There’s more to data center security than you think

/in , , , , /by

When it comes to computers and technology, there is one thing at the forefront of everyone's minds these days: security. This idea is especially critical when talking about data centers, as digital, physical and structural security are all critical to operations.

There are a variety of different security concerns when it comes to data centers, from compliance requirements to building security to protections against the weather. Businesses need to make themselves aware of the security precautions taken by their data center service provider and carefully consider three areas of security before choosing a facility.

"Businesses need to carefully consider three areas of security when choosing a data center."

Physical
Most people think digital security is the only concern when it comes to data centers, but if the power supply cuts out or a tornado tears the facility down, that can be even more debilitating than a data breach. Consider these physical aspects when choosing a data center:

  • A secure location: The site needs to be located a good distance away from company headquarters and out of the path of natural disasters like earthquakes, tornadoes and hurricanes.
  • Redundant utilities: A secure facility will employ two separate sources for critical utilities, being able to trace electricity back to two unique substations.
  • Controlled building access: Make sure the data center has security guards in place and a limited number of entry points into the building, as well as security cameras and gates to keep out unwanted visitors.
There are many different security concerns that must be addressed when choosing a <a data-cke-saved-href=There are many different security concerns that must be addressed when choosing a data center.

Digital
While the physical considerations of a computing facility are very important to the overall security of the building, digital security precautions must also be taken in order to protect the files stored within.

  • Implement two factor authentication: Biometric identification is increasingly being used in data centers as a second layer of security to ensure only the appropriate people are handling certain information.
  • Encrypt data in motion: Encryption is a necessity when working within distributed computing environments where application workloads communicate across both private and public networks.
  • Meets multiple regulatory compliance requirements: Make sure any data center being utilized meets the necessary guidelines to be compliant with industry regulations for the sector you're operating in.

Structural
Separate from physical and digital security measures, steps must be taken to build security into a data center's infrastructure to create a robust protection strategy and atmosphere of defense.

  • Anticipate changes to workloads: Enterprise applications are not static entities, but are instead workloads that move from one location to another and must be monitored as they go. Utilizing adaptive security measures allows workloads to move freely while enabling IT administrators to focus on other business-critical operations.
  • Future-proof application development: Make sure security solutions are deployed that can stay consistent across private and public cloud platforms so the same level of protection will be maintained no matter where the apps run.
  • Audit application interactions: Periodically take stock of the traffic flowing between the individual workloads that make up each application. This will provide enterprises with a comprehensive view of the interactions taking place, as well as any connection requests from outside entities that may be popping up.

White House making strides to increase public access to broadband Internet

/in , , /by

The federal government has been very concerned with the Internet recently. From cybersecurity taking center stage during this year's State of the Union address to the Federal Communications Commission making historic rules protecting net neutrality, Washington has cyberspace on its mind – and for good reason. The Internet is everywhere and is used by billions of people everyday. It has changed the way people work, play, learn and communicate, but for some reason there are still areas of even the most developed countries that don't have access to reliable Internet service. However, with so much attention being paid to online activities recently, a variety of organizations are working together to change that, at least in the U.S.

" Only 29% of Americans are able to choose from more than one service provider at 25 Mbps."

According to the most recent data from the Department of Commerce, 98 percent of Americans are now able to access 4G wireless broadband service, achieving a goal set by the Obama administration two years earlier than anticipated. However, information from the FCC paints a slightly different picture. A report from the agency indicated that over 50 million Americans are not able to purchase a wired broadband connection capable of download speeds of 25 Mbps, which has been defined by the FCC as the minimum for adequate broadband service. On top of that, only 29 percent of Americans are able to choose from more than one service provider at the minimum broadband speed.

Increased Internet access offers paths to success
The widespread availability of high-speed Internet has been an important cause for the president since he took office in 2009, and he often makes the case that abundant Internet access, as well as education in the STEM fields, is critical to the economic future of the country. Last week Obama praised the progress that has been made by the country's broadband providers to increase the presence of high-speed wireless service across the nation, but acknowledged there was work yet to be done. In response, the president announced the creation of a new inter-agency panel that will be tasked with eliminating regulatory barriers to further deployment even more.

