The Importance of Data Encryption in the Cloud

Cloud computing is significant part of normal business operations, and it is here to stay.  But, when it comes to cloud security, don't assume that cloud services meet all your needs. 

cloud servicesThe scalability and flexibility offered by the cloud can be overshadowed by potentially security implications. This risk can be absolutely worth it, as long as you understand how to keep your data encrypted, even in the cloud.

What to look for in a vendor

Most cloud vendors offer encryption of the virtual image, physical hard disk encryption, and encryption of backups, but most lack offerings around encryption of unstructured of structured data. And, most companies have encryption requirements for sensitive information already in place. Moving data to the cloud will involve integrating current encryption solutions onto a virtualized cloud image.

Whether you're looking at public or private cloud offerings, SSL/TLS should be a standard offering. A dedicated private cloud will add an additional layer of security since traffic is not routed over the public web.

In a perfect world, IT managers would like to have the same controls and reporting that they have in-house when migrating data to the cloud. However, they often run into challenges when integrating the in-house security tools that can be deployed to the cloud with the security offerings of a cloud vendor - all at a price that fits the company's budget.

Don't settle for consumer-oriented encryption systems, which may not have the stringent requirements businesses need. Effective encryption standards include strong and vetted algorithms, a multilayer key management system, and reasonably long keys. Look for a forward-thinking vendor that stays one step ahead of current security trends.

Datacenters hosting hosting cloud services need to be secure and follow industry standards as it relates to manage data policy.  Make sure hosting services compliant and the platform meets your HIPPA and other compliance needs like SSAE 16 SOC(II).

Key challenges

The number of layers in a cloud environment makes it challenging to compile a list of everyone who has administrative access, and who could potentially have access to the data and encryption keys. A variety of audit and compliance activities would require such access. IT managers must use caution in architecting solutions that put sensitive data in the cloud due to the potential for everything to be in a connected system.

Another concern that is enhanced in the cloud environment is managing encryption keys. If the provider allows for encrypting the file system of each virtualized image, the key management procedures should be clearly defined in the service-level agreement (SLA). Ask potential providers how they manage the key for each system, how they keep it separate from all their other clients, and how often they revoke or rotate keys.

Yet another challenge is monitoring access to data within a cloud provider. When working in-house, you can simply hook in monitor solutions to keep tabs on your data. However, when moving to the cloud, you must investigate the compatibility of solutions. For example, you can secure assurances that your vendor's employees can only access customer data in a number of well-defined and limited cases, and only with the customer's consent.

Many firms are recognizing the value of cloud services.  To learn more about how cloud services can cut costs and improve your firm’s security check out the benefits of our Ease Cloud Workspace™ or call us today at (301) 854-0010.

The Pros and Cons of Using VoIP for Your Business

Much has changed and the days of needing a landline to stay connected with your customers are coming to an end. VoIP (Voice over Internet Protocol) lets you make calls over the Internet. Benefits include mobility, scalability, and cost savings. However, there are certain drawbacks to consider before switching over.

IT SupportWhat is VoIP?

VoIP converts the traditional analog audio signals into digital data that can be transmitted over the Internet. With VoIP, you can use the Internet to make phone calls rather than relying on the phone company and on-location PBX systems. VoIP calls can be made through the use of analog telephone adaptors (ATAs), computer-to-computer connections, or IP phones.

The most popular VoIP solution for businesses is IP phones. IP phones look identical to normal phones. However, they have an Ethernet connector allowing them to be connected directly to your network.  When a business makes a transition to VoIP, it is more practical to make the switch over to IP phones. 

Your computer can be turned into a VoIP phone through software and an Internet (SIP phone).  This includes even turning your smartphone into a SIP phone as well providing you two different phone numbers and ways to be contacted. 

VoIP Benefits

Compared to standard telephone service, VoIP saves you money. Operating costs for VoIP service providers are much lower than those for traditional phone companies. These savings are passed on to you. VoIP also provides a suite of free features including caller ID, voice emails, call waiting, call transfer, and three-way calling, for which most phone companies charge extra. Furthermore, long distance VoIP calls are cheap or free, depending on how the call is placed.

