Posts Tagged ‘ransomware’

The Cloud Is the Perfect Vehicle for Data…and Data Protection

Brian Heckert

Principal Content Editor, Dell EMC
My first long-term exposure to technology was the typewriter. I still love that invention, which really sparked my interest in writing. For the past 20 years, I have worked in high tech as a content development specialist, marketing writer, and documentation editor. Prior to working in the software industry, I was a journalist, photographer, photo editor, and military fire fighter. After hours, I enjoy spending time with family, reading, and hiking in the mountains.

The end of cloud computing? Don’t hold your breath!

Recently I watched a video about how cloud computing has run its course. The headline—The End of Cloud Computing—grabbed my attention (that was the point, of course). But there’s just one thing: it’s not true!

The premise is that many of the future devices both large and small that we will depend on daily will need to collect real-world data in real time. That means lots of data real fast. For example, to operate safely, self-driving cars need information—and lots of it. While they’re maneuvering, self-driving cars gather incredible amounts on information—more than 1 GB per second—and use it quickly to ensure maximum safety for everyone on the road. The process requires sensors in the car to collect data about road conditions, make inferences about those conditions, and then act with extreme agility.

cloud data protection

The process of sensing, inferring, and then acting quickly and accurately makes a lot of sense for a self-driving vehicle when we consider that a wrong “decision” by the vehicle could cause an accident, resulting in damaged property, or worse, bodily injury to vehicle occupants or pedestrians. That means data needs to be onboard the vehicle, which becomes a “moving” data center.

But here’s the thing: not all data centers need to be moving. While an “onboard” data center makes sense for a self-driving car, there are vast amounts of information that reside comfortably in the cloud. And that isn’t going to change. These days most of our devices and how we use them depend on a data-gathering process that occurs centrally in the cloud. The device in use pings the cloud and then information in the cloud is returned. For example, when you do a Google search or use your favorite app, the cloud is the perfect vehicle from which to grab the necessary data.

And what about business-critical data? The cloud is the perfect vehicle for enterprise IT. In fact, today many organizations are given mandates to store a certain percentage of the business’s data in the cloud. Why? It’s economical and it’s safe—practical reasons that reduce TCO. These days, who doesn’t want to reduce TCO? (more…)

2016: Year of the Cybercriminal

Brian Heckert

Principal Content Editor, Dell EMC
My first long-term exposure to technology was the typewriter. I still love that invention, which really sparked my interest in writing. For the past 20 years, I have worked in high tech as a content development specialist, marketing writer, and documentation editor. Prior to working in the software industry, I was a journalist, photographer, photo editor, and military fire fighter. After hours, I enjoy spending time with family, reading, and hiking in the mountains.

cyberattackUS$1,000,000,000. That’s the estimated cost of ransomware to individuals and businesses in 2016. In the first quarter of 2016 alone, ransomware cost organizations US$209 million. Keep in mind that ransomware is just one type of cybercriminal activity. Although final numbers for 2016 are not yet known, based on the frequency and sophistication of the attacks so far, it’s likely that 2016 will end up as the most lucrative year on record for cybercriminals. The latest numbers show that there were more than 2 billion records leaked in 2016.

Here are just a few of the biggest cyberattacks in 2016:

Government
Even the U.S. government is not immune to cyberattacks. In February, the Department of Justice was attacked by hackers who published contact information of 20,000 FBI employees. That was just a day after the same hackers posted contact information of 10,000 Department of Homeland Security employees. Shortly after these attacks, the cybercriminals taunted the Feds, stating that they did what they said they would do.

High tech
Data from at least 500 million user accounts was stolen from Yahoo! users. The cybersecurity breach actually occurred in 2014 but was only confirmed by Yahoo! this past September. According to Yahoo!, “The account information may have included names, email addresses, telephone numbers, dates of birth, hashed passwords (the vast majority with bcrypt) and, in some cases, encrypted or unencrypted security questions and answers.”

Healthcare
Hospitals operated by the $5 billion healthcare provider MedStar Health were attacked by ransomware in March. Thousands of patient records could not be updated and in some cases could not even be accessed by healthcare staff. As a result, patients were turned away or were treated without important computer records.

