Category Archive Cloud

Layering Security is easy, effective and affordable so there is no excuse for a data breach

There was a day and age not so long ago that I might have a little compassion for a data breach, but there is ABSOLUTELY no longer any excuse for these sorts of things to happen. From a technological perspective there is no reason why organizations of all sizes can’t easily implement a highly-effective, yet also affordable cyber Layer Security and Bring Your Own Security (BYOS) strategy. Below I will illustrate these layers of security with specific examples of how modern technology could possibly have greatly reduced data security risk or eliminated a data security breach altogether.

Complications of data security becomes Easier: The compassion I once had for an unintentional oversight for a data security comes from personal past experience as a network administrator when managing IT security was overwhelming complicated. IT Security was, and still is, complicated because there are so many areas of potential exposure in today’s always-on, internet-connected, reality. It’s not easy to stay informed on the rapidly evolving security technologies available these days and I can appreciate this daunting challenge.

No longer should it be so complicated to implement a solid cyber security strategy with simple dashboards where administrators can easily establish, manage and control their entire multi-cloud environment, including on-premise storage, through one simple interface. The challenge of learning each individual cloud ecosystems terminology, back-end configuration as well managing user access can be delivered in a simple to understand Management Console dashboard. So ‘complicated technology’ is eliminated as any excuse for a data breach.

Laying security provides an Effective defense: Historically, there always have been silos of outstanding security products where organizations can build various layers of cyber security but these proved to be challenging for several reasons. This layering involved using different vendors which meant different business contracts with each, or it meant that each vendor was at a different phase of their product life-cycles or the interoperability between the systems wasn’t smooth or flaky at best.

However, using modern and innovative security solutions that are tightly integrated with many layers of security methods — bordering on the verge of ‘paranoid’ levels — makes it much easier for network administrators to address many of these areas of data exposure risks. Nowadays implementing a fully integrated, end-to-end IoT security layered platform from device to storage literally takes only minutes. This Security-as-a-Service technology leaves all the magic of these secure layers to the back-end system automation where the administrators or users themselves never have to get involved. This highest level of security paranoia just simply happens without worry so providing a fully layered security stack of technology. No longer is there any excuse for a data breach because these layers do not consist of many disconnected parts; it’s simply one secure IoT platform.

Enterprise Security commoditized and now Affordable for everyone: ‘The Cloud’ has, unquestionably, delivered on the great promise of bringing technology and services which were once only affordable to large enterprise customers and now to organizations of all sizes. This is a shared cost of the cloud economy business model. For example, Salesforce delivers enterprise level CRM services, Amazon delivers enterprise Web Services (AWS) infrastructure and Google provides enterprise class business applications, all at great scale and with the highest levels of reliability. The common denominator where these companies can offer such enterprise services at such affordable costs is that ‘the cloud’ allows everyone to share in the costs, yet also share in the benefits. The same concept of offering enterprise grade salesforce automation, infrastructure services and business applications can now be applied to an Enterprise Data Security strategy which is affordable for everyone. For this reason, that traditionally enterprise class security was only available to organizations with large spending budgets is absolutely not an excuse for a data breach.

Now that we’ve taken a look at three factors which eliminate any excuse for a potential data breach, let’s take a look at each layer in a bit more detail and cite a recent example.

  • Bring your Own, always-on, data Encryption

Data breaches are not always the result of some nefarious black-hat hacker trying to steal your most sensitive corporate data. Sometimes honest mistakes happen such as is the case where the Pentagon exposed some of its data on Amazon server(1). This is an example where the complications of a Data Security implementation were overlooked or ignored. In this particular case anyone that had an Amazon Web Services account had access to the data stored because of a misconfiguration. It’s not that the technology wouldn’t have worked but there are just simply too many honest ways to misconfigure security settings.

This would not have happened if the Pentagon had implemented encryption security that wasn’t tied exclusively with Amazon’s Web Service user accounts and brought their own data encryption technology while still using the exact same Amazon S3 storage system they are currently utilize so no change in workflow. They could just have automatically enforced an encrypted secure strategy with technology that is not optional, it’s always-on as a default and cannot be misconfigured.

  • Virtual, non-Physical, Key Encryption System

Another example of most likely an honest mistake is where Uber Got Hacked Because It Left Its Security Key Out In Public(2) and the consequences are wide ranging where now Uber Is Already Getting Sued Over Its Gigantic Data Breach.(3) In this particular situation the traditional approach of using password security ‘keys’ led directly to a ransom demand, and consequent payment, to a nefarious hacker. Using traditional security key management methodology, password ‘keys’ are similar to a username/password combination or a physical software ‘key’ file that locks (encrypts) and unlocks (decrypts) files or your car door. The risk is that with a physical asset and storing ‘keys’ in this manner, there exists the possibility of exposure no matter how safe an organization attempts to store these keys. It’s like if you left the keys to your front door on the front porch of your home.

