08/04/2017 How Cloud will change IT, look at Microsoft

     Microsoft is planning to reorganize it's global sales staff to focus on selling cloud software. What does this mean to your business? More and more enterprises will outsource their data centers or move them to the cloud. IT staff that are responsible for purchasing hardware and software will shrink drastically. Executives that fight the cloud and focus on cost heavy, traditional systems will either change their tune quickly or become a relic.



08/03/2017 New virus doesn't a file during infection

     Anti-virus company Trend Micro detected new malware called JS_POWMNET that uses a fileless infection chain. A fileless infection chain never saves a file to the machine and makes it harder to analize via sandbox. It is unclear whether users unknowingly download it or other malware drops it onto the infected machine. Regardless of how it gets in, an autostart registry entry receives a url to fetch malicious JavaScript. This enables the regsrvr32 to execute arbitrary scripts without saving the xml file to the computer. The malicious script then downloads TROJ_PSINJECT which runs a Powershell script which downloads an encrypted file called "favicon." Then, finally, the favicon is decrypted so it can load up its payload. To protect against fileless malware, experts recommend segmenting their networks to limit access and to disable Powershell if they don't use it.



07/26/2017 The public cloud is fast becoming a strategic tool

     There is a shift among forward thinking CIOs; they are no longer looking at the cloud to cut cost but an opportunity to get out of the business of managing data and focus on strategic, business projects. CIOs think of the cloud as a way to develop software quicker by embracing flexible devops and design-thinking philosophies. The public cloud enables these changes and are reflected in the revenue of public cloud services companies.



07/25/2017 Cloud based analytical systems becomes the tipping point for business

     Many enterprises need big data analytics for their business intelligence but many balk at the high costs until now; Cloud computing makes the need for massive, in house infrastructure obsolete. Many enterprises are making the paradigm shift to the cloud? Here are some reasons why.

     Big data requires massive expenditures in infrastructure, computing power, and most of all, time. Cloud based offsets this by minimizing the burden on in-house IT to purchase and manage the infrastructure. For the most part, all the IT department needs to provide is an internet connection and an ordinary PC.

     Cloud is ideal storage facility for all the generated data. Cloud not only saves money on the storage but also on the specialized equipment and infrastructure involved in housing the storage. This allows the data scientists to focus on high-end data analytical issues rather than developmental teething issues.



07/22/2017 Two cloud security myths

     When it comes to cloud security, there are two main groups out there: those that believe that the cloud is systemically unsafe, and those that believe the cloud is unhackable. They are both wrong and cloud security isn't as black and white as some would have you believe.

     With the proper planning, your data will likely be more safe in the cloud than in traditional systems. Remember that with all the data breaches that have been reported in the last few years, no cloud vendors have been involved. The reason is that the cloud providers are proactive and update their security constantly. Most traditional, on site systems have outdated security and tend to be reactive when it comes to security.

     Just because your cloud vendor proactively take precautions doesn't mean that you don't have to do your part when it comes to security. Nothing is completely secure; less penetrable doesn't mean impenetrable. You need to be concerned with identity and access management (IAM), multifactor authentication and encryption. The biggest factors in cloud security are usually related to people: simple passwords, keeping passwords written down everywhere, and sharing same passwords for multiple accounts.

     Cloud security depends on how much time and resources you spend planning out your cloud strategy. Cloud security is not an all or nothing approach.



07/20/2017 Cloud is safer when it comes to cyber attacks

     WannaCry ransomware hit last month and Petya hit a couple of weeks ago; they both took advantages of security issues in older operating systems that allowed them to spread. Yet, in the past few years, no major cloud were affected by this type of attack.

     Cloud providers are less likely to be breached because of many reasons; multiple layers of security, pro-active monitoring of activities, and automatically applying security patches behind the scenes. Very few companies have the resources to keep up with their security needs and can't keep up with the ever changing environment. While it is true that the cloud had some outages, but no major cloud provider has been affected by malware attacks in the last few years.



