image courtesy:http://www.google.co.in/imgres?imgurl=http://www.centranixqatar.com/wp-content/uploads/2014/01/banner3.jpg&imgrefurl=http://www.centranixqatar.com/firewall-network-security/&h=264&w=959&tbnid=XI0rzfAYN-axvM:&docid=W3i1xsbu9_neqM&ei=xllAVpeqKcqMuATZ6YH4BA&tbm=isch&ved=0CAMQMygAMAA4kANqFQoTCJel_872gskCFUoGjgod2XQATw
Some of the recent headlines were so shocking that made
stunned people all over the world. The links are presented for anyone who cares
to read further and know for themselves.
Apple Removes 300 Infected Apps from App Store | WIRED
Apple Targeted as Malware Infects China Mobile Apps - WSJ
Ashley
Madison data breach -
Over 60 gigabytes worth of data was confirmed to be valid on
18 August. The information was released on BitTorrent in the form of a 10
gigabyte compressed archive and the link to it was posted on a Dark Website
only accessible via the anonymity network Tor
The images were believed to have been obtained
via a breach of Apple's cloud services suite iCloud. Apple later confirmed that
the hackers responsible for the leak had obtained the images by phishing and
brute force guessing i Cloud usernames and passwords.
The Sony Pictures
Entertainment hack was a release of confidential data belonging to Sony
Pictures Entertainment on November 24, 2014. The
data included personal information about Sony Pictures employees and their
families, e-mails between employees, information about executive salaries at
the company, copies of (previously) unreleased Sony films, and other information.
Industrial espionage goes a long way back to the
mid-90s [remember the incident in Intel when one of the employees tried
to sell sensitive documents to competitor ].
The worst threat for now is the cyber threat and
measures are mounted to step up cyber security despite which why the crime rate
is scaling is both puzzling and perplexing. If there are breaches in security,
the damage could be colossal, making it mandate in tying the loose ends. The
best anti-virus is unable to prevent a malware from harming the programs; the
best social engineering is not able to mitigate but only makes lives miserable.
Ashley Madison hack’s ramification ruined personal life and which is an
intrusion into privacy and revelation is damning both to the customers and
commerce. When powerhouses like apple’s app store with a reputation of
rigid and robust ‘firewall’ is no longer impregnable, anything can be
infiltrated, and as endorsers or end-users we lost our insulation and
immunity.
Every software is susceptible and hardware vulnerable? So where is the power of
protection? Unfortunately there is no anti-dote ready that can anticipate
attack and annihilate the assailant. Surely some minds are busy at
‘work-is-in-progress’ in chalking out a solution. A more complex encryption or
safe vault or something very innovative and effective. When the shadow of the
danger grows in size threat looms large. The usual suspects are as insiders as
‘John McAfee’ of McAfee anti-virus put out a
good perspective on Ashley Madison hack. He essentially said it had to be an
insider given the vast amounts of data stolen - most hackers don't have that
much access for that long. It could have been an insider combined with a
hacker, but he is convinced there was an insider involved. [Courtesy: quora]
So it’s important to acknowledge the insider’s
role. Not every employee is a suspect but suspects are usually insider.
“Approximately 1,600 AT&T customers
have been alerted that one of the wireless carrier's employees illegally
compromised their data, including Social Security numbers and driver's license
details, according to reports.” [courtesy: http://www.techtimes.com/articles/17405/20141007/ex-at-t-employee-tagged-as-culprit-in-data-breach.htm]
Another
article conceded that the AT&T Insider Data Breach More Dangerous Than
External Hacking
Technology is always a double-edged sword. The
insiders also use ‘Cloud’ facilities to make away with their
goodies. Cloud services are proving to be almost indispensable. Line up the
companies offering cloud capabilities and it will feature the heavyweights in
the industry: Amazon, Microsoft, apple. So as a safety chute should
we just shut down access to the services so that any possible ‘breach’
prevented? Or restrict access? The sanction of cloud services is strictly on
need and merit and of course trust.
Study reveals that the average company now uses
923 distinct cloud services, such as Amazon Web Services, Microsoft’s Azure,
Office 365, Salesforce, Box, and Yammer. Use of these services grew
21.6% in 2014, reports cloud-security firm Sky high Networks, which tracks 17
million users and 10,000 cloud services worldwide. Some 90% of companies’ cloud
activity is attributable to individual employees and small teams, rather than
corporations’ business-technology groups.
The security of these services is an issue: The
vast majority of cloud services don’t encrypt data (as opposed to in
transmission), only 15%
support multi-factor authentication, and even fewer (6%) are ISO
certified, says Sky high CEO Rajiv Gupta. (ISO 27001 was created
in 2013 to ensure that security risks and threats to the business are assessed
and managed, that physical security processes such as restricted access are
enforced consistently, and that audits are conducted regularly.)
Because it’s so difficult to monitor and
regulate employees’ use of file-sharing sites and other cloud services, many
CIOs simply ignore the whole issue.
So what are the defence mechanisms
with regard to data security in cloud?
Data hashing is
a technology that creates a hash, or specific code, to identify a given
dataset. This allows the integrity of the data to be checked every time the
data is used or accessed by a credential individual at the firm.
Hashing would prevent data from being changed by an unauthorized third
party.
Digital watermarks allow data to be tracked. While this approach does not
protect the data, it does allow it to be linked back to the individual who
placed it on a cloud or at an unsanctioned location, making that person
potentially responsible for any consequences to the data’s misappropriation.
Researchers are attempting to create simple yet
effective means of facilitating cross-cloud single-sign-on authentication,
where a “foreign” cloud provider is required to gain trusted third-party status
from the “home” cloud before being able to communicate with the user and the
user’s applications.
Still the advice holds well that sensitive and
critical data is guarded and under heavy security and scrutiny.
SalesForce recently introduced Salesforce Shield
to protect its cloud apps assuring users that the encryption is
by far the best and chances of breach is very slim. But can it be slammed down
from slim to simply impossible?
We scratched the surface with regard to
Data Defence with Cloud based survives. In the next post, let us
look at ways to safeguard out data against any attack.
We welcome Your thoughts about Data Security…..
Every software is susceptible and hardware vulnerable? So where is the power of protection? Unfortunately there is no anti-dote ready that can anticipate attack and annihilate the assailant. Surely some minds are busy at ‘work-is-in-progress’ in chalking out a solution. A more complex encryption or safe vault or something very innovative and effective. When the shadow of the danger grows in size threat looms large. The usual suspects are as insiders as ‘John McAfee’ of McAfee anti-virus put out a good perspective on Ashley Madison hack. He essentially said it had to be an insider given the vast amounts of data stolen - most hackers don't have that much access for that long. It could have been an insider combined with a hacker, but he is convinced there was an insider involved. [Courtesy: quora]
No comments:
Post a Comment