Tag Archives: Service

The Case for Cloud Backup, as Made by xkcd

Send to Kindle

As usual, xkcd says more about PC security in one panel than most proficient writers could say in an entire blog post. (There’s a reason we cribbed some of xkcd’s best stuff for our primer on social engineering attacks in the cloud.) At the risk of being superfluous, however, I’d like to expound on this point about authentication.

xkcd_authetication

PC-level security is designed to ensure the security of PC-resident data. Your local antivirus or anti-spyware suite is not equipped to secure your cloud data. The simple act of walking away from a logged-in laptop at a coffee shop, or leaving your unsecured office workstation unattended during a long meeting, could lead to the theft or destruction of all your Salesforce or Google Apps data.

The same rules apply for mobile devices and tablets. Constantly logging out of online accounts and routinely locking devices is indisputably tedious, which is why a surprising number of users don’t bother to lock or log off all their devices all the time. Even the most scrupulous and security-aware among us is bound to slip eventually.

Moreover, even if you would never be so foolish as to let a stranger borrow the iPhone that has logged-in access to your Gmail account, are you absolutely certain that everyone on your Google Apps domain is equally as vigilant? As xkcd taught us, the weak point in all security systems is people.

Why encryption doesn't matter

Well, that and weak encryption. To say nothing of easily guessed passwords. Or passwords that are carelessly reused. Or the false sense of protection provided by Security Theater.

Bottom line: No security system is perfect, and security designed to protect your hard drive can’t and won’t protect your cloud data. If you rely on cloud-based data and SaaS applications, you need a good, SaaS-specific cloud backup plan.

(Don’t get it? Don’t worry. The good folks at www.explainxkcd.com can parse out the esoteric humor for you.)

Data Loss is #2 Security Threat to Cloud Data

Send to Kindle

Late last month, the Cloud Security Alliance identified the following as the Top 9 Cloud Security Threats in 2013.

  1. Data Breaches
  2. Data Loss
  3. Account or Service Traffic Hijacking
  4. Insecure Interfaces & APIs
  5. Denial of Service
  6. Malicious Insiders
  7. Abuse of Cloud Services
  8. Insufficient Due Diligence
  9. Shared Technology Vulnerabilities

If you don’t want to read the full PDF, Cloudtimes has a summary of the 2013 cloud security report.

Interestingly, the second most severe threat to cloud security is Loss of Data.  And since 2010, it has moved up in the CSA’s rankings from the fifth most severe to the second most severe threat.

Rising threat of data loss

This is not surprising considering Symantec’s poll in January where 43% of the 3,200 organizations they surveyed lost data in the cloud and needed to recover it from backups.  That is almost half of companies who benefited or could have benefited from having a backup of their data in the cloud.

Whether its a malicious attacker, an accidental deletion, or a physical catastrophe that causes it, permanent data loss is a risk that every company faces — and it poses some serious implications. Aside from the obvious loss of productivity and the wasted time trying to recreate lost information, businesses should also consider how loss of data can jeopardize the status of a company’s regulatory compliance.

Since the risk of data loss has increased in significance and severity across the board, we’d like to remind you that it does not have to be a risk for your company, and that you can mitigate the risk of data loss with a secure, automated, daily backup of your cloud-based information – with Backupify. Doing business in the cloud can be scary, but it doesn’t have to be so. Learn more about our research on data loss or take a free trial of Backupify now.

6 Cloud Computing Blogs You Should Be Reading

Send to Kindle

English: Cloud ComputingHere are six of our favorite cloud computing blogs that we suggest you get on your radar:

  1. CIO’s Guide to Cloud Computing and On-Demand
    Why It’s Great: Appirio is a leader in cloud computing for businesses; its blog targets cloud-centric CIOs. It covers both strategic thinking about the cloud and tactical advice for moving to the cloud.
  2. Salesforce CloudBlog
    Why It’s Great: As a dominant player and largely a first-mover in the space, Salesforce’s blog is forward-thinking on where the industry might go. This blog is good for anyone generally interested in cloud computing.
  3. CloudAve
    Why It’s Great: CloudAve is a group of cloud evangelists who analyze trends in cloud computing and SaaS and provide tips for users, reviews of new applications, and strategies to increase uptake of SaaS. This blog is meant for general IT managers, or anyone passionate about cloud computing.
  4. The Enterprise Cloud
    Why It’s Great: Like most TechRepublic blogs, Enterprise Cloud provides tactical advice about a particular IT subject. In this case, handling both technical and business issues surrounding cloud adoption, deployment and optimization.
  5. CSA’s Industry Blog
    Why It’s Great: The Cloud Security Alliance promotes best practices for security assurance in cloud computing. This blog provides direction into security measures and new standards in the industry to keep our data safe.
  6. Schneier on Security
    Why It’s Great: Bruce Schneier is a world-renowned security expert and his blog tackles more broad security and surveillance topics.

Got a blog you think deserves to be on our list? Shout it out in the comments section.

Data Loss in SaaS: The Problem You Didn’t Know You Had

Send to Kindle

Can you lose data in Google Apps, Salesforce, and other SaaS applications? Absolutely. We previously posted a very interesting video by Salesforce about why you should backup your Salesforce data, and now on the heels of that, Aberdeen has released an interesting report about SaaS data loss. As you can see from the chart below, 32 percent of companies have lost data in a SaaS application. If that number makes you uncomfortable, don’t worry, Backupify offers a backup for Google Apps, a backup for Salesforce, and will offer backup for many more SaaS apps this year. And if you want to read the original research report, you can currently download it for free at Aberdeen’s website.