Education
A data breach at the University of California, Berkeley, affected the institution earlier in the year, compromising the financial data of 80,000 students, alumni, employees and former employees. The hackers exposed Social Security and bank account numbers. The breach occurred when software was being patched.

No organization is immune
The attacks just mentioned are just a few of the thousands of cybercrimes that occur worldwide each day. Government, high tech, healthcare, education, etc.—no one is immune from a cyberattack. Cleary, if you’re connected, you’re vulnerable. Fortunately, there are precautions you can take to prevent a cybersecurity disaster. According to the Federal Bureau of Investigation (which is the lead federal agency for investigating cyberattacks), you can protect yourself and your organization from cyberattacks by: (more…)

Ransomware Hits Light-rail System, Resulting in Lost Revenue

Brian Heckert

Principal Content Editor, Dell EMC
My first long-term exposure to technology was the typewriter. I still love that invention, which really sparked my interest in writing. For the past 20 years, I have worked in high tech as a content development specialist, marketing writer, and documentation editor. Prior to working in the software industry, I was a journalist, photographer, photo editor, and military fire fighter. After hours, I enjoy spending time with family, reading, and hiking in the mountains.

Ransomware really gets around, faster than even the best form of mass transportation can move busy commuters to work.

ransomware-on-the-rail

Recently, ransomware caused the San Francisco Municipal Transportation Authority (SFMTA) light-rail system to lose revenue when the organization shut down ticket machines and fare gates as a precaution to the malware attack. According to the SFMTA site, ransomware infected mainly 900 office computers. However, another source claimed that more than 2,000 computers were infected, including office admin desktops, CAD workstations, email and print servers, employee laptops, payroll systems, SQL databases, lost and found property terminals and station kiosk PCs.

The ransomware scrambled the data on infected hard drives, posted a message on corresponding computers (“You Hacked, ALL Data Encrypted, Contact For Key (cryptom27@yandex.com) ID:601.”), then demanded a 100 Bitcoin ransom (approximately US$75,000) before the cybercriminals would agree to hand over a master decryption key that would allow the SFMTA to decipher the data ransomed on the infected hard drives.

Ransomware is a threat to businesses that already costs millions of dollars each year, and unfortunately is prevalent and grows more sophisticated. There are literally millions of new malware variants each year. In 2015 there were 431 million variants added, according to the Internet Security Threat Report.

Using a variety of attacks, criminals can inject malware into your network, which then holds your data or other systems hostage until you pay a ransom. Ransomware gains access to a computer system through a network’s weakest link, which is typically a user’s email or social networking site. Once a user clicks on a malicious link or opens an infected attachment, the malware spreads quickly throughout the system.

When a file or other data is held for ransom, the affected organization must meet the financial demands of the cybercriminal in exchange for a decryption key to “unlock” the ransomed data. If you don’t pay the ransom, you forfeit access to your computer and the data that’s on it. You also forfeit access for others to shared documents and data, compounding the impact exponentially. You might think that’s the worst case. Not so. (more…)

Losing Data Is No Treat

Brian Heckert

Principal Content Editor, Dell EMC
My first long-term exposure to technology was the typewriter. I still love that invention, which really sparked my interest in writing. For the past 20 years, I have worked in high tech as a content development specialist, marketing writer, and documentation editor. Prior to working in the software industry, I was a journalist, photographer, photo editor, and military fire fighter. After hours, I enjoy spending time with family, reading, and hiking in the mountains.

The truth is, when it comes to Halloween, we all like the treats (the best), but none of us want the tricks (the worst). That’s an easy choice when it’s October 31. But when we’re facing life as it really is, we don’t always get to choose. For example, sometimes disasters happen, and no amount of wishing is going to change the inevitable.

Grinning pumpkin lantern or jack-o'-lantern.

