Its 237 years since we got Independence…Are You Free?

This Independence Day there are mixed feelings about freedom and restoring rights. Data privacy and security have become a major concern for citizens, consumers and B2B companies. 

On July 4th 2013, thousands of people from over 50 cities across the United States will protest the surveillance methods used by the U.S. government. The campaign ‘Restore the Fourth’ is going to be held to raise awareness about the unconstitutional (in the spirit of the 4th amendment) methods of surveillance used by the U.S. government.

Privacy and security has become a big concern, even in the B2B context. Especially with new technologies emerging, companies are rushing to get on the cloud and moving most of their data onto servers controlled externally. And as mentioned in an earlier post, “in real life: if you put all of your data on servers someone else controls, then you can bet that someone will be looking at it." 

Forrester Research came out with an interesting interactive depiction called the ‘Global Heat Map’ on data privacy and protection.

People and organizations need to understand that the more information they share, distribute and circulate online, the more likely it is to be susceptible to external scrutiny. If data or information is publicly shared or even through a network, care must be taken to have security measures in place to protect it from being manipulated or misused.

So, this Independence Day, let us…

Be aware of our rights

Be proactive about protecting our data

Be positive in leveraging the power of technology

On a Lighter Note - Fun Facts about July 4th

• In July 1776 - 2.5 million is the estimated population in the newly independent nation.
• In July 2013 - 316.2 million is the estimated population of the U.S.
• There were 56 people who signed the Declaration of Independence.
• On July 4, 1776 - Only John Hancock actually signed the Declaration of Independence. All others signed later.
• Originally, the stars on the national flag (arranged in a circle) denoted the equality of all the colonies.
• “If Benjamin Franklin had his way, the turkey would have been the animal on the flag instead of the bald eagle.”
• “Barbecue is big on Independence Day, with more than 74 million Americans planning one. We eat around 150 million hot dogs and buy around 700 million pounds of chicken.”
• $3.6 million of American flags are imported to the U.S. each year, with most of them coming from China.
• Fireworks originally invented in China, is now a tradition on July 4th. In 2011, US imported $232.3 million worth of fireworks.
• The National Anthem tune was originally used in an English drinking song called ‘To Anacreon in Heaven’.

Now to fire up the barbecue and celebrate…

Happy Independence Day!

Chekhov’s Law and “The Notorious Nine” of Data Security

In a recent post on the Six Pixels of Separation blog by Mitch Joel, there was an interesting analogy where data security is compared to Chekov’s law…

Here is an excerpt, 

"The Snowden revelations of massive spying on the American population (and indeed: on anyone who uses Facebook, Google, Yahoo etc) made me think of Chekhov's law. If a gun is hanging on the wall in Act I, it better go off by the end of the play. And in real life: if you put all of your data on servers someone else controls, then you can bet that someone will be looking at it." 

With a rush to get on the cloud, organizations are moving most of their data onto servers controlled externally. The Cloud Security Alliance (CSA) has defined the top nine threats of cloud computing named “The Notorious Nine”.

1. Data Breaches - A single imperfection in the design of a multi-tenant cloud service database or client application could be a threat to data security, not only for clients but for every other client connected as well.
2. Data Loss – There are many ways data could be lost on a cloud server, either because of hackers, due to negligence of the cloud service provider or natural disasters. The added challenge is of encrypted data which could be lost if the encryption key is misplaced.
3. Service Traffic Hijacking – There is a threat of hackers getting hold of credentials. With this information they can eavesdrop on transactions, falsify information and manipulate activities. An example of such a situation was evident in the case of the XSS attack on Amazon in 2010, which led to hackers hijacking credentials to access information on the site.
4. Insecure Interfaces and APIs – In order to enable cloud management and monitoring, IT administrators rely on interfaces and APIs that play an important role in availability and security of cloud services. As third parties build interfaces there is a threat to organizations as they have to disclose their credentials to facilitate cloud integration and management.
5. Denial of service ranks – For customers who are billed based on disk space consumption and compute cycles, DoS outages could cost them. Hackers may cause excessive consumption of processing time, making it to too expensive for companies to run, which they eventually will have to bring it down themselves.
6. Internal Threats – Insiders with critical information and access, and those with malicious intent may pose to be a threat. With access to networks, systems and valuable data, the system is vulnerable to insider attacks.
7. Cloud Abuse – Cloud service providers need to be cautious of identifying hackers who intend to launch attacks, share pirated software and promote malware.
8. Lack of Due Diligence – Many organizations are moving to the cloud without complete understanding of the associated risks in the cloud environment.
9. Shared technology vulnerability – Cloud service providers share applications, platforms and infrastructure to operate in a scalable manner. This poses as a threat if they are not designed to have robust isolation properties required to protect data in a multi-tenant architecture model.

The CSA suggests that in order to maintain data security, organizations need to protect their credentials by prohibiting sharing and introducing authentication techniques, and they need to have due diligence on the implications and risks involved in cloud adoption, integration and management.

Therefore, organizations need to wary of the fact that if they are placing critical information on the cloud, it is  a possibility that someone may be looking at manipulating it and they need to be well prepared to strongly protect invaluable data.