The newly formed Broadband Opportunity Council will be made up of representatives from more than two dozen government departments and agencies. The council is being billed as a coordinated effort among government entities to work alongside the private sector in order to develop a policy environment that enables investment in high-speed networks. The group will be co-chaired by the U.S. Departments of Commerce and Agriculture and is expected to report back to the president within 150 days with steps each agency can take to advance the council's goals. 

"Access to high-speed broadband is no longer a luxury; it is a necessity for American families, businesses, and consumers," Obama said. "The federal government has an important role to play in developing coordinated policies to promote broadband deployment and adoption, including promoting best practices, breaking down regulatory barriers, and encouraging further investment."

The government is taking major steps to improve access to high-speed Internet across the country.The government is taking major steps to improve access to high-speed Internet across the country.

Breaking down barriers to access
Along with creating the BOC, Obama is also urging the FCC to strike down state laws which prevent communities from building or expanding their own 1-gigabit-per-second networks. These types of networks offer download speeds nearly 100 times faster than conventional connections and can be a major resource to rural communities.

"Over the last several years, dozens of cities have accelerated the deployment of world-leading broadband networks by reforming local policies that add unnecessary costs to construction," said Blair Levin, the man behind the FCC's efforts to write the 2010 National Broadband Plan. "It's great, as called for in the National Broadband Plan, that federal agencies are joining the movement to reform policies to help American communities have the best broadband in the world."

CIOs look to find a balance between tech innovations, enterprise security

/in , , , , /by

With technology playing a much more integral part in the enterprise, the role of the CIO has become more complicated in recent years. A variety of factors that previously didn’t affect the position are now shaping everyday processes, and there is an increasing degree of change continuously facing IT staff. According to the 14th Annual State of the CIO survey conducted by CIO Magazine, 91 percent of CIOs say the role has gotten more challenging recently, and 74 percent say it is becoming increasingly difficult to find a balance between business innovation and operational excellence.

The rising frequency of data breaches have put a premium on strict security practices to protect critical infrastructure. But, at the same time, CIOs must be able to focus on just a few key priorities that will help to propel their organizations forward. In order to achieve this balance, there are a few main technology drivers that CIOs look to for guidance on IT priorities: cloud computing, big data analytics, enterprise mobility and data centers.

In many cases, the advantages of multiple areas are being combined to create solutions that benefit companies even more. Business continuity/disaster recovery and security will always be – or should always be, at least – a top priority for businesses, but innovations in cloud computing and data center design are helping to improve these processes by increasing overall security and enhancing recovery efforts so network intrusions cause as little disruption as possible.

Big data analytics and enterprise mobility are also teaming up to provide operational insights that were previously unavailable to most organizations. In the modern enterprise, data serves as a new form of currency, and the more information businesses can get out of their data, the richer they will become. Practically every company has some form of mobility or bring-your-own-device program by now, and many organizations also offer a mobile application for employees and clients to access information on the go. The data created through those programs is proving invaluable to enterprises hoping to learn more about their client base and streamline operating procedures.

Enterprises are experiencing numerous benefits with new technologies. Enterprises are experiencing numerous benefits with new technologies.

Tech innovations offer benefits to companies, but expertise is lacking
While these areas of IT are becoming the most important for many businesses, they are also some of the categories in which many CIOs are seeing skills shortages. According to the State of the CIO survey, big data, security and mobile technologies are three of the top five areas in which businesses are finding it difficult to find qualified candidates. The study also found that 56 percent of CIOs believe they will experience an IT skills shortage over the next year.

“ISG Technology offers expertise to help companies implement solutions right for them.”

In order to ensure they are able to experience the benefits of these technologies despite a lack of IT talent, many businesses are turning to third party service providers to receive the help they need. Organizations like ISG Technology offer expertise in data center management, security, enterprise mobility and cloud computing and can help companies implement solutions that are right for them quickly and conveniently.

Hackers use malware to steal millions of dollars from global banks

/in , /by

It seems that data breaches have started to occur so frequently that people don't even notice them anymore. But the most recent hack to make the news was a little different, as it is considered to be the largest bank theft in the world. According to a report by The New York Times , a group of cybercriminals were able to access the networks of more than 100 banks in 30 countries and steal at least $300 million.

Security researchers with Kaspersky Labs were called to investigate a strange glitch affecting the ATM machines of a Ukrainian bank in late 2013. The machine would dispense cash at random intervals without anyone swiping a card or entering a PIN, providing lucky passersby with free money. After looking into the problem, however, the analysts discovered that the bank's network had been hacked and malicious actors had rigged the ATMs to release cash and then posed as random pedestrians to retrieve their haul.

