Tanium CEO’s Refreshingly Honest Take on the State of Internet Security

[unable to retrieve full-text content]

On Tuesday, the wood-smoke air of California’s wildfires descended on the Bay Area as cybersecurity professionals gathered at the Palace Hotel for an industry event.

I spent the morning interviewing Orion Hindawi, CEO of Tanium, the world’s highest privately valued cyber startup (worth $ 3.75 billion at last appraisal in May), for a fireside chat at his company’s second annual conference, Converge 2017. Hindawi has a no-nonsense approach to business–a suffer-no-fools attitude that landed him in the sights of a couple of unflattering stories about his management style earlier this year. (He later apologized for being “hard-edged.”)

On stage the chief exec delivered his peculiarly unvarnished view of the state of Internet security. “The idea that we’re going to give you a black box and it auto-magically fixes everything, that’s a lie,” Hindawi told the audience. (One could almost hear a wince from part of the room seating his PR team.) “All I can tell you is we can give you better and better tooling every day. We can make it harder for the attackers to succeed. That’s the best I can offer.”

Hindawi is a realist through-and-through. His outlook is perhaps best summed up by his response to a question about whether he subscribes to a glass-half-full or glass-half-empty view of the cyber threatscape. His reply would become a running joke for the rest of the conference. He said simply, “It’s just a glass, dude.”

Other tidbits of wisdom from Hindawi: not all hackers are Russian spies (the majority are lowly criminals). Unsecured Internet of Things devices pose a risk to everyone. And sometimes cyber insurance is the way to go when old systems are all but impossible to patch; the decision boils down to managing “operational risk, like earthquakes,” he said.

Hacking is not a dark miasma that penetrates all things, although it can sometimes feel that way. Companies, like Tanium, that are building the tools to swing the balance back in defenders’ favor without over-promising provide hope. Enjoy the weekend; I will be heading north of San Francisco, visiting friends who, luckily, were unharmed by the area’s recent conflagrations.

Robert Hackett

@rhhackett

[email protected]

Welcome to the Cyber Saturday edition of Data Sheet, Fortune’s daily tech newsletter. Fortune reporter Robert Hackett here. You may reach me via Twitter, Cryptocat, Jabber (see OTR fingerprint on my about.me), PGP encrypted email (see public key on my Keybase.io), Wickr, Signal, or however you (securely) prefer. Feedback welcome.

THREATS

Always use (advanced) protection. Google debuted an opt-in mode for high-risk users who wish to lock down their accounts on services such as Gmail, Google Drive, and YouTube with extra security. (Paging John Podesta.) The feature requires people to log-in using a special USB key (or Bluetooth dongle for mobile devices), it prevents third-party applications from accessing your Google data, and it adds beefed up malware-scanning of incoming documents. This author plans to sign up.

Gather ’round the good stuff. Pizza Hut warned customers that their personal information and payment card data may be at risk after hackers gained access to the company’s website and app for a 28-hour period starting on Oct. 1. An estimated 60,000 customers are thought to have been impacted. The company is offering victims free credit monitoring for a year.

Unicorn? More like Duo-corn. Duo Security, a Mich.-based cybersecurity startup whose tools help companies manage people’s digital identities, said it raised $ 70 million at a $ 1.17 billion valuation (including the capital raised) this week. Th round catapults the firm into “unicorn” territory, the swelling ranks of private firms occupied by young guns valued at $ 1 billion or more. Alex Stamos, Facebook’s security chief, recently praised Duo as the maker of his favorite cybersecurity product.

KRACKing Wi-Fi. A couple of Belgian researchers published a paper containing proof of concept code that exploits vulnerabilities in the way cryptographic keys are exchanged over Wi-Fi, allowing hackers to steal people’s data. Big tech companies like Microsoft issued a patch for the so-called KRACK bug on Oct. 10, Apple is in the middle of testing patches for iOS and macOS, and Google, whose Android 6.0 devices are the most vulnerable, said it would release a patch in early Nov.

