Posts Tagged ‘Spanning’

2016: Year of the Cybercriminal

Brian Heckert

Principal Content Editor, Dell EMC
My first long-term exposure to technology was the typewriter. I still love that invention, which really sparked my interest in writing. For the past 20 years, I have worked in high tech as a content development specialist, marketing writer, and documentation editor. Prior to working in the software industry, I was a journalist, photographer, photo editor, and military fire fighter. After hours, I enjoy spending time with family, reading, and hiking in the mountains.

cyberattackUS$1,000,000,000. That’s the estimated cost of ransomware to individuals and businesses in 2016. In the first quarter of 2016 alone, ransomware cost organizations US$209 million. Keep in mind that ransomware is just one type of cybercriminal activity. Although final numbers for 2016 are not yet known, based on the frequency and sophistication of the attacks so far, it’s likely that 2016 will end up as the most lucrative year on record for cybercriminals. The latest numbers show that there were more than 2 billion records leaked in 2016.

Here are just a few of the biggest cyberattacks in 2016:

Government
Even the U.S. government is not immune to cyberattacks. In February, the Department of Justice was attacked by hackers who published contact information of 20,000 FBI employees. That was just a day after the same hackers posted contact information of 10,000 Department of Homeland Security employees. Shortly after these attacks, the cybercriminals taunted the Feds, stating that they did what they said they would do.

High tech
Data from at least 500 million user accounts was stolen from Yahoo! users. The cybersecurity breach actually occurred in 2014 but was only confirmed by Yahoo! this past September. According to Yahoo!, “The account information may have included names, email addresses, telephone numbers, dates of birth, hashed passwords (the vast majority with bcrypt) and, in some cases, encrypted or unencrypted security questions and answers.”

Healthcare
Hospitals operated by the $5 billion healthcare provider MedStar Health were attacked by ransomware in March. Thousands of patient records could not be updated and in some cases could not even be accessed by healthcare staff. As a result, patients were turned away or were treated without important computer records.

Education
A data breach at the University of California, Berkeley, affected the institution earlier in the year, compromising the financial data of 80,000 students, alumni, employees and former employees. The hackers exposed Social Security and bank account numbers. The breach occurred when software was being patched.

No organization is immune
The attacks just mentioned are just a few of the thousands of cybercrimes that occur worldwide each day. Government, high tech, healthcare, education, etc.—no one is immune from a cyberattack. Cleary, if you’re connected, you’re vulnerable. Fortunately, there are precautions you can take to prevent a cybersecurity disaster. According to the Federal Bureau of Investigation (which is the lead federal agency for investigating cyberattacks), you can protect yourself and your organization from cyberattacks by: (more…)

Data Sovereignty in the Cloud

Mat Hamlin

Director of Products for Spanning by Dell EMC
Mat is the Director of Products for Spanning by Dell EMC. He is responsible for the overall direction and strategy for Spanning's suite of SaaS backup and recovery solutions. His career in technology spans five startups and two large organizations, all in Austin, TX. Mat started out in product support and training, then engineering leadership and for the past nine years has been focused on product management and product marketing. Prior to joining Spanning, Mat served as Sr. Product Manager for SailPoint Technologies and Sun Microsystems, contributing to their market-leading enterprise identity management solutions.

The requirement to comply with data protection and privacy laws, like the EU’s General Data Protection Regulation (GDRP) and Australia’s privacy laws, drive the need to evaluate where enterprise organizations are storing their data in cloud data centers. If your organization hosts your own data centers, this can be challenging if you are multinational, but it can be just as difficult when you rely on SaaS providers to manage your data since the control of your data destination is a bit out of your hands.

dp-compliance

If you’re using a SaaS application, such as Office 365 or Salesforce, and are backing up your data with a third-party backup provider, there are many factors to consider as you evaluate your data protection strategy. Understanding the regulations and requirements first and then considering how the providers handle your data are both important.