With a modern, cloud-first, approach there would be no physical key to compromise, and thus further reduce risk data breach exposure. While keys are still necessary to encrypt and decrypt files, the idea of physical keys should be a thing of the past. Ideally the keys should be only temporary used in memory and then instantly destroyed when not needed. This is the best approach available and can be achieved when people seriously consider new types of innovation instead of the standard ‘herd mentality’ by just continuing to do things as they’ve always been done. The golden rule should be that you can’t break what’s not there.

  • Biometrics Multi-Factor Authentication

Other times the technology itself exposes risks as was the case with Western Digital (WD) where it was suggested from SEC Consult Vulnerability Lab as a Top tip: Unplug your WD My Cloud boxen – now(4). Western Digital provides network-attached storage (NAS) solutions and an easy way to use these WD devices is through a web interface. In this particular breach it was verified that there is a known vulnerability where hackers can bypass username/password authentication and get direct access to the root file system and all the data stored on these NAS devices.

Nowadays nearly all mobile phones and even computers have cameras and microphones. Facial and Voice Recognition are becoming more mainstream with the likes of Amazon Alexa, Google Voice and Microsoft Cortana and technology exists where users can easily register their face and/or voice as another form of user authentication. In this case, a second form of authentication, instead of just only username/password authentication, such as Face or Voice would have prevented unauthorized access to the data on these devices. Also, while passwords might be easily guessed if not using a strong password, face and voice is much harder to duplicate. Today’s modern technology can allow a user to register their Face or Voice in just a few minutes and further reduce the risk of a potential data breach with this multi-factor authentication approach to an overall cyber security strategy.

  • Strip files of their digital identity and store in a manner safe even when stolen

Lastly, when all else fails, such as where Oxford and Cambridge Club data breach: 5,000 members’ data compromised after backup hard drive stolen(5) then you have to be assured that these nefarious hackers can’t understand your data even when they are in physical possession of the content. Just assume an absolute worst-case scenario where (a) multi-factor authentication was circumvented, (b) unauthorized data decryption was achieved with brute force and (c) the hacker was in physical possession of your content where you can’t erase or take any counter-measures. In this case you certainly don’t want your files to appear as recognizable files such as a PDF medical record, a legal agreement document or a financial spreadsheet.

So how can you achieve this? Using innovative security technology, you would strip these PDF, DOCX or XLXS files of their digital identity, meaning absolutely no metadata about the objects themselves is available to the hacker. No obvious file extensions such as ‘.pdf’ are ever exposed. Then filenames themselves are cleansed of their real name such as ‘credit card numbers.xls’ and each object is split into completely random folders/sub-folders and files which render these items completely unusable to the hackers. In fact, to ensure a security level past the paranoid level a single object can be striped across multiple backend storage systems to provide a true hybrid storage solution.

In summary, I hope that you can appreciate that implementing an innovative, modern, cloud-first, Bring Your Own Security (BYOS) data security strategy provides no excuse for breaches. In a perfect world a combination of all the above layers of security which fits seamlessly into existing user workflows, that is easy to implement from a technical perspective and is affordable to everyone is cyber security euphoria.

I would not want to be the next person or organization that has to deal with one of these security breaches when the technology is available to avoid such disaster. There are two distinctly different ROI’s from my perspective. The obvious ROI is ‘Return on Investment’ by using technology to improve business process to enhance productivity, decrease operational costs and create a competitive advantage which is rather easy to measure. And then there is the second, not so obvious ROI, which is reduced ‘Risk of Investigation’ through a lax data security strategy. I just wish during my personal experience as a network administrator that the technology existed which would provide the maximum ROI to both extremes. The bottom line is that a sound cyber security strategy is the responsibility of everyone in an organization from CEO, CFO, CIO, CTO, employees to partners and providers so everyone must careful consider and participate in securing data. There is simply no excuse for a data breach.