Cyber insurers are going to get Mercked. Cyber insurers might be on the hook to cough up $ 275 million to cover damage to drugmaker Merck as a result of a June cyber attack, dubbed “NotPetya,” according to one firm’s forecast. The companies at issue have not yet disclosed figures themselves.

Surprise! It is depressingly easy for penetration testers to break into places where they are not supposed to be.

Share today’s Data Sheet with a friend:

http://fortune.com/newsletter/datasheet/

Looking for previous Data Sheets? Click here.

ACCESS GRANTED

Boycotts are hardly an option: To opt out of a credit score is to opt out of modern financial life itself. As Equifax’s now former CEO Richard Smith testified in October, if consumers were allowed to abandon the credit system, it would be “devastating to the economy.” The better answer is systemic reform to the credit oligopoly.

–Fortune’s Jeff John Roberts and Jen Wieczner explain what practical recourse consumers and regulators have when it comes to dealing with the major credit bureaus in the wake of a massive data breach at Equifax.

ONE MORE THING

The adventures of John Titor. Namesake of a bygone Internet hoax, “John Titor” claimed to be a man sent from the future to retrieve a portable computer. Titor sent faxes to an eccentric radio program, Coast to Coast AM, that specialized in the paranormal. Here’s an oral history of that running joke; the pseudo-scientific explanations of time travel are delightful.

Tech

Russian Spies Rush to Exploit the Latest Flash Zero Day and More Security News This Week

There’s nothing like a hefty security freakout to start the week, and the Key Reinstallation AttackWi-Fi vulnerability—you know it as Krack—announced on Monday fit the bill. The bug is in the ubiquitous WPA2 Wi-Fi protocol, so while it fortunately doesn’t impact every single device that exists, it does affect a significant portion of them. And many will likely never receive protective patches, a longstanding and critical security problem that particularly affects the Internet of Things. The relative simplicity of the Krack bug itself also highlights the importance of making technical standards accessible to researchers for review and feedback.

Google announced a new tier of account security this week called Advanced Protection that uses physical authentication tokens, advanced scanning, and siloing to help defend particularly at-risk accounts (or anyone who wants to be very cautious). And after its disastrous corporate breach, Equifax is receiving a thorough public shaming. Researchers also discovered that for just $ 1,000 they can exploit mobile advertising networks to track people’s movements in both cyberspace and the real world. Not great!

US-Iranian relations are tense and could nudge Iran’s cyber operations. And crooks have a new favorite hustle called “cryptojacking” that can secretly use your devices to mine cryptocurrency when you visit infected websites. Highs and lows.

And there’s more. As always, we’ve rounded up all the news we didn’t break or cover in depth this week. Click on the headlines to read the full stories. And stay safe out there.

Flash Patched Its Recent Zero Day, So Russian Hackers Are Using It While They Can

Kaspersky Labs researchers announced a new Adobe Flash vulnerability on Monday, noting that unidentified hackers exploited the bug in an attack on October 10, using a compromised Microsoft Word document to deliver FinSpy malware. Adobe coordinated with Kaspersky to issue a patch on the day of the disclosure. In the wake of the patch, researchers at the security firm Proofpoint observed the hackers doubling down to exploit the flaw before potential targets widely adopt the fix. The group, which Proofpoint says is the Russia-backed collective Fancy Bear, launched an email spearphishing campaign that targeted state departments and aerospace companies. But researchers say the operation was sloppy, and that the group has followed this pattern in the past.

Microsoft Didn’t Disclose 2013 Breach of a Sensitive Vulnerability Database

Sophisticated hackers breached Microsoft’s internal vulnerability-tracking database more than four years ago, but the company didn’t publicly disclose the incident. Five former Microsoft employees told Reuters that the company was aware of the intrusion in 2013. The database would have contained critical vulnerabilities in Microsoft’s widely used software products, including Windows, and may have even included code for exploiting those flaws. Such information would be a gold mine for foreign government-backed hackers or third-party criminals alike, and could have facilitated breaches and espionage at the time.

