How I Learned to Stop Worrying and Love Cloud-Based Products

At this point I think it’s safe to say everything is cloud-based. From cloud cars to Everything as a Service, the cloud has invaded more than just our email addresses. As a result, more and more organizations are moving all of their data into the cloud, including their more sensitive data.

cloud based SaaS security news

Recent Cloud Growth

According to a recent study from Ponemon Institute and Thales e-Security, a third of businesses admitted their data is completely unprotected in cloud-based systems. This development should be alarming to anyone paying attention to security news. Edward Snowden blew the whistle on the NSA’s massive surveillance program over a year ago, exposing the stark truth that the United States government is snooping on its citizens for controversial reasons. Snowden’s massive information dump to news organizations continues to leak out and scare the hell out of people every few weeks.

Recently the internet’s had the epidemic scare of Heartbleed, a massive bug in the basic encryption safeguarding bank and personal websites. The Heartbleed bug has been patched, but most of the old, compromised keys went right back into use, according to the latest security news.

So with keys compromised and the United States government potentially spying on everything we do, why would we store our private information on a cloud-based platform? The answer is quite simple, if you’re willing to do the work.

Basic Security: There are many arguments from crypto alarmists that since no one truly knows where their information is being stored, cloud-based platforms are completely unsafe. In truth, the cloud is no more or less safe than the average personal computer hooked up to the internet. Yes, cloud systems can be hacked. So can unprotected personal servers. In my opinion, SaaS based programs are no more dangerous or vulnerable than legacy software systems.

Encryption: In the wake of Edward Snowden, encryption has become a hot-button issue. From NSA-proof phones to SaaS encryption platforms like Vaultive, everyone wants to lock up their information. That’s a good thing. Even basic, free encryption offers vastly more security than an unprotected system. That doesn’t mean you shouldn’t shop around, though. While Google Apps are offering Zix encryption, that doesn’t mean every cloud-based email is protected. Do your homework.

Personal Vigilance: Perhaps the most important form of security. Whether cloud-based or not, most people use the same simple passwords and do not change them. Most people leave their personal devices laying around unlocked. Keeping an eye on your credit score and using tough passwords goes a long way, even in our cloudy, stormy present.

Have you migrated your information to a cloud base platform, or are you still too leery? Tell us your thoughts in the comments section below!

Heartbleed Bug is Causing Heartbreak

During the 2013 holiday shopping season, hundreds of thousands of shoppers at one of the largest U.S. retailer chains were ‘targeted’ because of a security and payments systems breach from a malware software installation by hackers.

A recently discovered security bug called Heartbleed Bug has been around for almost two years and could have exposed your usernames, passwords, credit card information, internal business documents and more to hackers.

Heartbleed Bug

What is the “Heartbleed Bug?”

The Heartbleed Bug is an error in OpenSSL 1.0.1. through 1.0.1f, an open-source software that is used to run a large number of websites online. More than 500,000 popular websites that house personal data such as Facebook and Gmail have been affected by this security flaw.

Heartbleed Bug was discovered by online security firm Codenomicon and Google researcher, Neel Mehta, on the same day. The term “Heartbleed Bug” was used instead of the original reference of the bug, CVE-2014-0160, because of its ability to “leak memory content” from the server to the client and vice versa.

The scary issue with this bug boils down to an online hacker’s abilities to access encryption keys, or codes that store personal information that typically appear as numbers and letters, and flip them into readable information if they are not patched or repaired.

What websites were affected?

Several social media sites alongside news websites and online retailers could have been affected by the bug. CNET, in coordination with Alexa.com, has went through the top 100 websites to indicate if businesses have patched the bug so your information is safe. For the most recently updated list by CNET, click here. Your information may still be compromised if OpenSSL is running on businesses’ websites. Fixed OpenSSL has been released to patch the issue.

How to protect your online information moving forward  

You may want to research a few facts Debasree Ghosh shared in her blog about online theft or take quick action with the steps below.

  1. Immediately change your passwords to something with several numbers and letters.
  2. Visit websites like havibeenpwned.cm, PwnedList.com or Shouldichangemypassword.com. These sites are all free and can let you know if your information has been compromised.
  3. Call the customer service departments of websites you have released your personal information to and ask if they were breached.

Were you a victim of the Heartbleed Bug or other online identify theft? Leave a comment below and share your experience.

Adopting the Cloud in 2014

Two years ago, the cloud was something tech companies were suggesting we get excited about. But for the average user, the power of cloud technology was amorphous. Now we’re hearing all about cloud apps and the “Internet of Things.” Everyone knows they should adopt the cloud—it’s faster, cheaper and safer for your data. The real question is, why aren’t more companies adopting?

Concerns of the Past

This was a typical business response to cloud adoption in 2013. In the undisclosed future, a business (might) be interested in adopting a cloud platform. Maybe. I’m not poking fun at these business leaders; they had reasons to be worried. Public clouds have been criticized for their security gaps and their vulnerability to everyone from hackers to the NSA. On top of that, the cloud is just… new. So you have a new platform that is under scrutiny and possibly vulnerable to attack.