References:

1. Pentagon exposed some of its data on Amazon server

2. Uber Got Hacked Because It Left Its Security Key Out In Public

3. Uber Is Already Getting Sued Over Its Gigantic Data Breach

“Uber failed to implement and maintain reasonable security procedures and practices appropriate to the nature and scope of the information compromised in the data breach,”

4. Top tip: Unplug your WD My Cloud boxen – now

5. Oxford and Cambridge Club data breach: 5,000 members’ data compromised after backup hard drive stolen

,

Cloud Storage Cyber Security for the price of a Cup of Coffee

Do you think that having an enterprise-grade cloud storage cyber security system is expensive? Think again because this level of access to some of the most sophisticated cyber security technology can cost less than a cup of Coffee.

Like most of you when I hear such a claim of incredible availability to a product or service for this sort of an unbelievable affordable cost, I would naturally be suspicious. For this reason, in this article, I would like to explain the business economics of why this is possible and realistic. It is amazing, yet absolutely true, that organizations of all sizes can now implement a comprehensive cloud storage security solution so affordably.

IoT Endpoint Protection:

  • Application interface costs drastically decreased: One of the first costly challenges for cloud storage security is something rather easy to understand and this is how to ensure that each endpoint is secure. By endpoint this simply means devices at the front-end of a network that initially consume data to back-end devices of a network that store the data, or each ‘end’ for creating, storing and utilizing information. Therefore, you would look for one solution that is truly ubiquitous and can run on all devices including iOS and Android mobile devices and all flavors of operating systems including Windows, Linux and Mac via a web browser that is universally supported. When one solution supports all these endpoints then there is no additional development efforts required.
  • Bring Your Own Security to commoditized cloud storage: Another way that cloud storage security can be highly effective, yet still affordable is using a Bring Your Own Security (BYOS) strategy to commoditized cloud storage. Cloud Storage providers such as Amazon, Google, Oracle, IBM, Alibaba and others have built massive cloud storage infrastructure and are competing like crazy for market share so why not take advantage of this competition to your advantage? Now you can by bringing several key security functions including a Unified Virtual Key Encryption strategy, File Obfuscation and physical file segregation at the individual object level among these Multi-Cloud Repositories. This affords organizations of all sizes the mutual benefit of getting massive amounts of cloud storage from any one, or all of these providers, and also the benefit to easily apply your own enterprise-grade cloud security policy across these different storage vendors.

Security-as-a-Service:

  • Reduced price through a shared costs business model: Just like the cloud storage providers can offer these incredible amounts of storage space at such an affordable cost, cloud storage cyber security can now be offered in the same manner. Everyone participates in the costs of on-going product development, maintenance and supporting the infrastructure through a software subscription monetization model. This financial arrangement is analogous to some high budget movie that costs millions of dollars to produce, distribute and promote. There is no way in the world that one person would pay millions of dollars to watch this movie, but since this is a shared expense among many people through the purchase of movie tickets then it affords everyone the opportunity to see this blockbuster film but at an affordable cost shared by all.
  • No dedicated labor expense for technical resources: Long gone are the days of complicated cyber security technologies that require dedicated technical resources to install, configure and manage. In today’s modern age of cloud cyber security computing, organizations just simply subscribe to a service and literally, in minutes, can be utilizing these secure hybrid cloud storage capabilities. With Simplified Management Consoles that are easy to understand it does not take software engineers or years of technical training to manage these systems. When changes or modifications are required to the security system such as adding/removing users, adding/modifying additional storage or providing sharing folder/file permissions then these systems can be easily operated by a knowledge work that needs no specific training on the nuances of cyber security, yet still ensure no bad unintentional consequences.

Roadmap Flexibility and Scalability: 

  • Reduced liability risk and simplified compliance/regulation: The intangible costs of decreasing risk are something rather difficult to measure yet this has to certainly considered when an organization takes into account all aspects of the business. It’s well-known that the costs of attorneys, lawyers and going through an eDiscovery process associated with lawsuits over data breaches is expensive and has driven, or will drive, breached companies out of business forever. This is a real-world fact. So, having a solid cyber security IoT Endpoint technology with many layers of defense that rivals true cyber breach paranoia, greatly helps with audits and risk compliance. This layered security is not simply a checkbox on an audit survey, but real, defendable methodology that can assist if justifying risk reduction of data breaches. One excellent example is deploying a Universal Virtual Key Encryption system which eliminates physical encryption keys. If they simply don’t exist then they can not be compromised. This one example using a new approach to Key Management can save organizations hundreds of thousands, or millions, of dollars expense for the technology itself as well as the labor safe guards for physical keys.
  • Tremendous costs savings affords for more functionality: Over time, the total savings of a BYOS strategy for a multi-cloud environment really begins to make such a positive impact to the financial bottom line that organizations consider re-investing some of these savings. Since these savings were a direct result of a solid cloud storage security strategy then the obvious area of added functionality is to even further enhance the overall cyber security portfolio through complimentary capability such as Endpoint Detection and Response (EDR). By investing in EDR portfolio capability such as real-time dashboard analytics, proactive responses/alerts and actions or intrusion monitoring then powerful insights can be gleaned to further enhance the business process, certainly from a security perspective, but also to enhance an organizations worker productivity.