Reuters’ sources said in separate interviews that Microsoft never connected the breach to any other attacks, and that the company didn’t disclose the incident, because doing so would have pushed attackers to exploit the vulnerabilities before they were patched. Microsoft presumably patched everything in the compromised database years ago, though. Reuters’ sources say that the Microsoft did at least improve its internal security in response to the hack. The incident was part of a rash of attacks that also hit Apple, Facebook, and Twitter. The group behind these hacks is still unidentified, but is known by different researchers as Morpho, Butterfly, and Wild Neutron, and is still active today.

UK Concludes That Iran, Not Russia or North Korea, Hacked Officials’ Email Accounts

Investigators in the United Kingdom concluded last week that Iranian government-backed hackers were behind a June email network intrusion that targeted numerous members of parliament and Prime Minister Theresa May. Every MP uses the network, but the hackers specifically looked for accounts protected by weak passwords or reused ones that had leaked online after other breaches. The parliamentary digital services team told the Guardian that it was making email security changes in response to the attack. The incident underscores Iran’s ongoing digital offensive initiatives. Though the country has been less focused on Western targets in the last few years, it is still an active threat around the world. Recently, US President Donald Trump has worked to undermine the Iran nuclear deal, but Theresa May and other European leaders say they want to preserve it.

Police Did Social Media Surveillance on New York Black Lives Matter Group

The Black Lives Matter Global Network chapter in the Rockland County, New York filed a federal lawsuit in August claiming that local Clarkstown police conducted illegal surveillance on it throughout 2015. Clarkstown police records from the Strategic Intelligence Unit describe social-media surveillance targeted at BLM members. The documents even show evidence that a lead detective told the Strategic Intelligence Unit supervisor to stop the surveillance, but this didn’t end the program. BLM is alleging that Clarkstown police engaged in racial profiling, and violated the group members’ rights to free speech and assembly.

Millions of Crucial Cryptography Keys Weakened By Trusted Generator

A flaw in how a popular code base generates cryptographic keys has ruined the security of millions of encryption schemes. The generator appeared in two security certification standards used my numerous governments and large corporations worldwide, meaning that the flawed keys are meant to protect particularly sensitive platforms and data. German chipmaker Infineon developed the software, which has included the key generating flaw since 2012 or possibly earlier. Attackers could exploit the bug to figure out the private part of a key from its public component. From there they could do things like manipulate digitally signed software, disable other network protections, or, of course, decrypt sensitive data. The situation affects Estonia’s much-touted secure digital ID system. Infineon, Microsoft, and Google warn that the flaw will undermine their Trusted Platform Module products until customers generate new, more robust keys. Estonia has announced plans to update the keys used for its national IDs.

Tech

Fed to step-up focus on payment security with study, working groups: Fed's Powell

WASHINGTON (Reuters) – The U.S. Federal Reserve is stepping-up its focus on payment security as the industry reaches a “critical juncture” driven by new technologies, Federal Reserve board governor Jerome Powell said on Wednesday.

Speaking at a conference in New York, Powell said the U.S. central bank would early next year launch a study analyzing payment security vulnerabilities and also planned to create new working groups focused on reducing the industry costs associated with securing payments.

“Rapidly changing technology is providing a historic opportunity to transform our daily lives, including the way we pay. Fintech firms and banks are embracing this change, as they strive to address consumer demands for more timely and convenient payments,” said Powell.

“It is essential, however, that this innovation not come at the cost of a safe and secure payment system that retains the confidence of its end users.”

The Fed does not have complete authority over the U.S. payment system, but it has led industry efforts to make it faster and easier to use. The central bank also leads the 160-member Secure Payments Task Force.

Powell’s comments underline growing concerns among financial market participants and regulators about the risks cyber thieves pose to the financial system following a series of recent incidents.

Last year, SWIFT, the global financial messaging system, disclosed it had suffered hacking attacks on its member banks including the high-profile $ 81 million heist at Bangladesh Bank.

