase collaboration between in-house and remote employees, as well as improving productivity.

Cities increasingly utilizing the cloud for disaster recovery services

/in , , , /by

 

With state and local governments increasingly feeling the pressure to streamline IT operations to control costs and enhance performance, a growing number of cities are beginning to pursue the most up-to-date tools and hardware architectures to modernize their data centers.

At the same time as there is an emphasis on physical devices, city IT managers and CIOs are also utilizing the cloud in their data center renovations. Instead of using tight budgets on new data center facilities, cities are able to implement pay-as-you-go cloud services to consolidate data and programs from different government agencies in an effective way. Many local agencies are employing the cloud to handle spikes in data center workloads, or as a backup service or a disaster recovery utility.

Under the supervision of CIO Vijay Sammeta, the city of San Jose is implementing plans to use the cloud as a backup mechanism for the city’s critical IT infrastructure. In the next 12 to 18 months San Jose will be transitional virtual machines to the cloud and using the technology to manage various applications, as well as for backup and disaster recovery services.

“When you think about all the components of a highly available service delivery stack: network, servers, database and the applications, it starts [to] make a lot of sense to simply let someone else worry about that and just build redundancy to the Internet,” said Sammeta.

The cloud an alternative to physical facilities
The city of Asheville, North Carolina has also turned to the cloud for its disaster recovery plan. The city was set to build a $200,000 disaster recovery center as part of a fire station construction project, but it never came together so Asheville needed a plan B. Utilizing the cloud allows the city to enter disaster recovery mode only when it is critically necessary. The ability to scale for need saves Asheville thousands of dollars a year as compared to the cost of maintaining hardware in a physical facility. With the new system, the city is also able to encompass a number of applications into the disaster recovery plan that were previously uncovered.

In Michigan, Oakland County is using the cloud to supplement its overworked data center facilities, according to CIO Phil Bertolini. Implementing a cloud infrastructure allows the county to transition some systems to the cloud, taking computing pressure off of the data centers’ servers. The town of Newington, Massachusetts is also getting in on the cloud craze, implementing services to extend the city’s business continuity and disaster recovery capabilities.

New study finds companies increasingly utilizing cloud for disaster recovery

/in , , , , /by

 

As technology becomes more prevalent in business and companies increasingly rely on massive amounts of data to complete work, the need for a secure backup service and disaster recovery plan is more necessary than ever. In a recent webinar sponsored by Microsoft, Forrester analyst Noel Yuhanna recommended that enterprises strategically implement public cloud services for disaster recovery to ensure business continuity.

According to Yuhanna, more than 70 percent of enterprises currently have to manage at least two terabytes of data, but at the rate new information is being created that could become petabytes in just a few years. In the webinar, Yuhanna praised the cloud for its ability to automate the data backup process and include encryption while not requiring staff to manage the day-to-day operations of the servers and storage platform.

Forrester recently conducted a survey of more than 200 database backup and operations professionals on three continents and found that 15 percent of companies are currently utilizing the cloud for database backups. This number has doubled in the last year, according to Yuhanna. The report also found that users were driven to the cloud for backup and disaster recovery services due to the need for constant application availability, cost savings and organizational agility.

Cloud offers multiple DR benefits
The cloud is ideally suited for disaster recovery because it is able to replicate data that resides in a physical location without having to create a redundant facility to house it. It is also a cost-effective option, as backups and archived data often sit unused for years at a time with few updates and don’t need to be stored in an expensive physical facility. The cloud therefore creates a dual benefit of storing information in a cost-effective environment that is also offsite in case of a disaster.

The Forrester survey also discovered that the key reasons companies utilized the cloud for backup and disaster recovery services were the ability to save money on data storage and administrative costs and provide more frequent backups.

“You could almost be guaranteed that if you decide to put some data in the cloud that, whether it’s an archive or backup, the next year it’s going to be cheaper to store it there,” explained Forrester principal analyst Dave Bartoletti.

Finally, the report found that 57 percent of respondents reported the use of cloud backup and disaster recovery services actually helped to improve their company’s service level agreements, as processes and systems become more reliable with the cloud.