The group of cybercriminals sent phishing emails to employees at the targeted banks which caused malware to be installed when opened. The malicious software allowed the hackers to record internal videos and view the daily operations of the bank, enabling them to perfectly mimic the actions of bank officials and steal money without raising suspicion.

"This is likely the most sophisticated attack the world has seen to date in terms of the tactics and methods that cybercriminals have used to remain covert," said Chris Doggett, managing director of Kaspersky North America's Boston office, in an interview with the Times.

Sophisticated malware creating costlier breaches
The malware, known as Carbanak, allowed the cybercriminals to make transfers to fraudulent accounts by temporarily inflating the amount in legitimate accounts and then moving the money off-site. While researchers are confident that at least $300 million was stolen, they believe the actual total could be as much as three times that amount. The transactions never exceeded $10 million and some banks were attacked multiple times, making it difficult to calculate an accurate total. The majority of the financial institutions affected were in Russia, but banks in Europe, Japan and the U.S. were also targeted.

While this type of large scale hack doesn't happen every day, the scope and sophistication of the cyberattack points to a trend of increasingly harmful data breaches targeting financial services institutions. Industry regulators have started to implement much stricter compliance standards, causing organizations to scramble to increase their security or face steep fines. It can be difficult for businesses to know what level of defense is necessary for their files, however. Partnering with a trusted service provider to establish a customized compliance program allows organizations to deploy the necessary security without the hassle and confusion.

ISG Technology has been an expert in the industry for decades, offering reliable security services for organizations in a variety of sectors. Compliance requirements can easily be met with firewall protection, intrusion prevention, network security assessments and monitoring services from ISG.

Anthem Health Insurance latest company to suffer massive breach

/in , , /by

America’s second largest health insurance company announced in early February that it had fallen victim to a data breach that may have exposed the data of millions of clients. Anthem Health Insurance admitted that the names, birth dates, addresses, Social Security numbers and income data for as many as 80 million clients and employees were potentially compromised due to a lack of encryption. The company said that there is no evidence that financial or medical information was accessed during the breach.

With a toll in the tens of millions, the cyberattack could be the largest breach of a healthcare company ever, putting it on par with the breaches that took place at Target and Home Depot. The “very sophisticated external cyberattack” exposed the information of so many people that even the insurer’s chief executive was affected. Numerous brands of health plans are operated by Anthem, including Blue Cross and Blue Shield of Georgia, Empire Blue Cross and Blue Shield, Anthem Blue Cross and Anthem Blue Cross and Blue Shield.

Insufficient protection leaves data at risk
In a statement posted on the company’s website, Anthem claimed to have a state-of-the-art security system in place to protect privileged information, but the two most valuable pieces of data for identity thieves – Social Security numbers and birth dates –  were not encrypted. Not surprisingly, this isn’t the first time Anthem has had client information exposed. A 2012 lawsuit between Anthem Blue Cross and the California Attorney General was settled after a claim that the insurer compromised 33,000 members of their plan when they sent letters with Social Security numbers clearly visible in the envelope windows. In 2013, the company again exposed the Social Security numbers of an undisclosed number of doctors and healthcare providers in a document posted to Anthem’s website.

While the information involved in the breach is not included under the Health Insurance Portability and Accountability Act, Anthem will still likely face lawsuits from those affected as they had plenty of warning that such an event was possible. Last summer, the FBI issued healthcare organizations a warning that hackers were targeting them more frequently in the wake of a large scale data breach against Community Health Systems in which 4.5 million patients had their data stolen. While the threat of data breaches have increased in every industry, the risks are even higher for healthcare organizations where companies keep massive amounts of personal information in large databases.

Mobile cloud services market growing fast, new study finds

/in , , , /by

A recently released study by Markets and Markets on the mobile cloud market found the sector is poised to make rapid gains in the next five years.

According to the “Mobile Cloud Market by Application & by User: Worldwide Market Forecast and Analysis” report, the market is projected to increase an a compound annual growth rate of 37.8 percent between 2014 and 2019, jumping from $9.43 billion to $46.9 billion.