During that incident, hackers broke into the computers of Bangladesh’s central bank and sent fake payment orders, tricking the Federal Reserve Bank of New York into transferring the funds. [here]

Powell said on Wednesday new fintech payment companies posed “significant challenges to traditional banking business models” and that the payment system was reaching a “critical juncture.”

His comments echoed those of Barclays Chief Executive Officer Jes Staley who on Saturday warned payments would be the next battleground for banks amid increasing competition from fintech players and tech giants including Amazon and Facebook.

Reporting by Michelle Price; Editing by Chris Reese

Tech

Security firm finds some Macs vulnerable to 'firmware' attacks

(Reuters) – Since 2015, Apple Inc (AAPL.O) has tried to protect its Mac line of computers from a form of hacking that is extremely hard to detect, but it has not been entirely successful in getting the fixes to its customers, according to research released on Friday by Duo Security.

Duo examined what is known as firmware in the Mac computers. Firmware is an in-built kind of software that is even more basic than an operating system like Microsoft Windows or macOS.

When a computer is first powered on — before the operating system has even booted up — firmware checks to make sure that basic components like a hard disk and processor are present and tells them what to do. That makes malicious code hiding in it hard to spot.

In most cases, firmware is a hassle to update with the latest security patches. Updates have to be carried out separately from the operating system updates that are more commonplace.

In 2015, Apple started bundling firmware updates along with operating system updates for Mac machines in an effort to ensure firmware on them stayed up to date.

But Duo surveyed 73,000 Mac computers operating in the real world and found that 4.2 percent of them were not running the firmware they should have been based on their operating system. In some models – such as the 21.5-inch iMac released in late 2015 – 43 percent of machines had out-of-date firmware.

That left many Macs open to hacks like the “Thunderstrike” attack, where hackers can control a Mac after plugging an Ethernet adapter into the machine’s so-called thunderbolt port.

Paradoxically, it was only possible to find the potentially vulnerable machines because Apple is the only computer maker that has sought to make firmware updates part of its regular software updates, making it both more trackable and the best in the industry for firmware updates, Rich Smith, director of research and development at Duo, told Reuters in an interview.

Duo said that it had informed Apple of its findings before making them public on Friday. In a statement, Apple said it was aware of the issue and is moving to address it.

”Apple continues to work diligently in the area of firmware security, and we’re always exploring ways to make our systems even more secure,“ the company said in a statement. ”In order to provide a safer and more secure experience in this area, macOS High Sierra automatically validates Mac firmware weekly.”

Reporting by Stephen Nellis; Editing by Leslie Adler

Our Standards:The Thomson Reuters Trust Principles.

Tech

Apple sees sharp increase in U.S. national security requests

(Reuters) – Apple Inc has received more than three times as many national-security related requests from the U.S. government in the first half of this year versus a year ago, according to a company report on Thursday.

Apple said it had received between 13,250 and 13,499 national security requests affecting between 9,000 and 9,249 users. That compares with a range of 2,750 and 2,999 requests affecting between 2,000 and 2,249 users in the first half of 2016. (apple.co/2xO5fLM)

The requests come in the form of so-called National Security Letters, or NSLs, and requests under the Foreign Intelligence Surveillance Act, or FISA. Apple and other companies report ranges because government rules prevent disclosing precise numbers.

Apple declined to comment beyond the figures it released.

The disclosures are voluntary, and firms like Microsoft Corp, Alphabet Inc’s Google and Facebook Inc have yet to report any figures for 2017. In the past, those companies have issued more detailed reports, for example separating FISA requests and NSLs. The government requires they wait six months to report that level of information.

It was not immediately clear what drove the increase in requests to Apple. But Andrew Crocker, a staff attorney with the Electronic Frontier Foundation, said that the number of government requests to technology companies has been increasing since 2014, when data first started to become available as part of a settlement between technology firms and the government.

“There’s not a huge track record here, but you can start to make a simple graph. The trend does seem to be upward,” Crocker said.

