Tag Archives: Cloud

Companies don’t take proper care of the data they store in the cloud

cloud panda security

That hard disks, pen drives and other physical storage devices are an attractive target for cyber-criminals wanting to steal confidential information from enterprises is something that company managers are well aware of. And, in fact, they try to educate their employees about the need to use those tools properly.

However, the now-popular digital cloud, used by businesses to store increasing amounts of sensitive information, must also be taken into consideration when designing a company’s cyber-security strategy. Moving to the cloud has powerful benefits – cost savings, easy access to files from anywhere, convenience, etc.- yet it also poses some risks that must be identified and controlled.

According to a recent study published by the prestigious Ponemon Institute, the majority of businesses have not or do not know if they inspect their cloud services for malware.

The majority of businesses have not inspected their cloud services for malware.

According to the study, while 49 percent of business applications are now stored in the cloud, fewer than half of them are known, officially sanctioned or approved by the IT Department.

While respondents understand the risk of data breaches, nearly a quarter could not determine if they had been breached, and nearly a third couldn’t determine what types of data were lost in the breach(es). Neither do they know how the breach(es) occurred.

This and similar studies seem to indicate that enterprises rely too much in the security measures adopted by cloud service providers themselves and that, all too often, companies leave the protection of their most valuable secrets and assets almost exclusively in the hands of third parties such as Amazon or Slack.

To resolve this situation, CISPE, a coalition of cloud service providers operating in Europe, has published the sector’s first code of conduct aimed at ensuring data security and confidentiality. Compliant cloud infrastructure providers will be able to identify themselves with a ‘Trust Mark’ that will provide additional security assurance for customers, especially corporate ones.

Nevertheless, despite the measures taken by these Internet giants to ensure the integrity of the information stored on their servers, companies and their employees cannot ignore their own responsibility to keep corporate data and documents secure. Just as they take good care of their hard drives and pen drives, they should also take care of the cloud to prevent their data from ending up in the wrong hands.

The post Companies don’t take proper care of the data they store in the cloud appeared first on Panda Security Mediacenter.

Avira at it-sa 2016: New product portfolio for customers

Avira at it-sa 2016

We will present our latest security technology for small- and mid-size businesses, including management and OEM solutions, at this year’s it-sa in Nuremberg. From October 18 – 20, 2016, you can learn all about our latest product portfolio and get advice from Avira experts in Hall 12, Booth 662.

The post Avira at it-sa 2016: New product portfolio for customers appeared first on Avira Blog.

Locky ransomware is dead, long live Locky

Even if Locky is no longer a hot news story, the financial success of this ransomware for the cybercriminals means that it – or a new and improved version of it – will be coming around again. Here are four lessons to be learned from the latest round of ransomware.

The post Locky ransomware is dead, long live Locky appeared first on Avira Blog.

DevOps On The Desktop: Containers Are Software As A Service

It seems that everyone has a metaphor to explain what containers “are”. If you want to emphasize the self-contained nature of containers and the way in which they can package a whole operating system’s worth of dependencies, you might say that they are like virtual machines. If you want to emphasize the portability of containers and their role as a distribution mechanism, you might say that they are like a platform. If you want to emphasize the dangerous state of container security nowadays, you might say that they are equivalent to root access. Each of these metaphors emphasizes one aspect of what containers “are”, and each of these metaphors is correct.

It is not an exaggeration to say that Red Hat employees have spent man-years clarifying the foggy notion invoked by the buzzword “the cloud”. We might understand cloudiness as having three dimensions: (1) irrelevant location, (2) external responsibility, and (3) the abstraction of resources. The different kinds of cloud offerings distinguish themselves from one another by their emphasis on these qualities. The location of the resources that comprise the cloud is one aspect of the cloud metaphor and the abstraction of resources is another aspect of the cloud metaphor. This understanding was Red Hat’s motivation for both its private-platform offerings and its infrastructure-as-a-service offerings (IaaS/PaaS). Though the hardware is self-hosted and administered, developers are still able to think either in terms of pools of generic computational resources that they assign to virtual machines (in the case of IaaS) or in terms of applications (in the case of PaaS).

What do containers and the cloud have in common? Software distribution. Software that is distributed via container or via statically-linked binary is essentially software-as-a-service (SaaS). The implications of this are far-reaching.

Given the three major dimensions of cloudiness, what is software as a service? It is a piece of software hosted and administered externally to you that you access mainly through a network layer (either an API or a web interface). With this definition of software as a service, we can declare that  99% of the container-distributed and statically-linked Go software is SaaS that happens to run on your own silicon powered by your own electricity. Despite being run locally, this software is still accessed through a network layer and this software is still—in practice—administered externally.

A static binary is a black box. A container is modifiable only if it was constructed as an ersatz VM. Even if the container has been constructed as an ersatz VM, it is only as flexible as (1) the underlying distribution in the container and (2) your familiarity with that distribution. Apart from basic networking, the important parts of administration must be handled by a third party: the originating vendor. For most containers, it is the originating vendor that must take responsibility for issues like Heartbleed that might be present in software’s underlying dependencies.