One of the reasons the mobile cloud market has picked up momentum as quickly as it has is because of the increased convenience realized through the use of the cloud. Information is available in a single, streamlined interface and can be accessed from anywhere with often just an Internet connection. This plays into the major factor driving the rise of the mobile cloud market, according to the report. An increased demand from consumers for connectivity has been met by cloud computing, as the technology provides interoperability and connections previously unavailable.

The study noted that the transition of mobile devices like smartphones and tablets away from being used solely as forms of communication or entertainment toward enterprise means has also helped to push the adoption of mobile cloud services, as users are interested in applications that allow them to access all of their data with a single click.

Businesses especially benefit from mobile cloud access
Since the creation of the Internet, nothing has quite shaken up the technology industry quite like cloud computing. As an increasing number of organizations are realizing the business benefits of the cloud, the services and applications that complement the technology have also grown more popular. Enterprises especially are able to experience advantages from the connectivity offered from the cloud, as enhancing the connection to clients and vendors enables improved responsiveness and agility.

As cloud-enabled mobile applications and services earn a larger foothold in the business world, protecting enterprise information is becoming a growing concern. Data security and privacy were both cited as key challenges in the report, and many organizations are held back from experiencing all of the benefits of the cloud because of security concerns. Deploying a cloud platform with the help of an experienced third-party service provider is a simple and reliable way to ensure sensitive data remains private and secure. Cloud service providers utilize tools and techniques like encryption when hosting client files, increasing the security of information and the benefits an organization can realize with the cloud.

Modern firewalls: More than just perimeter protection

/in , /by

When firewalls were first introduced in the early '90s, their technology focused mainly on the concept of stateful inspection, which is concerned with keeping track of the state of a network's connections. Over the past two decades, however, the Internet has grown dramatically and new security threats have emerged, causing many to predict the downfall of the firewall as a security mainstay. Now, with new technology and next generation firewalls, it appears those predictions may have been somewhat premature.

"As threats and infrastructures have evolved, the ability to control the flow of traffic on the network is more useful than ever,"said Gil Shwed, inventor of stateful inspection and CEO of Check Point, in an interview with Computer Weekly. "Firewalls have evolved to become more comprehensive and, for most organizations, still form a key part of the information security technology stack."

Next generation firewalls dig deeper to enhance enterprise security
Modern firewalls have moved past simply monitoring certain ports or activity between addresses and are now able to allow or deny decisions. Firewalls are now capable of providing IT leaders with insights into the threats facing an enterprise that can then be used to create a more comprehensive defense strategy.

While some critics have suggested that firewalls are no longer sufficient network perimeters as company data is stored in a variety external locations, Shwed argues that what is part of an internal, trusted infrastructure and what is not is still clearly defined and therefore possible to create a perimeter around.

"Organizations use many different ways to access corporate data, such as clientless and client-based VPNs, from a range of devices or cloud applications – but the borders are still present," explained Shwed.

APTs and the IoT, no match for modern firewalls 
​Modern, next generation firewalls are being deployed by both public and private sector organizations to defend against high-profile attacks like advanced persistent threats. APTs utilize highly skilled hacking techniques and creative strategies to slip past even the most sophisticated defense measures undetected. Next generation firewalls are able to protect enterprise networks from this threat by supplementing traditional perimeter security strategies with content filtering, intrusion detection and application control features.

Firewalls are especially beneficial to organizations embracing the Internet of Things. With the IoT, there are often devices that are connected to the Internet – and are therefore able to be hacked – that cannot run the most recent security software, leaving them vulnerable to cybercriminals. Low-tech connected devices like printers and phones can now be protected through the use of a firewall. Any machine connected to an enterprise network can be included within the perimeter set up by a next generation firewall, proving increased protection and threat defense.

As FedTech Magazine contributor Mike Chapple pointed out, IT departments are able to benefit from the single management interface offered by modern firewalls and the entire enterprise experiences advantages from multiple security features working in concert with one another.

Majority of companies using hosted virtual servers, new study finds

/in , , /by

A report recently released by Kaspersky Lab has found that the large majority of enterprises utilize third-party providers to host their virtualization servers. IT managers appear to prefer the lower costs offered by third-party providers, as well as the ability to have someone else take care of system maintenance.