So, why would your organization migrate to the cloud in 2014? Because the cloud continues to become more versatile, reliable and secure. Let’s look at some improvements that are going to be big in the coming year:

SaaS. Software as a Service is going to grow by 14.7% this year, but what exactly does that mean? Put simply, SaaS is any application that can be accessed via the cloud, usually through a web browser. A great example would be Office 365. Previously, this program had to be put on every organization’s computer and required a large IT budget to get the job done. Now, companies can access what they want when they want it via the cloud. SaaS is also cheaper than typical enterprise software—companies are renting what they need instead of buying large software packages they might not fully employ.

The Hybrid Cloud. If everyone has access to your cloud, how safe is your information? Many organizations have opted for the hybrid cloud to ensure data availability while still protecting their sensitive materials. In brief, the hybrid cloud is a combination of a company’s own private cloud platform and the public cloud that all employees can access. This mix of openness and security allows for a greater employee adoption while still protecting organizational data. For that reason, Gartner predicts half of all large organizations will have a hybrid cloud by 2017.

Encryption. If 2013 was the age of NSA revelations, 2014 may very well be the Age of Encryption. And this is a good thing. Encryption of sensitive data allows an organization to move onto a cloud platform with less fear of breach. Not only have huge companies like Google and Windows pledged to encryption their data, but now smaller organizations can afford SaaS encryption. Companies like Vaultive offer encryption-in-use technology that protects sensitive data at every stage of delivery, even while it is being deployed by the end user.

As you can see, not only are cloud platforms getting more secure, but they are allowing an unprecedented level of control and customization. That optimization can lead to real savings on software and time, especially for smaller organizations. Cloud innovation has already happened. Now innovations will get refined for all users. The real question is, when are you going to adopt?

Interested in migrating to a cloud platform? Please contact us.

5 Steps to Social Media Security

It’s an interesting time to be working online. The NSA has been caught doing some pretty serious stuff. Not only is the American government apparently spying on potential terrorist threats, they also wire tapping the phones of allies. All this Snowden-led scandal has resulted in the European Union threatening non-compliance with US-led terrorism monitoring. Needless to say, everyone is feeling a bit stressed.

How does this apply to me? Amid all this espionage gossip, US civilians have been alerted to the world of encryption, spying and cyber security. And perhaps you’ve decided to lock your phone more—or tread more carefully on Twitter automation. But despite a little bit of paranoia, how does this affect you as a social media guru?

Social Media means information. Stop for a moment and consider your brand. Get a piece of paper (or open a Word document—I’m old-school), and write down all the information at your fingertips right now. At the very least, you have social media documents, passwords and insider marketing info. You might have access to more sensitive things like IT data, brand costs and personal customer information. Anyone with your knowledge could—at the very least—use your accounts for some serious spamming. They might even be able to seriously impair your brand with hacked confidential information. Worried yet?

What can you do? The good news is that you can protect yourself fairly well with a few simple steps. There are no guarantees you won’t get hacked at some point, but you can at least minimize the damage with these suggestions:

  • Explain security procedures. The best defense is an early defense. Make sure your clients understand your security policies, and why you do what you do. Explain the importance of keeping their information protected—and the methods in place if social media becomes compromised. Also make sure that new employees understand your company’s security policies early on. Provide written material or create a class, if possible.
  • Secure sensitive information. Where are your written notes? Do they contain passwords and other important information? If so, they need to be secured, especially when you are away from your work area or not in the office. If a large number of people are moving in and out of your building on a regular basis, you might want to consider putting that information into a lockable desk or filing cabinet. Or you could migrate all your paper material onto a more secure, password-protected computer.
  • Passwords should be original. Don’t use password1, or the name of the company. You will get hacked. Consider using a personal, unorthodox word—or even a made-up word. You’ll also want to use numbers in your passwords, if not special characters (exclamation and question marks are very popular). This is one of those pearls of information you’re going to need to explain to clients.
  • If you get hacked, move quickly. Most of the time your account will be hacked for the purposes of spamming. If this is the case, make sure you change your password, delete spam and apologize on your social media platform. The faster you can accomplish these three tasks, the more damage you’ll be able to avoid. Make sure your apology is sincere as well. If it seems like you were hacked for another reason, it’s time to inform your IT guy.
  • Consider encryption. Again, if you have access to IT information or a brand’s insider data, you’ll want to consider taking security to another level. There are a variety of free and paid encryption programs. Speak with your client about their specific needs. Also, understand that your data is no longer just stored on your computer. Look into the security of your phone, and your cloud if you use such storage methods.

So should you be scared? If you’re not taking any steps towards security for your brands, you should probably be nervous right now. But if you take some simple security steps, you will be doing better than most security firms.