Most users of Office 365 or SalesForce or Slack, or any other SaaS app, engage via the software to get their work done. But they also generally have control – and lot of control in some cases – over settings. Something that would have been previously handled by an IT Admin. They also might have influenced, or have even made, the decision to sign up for an app in the first place. In other words, in addition to using SaaS apps, end users have also assumed roles in assessing and administering them. This shows how the “democratization of IT” has not only put technology into more hands, but it has also expanded responsibilities. In many ways, we all need to be virtual CIOs now, if not virtual CISOs. In the remainder of this article, I will raise some basic questions about the security of SaaS apps. In particular, authentication, encryption and administration. In a follow-up article, I will discuss the security profile of SaaS companies and more about their own infrastructure. The SaaS security topic closest to end users is passwords and authentication, but the challenges are numerous. Users not only continue to be careless; they have reason to be confused.
Virtually all business-relevant data is produced as a stream of events. Sensor measurements, website clicks, interactions with mobile applications, database modifications, application and machine logs, stock trades and financial transactions… all of these operations are characterized by continuously generated data. In fact, there are very few bounded data sets that are produced all at once instead of being recorded from a stream of data. If we look at how data is accessed and processed, we can identify two classes of problems: 1) use cases in which the data changes faster than the processing logic and 2) use cases in which the code or query changes faster than the data. While in the first scenario we are dealing with a stream processing problem, the latter case indicates a data exploration problem. Examples for data exploration use cases include offline data analysis, data mining, and data science tasks. The clear separation of data streaming and data exploration problems leads to the insight that the majority of all production applications address stream processing problems.
Even before the cyber war we were being overwhelmed with data. The average citizen is surrounded with information from TV, radio, entertainment, the Internet, social media, co-workers, neighbors, family, schools, the government as well as old sources like books, magazines, newsletters and newspaper. This overwhelming deluge of information is a mix of reporting that includes both valid insights and specious reporting meant to appear to be valid. Yes, some of what we are being subjected to is total baloney! But now on top of that we are being actively attacked by both cyber attacks and deceptive propoganda from hostile foreign powers. So, like it or not you are a soldier in this fight. In fact, you are the first line of defense. Your weapon in this war, your brain, is our greatest sense of hope. Your brain is what can keep you from getting deceived and what can help you configure your systems at home and work to thwart cyber attacks. It is also the only real way to make sense in this world of information overload and hostile foreign power deceptive operations.
While Facebook is not technically required to comply with the GDPR for data on Americans residing in the US, several of its current policies fall significantly short of the upcoming GDPR protections. Consumers have the right to be forgotten. This means that if asked, companies must erase all personal data, in their own databases and in the databases of any third parties to which information has passed. Not only does Facebook acknowledge the difficulty of deleting data once it leaves their platform, but it also places the onus on consumers to ensure erasure. In the case of third-party apps accessed by a Facebook login (the cause of the current Facebook nightmare), consumers are given a user number and instructed to contact the app developer directly to delete any personal information collected from the Facebook platform. Under GDPR, Facebook would be directly responsible for the deletion of information from all databases, internal or external. The inability to accomplish this would be a clear violation.
Preventing malicious insiders and skilled attackers that manage to get in through the front door from walking back out the door with a company’s crown jewels has gained renewed emphasis, with Google’s DLP API removing many of the barriers to companies being able to implement enterprise-grade filtering, from OCR’ing of image content to contextual detection. One-click statistical outlier detection makes it easier for companies to identify inadvertent holes in their anonymization workflows. Third party partnerships offer countless additional services, while improved auditing allows total visibility into all access of a company’s data. Amazon and Microsoft have similarly invested heavily in helping their customers build security-conscious applications and infrastructures that are designed for today’s world, rather than the quaint naïve blind trust of yesteryear’s web. Moreover, the major cloud vendors’ global footprints mean companies can mitigate their physical risk as well by distributing their applications geographically, allowing for seamless continuity of operations even in the face of natural or human disasters.