Crocker also said the higher requests to Apple could represent it coming in line with its peers. Despite Apple’s huge user base – it has sold more than 1.2 billion iPhones – the number of requests to it had been relatively low compared with firms like Google or Microsoft.

National security letters are a type of government subpoena for communications data sent to service providers. They are usually issued with a gag order, meaning the target is often unaware that records are being accessed, and they do not require a warrant.

Reporting by Stephen Nellis in San Francisco; Editing by Lisa Shumaker

Our Standards:The Thomson Reuters Trust Principles.

Tech

Hacker Unlocks ‘High Security’ Electronic Safes Without a Trace

Hacker Unlocks ‘High Security’ Electronic Safes Without a Trace

An unassuming, but powerful attack on the safe you might have at your house. The post Hacker Unlocks ‘High Security’ Electronic Safes Without a Trace appeared first on WIRED.
Uncategorized

All articles

Related Posts:

All articles

Gemalto & Ponemon Institute Study: Cloud Data Security Still a Challenge for Many Companies

AMSTERDAM, July 26, 2016 – (ACN Newswire) – Despite the continued importance of cloud computing resources to organizations, companies are not …

All articles

Related Posts:


All articles

Tech leaders challenged daily to sort through a crush of new security apps

A tech leader’s day can be unpredictable, but Ginny Davis, CIO at entertainment services company Technicolor, can rely on one thing: She’s guaranteed to get an email from a new security provider urging her to check out its latest and greatest technology.

To read this article in full or to leave a comment, please click here

(Insider Story)
All articles

Fear Your on-Premises Security, Not the Cloud

A new research report from cloud security provider CloudLock argues that more than a quarter of cloud workloads used in corporate environments are “high risk.” Of course, CloudLock is biased; it makes a living spreading FUD about security, tapping into old-school IT fears about cloud computing. Its conclusions are largely foregone.

Although this is yet another self-serving report from a vendor, it’s a good opportunity for me to make sense of this information for everyone else.

First, the alternative to using the cloud is to leave the applications pretty much unprotected on premises. 

To read this article in full or to leave a comment, please click here

InfoWorld Cloud Computing

All articles

RSS-3


All articles

Crying ‘Wolf!’ seems to work for security

In the last few weeks, we’ve seen a lot of supposed mega hacks garner big media attention. And why not? We’re talking about more than 1 billion people at risk — if these breaches had been real and current. But that’s not the case.

The strange thing is that I’m not really upset about this. Normally, I get incensed when I see the media get security stories wrong. But the greater good in the security business counts for something, and it just may be that these overhyped breach stories led a lot of people to take the simple steps they need to follow to increase the security of their accounts.

The latest mega hack story that was misrepresented was the compromise of 117 million LinkedIn accounts. You can find stories about it on just about every major news site. Stories were posted on Facebook accounts. Clearly this must have been a significant hack that people needed to know about.

To read this article in full or to leave a comment, please click here


All articles

Top-level domain expansion is a security risk for business computers

The explosion of new generic top-level domains (gTLDs) in recent years can put enterprise computers at risk due to name conflicts between internal domain names used inside corporate networks and those that can now be registered on the public Internet.

Many companies have configured their networks to use domain names, in many cases with made-up TLDs that a few years ago didn’t use to exist on the Internet, such as .office, .global, .network, .group, .school and many others. Having an internal domain-based namespace makes it easier to locate, manage and access systems.

The problem is that over the past two years, the Internet Corporation for Assigned Names and Numbers (ICANN) has approved over 900 gTLDs for public use as part of an expansion effort. This can have unexpected security implications for applications and protocols used on domain-based corporate networks.

To read this article in full or to leave a comment, please click here


All articles

Google is giving a big boost to Gmail security

Googlehead1

Feed-twFeed-fb

Google is amping up security and protections for Gmail users, giving people a more noticeable warning if there’s a chance the government is trying to steal their password, giving warnings for dangerous links and proposing a more secure email-sending standard.