I am reminded of a neighbor friend of mine who really enjoys Halloween. On that day he can dress up to look like just about anything frightening. During all other days of the year he works for a commercial and home restoration service company (that is, his business cleans up damage and makes repairs after disasters such as a flood, fire, or earthquake). He once said something to me that I’ve never forgotten: Expect the best, prepare for the worst. Although my neighbor was referring to structural damage, recently it got me thinking about the likelihood of “data damage.”

Fortunately, there are proven methods that allow you to be proactive about safeguarding your data from potential disasters—whether human-made (including ransomware!) or natural—and ensuring that you always have 24×7 access to your important files. For a moment, let’s consider the current threat landscape to your business’s data.

As emphasized in the recent Global Data Protection Index (GDPI), there are a number of reasons why data protection—which includes data backup—is so critical. The GDPI found that of those organizations surveyed, 52% of them suffered unplanned system downtime in the last 12 months, and 29% suffered data loss. Whether it’s ransomware (36% of organizations reported internal or external security breaches, according to index) or hardware failure (hardware failure is still the number one cause of data loss and/or system downtime, according to the GDPI), a massive data breach can happen faster than you think. In fact, once cyber criminals gain access to a system, it takes just six minutes for these law breakers to compromise an organization, and they can do that successfully 60% of the time.

If you’re unsure about whether or not your data is sufficiently protected, consider the following questions:

  • If a natural disaster (such as a flood, fire, or earthquake) were to occur right now, would your business-critical data be protected?
  • Let’s assume you’re already backing up your data. If a disaster were to occur right now, how quickly could you access your important files?
  • If your business were to be compromised by ransomware, would you be able to restore your data to a point in time when you know that your data is free from the malicious effects of that cyberattack? And how long would it take for you to perform that restore?

In the event of “data damage,” Dell EMC Mozy Enterprise protects files on desktops, laptops, and other devices both inside and outside the corporate network. This automated cloud backup solution also allows users to securely synchronize files across their computers, smartphones, and tablets. Your data is backed up, protected, and always accessible. That’s a 24×7 treat!

Not long ago I saw a quote that was similar to the one my neighbor shared with me: Expect the best, plan for the worst, and prepare to be surprised. Funny, to be sure, but you don’t ever want to be surprised about losing your data. That’s a surprise you can never really be prepared for, especially if it jeopardizes business continuity and/or strains or even permanently damages customer relationships.

Even ghouls and goblins don’t want to encounter data loss. It’s just too frightening. The GDPI makes no surprises about data being at risk due to theft, loss, or damage; however, if your data is properly backed up and protected, data loss is one surprise you can avoid altogether. Now that’s a treat you can enjoy all year long.

Cloud Adoption: Strategy vs. Reality

Vladimir Mandic

Chief Technology Officer & Distinguished Engineer Data Protection Cloud, Core Technologies Division, Dell EMC
Vladimir has been driving technical innovation and change within EMC for the past 10 years, first in the area of data protection software and, currently, in cloud technologies. Prior to that, he’s had rich industry experience as a solution integrator and in the service provider space. When not working on technology innovation, he may be difficult to locate due to his passion for world travel.

Latest posts by Vladimir Mandic (see all)

Myths About Migrating to the Cloud

Myth 1: Cloud Bursting
One of the original highly publicized use-cases for public cloud was bursting. The story made sense: as your demand for computecloud adoption-vlad increased, you would use the public cloud to increase the capacity of your private infrastructure. Like so many good stories, bursting didn’t really happen. In fact, bursting is one of the least common public cloud use cases.
Why did bursting not become more widespread? Enterprises are either keeping applications on-premises in newly designed IaaS private clouds or they are moving them to the public cloud. It’s an OR function, not an AND one. Furthermore, it almost always happens per-application. You evaluate your future application needs and decide where it makes more sense to run the application for those needs. Bursting across environments is just too complex.