Malware creation then went through one of its periodic developmental droughts. But that all changed in 1982, when Elk Cloner made its appearance, and a new wave of viruses began to rise. “With the invention of the PC, people started writing boot sector viruses that were spread on floppies,” Zone Alarm’s Skyler King told Digital Trends. “People who were pirating games or sharing them on floppies [were being infected].” Elk Cloner was the first to use that attack vector, though it was completely benign, and not thought to have spread far. Its mantle was picked up four years later by the Brain virus. That piece of software was technically an anti-piracy measure created by two Pakistani brothers, though it had the effect of making some infected disks unusable due to timeout errors. “Those were kind of the first viruses as we would consider them,” King said. “And they were propagating so that if you put in a floppy, they could copy to it, and spread that way.” The change in attack vector was noteworthy, because targeting a system from a different angle would become the hallmark of new malware in the years that followed.
With the release of Windows Server 2019, Microsoft rolls up three years of updates for its HCI platform. That’s because the gradual upgrade schedule Microsoft now uses includes what it calls Semi-Annual Channel releases – incremental upgrades as they become available. Then every couple of years it creates a major release called the Long-Term Servicing Channel (LTSC) version that includes the upgrades from the preceding Semi-Annual Channel releases. The LTSC Windows Server 2019 is due out this fall, and is now available to members of Microsoft’s Insider program. While the fundamental components of HCI (compute, storage and networking) have been improved with the Semi-Annual Channel releases, for organizations building datacenters and high-scale software defined platforms, Windows Server 2019 is a significant release for the software-defined datacenter. With the latest release, HCI is provided on top of a set of components that are bundled in with the server license. This means a backbone of servers running HyperV to enable dynamic increase or decrease of capacity for workloads without downtime.
Software-defined wide access networks (SD WANs) are becoming widespread, and for good reason. SD WAN products are cheaper than standard network equipment, as are the operational costs associated with adding new sites to the network. In addition, the benefits of intelligently managed traffic also increase both business operational efficiency and user experience. However, as onsite IT infrastructure becomes a thing of the past, business owners and CTOs still need to stay on top of their game when it comes to security issues. Although SD-WANs use 256-bit encryption as a standard (i.e. protecting data with a key that would be too long for hackers to crack, even with the most powerful computer), they are not immune to being breached by sophisticated cyberattacks. If you haven’t already, you should speak to your SD WAN provider to find out what specific security is in place on your network. Keep in mind, different vendors will provide slightly different security technologies.
Enterprises are very much on the lookout for any signs of critical data being stolen or encrypted in a ransomware attack. Cryptojacking is stealthier, and it can be hard for companies to detect. The damage it causes is real but isn't always obvious. The damage can have an immediate financial impact if the crypto mining software infects cloud infrastructure or drives up the electric bill. It can also hurt productivity and performance by slowing down machines. "With CPUs that are not specifically made for crypto mining, it could be detrimental to your hardware," says Carles Lopez-Penalver, intelligence analyst at Flashpoint. "They can burn out or run more slowly." Cryptojacking is in the early stages, he added. If a company spots one type of attack, there are four or five others that will get by. "If there's something that could potentially stop crypto miners, it would be something like a well-trained neural network," Lopez-Penalver says. That's just what some security vendors are doing — using machine learning and other artificial intelligence (AI) technologies to spot the behaviors that indicate crypto mining, even if that particular attack has never been seen before.
Though suppliers are building secure systems, that’s just one step along the way, Snitkin noted. “That’s where these small companies in particular are hurting,” he added. “There’s no way those small companies can get the expertise to maintain these things.” To be as secure as big companies, the small guys need to accept a different strategy in which they rely more heavily on outside services, he argued. “Vulnerability could be completely outside the scope of what these companies are doing,” Nassar added. “Small companies don’t have a chance at all to get the internal competence to a level they need,” Bosch said, adding that the same is true to some extent for larger organizations. Part of the effort to improve security comes through collaboration—among vendors, customers and more. It requires an ecosystem rather than one vendor solution, commented Sami Nassar, vice president of cybersecurity at NXP Semiconductors.
Quote for the day:
"Leadership is the art of giving people a platform for spreading ideas that work," -- Seth Godin