Google announced on its blog that it is expanding upon Safe Browsing to alert Gmail users about the possibility of suspicious government activity. Since 2012, Google has put a banner on top of users’ Gmail pages that had a warning about state-sponsored attackers if Google believed they were in danger, but starting today people will get a full-page warning about it — very hard to miss. Read more…

More about Google, Security, Gmail, Tech, and Apps Software


All articles

Are your biggest security threats on the inside?

The now infamous Ashley Madison website has had a pretty successful run at helping its clientele be disloyal. So perhaps some would view it as poetic justice if the website became one of the most scandalous breaches in history at the hands of one of its own. 

At least that is the conclusion of IT security analyst John McAfee, who noted recently “yes, it is true. Ashley Madison was not hacked – the data was stolen by a woman operating on her own who worked for Avid Life Media.” 

If true, the fact that the Ashley Madison breach was due to an internal, and not external, threat shouldn’t come as too big a surprise. Many IT security studies this year have pointed to the growing threat of insider data theft and corporate breaches. 

To read this article in full or to leave a comment, please click here


All articles

IDG Contributor Network: IoT security will soon be common in the enterprise, Gartner says

A fifth of all businesses will have deployed IoT-related security by the end of 2017, analyst Gartner thinks.

Dedicated digital security services that are committed to “protecting business initiatives using devices and services in the Internet of Things” will be in place by then, the research and advisory company says.

Gartner made the statement in a press release on its website in relation to a security and risk management summit earlier this month in Mumbai.

‘Reshape IT’

“The IoT redefines security,” Ganesh Ramamoorthy, research vice president at Gartner, said in the press release.

To read this article in full or to leave a comment, please click here


All articles

NSA director just admitted that government copies of encryption keys are a big security risk

NSA chief Michael S. Rogers speaks at Fort Meade.

The director of the NSA, Admiral Michael Rogers, just admitted at a Senate hearing that when Internet companies provide copies of encryption keys to law enforcement, the risk of hacks and data theft goes way up.

The government has been pressuring technology companies to provide the encryption keys that it can use to access data from suspected bad actors. The keys allow the government “front door access,” as Rogers has termed it, to secure data on any device, including cell phones and tablets.

Rogers made the statement in answer to a question from Senator Ron Wyden at the Senate Intelligence Committee hearing Thursday.

Screen Shot 2015-09-24 at 2.06.46 PMWyden:  “As a general matter, is it correct that anytime there are copies of an encryption key — and they exist in multiple places — that also creates more opportunities for malicious actors or foreign hackers to get access to the keys?

Screen Shot 2015-09-24 at 2.07.12 PMRogers: Again, it depends on the circumstances, but if you want to paint it very broadly like that for a yes and no, then i would probably say yes.”

View the exchange in this video.

Security researchers have been saying for some time that the existence of multiple copies of encryption keys creates huge security vulnerabilities. But instead of heeding the advice and abandoning the idea, Rogers has suggested that tech companies deliver the encryption key copies in multiple pieces that must be reassembled.

From VentureBeat

Get faster turnaround on creative, more testing, smarter improvements and better results. Learn how to apply agile marketing at our roadshow in SF.

“The NSA chief Admiral Rogers today confirmed what encryption experts and data scientists have been saying all along: if the government requires companies to provide copies of encryption keys, that will only weaken data protection and open the door for malicious actors and hackers,” said Morgan Reed of the App Association in a note to VentureBeat.

Cybersecurity has taken center stage in the halls of power this week, as Chinese president Xi Jinping is in the U.S. meeting with tech leaders and President Obama.

The Chinese government itself has been linked with various large data hacks on U.S. corporations and on U.S. government agencies. By some estimates, U.S. businesses lose $ 300 billion a year from Chinese intellectual property theft.

One June 2nd, the Senate approved a bill called the USA Freedom Act, meant to reform the government surveillance authorizations in the Patriot Act. The Patriot Act expired at midnight on June 1st.

But the NSA has continued to push for increased latitude to access the data of private citizens, both foreign and domestic.