The study, which included surveys of more than 2,000 IT professionals who use virtual servers revealed that 67 percent of organizations employ at least a partially hosted system. Firms with smaller IT departments were more likely to implement virtual servers. According to the report, 41 percent of small- and medium-sized businesses reported using a virtualization service.

More than half of survey participants reported housing business-critical applications and core parts of their IT infrastructure in their virtual environments. Of those using virtual servers for important systems, 68 percent stored email and other communication applications, 65 percent hosted database programs and 56 percent used the virtual servers to host accounting packages.

Hosted virtual servers offer enterprises a variety of benefits, including reduced costs and lowered complexity for onsite IT staff. Through the use of server virtualization, capacity can be easily added by third-party service providers and support growing enterprises.

Server virtualization also provides companies with a cost-effective way to detect security breaches, which offers protection for not just servers but an entire network. Virtualized servers are capable of detecting compromised and unstable applications, providing increased malware identification, enabling enterprises to quickly and effectively separate any compromised systems from the rest of the network.

Organizations using virtual servers can easily have systems remotely monitored by administrators in one virtual location, allowing for enhanced visibility of traffic activity and user access. A master image of the server can be created, enabling IT departments to quickly identify abnormal behavior, improving the security posture of the enterprise.

New data center technology leverages SDN for security

/in , , /by

It was announced this week that Israeli security startup GuardiCore had closed a round of fundraising to begin production on its new security system designed to internally secure data centers. The technology takes advantage of recent improvements in network virtualization and uses software-defined networking methods to defend data centers operating at multi-terabit rates of traffic.

"SDN is an opportunity to introduce advanced security controls and capabilities into the data center network in a way that can scale to the demands of a large [data center] and offer a dynamic and proactive security control framework, detecting and mitigating an attack at an early stage,"  said the company in a statement.

A weakness created by modern facilities' tendency to include applications that cross security parameters has been exacerbated by the adoption of intra-data center traffic that moves at multi-terabit levels, according to GuardiCore CEO Pavil Gurvich. The new technology aims to address the increase in cyberattacks committed within a data center that go unnoticed due to insufficient security measures. Traditional methods of defense, including sandboxing, intrusion detection and deep packet inspection, are not capable of keeping pace with the speeds at which data center traffic currently operates.

The first component of this new security system, Active Honeypot, surreptitiously re-routes network traffic to counter attack cybercriminals by sending data to an 'ambush' server. The secret server is highly monitored and is capable of quickly providing information about the attack in order to effectively eliminate the threat. Active Honeypot is currently being evaluated in a variety of data centers and private cloud environments.

The recent round of fundraising was led by Battery Ventures, whose general partner Scott Tobin noted that tracking and eliminating intra-data center threats is the next important skill for the industry to master.

"Traditional security techniques have focused on keeping the bad guys out of the perimeter. GuardiCore's approach assumes you have already been compromised and provides levels of visibility and protection that were previously unattainable," said Tobin. 

Cybersecurity shifts to managed network security

/in , /by

Traditional approaches to cybersecurity such as simply installing antivirus software are losing their edge, according to many in the industry. As a result, companies are increasingly looking to more comprehensive solutions, including additional security training, advanced malware detection, vulnerability scanning services and managed network security services.

The shift away from basic antivirus tools has been occurring for several years now, a recent Wall Street Journal article noted. One executive for one popular antivirus software told the publication that antivirus "is dead." Instead, companies are increasingly shifting their attention from keeping threats out to detecting intrusions more effectively and minimizing the impact.

Reflecting this trend, recent years have seen rapid growth in investment in services such as advanced malware detection and managed network security, a recent ESG research study found. Six in 10 enterprises working with managed services providers in these areas have increased their use of the services somewhat or substantially in the last two years. In particular, 41 percent are investing in managed network security services, 39 percent are investing in risk assessment services and 39 percent are investing in vulnerability scanning services as well. Around 23 percent of organizations have completely outsourced incident detection and security response or are using a provider for staff augmentation.

"[M]any firms realize that chasing anomalous behavior and malcode demands time, resources, and the right technologies," Network World contributor Jon Oltsik wrote. "Given this, an average regional bank, process manufacturing company, or teaching hospital may not want to play cyber cops and robbers anymore."

By outsourcing security tasks and relying on a third-party vendor for services such as managed network security, companies can free up resources to focus on their core competencies, while at the same time improving their effectiveness in fighting today's advanced security threats.