07/19/2017 Ransomware on the rise

     On May 12th, WannaCry hit networks around the world, locked up computers and held them ransom. WannaCry hit fast and spread quickly around the world including government entities. Health organizations, utilities, small and large businesses were all hit; no was was immuned.

     WannaCry exploits a vulnerability initially discovered by the U.S. National Security Agency called EternalBlue. This encrypts data stored and the computer and then demands hundreds of dollars for the decryption key. WannaCry also uses a timer that when it runs out, data is lost for ever. WannaCry also has the ability to spread quickly to other computers which allowed it to be quickly identified.

     How do you protect ourselves from this type of threat? Keep your computers up to date with the latest security patches and update legacy OS's like Windows XP. Also employ an endpoint management solution that will help prevent intrusions into your network. There are plenty of products on the market that will help you with this, but selecting the right one that fits your specific needs aren't easy so you need to do your homework.



07/18/17 Don't jump on the cloud band wagon just yet

     We're hearing and reading all the hype about the "Cloud," and cloud services. Nowadays, there are many reports and articles on how cloud computing and cloud services will provide opportunities to save on IT costs and although it may, there are some caveats.

     Before jumping into the cloud, there is alot of issues that need to be addressed. First and foremost is to list out what your business needs are. What type of software will you be running? What are your security concerns? How will the services be accessed? How will all this new technology work with your existing IT environment?

     About half the companies that adopt cloud technologies without planning end up jury rigging their old IT environment with cloud technologies and spend year(s) stabilizing their hybrid environment.



07/16/2017 Cloud computing and security breaches

     In today's high tech environment, you can't go a day without hearing in the news that yet another company has been hacked and data has been stolen. Even more ominous are the headlines that government entities are involved in the hacks. Much of the stories involving data breaches have been tied to information stored on the cloud; given the trend to move to the cloud, it is even more critical that your cloud solution addresses these security concerns. The good news is that if planned correctly, these security concerns can be mitigated. There are 3 areas that you need to consider in order to address your security concerns: security measures, data protection and data center security procedures audit rights.

     Security measures can include industry standard certifications such as SAS 70 or PCI Security. If industry certifications will not meet your security needs, you need to discuss your specific needs with the cloud vendors. Also ask where the data centers are physically located since it may impact governing law and jurisdiction in case there is a dispute. Your organization may also have regulations that require your data be held in US locations only. Also ask what the procedures are in case of a data breach. How will you be notified? will you be given the nature of the breach? What information was compromised?

     Data protection should include backup plans for your data as well as access to your data at all times. One overlooked detail is who owns the data; you should clarify that you maintain ownership of the data. Furthermore, it is important to ensure that your agreement contains provisions for the cloud vendor to provide a complete copy of all your information and data upon a written request. Vendors may charge a fee and the fee should be determined upfront. Retrieving your data in the event that you terminate your business relationship with your vendor should also be clarified.

     Lastly, your organization should have the ability to conduct an audit of your cloud vendor to ensure compliance with your security needs. This will allow your organization to be proactive in minimizing security risks. Unfortunately, data breaches aren't going away anytime soon so your organization needs to be doing everything possible to mitigate your exposure.



07/11/17 Three mistakes enterprises make with the cloud

     Companies are too eager to move to the cloud due to all the hype surrounding the cloud. When deciding on moving to the cloud, careful planning is necessary. Here are some of the most common mistakes companies make.

     Moving computing resources on the cloud while keeping the data in-house; your valuable data can be will face greater security risks and you will have slow access to your data since the data has to travel from your data center to the cloud.

     Firing your current IT staff before making the full transition to the cloud; the transition to the cloud may take a year or more and you will never completely get all your applications on the cloud.

     Your ROI will fall short of your expectations because of all the hype over cloud computing. Your return will vary a great deal depending on how you plan, transition and train your IT staff to cloud computing.