All articles

Total Defense Announces New Cloud Security Platform

Total Defense Announces New Cloud Security Platform
Redwood Shores, Calif., May 22, 2012 – Total Defense, Inc., the leading provider of solutions to combat the growing threat of cybercrime, today announced the launch of Total Defense Cloud Security, an integrated cloud based SaaS (Security as a Service) …
Read more on Dark Reading

Ajubeo, LLC High-Performance Cloud Infrastructure-As-A-Service Launched By
Ajubeo, a national provider of enterprise-class cloud Infrastructure-as-a-Service (IaaS), today announced the official launch of its high-performance cloud platform with its Denver, Colorado Cloud Hub fully operational.
Read more on San Francisco Chronicle (press release)

Dome9 Security Introduces One-Click Cloud Server Secure Access

Dome9 Security Introduces One-Click Cloud Server Secure Access
By MyHostNews.com Web Host News – SAN MATEO, CA – Dome9 Security™, the leading provider of cloud security firewall management for public and private clouds, as well as for dedicated and virtual private servers (VPS), today announced the availability …
Read more on MyHostNews.com (press release)

Report: Some cloud providers have "dirty disks"
Context officials tested cloud service providers Amazon Web Services, Rackspace, VSP.net and Gigenet and found that Rackspace and VSP.net had the vulnerability. Rackspace worked with Context for more than a year to update its system and said it has …
Read more on PC Advisor

KANA Acquires Cloud Customer Service Company Trinicom
Affordable Customer Service from the Cloud Trinicom enables KANA to offer an end-to-end customer service solution from the cloud, so adding on-demand software-as-a-service (SaaS) to KANA's existing on-premise and hosting choices.
Read more on MarketWatch (press release)

Web Hoster internet24 Cuts Costs & Improves User Protection with Commtouch's
SUNNYVALE, Calif. and DRESDEN, Germany, April 25, 2012 /PRNewswire via COMTEX/ — internet24, a German provider of Web hosting services, has deployed Commtouch's® (UTD:CTCH) complete Email Security Suite providing protection for inbound and outbound …
Read more on MarketWatch (press release)

How Cloud Computing is Forcing Us to Rethink Data Security

Traditional IT security models focus on building a secure perimeter around corporate infrastructure. This is akin to the classic fortress mentality of putting up walls and surrounding those walls with additional defenses. If anything gets inside the walls, all bets are off. HP Enterprise & Cloud Security Strategist, Rafal Los, argues that this model is flawed and should be changed with or without cloud computing. Cloud computing amplifies the issue, because the concept of boundraies has changed, necessitating the switch to role-based security. One key area where this change needs to happen is in rethinking application development with a focus on authorization to access data, rather than simply authenticating access to data. LockerGnome’s Jake Ludington has an interesting coversation with Rafal about cloud security, what’s the same, what’s different, and what some best practice scenarios involve in planning for security in the cloud.
Video Rating: 3 / 5

www.cisco.com An animation telling the story of datacenter traffic growth, through the scope of the back office of a cupcake bakery. Transcript: How big will cloud computing be in 2015? Consider the cupcake. When you interact with a business — such as a bakery — your request is sent to a datacenter. The order entry datacenter stores your information, authenticates it, and synchronizes it with other systems. For many businesses, this internal processing can generate as much as 80% of the datacenter traffic. From there, another 15% of your baker’s datacenter traffic comes from sending the order to the factory datacenter where it’s put into production. Finally, the last 5% of traffic is generated by the confirmation notice of your cupcake order. So while you don’t see it, the total traffic generated from a single order can multiply exponentially, and that can be a challenge for businesses and service providers to handle. This global datacenter traffic reached 1.1 zettabytes in 2010, and will grow more than four-fold to 4.8 zettabytes by 2015. Of that, Cloud traffic is growing two-times faster than traditional data center traffic. While in 2010, only 21% of workloads were processed through the cloud, by 2015, that figure will jump to 57%. More workloads moving to the cloud means less complexity in the datacenter, improved economies of scale, and most importantly, more cupcakes.
Video Rating: 5 / 5