For most all small and medium businesses using VoIP the traditional PBX is removed. A virtual PBX is established with a provider in the cloud.  There is typically no extra fee and most providers charge by the phone and no extra for the cloud-based PBX. 

VoIP also helps you scale. As your company grows, you won't have to install new phone lines. You can use your existing broadband and simply buy more handsets.

In addition to scalability, VoIP offers flexibility. IP phones and computer-to-computer connections let you make calls almost anywhere you go. As long as there's an Internet connection, you can hold a conversation. Apart from making phone calls, you can also use VoIP for video conferencing. This allows you to stay in touch with employees and clients, no matter where they're located.

Mobility is an important advantage of a VoIP system.  Each VoIP phone establishes it's own connection back to the virtual PBX, that phone can be anywhere.  During sever weather related events or other circumstances employees need to be home, they can just bring their VoIP phone home with them and their office line goes with them. 

Many people shy away from VoIP due to rumors of inferior sound quality. However, the opposite is true. VoIP typically provides better sound quality than traditional phones, but it does depend on the quality of your Internet connection.

VoIP Drawbacks

The most obvious drawback to VoIP is the Internet. Traditional phones just work, while Internet service occasionally has hiccups or reliability. These issues can cause latency, jitter, and packet loss during VoIP conversations. Some call quality issue can be a result.  Checking on the quality of service from the provider and making sure you have the correct Internet bandwidth helps ahead of time.

Although VoIP provides outright cost savings, you may need to hire personnel to manage it. Simple VoIP systems require little technical know-how, but larger VoIP systems need to be installed, configured, and maintained by experts. Your technical services provider should be able to help you evaluate, setup and support your new VoIP system.

Lastly, VoIP's increasing popularity has unfortunately attracted hackers. Hackers may intercept VoIP calls or even bring down the phone system. The best defense against these attacks is to follow best practices, apply regular security updates, and monitor for exploits.

Dropbox Expands Pro Plan to 1TB, Adds Security Features

Dropbox announced a new Pro plan which offers up to 1 Terabyte of cloud storage, greater sharing controls and improved security.  Already one of the most widely used cloud storage services for businesses and consumers now makes the Pro plan even more compelling. 

DropboxCertainly one of the most powerful advantages of Dropbox is it's ease of use.  It offer's simple way to store files from almost any device and easily share them with associates quickly. The upgrade plan focuses on business users that need more than the 2 Gigabytes of free storage.  The updated Pro plan provides 1 Terabyte for $9.99/month or $90.00/year.  This is a 10x increase in the amount of storage over the previous Pro plan.

The new sharing controls add an enhanced layer of permissions to the documents that are being stored.  Improved safeguards add passwords and expiration dates to file links.  This puts in place limits on who and for how long files can be accessed. In addition, remote wiping of files on mobile devices has been added to protect data on lost or stolen devices.

This is a competitive upgrade in what is becoming a very crowded cloud storage space. Dropbox had been  behind other players like Google, Box, Amazon and Microsoft recently with their features and pricing.  This squarely puts them back on top for business users who want a straightforward, multi-device, platform that almost everyone already is using in businesses today.  

Existing Pro users will automatically get updated in a few days.

Many firms are recognizing the value of cloud services.  To learn more about how cloud services can cut costs and improve your firm’s security check out the benefits of our Ease Cloud Workspace™ or call us today at (301) 854-0010.

Four New Features in Apple OS X Yosemite

Apple OS X Yosemite is coming soon, and it's a free upgrade for Mac users. It runs on any Mac manufactured since 2007. Here are four new features to look forward to this fall.

yosemite• New Layout and Design
Just like fashion, operating system design elements go in and out of style. The latest designs for computers and websites are flat with less shadowing and fewer 3D effects. OS X Yosemite also has a simple 2D dock with some new icon designs. Also, certain interface elements are now translucent, lending the design a more unified, connected feel.

• Revamped Notification Center
OS X Yosemite now packs more information into the new Notification Center widget. Calendar events, stock prices, and other notifications from your favorite widgets are centralized in one easily accessible place so you no longer need to dig around.