The 5 Ways I.T. Security Changes When You Migrate to the Cloud

Send to Kindle

English: A candidate icon for Portal:Computer ...Cloud-based applications, be they mere online storage systems or full-fledged Software-as-a-Service app solutions, present many organizations with opportunities for cost-savings, greater employee collaboration and efficiency, and the potential to focus I.T. assets and staff on core competencies rather than systems maintenance. These gains, however, also entail shifts in I.T. security processes and risks. The cloud isn’t necessarily less safe than on-premise systems, but it is differently safe. We outline the five main areas where cloud applications change how organizations manage I.T. security.

1. Per-User Security and Disaster Recovery Costs Become Transparent
Cloud security is typically priced on a per-user basis. While many on-premise security applications charge a per-seat license fee (particularly antivirus and anti-spyware apps), the cloud equivalents of on-premise server or network security applications (like protection for your file and email servers, firewalls, and intrusion detection systems) are also distributed and charged on a per-user basis — meaning the per-user cost of what was once a bulk, business-wide purchase is now obvious. While in aggregate per-user pricing is more efficient — you are no longer paying for excess capacity in the present to account for potential future growth — it also makes security costs immediately apparent. Cloud email server security is not allocated in the email budget — it’s now a line-item cost for every user.

Similarly, disaster recovery and backup systems in the cloud are often allocated on a per-user storage basis. This again makes the cost of protecting each user more transparent than ever before. A sudden line-item transparency of user-security costs budgets can catch I.T. and financial staff off-guard, so be prepared to have an honest cost-benefit analysis for all cloud-based security measures — especially if you’re arguing for security and disaster-recovery tools that have costs (and benefits) above and beyond the base cloud application you’re considering. You may not be spending more than before, but if the impetus for moving to the cloud was to reduce per-user costs, the sudden association of basic security with per-user overhead will present the temptation to reduce your security.

2. Data Exposure and Leakage Risks are Reduced
This one seems counterintuitive: How can putting your data on an Internet-accessible server you don’t control make that data less susceptible to unintended public exposure? Two words: centralized control. With locally stored data, a stolen laptop or lost backup tape becomes a data exposure time bomb. With cloud-stored data, your critical business information is protected by centralized data encryption and password access protocols. The loss of any physical hardware item cannot directly cause the exposure of data — because the data doesn’t live on the hardware. While hackers can target cloud storage systems for breach, the odds of an online attack exposing sensitive data are far lower than the odds of a careless sales rep leaving a laptop behind in a coffee shop. (Cloud-local hybrid solutions like Dropbox and Google Drive — which keep a synced offline copy of data on local devices — diminish some of this advantage.) On the whole, the cloud gives you more control of your data exposure risks, not less.

3. Data Monitoring and Backup Systems Become Centralized
When a laptop is disconnected from your on-premise network, the security, integrity and accessibility of the data residing on that laptop is no longer in your control. With cloud-based storage and applications, data doesn’t generally reside on the laptop, which means it stays behind your security perimeter, where you can monitor its access and fidelity at all times. All your reporting is centralized, and almost no activity can take place without a log record. Compliance becomes much simpler when your archiving solution has direct access to all data at all times. Moreover, if your cloud data is corrupted or deleted, a cloud backup solution can restore your data to the original online application — where it is once again immediately available to all users. While cloud-local hybrid solutions like Google Drive and Box mean that offline changes are reconciled with online master sets only when an offline device reconnects to your cloud application, those changes are again logged, secured and archived the moment that reconnection happens.

4. Data Access Controls Are Redefined (or Broken) By Online Collaboration
User error is arguably the single leading cause of data loss, both on-premise and in the cloud. The only other contender that some studies have shown to cause more loss of data is hardware failure — the exact use case that cloud redundancy is most equipped to prevent. Eliminating the risk of hardware failures isn’t the only reason why user error is the leading cause of data loss in the cloud. Among the primary benefits of cloud applications is the ease of online collaboration and data sharing. Users can distribute one master copy of a document, spreadsheet or similar item of data, and edit it for the benefit of every user in the sharing loop. By that same token, accidental corruption or deletion of shared documents also spreads that data loss to every member of the sharing loop. While some cloud applications offer the ability to limit access and sharing privileges — and thus limit susceptibility to mass user error — cloud applications on the whole do not and cannot provide the same level of access controls as on-premise systems.

5. Physical Access Controls Are Largely Lost (Both for Hardware and Personnel)
By definition, cloud applications do not offer you physical control over the servers that maintain your cloud data. For some organizations — most notably law enforcement agencies with high-end security requirements — this lack of physical control will preclude the adoption of cloud apps. Cloud providers can and do make guarantees about the physical integrity of their infrastructure, but you must concede both responsibility for and control of your servers when you adopt cloud systems.

By the same token, end-user hardware is now under less control after the adoption of cloud applications. Most cloud applications allow your users to access company data from virtually any web-connected PC, which means that attackers also have the same opportunities. An end-user’s home computer may not (and likely does not) have the same PC-level defenses against malware — let alone unauthorized access — as PCs issued by your I.T. department, or confined to your company offices. Physical access to the corporate network is no longer necessary for attackers to expose, corrupt or delete your data. Of greater concern is that your users can now be targeted for social engineering attacks outside the confines of your company premises. Without the oversight and support of company I.T. staff, it becomes statistically more likely that your employees will compromise the security of your cloud data.

What are your greatest security concerns about migrating to the cloud? Do you believe the risks faced by cloud data are higher, lower or simply different than those faced by on-premise data? We welcome your feedback in the comments section.