In summary, coffee is great and I’m not advocating abandoning your morning cup of java if that helps you get going in the morning. I just use this reference to illustrate the fact that to implement an enterprise-grade cloud storage cyber security solution is not only highly effective, but also extremely affordable at only pennies per day. Is your data security worth only a fraction of a Cup of Coffee?

Picture courtesy of OddTodd.com. OddTodd is a humorous website about a cartoonist guy named Todd that was once laid-off and then parlayed his funny character and cartoon skills into a successful career. OddTodd really likes his Coff-ay too!

,

Kevin Neal Life Update, 10/30/2017

Since the end of last month when I sustained my ankle injury, life has been challenging. While I’m very grateful and fortunate because the injury could have been so much more worse, the truth of the matter is that I’m not a very patient person and the disruption to my normal routine has been difficult, to say the least.

I’m very fired up for this upcoming week! Let me start with the highlights first.

I have taken my downtime over the past few days, and weeks, to organize some meetings that I am so much looking forward to this week. Some of these meetings are professional but some are also very personal. I’m looking forward to each of them with equal excitement, yet for extremely different reasons. Most of all I’m so pleased that Brandee will participate in each of them.

Whether by fate, destiny or divine intervention, I have had to lean on Brandee for so many things due to my ankle injury last month. Right now, I cannot do many of the normal things I used to do. Or even if I can do them, it’s at a much slower pace than usual. She just has this uncanny ability to jump right in and get things done without me even asking, or realizing that I needed help in the first place.

In addition to our meetings this week I’ve been doing a lot of educating myself in various disciplines. I’ve always felt that my professional business value, to be very honest, is not that I am necessarily an expert at any one thing in particular.  Rather I have a well-rounded professional background where I can relate to others in a sincere manner. I have professional experience in sales, marketing, customer service, business management, account management, product management, technical and other skills rather than just one particular job responsibility throughout my business career. I have

been very fortunate for this and I’ll never forget some very wise advice Dave Wood gave me many, many years ago. He said, “Kevin, even if you continue working at the same Company, do something different within the company.” I could not agree any more strongly than I could with this great advice from such a terrific person as Dave.

An area of particular focus recently has been digging deep into the setup, configuration and usage of ‘cloud services’. This is a very daunting task as the information is overwhelming, the terminology and services offered are different for each provider and the learning is typically on-your-own instead of some formal classroom style course. This is good and bad. It’s good because you can move at your own pace, which I’m finding really beneficial. However, the learning-curve just to get started is a bit overwhelming. Overall, technology is something I’ve always been interested in so my thirst to learn is genuine and natural.  I’m glad I can apply this to my professional career. This learning I’ve been doing recently should be of great benefit to myself, but most important our partners and clients, in this current era of technology convergence between traditional/on-premise and cloud computing services.

Another thing that has me really fired up is that after several weeks of uncertainty with not knowing about my mobility (or ability to work at all), having to juggle my calendar to re-schedule so many planned activities and having to level-set my personal business strategy; for the first time in weeks, I feel that I have a solid schedule to follow this week. I spent the end of last week, as well as this past weekend, preparing a lot of documentation and discussion materials that should be very useful in our upcoming business meetings this week to have positive and productive outcomes.

Lastly, and most importantly, and I’ll say it once again, I am so grateful for the compassion and kindness of all of you. I have such incredible faith in the decency of humanity. So many of you have been so incredibly supportive of Brandee and I dealing with my injury that we cannot thank you enough. Your kind words, thoughts and prayers are absolutely felt and appreciated. We can only hope to do what little we can to reciprocate for you and your family in some fashion, manner or capacity. At certain times in life you must slow down, reflect, appreciate, regroup and then move-forward, stronger and better than ever.

 

When life gives you lemons, make lemonade!

,

The Fujitsu Imaging Products Group (IPG) Demo and Education Lab

This was a self-imposed project that I was very proud of. In 2007 while working at Fujitsu I took the initiative, and was gratefully given the authority, to organize, prepare and build what I called the “Fujitsu Imaging Products Group (IPG) Demo Lab”. The concept was to setup various solutions that utilized our document scanning technologies for educational purposes.