If this is sounding a bit like OS X's Dashboard, you're right. Most of the functionality present within Dashboard is now also present within the notification center. Apple has gone one step further and disabled Dashboard by default to encourage people to use the Notification Center instead. If you prefer Dashboard though, you can re-enable it through system preferences.

• New Safari Interface
OS X's Safari browser gets a major design overhaul in this release. A streamlined browser toolbar allows access to commonly used controls while providing a larger browsing area. Favorites are shown in a centered popup-display, similar to the iOS home screen, and active web pages can be viewed without clicking tabs. Additionally, a series of efficiency changes substantially improve battery life while browsing.

• iCloud Drive
Apple will be offering a cloud-based storage with an easy to use metaphor of files and folders. iCloud Drive provides a way for documents to be synced in the cloud in much the same way Dropbox, Google Drive and Microsoft One Drive do today.  Documents, movies and photos can be shared securely between your Macs, iPhone, iPads and even Windows computers.  Storage plans start with 5 GB for free and extend up to 1 terabyte for a fee.  


What you should know about the Russian hacker password heist

A group of Russian hackers has stolen the largest amount of Internet credentials in history, Milwaukee-based Hold Security announced this week. The stolen information includes a reported 1.2 billion usernames and password combinations, as well as 500 million email addresses.
Hold Security, who discovered the theft, has declined to name the victims in light of its nondisclosure agreements and the fact that several of the targeted companies still remain vulnerable. However, The New York Times confirmed Hold Security’s findings by hiring an expert unaffiliated with the security company who then determined that the database of stolen identities was genuine.
The Details of the Information Theft
This gang of cyber criminals built up their pool of stolen credentials over a span of several years. They started work on their illegal enterprise back in 2011, when they began buying personal information on the black market. However, in April 2013, they advanced their capabilities. Alex Holden, the founder and chief information security officer at Hold Security, said that he believes that the group teamed up with another criminal entity, which he has not yet identified, in order to learn more about various hacking techniques.
Since then, the group has begun using botnets — networks of computers that have been infected by a virus — for stealing information on a amazing scale. By July, they were able to steal 4.5 billion records, each with a username and password. Although many of these records overlapped, Holden estimated that around 1.2 billion of them were unique.
According to the security firm, the hackers captured information from over 420,000 websites. The victims were from countries around the world, and ranged in size from small businesses to large corporations.
Another Instance in a Growing Trend of Cyber Crime
This is not the first large-scale information theft to occur in recent history, with several information security breaches just coming last year. In December, Eastern European hackers stole 40 million credit card numbers and 70 million other pieces of personal information, including addresses and phone numbers.
Similarly, US authorities uncovered in October a Vietnam-based identity theft scheme that had managed to steal around 200 million personal records. That stockpile of stolen data included credit card information, bank account records, and Social Security numbers.
How to Protect Your Information
I have written several other blog posts some important Tips on Creating Secure Passwords. While it remains unclear what companies were struck by the latest theft, there can be no doubt that both corporations and consumers should be on their guard. First and foremost, those concerned about the safety of their records should change their passwords, making sure not to duplicate passwords for multiple sites.
Another crucial measure involves using a password manager tool like 1Password or LastPass. These applications create unique passwords for each site that a person visits, and then stores them in a database secured by a master password. This decreases the likelihood of a person using the same password twice or choosing one that is too easy to hack.
Managing passwords is only one part of the solution. While it is a good first step, it is often not enough on its own. Other security features such as secondary or two-factor authentication should also be used when the opportunity presents itself. Websites that use this method will send users a message with a one-time code that they must enter before accessing the system.
While consumers should take care to protect themselves, information security companies are still the best method for stopping hackers. Contact us to learn more about the most optimal security options for your organization.

Be sure to check out our webinar schedule.  Several times a year we provide a webinar Keeping Your Business Secure Online that provides an overview of these types of issues and ways you can better protect your business.  View our schedule here.


Sign up here for monthly newsletter

Upcoming Events

Calendar Icon

Upcoming Events

Blog Archive

Archive by Years