What privacy laws apply to my organization?
As you build a cloud and data protection strategy, start by evaluating the privacy laws that apply to your data and corporate policies, and compare that against your SaaS provider’s offering, including the primary data storage location and their replication strategy.

My strong suggestion is that you work directly with your audit, compliance and legal teams to ensure you fully understand the regulations that could be applied to you directly or indirectly through business relationships with organizations in other regions.

Generally, global privacy and data protection laws provide strong frameworks and mechanisms to transfer personal data to other countries and economic regions if required, but the regulations are typically strict and the penalties can be costly. As a result, many organizations decide to enforce data governance policies that ensure data remains within defined boundaries. (more…)

Ransomware 101

David Tye

Product Marketing Manager
As a recent graduate from Sacramento State University I am able to take what I have learned in school and apply it to the high tech industry and the problems companies are facing today. I am a California native, die hard Green Bay Packers fan, and an outdoor enthusiast.

Latest posts by David Tye (see all)

Ransomware is a worldwide phenomenon that is affecting users all around the globe. According to a recent study published by McAfee Labs, ransomware growth increased by 58 percent for the second quarter of 2015. For all businesses, small or large, the question is not “Will I be a victim of ransomware?” Instead, the question everyone should be asking is “Will I be prepared when ransomware attacks?” That said, falling victim to a ransomware attack is not the end of the world if you have a proper backup policy in place.
ransomware

Ransomware first arrived on the scene in 2005. The first known ransomware strain was The Trojan.Gpcoder, which affected Windows operating systems.  Ransomware is comparable to humans in that it comes in all shapes, sizes, and colors. Ransomware attacks once used screen pop-ups that would notify users of the attack and the amount of money required to unlock a computer. Today’s ransomware attacks are more sophisticated than ever and use “unbreakable encryption.” That usually means if you do not have your data backed up you will not be seeing that data again (AKA you’re toast)—unless you pay the ransom. And paying the ransom does not guarantee that you will gain access to your data.

Ransomware can infiltrate and spread through your systems in a matter of minutes; all it takes is one wrong click. This type of malware typically enters a network through its weakest link, normally social media or an email with an infected link or attachment. Ransomware is an effective form of cybercrime because the attackers can instill both fear and panic in their victims. But there are other reasons as well: ransomware is easy to create and deploy. The good news is that we can all fight this sort of cybercrime with a thorough backup plan.

(more…)

Security or Protection: Which One?

Vladimir Mandic

Chief Technology Officer & Distinguished Engineer Data Protection Cloud, Core Technologies Division, Dell EMC
Vladimir has been driving technical innovation and change within EMC for the past 10 years, first in the area of data protection software and, currently, in cloud technologies. Prior to that, he’s had rich industry experience as a solution integrator and in the service provider space. When not working on technology innovation, he may be difficult to locate due to his passion for world travel.

Latest posts by Vladimir Mandic (see all)

security-protection-vlad-1Ransomware
A long time ago I heard an anecdote that the highest level of security certification was given to a system that sat in a secure room and was isolated from a network. Today we live in a connected world, and that creates much bigger surface areas for security threats. As much as IT organizations would like to limit exposure, users expect unlimited access to both business and personal email, to be able to work with attachments, to surf the web, and to interact on social media.

Pandora’s Box has been opened security-protection-vlad-2.jpg
Although risk cannot be completely eliminated, it can and should be managed. In parallel, ransomware has emerged as a top cyber threat to business. The number of attacks and their complexity is unparalleled. These are not simple drive-by threats (such as a random user visiting a site that contains malware); instead, they are custom-designed to bypass an organization’s perimeter security and target specific high-value data sets.

The combination of open access and more advanced threats is something that requires far more attention!

Many organizations derive a false level of confidence from their investment in perimeter security: firewalls, authentication/authorization, antivirus solutions and encryption over-the-wire. When assessing security and protection, however, assume that the perimeter has been breached! The breach point is already beyond antivirus software and firewalls; it is now within authenticated systems where encryption becomes transparent. Do you know what your level of protection is?