The project was really great because people were really interested in learning about emerging technologies. I didn’t have to spend any money on building this Demo Lab. All the equipment was excess. We created an internal web portal that people could log on and follow the easy instructions to understand, and try for themselves, the different technologies.

Much of our Demo Lab was dedicated to network-attach solutions so we had many networking hardware products such as Kofax DSS, Axis or Silex but we also had network software solutions such as Network ISIS and RemoteScan TWAIN. It was really great to share this knowledge with others and get such great feedback.

fujitsu-ipg-lab-interface fujitsu-ipg-lab5 fujitsu-ipg-lab4 fujitsu-ipg-lab3 fujitsu-ipg-lab2 fujitsu-ipg-lab1

ipg-lab-purpose

Bella’s health, elections and ‘the cloud’ – 10/17/16

Bella’s health scare

bellaBrandee (wife), Jackson (our dog) and I had a real scare with Bella (our cat) the past few days and we’d like to report a happy road-to-recovery. First of all, Bella has been extremely anxious over the past one year or so and extremely aggressive towards our dog, Jack, and we attribute it most likely to Feline Dementia.

On Tuesday afternoon, Bella, had a hard fall. She likes to jump into our shower/bathtub for whatever reason and on this particular occasion she didn’t quite make the leap over the tub wall and crashed to the floor. It seemed innocent enough but got both Brandee’s and my attention immediately. We watched her for about 10 minutes without any obvious problems but then she went into something like a seizure-like state where her legs were moving uncontrollably. It was very scary.

Awful, yet reasonable, thoughts were racing through Brandee and my heads such as ‘did she break a leg?’, ‘did she break her back?’, ‘did she get a concussion?’. After a few more minutes of observation she was agitated enough to want to walk on her own and we determined that a fracture of the leg or back was not likely. However, something like bumping her head, like a football concussion, which is neurological might have caused a sudden onset of these seizure-like symptoms. Over that night was one of the longest ever for both Brandee and me with worry for Bella. She was very lethargic, had lack of mobility, no desire to eat/drink…it was awful.

https://www.facebook.com/kevin.neal/videos/10210792503194381/

Bella is only 14-years old and due to her feral upbringing we are always especially concerned when anything happens to her as I’ve heard life-expectancy might be less than non-feral cats. However, I’m glad to report that after a vet-visit yesterday afternoon, and an anxious night for Brandee and I, that the vet’s prescription of a mild pain-killer/sedative has made Bella a happy kitty again. We love our Doctor so much! Dr. Nagle is awesome!

 

American passion for elections

electionWith less than one month until the American elections, passions, opinions and even out-right hatred is nearly at the boil-over moment. From my personal perspective I know this particular election is extremely important and I think most people would agree. And, also, while I have my own strong opinions on certain topics I would never blame anyone that might disagree with me. After all, our system of Government is supposed to be a democracy and reasonable people can, and should, have reasonable debates. So, therefore as the election nears I will continue to advocate about topics I care deeply for, yet I respect everyone’s opinion to agree, disagree or not care. All that I would ask is that if you do have an opinion, please make it an informed decision. That’s all I want to say about this topic for now – I’ll take my 5th Amendment right now to not incriminate myself on this blog post and take-a-knee.smiling-face-with-sunglasses

 

Cloud Business

Whether you know me personally or professional, most of you know that I have been a huge advocate of ‘cloud computing’ before it was socially or professionally acceptable like it is nowadays. I’ve had to endure the abuse of some of my seriously naïve co-workers with such criticism as ‘the cloud is not secure’ or ‘the cloud is just the internet re-branded’ or, my personal favorite, ‘no one can make money in the cloud’. These are the people that love the status-quo and refuse to go outside of their comfort zones even when a mega-trend like ‘cloud computing’ was raining on their traditional businesses. Personally I enjoy the criticism in the early days of ‘cloud computing’ because it really forced my thinking to be critical. The criticism made me really contemplate my professional career and I’m glad I made the decision to dive head-first into this cloudy future. As Marc Benioff, CEO of Salesforce.com, famously once said the following:

“This is the heyday of the Cloud. This is the Renaissance. We are in the Great Time.”

 “So we’re still at the very, very beginning.

We are in the first innings of Cloud Computing.

This is still the Renaissance.”

 

coalitionMy career and my business is in an excellent position to capitalize on the big momentum for cloud applications and services. We are building an outstanding network of like-minded individual’s as well as technology partners. It is truly an exciting time to be building such an exciting future!