This trend, which shows no signs of slowing down, is a natural extension to the blurring of the distinction between development and operations. The term for this collaboration is one whose definition is even harder to pin down than “cloud”: DevOps. The DevOps movement has seen some traditional administration responsibilities—such as handling dependencies—become shared between operational personnel and developers. We have come to expect operations to consume their own bespoke containers and static binaries in order to ensure consistency and to ensure that needed runtime dependencies are always available. But now, a new trend is emerging—operational groups are now embedding the self-contained artifacts of other operational groups into their own stack. Containers and static blobs, as a result, are now emerging as a general software distribution method.

The security implications are clear. Self-contained software such as containers and static binaries must be judged as much by their vendor’s commitments to security as by their feature set because it is that vendor who will be acting as the system administrator. Like when considering the purchase of a phone, the track record for appropriate, timely, and continuous security updates is as important as any feature matrix.

Some security experts might deride the lack of local control over security that this trend represents. However, that analysis ignores economies of scale and the fact that—by definition—the average system administrator is worse than the best. Just as the semi-centralized hosting of the cloud has allowed smaller businesses to achieve previously impossible reliability for their size, so too does this trend offer the possibility of a better overall security environment.

Of course, just as the unique economic, regulatory, and feature needs of enterprise customers pushed those customers to private clouds, so too must there be offerings of more customizable containers.

Red Hat is committed to providing both “private cloud” flexibility and to helping ISVs leverage the decades of investment that we have made in system administration. We release fresh containers at a regular cadence and at the request of our security team. By curating containers in this way, we provide a balance between the containers becoming dangerously out of date and the fragility that naturally occurs when software used within a stack updates “too often”. However, just as important is our commitment to all of our containers being updatable in the ways our customers have come to expect from their servers and VMs: `yum update` for RPM based content, and zips and patches for content such as our popular JBoss products. This means that if you build a system on a RHEL-based container you can let “us” administer it by simply keeping up with the latest container releases *or* you can take control yourself using tools you already know.

Sadly, 2016 will probably not be the year of the Linux desktop, but it may well be the year of DevOps on the desktop. In the end, that may be much more exciting.

A simple solution to IT security sprawl?

According to recent research conducted by Forrester Consulting, the vast majority of enterprise security professionals believe that security should be delivered as an integrated platform via the cloud.

Indeed, 98 percent of those questioned said that integrated security platforms would be effective to both improve their security posture and to reduce overall cost in comparison to traditional on-premise security appliances and point solutions.

As our channel partners have experienced firsthand from their small and medium business clients, the ultimate problem addressed in the research is one that has been gaining increased airtime over the past year – security sprawl. With more data sharing, more device connections, and more security solutions to manage everything than ever before, companies are struggling to keep themselves secure.

Though targeted at an enterprise level, I believe you’ll agree that these research findings are just as applicable to smaller businesses – with the fragmented security landscape posing a management headache no matter your company size.

Our AVG Business product line includes a managed services and security platform that offers a range of features. We have designed the products with absolute simplicity in mind to help relieve security sprawl headaches. AVG CloudCare is one example, enabling direct, real-time management of a full suite of cloud-delivered security services – antivirus, online backup, content filtering, email security, premium remote control, secure sign-on and more, all from one dashboard. Instead of having to deal with the complexity of multiple, different security solutions, we provide a ‘single pane of glass’ view for easier IT management.

AVG CloudCare supports our partners, so that MSPs can give their customers the reassurance that their applications and data are protected on any device, anytime, anywhere.

As John Quatto, Channel Partner Manager at Zobrio Inc. recently put it, “the only problem you might face now is that your clients will never witness and appreciate the work you’re doing – As an MSP you have to be able to prove your worth – ironically, that’s difficult if you’re fixing issues before the customer even knows they exist!”

If AVG CloudCare sounds like it could be an asset for your business, visit our AVG Business website today to find out more.

How one IT guy gained control of 500 devices with Avast for Business

The rule of thumb for managing devices is one IT Administrator for every 100 computers or devices. Five hundred is difficult to manage for an entire IT department, let alone one IT Administrator. But, Gary Myers is up to the task.

The Avast team caught up with Myers recently to see what he thinks about the new Avast for Business product. “They say you should have one person for every 100 devices so it’s definitely a challenge.”

Gary explained how he chose new Avast for Business as his security solution. “I’ve been using Avast for a long, long time, so when I saw that there was a new business product, I knew I should give it a try.” Myers says that Avast is a step above the rest and he switched to Avast for Business because he wanted the new features of the cloud-based product.

Avast for Business web console

Our easy-to-use Web console lets you see and manage devices, reports, and alerts from anywhere.

Myers said the upside of the new cloud-managed antivirus is obvious. “I’m seeing advantages with the software being cloud-based. The web-console allows me to see everything I need to see at once and everything is up-to-date.”

Streamed updates and the cloud-managed console certainly make life easier for an IT administrator that manages as many devices as Myers.

Budget is often a huge factor when IT professionals purchase antivirus software but for Myers, the free product “works, and it’s low overhead.”

Avast for Business is completely free forever – which makes it the ultimate cost-cutting, money saver.

Sign up for Avast for Business and save money and time for your company.