Myth 2: Multi-Cloud
Most enterprises have neither a comprehensive hybrid cloud nor an end-to-end multi-cloud strategy that covers entire IT cloud comic-vladenvironments. Frequently there is a general desire for multi-cloud strategy to minimize the dependency on a single cloud provider. But that strategy turns out again to be a per-application choice rather than a centralized plan.
Organizations choose to run some applications in the private cloud and some in different public clouds. Every cloud has very different functionality, interfaces, and cost optimizations. And each time an application developer chooses an environment, it’s because that cloud was the optimal choice for that application. As a result, application mobility becomes a myth; it’s something desired, but very few are willing to settle for the smallest common denominator between different choices just to enable application mobility.
Even if customers wanted to and could move the application, it’s unlikely to happen. Moving large amounts of data between environments is challenging, inefficient, and costly. So, once the choice of a cloud provider is made, the application stays where it is, at least until the next tech refresh cycle when per-application considerations can be re-evaluated.

Cloud Adoption for Legacy Applications
While so much of the focus has been on creating new applications, enterprises are also migrating traditional workloads. So what are the stages of cloud adoption?

  • Step 1: Infrastructure as a Service. Treat the cloud like a typical infrastructure; in other words, think of servers and storage as you currently think of them. Applications are installed on top of the infrastructure. Because everything is relatively generic, the choice of a cloud provider is not too critical.
    But as applications start to move, a new way of thinking evolves; you start looking at the infrastructure as services instead of servers.
  • Step 2: Software as a Service. Some legacy applications are swapped for new ones that run as a service. In this case, you don’t care where your SaaS service runs as long as it’s reliable. The choice of a cloud provider is even less relevant; it’s about choice of the SaaS solution itself.
  • Step 3: Rewrite the Application. Some applications are redesigned to be cloud-native. In some cases, the cloud is an excuse to rewrite decades of old COBOL code that nobody understands. In other cases, features of the cloud enable an application to scale more, run faster, and deliver better services. Not all applications should be rewritten.

The Core Issue: Data. When thinking about moving the applications, what’s left is the actual data, and that is where company value truly resides. Some data moves with applications where it resides, but not all data is application structured. And that is the last challenge of cloud adoption—looking how data services can enable global, timely, and secure access to all data, whether it resides inside an application or outside of it.

The Role of IT
Just what is the role of the central IT organization, and is there a single strategy for IT? Not really.
The word “strategy” comes not from having a single plan that covers all applications, but from a comprehensive evaluation that should be done before choices are made and from having a unified set of services that ensure security, availability, and reliability of all those different environments.

Consider how IT organizations are evolving to become service brokers. For example, sometimes:

  • It makes sense to build a private cloud based on new converged (or hyper-converged) infrastructure.
  • It may go with the software-defined data center (SDDC), but that is more the case of when they have to deal with unknown external consumers instead of explicit requirements
  • IT organizations will broker services from public cloud providers such as AWS, Azure, GCE, or VirtuStreamThe alternative is so-called “shadow IT” where each application team attempts to manage their own applications without understanding the global impacts of their choices. In such scenarios, security is typically first to go and data protection follows closely.

I’ve written before how with move to public cloud, the responsibility of infrastructure availability shifts to the cloud provider. But that does not negate the need for a comprehensive data protection strategy.

You still need to protect your data on-premises or in the cloud from external threats such as ransomware or internally caused data corruption events (as the application is frequently the cause of corruption, not just infrastructure failures), or from the common (and sometimes embarrassing) “threat” of “I deleted the wrong data and I need it back.”

Companies weigh the costs and benefits of any investment. There are places where different types of infrastructure deliver the right answer. For IT to remain relevant, it needs to support different types of environments. IT’s future is in delivering better on-premises services, becoming a service broker, and ensuring that data is securely stored and protected.

Conclusion
The cloud is real and it is part of every IT team’s life. IT can be instrumental in the successful adoption of the cloud, as long as they approach it with calmness and reason—and an open mind. The goal isn’t to design the world’s greatest hybrid cloud architecture. It’s about choice and designing for application services instead of looking at servers and storage separately from the applications. There will be well-designed private clouds and public clouds that are better fits for specific applications. But the applications will dictate what works best for them; they will not accept a least-common denominator hybrid cloud.
In the end, hybrid cloud is not a goal in itself; it is a result of a well-executed strategy for applications and data.

SUBSCRIBE BELOW

Categories

Archives

Connect with us on Twitter

Click here for the Cloud Chats blog