How big is a Ransomware threat?
• Ransomware has headlined on FBI, DHS, DOJ, and NSA lists in 2016 and triggered multiple US Senate and Homeland Security questions that have resulted in FBI, DHS, and DOJ responses.
• It’s growing fast: At the end of Q1 2016, 93% of all phishing emails contained encryption ransomware. That’s a 763% increase year over year!

First, let’s look at the infrastructure
If you do control the infrastructure, be sure to take advantage of Isolated Recovery Solution (IRS) for systems such as EMC VMAX and Data Domain. IRS ensures that (a) you have a replica of your storage for fastest recovery, and (b) replication is enabled over a link which is air-gapped when replication is not occurring. That way, any corruption of primary data can quickly be recovered from an unaffected replica copy.

If you outsource your infrastructure (for example, by using the public cloud), does that mean security is no longer your responsibility? Remember, an IaaS provider takes responsibility for infrastructure availability and resiliency, but not for data validity. That means protecting your data on your core systems is your responsibility.

Regardless of the location or ownership of the infrastructure, you should be asking yourself these questions:
• Does it matter if we (or the provider) have certification XYZ.123 or not?
• In case of compromise, how do we recover data?
• Do we have a clean copy of the data that is isolated?
• How quickly can we recover?

Second-level safety is provided by having a well-designed data center protection strategy, including a backup solution, which provides an additional level of isolation for your data. That data should be secure and immutable, and it should be available for quick recovery to any point in time. Solutions such as EMC NetWorker or Avamar data protection software together with EMC Data Domain protection storage provide this level of protection. (more…)

Education IT and the Cloud: 5 Parachutes to Pack as You Jump Into the Cloud

Lori Witzel

Product Marketing Manager, Spanning by EMC
Lori Witzel is a Salesforce MVP, has worked with and for SaaS companies since 2005, and has been sharing info with, listening to, and learning from tech users ever since. She is currently PMM for Spanning Backup for Salesforce, as well as PMM for Spanning Backup for Google Apps. Prior to Spanning Backup, Lori worked for various early-stage Cloud start-ups, mid-sized middleware providers, and ed tech firms, and she’s always eager to learn more. Lori's profile on LinkedIn: https://www.linkedin.com/in/loriwitzel

A growing number of K-12 and Higher Ed IT teams are adopting cloud and SaaS applications like Google Apps for Education or Microsoft Office 365 Education. The reasons are as varied as the school, district, or university – but in every case, these adoptions represent significant change within the organization.
education-cloud

Some of the reasons that education IT is moving to the cloud are that the cloud:

  • Increases collaboration. Through cloud computing’s ease of cross-classroom, cross-department, and cross-institution collaboration, instructors, staff, and students can work together in new and creative ways. Since collaboration is a significant component of Common Core, there’s increased interest among K-12 districts in exploring ways to use SaaS and cloud.
  • Supports innovation. By using cloud-based applications and systems, it’s easier for Higher Ed to open their technology infrastructure to business and industry research partners, fostering collaboration towards innovation and research.
  • Helps resource management scale. Cloud computing can help K-12 and Higher Ed manage ever-growing resource demands. Cloud and SaaS vendors manage most aspects of the required infrastructure, an infrastructure that used to need management on-premises by the IT team. Those vendors’ infrastructure is at a scale that produces efficiencies for their customers, whose resources can be freed up for new IT projects.
  • Reduces on-premises infrastructure risk. Cloud vendors are multiply redundant, security-hardened, FERPA-ready, and provide robust security infrastructures that reduce the risk and the impact of hardware and infrastructure failure. On-premises systems can be similarly hardened, but require resources for infrastructure and risk management.

In short, the cloud offers education IT and the institutions they support powerful benefits. Whether your school is evaluating a move to the cloud, or has decided to move, there are five best practices every K-12 or Higher Ed IT team should be prepared to implement. (more…)

SUBSCRIBE BELOW

Categories

Archives

Connect with us on Twitter

Click here for the Cloud Chats blog