Keeping PCs Safe on the Internet

PC Security Journal

Subscribe to PC Security Journal: eMailAlertsEmail Alerts newslettersWeekly Newsletters
Get PC Security Journal: homepageHomepage mobileMobile rssRSS facebookFacebook twitterTwitter linkedinLinkedIn


cloud security breaches cloud security best practices Cloud Security Cloud Key Management Cloud Encryption  all business Cloud Security: Protecting Your Business From Hackers, Thieves, and SpiesMore than half of all American businesses use cloud computing for its many benefits: flexibility, scalability, and cost-effectiveness top the list. However, due to its widespread appeal, the cloud also attracts the wrong kind of attention. In the last 12 months, 16 percent of public cloud customers say that their data has already been exposed or suffered a breach.

The success of the cloud offers predators a target which is standardized since many companies use similar infrastructures. For example, in the “pre-cloud” days, if a perpetrator wanted to get a bulk of credit card numbers, he might have gone Dumpster digging or installed a cloning device on an ATM or gas station credit card terminal. Given today’s “cloud economics,” if a malevolent party gains access to a public cloud, data from multiple companies are easily available for the taking.

Who Are the Bad Guys?

Hackers: The cybercrime underground is comprised of attackers of different nationalities, ages, genders, and motivators. Hackers are often motivated by protest, challenge, fun, or profit, and they seek and exploit weaknesses in systems or frameworks. Some hackers have achieved notoriety within their ranks: Stratfor’s mastermind Jeremy Hammond, Hector Xavier Monsegur (AKA Sabu) whose crimes carried a maximum potential prison term of 124 years, and Russia’s Dmitry Fedotov (Paunch) of Blackhole crimeware toolkit infamy are a few recent offenders.

Thieves: Just like the individuals who stole 40,000 debit and credit card numbers from Target last December, thieves are in it for profit. Kevin Poulsen, who has since cleaned up and writes for Wired, was arrested for hacking into a radio station’s phone lines and fixing himself as the winner of a Porsche 944 S2 Cabriolet. Another thief, Albert Gonzalez, who once worked for the Secret Service, is now serving 20 years for leading a group of computer criminals responsible for stealing and selling over 170 million credit cards, debit cards, and ATM numbers .

Spies: As if stealing and hacking aren’t enough, Edward Snowden and the PRISM scandal showed us that the U.S. government is watching our every move and can easily access cloud computing data. China has set up the Great Firewall which intercepts every Internet request going in and out of China, and Turkey is also getting into that game.

Are the Bad Guys After Me?

The rule is follow the money. If your business involves private information, information worth money, or trade secrets, you are probably of interest to malevolent snoopers. If you use the cloud, the chance is high that bad guys will attempt to scan you, discover your existence, and look for loopholes in your defenses that will allow them access.

How Can I Protect Myself?

First know the facts. The public cloud operates under a shared responsibility model. This means that your infrastructure provider (AWS, VMware, or others) is responsible for the security and integrity of the underlying infrastructure; you, however, are responsible for the security of anything you put on that infrastructure.

The best practice for securing data and apps in the cloud is with strong cloud encryption. But note: encrypting your data is only one part of the equation — (the easy part!). The other part is managing the encryption keys. Here, the best practice is one that allows for regulatory compliance and keeps you safe: split-key encryption. By halving your encryption key and keeping half with you (and only you!), you ensure that no one has access to your encrypted data. No one from outside (regardless of motive) can access it. Even your cloud provider cannot access it. This way, even if your provider is hacked (or subpoenaed), your data remains under your ownership.

Is the Cloud Safe?

The cloud, in and of itself, is not more safe or less safe than its predecessor: the data center. Just like you took measures to ensure the security of your data in the pre-cloud era, you must do the same in the age of cloud computing. Whereas before you erected walls to keep people out, you now erect mathematical walls by way of encryption. And whereas before you locked doors and kept the key to yourself, you now must keep encryption keys to yourself.

With the proper precautions in place, the cloud can be a safe place for you to conduct business safely, privately, and profitably.

The post Cloud Security: Protecting Your Business From Hackers, Thieves, and Spies appeared first on Porticor Cloud Security.

Read the original blog entry...

More Stories By Gilad Parann-Nissany

Gilad Parann-Nissany, Founder and CEO at Porticor is a pioneer of Cloud Computing. He has built SaaS Clouds for medium and small enterprises at SAP (CTO Small Business); contributing to several SAP products and reaching more than 8 million users. Recently he has created a consumer Cloud at G.ho.st - a cloud operating system that delighted hundreds of thousands of users while providing browser-based and mobile access to data, people and a variety of cloud-based applications. He is now CEO of Porticor, a leader in Virtual Privacy and Cloud Security.