pc today magazine data in cloud - february 2012

8/2/2019 PC Today Magazine Data in Cloud - February 2012

1/80


2/80
http://www.supermicro.com/superworkstations


3/80

Product Coverage Inquiries

[email protected]

(800) 247-4880

131 West Grand Drive

Lincoln, NE 68521

Circulation

(To adjust your bulk order or to

request racks.)

[email protected]

(800) 334-7458

Customer Service

(For questions about your sub-

scription or to place an order or

change an address.)

[email protected]

(800) 733-3809

FAX: (402) 479-2193

PC TodayP.O. Box 82545

Lincoln, NE 68501-5380

Hours

Mon. - Fri.: 8 a.m. to 6 p.m. (CST)

Online Customer Service

& Subscription Center

www.pctoday.com

Authorization For Reprints

(800) 247-4880

Copyright 2012 by Sandhills

Publishing Company.

PC Todayis a registered trade-

mark of Sandhills Publishing

Company. All rights reserved.

Reproduction of material

appearing in PC Today is strictly

prohibited without written

permission. Printed in the U.S.A.

GST # 123482788RT0001 (ISSN

1040-6484).

PC Todayis published monthly

for $29 per year by Sandhills

Publishing Company, 131

West Grand Drive, P.O. Box

85673, Lincoln, NE 68501-5380.

Subscriber Services:(800) 733-3809.

POSMASER: Send address

changes to PC Today, P.O. Box

82545, Lincoln, NE 68501

Scan this

QR Code

with yourmobile

smartphone

to see our

Web site.

Table Of Contents

ON THE COVER

Data In The CloudDaaS (data as a service) is

not a new concept, but along

with the boom in other cloud

services, including SaaS (sot-

ware as a service) and IaaS

(inrastructure as a service),

DaaS is enjoying an upsurge

in the enterprise. Turn to

the Essential Business Tech

department to fnd out more

about DaaS and how such a

cloud-based system can bring

order and consistency to the

data your company relies on.

IN THIS ISSUE

10 Essential

Business Tech

Technology

intelligence

or executives,

proessionals, and

entrepreneurs

38Mobile

Ofce

Highly useul

inormation

or conducting

business on

the road

64 Personal

Electronics

Electronics,

services, and

helpul advice

or home

and leisure

68 Business

Travel 911

Fast tech

support

especially or

traveling

proessionals


4/80

IN BRIEFTECHNOLOGY NEWS

the acquisition o Merced, NICE will

gain more than three dozen large

clients, including Bank o America,

BT, the Coca-Cola Company, and Mer-

rill Lynch.

SEAGATE NOW OWNSSAMSUNGS HARDDRIVE BUSINESS Seagate, a hard drive manuacturer

and storage solutions provider, has

completed its buyout o Samsungs

hard disk drive business. Completing

the transaction will involve bringing

certain Samsung assets, inrastruc-

ture, and employees under Seagates

wing in order to drive scale and

innovation, according to Seagatespress release on the matter. The

strategic relationship will open new

opportunities or the two compa-

nies by mutually complementing

each others creative technology so-

lutions or a broad diversity o IT

applications, said Oh-Hyun Kwon,

vice chairman o device solutions o

Samsung Electronics. Seagate, which

says the buyout will expand its reach

in Brazil, China, Germany, Russia,

and Southeast Asia, puts the com-

bined value o the acquisition near

$1.4 billion.

BEST BUY ACQUIRES ITOUTSOURCING BUSINESS Early in January, Best Buy com-

pleted its acquisition o the Wal-

tham, Mass.,-based mindSHIFT

Technologies. This move will comple-

ment the business support oerings

Best Buy provides through its Geek

Squad and Best Buy For Business

brands. With an eye toward the lucra-

tive MSP (managed service provider)

market targeting SMBs, Best Buy

will operate mindSHIFT under its

current name, management team,

and capabilities, according to a com-

pany press release.

NICE TO BUY U.S.PERFORMANCEMANAGEMENT COMPANY NICE, an Israeli workorce manage-

ment company, recently announced

its plans to buy the Redwood Shores,

Cali.,-based Merced or a total con-

sideration o approximately $150 mil-

lion and an additional $20 million

in cash, according to a statement

rom NICE. With specialties in com-

pliance recording and customer care

systems, NICE has an impressive and

lengthy client list that includes AIG,

Cigna, Fiserv, and US Bank. With

IBM BUYS CLOUDCOMPANY DEMANDTEC IBM and DemandTec

have reached an agreement

to merge. IBM will acquire

the San Mateo, Cali.,-based

DemandTec or a cash pay-

ment o $13.20 per share or

about $440 million. Demand-

Tec oers cloud-based ana-

lytics apps and consulting

services or retail and other

industries. Its products andservices are designed to help

companies improve their mer-

chandising, marketing, and

planning eorts. IBM plans to

old DemandTecs capabili-

ties into its Smarter Commerce

initiative, which IBM identi-

fes as a $20 billion market, to

develop more ways to deliver

product inormation to con-

sumers while theyre making

buying decisions. Bringing

science to the art o pricing and

promotion is a big part o [the

Smarter Commerce] strategy,

said Craig Hayman, general

manager o industry solutions

or IBM, in a statement, and

the combination o Demand-

Tec and IBM will help mar-

keting and sales executives

in retail and other industries

drive more revenue and in-

crease proftability.

ERICSSON GROUP GROWS WITH TELCORDIA ACQUISITION Ercisson Group, with a stated vision o being the prime driver in an all-

communicating world, has expanded its workorce by 2,600 employees with

its $1.15 billion acquisition o Telcordia Technologies. Based in Piscataway,

N.J., Telcordia oers OSS (operations support systems)/BSS (business support

systems) products or a variety o large-scale industries, including health care

and fnancial services. According to Ericsson, Telecordia will be ully inte-

grated into Ericsson in a series o phases throughout 2012.

Samsungs hard drive business is

now under Seagates wing.

4 February 2012 / www.pctoday.com


5/80


HP ADDS BOXSTORAGE TO SELECTPC MODELS HP has worked out a deal

with online storage company

Box to bring Boxs cloud-

based content-sharing plat-

orm to HP Compaq 6200 and

6005 Pro Series PCs and HP

Compaq 8200 Elite Series PCs.

Box and HP are ocused on

helping redefne the way or-

ganizations manage and share

inormation in the cloud,said Box CEO Aaron Levie

in a statement. Together, we

can empower the next gen-

eration o knowledge work-

ers. According to Box, more

than 100,000 companies use

its service, to which Box has

recently added security, man-

agement, and other IT-

riendly eatures.

PATENT HOLDING COMPANY BUYS 4G PIONEER Patent holding company Acacia Research, based in Newport Beach, Cali., has

purchased the Dallas-based company Adaptix or $160 million. Founded in 2000,

Broadstorm was responsible or developing some o the early technology upon

which todays 4G wireless broadband technologies are based. Broadcom became

Adaptix and continued in the area o 4G development. Now, said Acacia CEO Paul

Ryan in a statement, Acacias acquisition provides our shareholders with a great

opportunity to participate in the worldwide growth o 4G wireless technologies as

Acacia continues to expand its patent licensing business.

Intel and Motorola Mobility have teamed

up or the development o multiple new

smartphones and tablets as part o a

multiyear deal.

with approximately 110,000 workers

around the world.

INTEL & MOTOROLA MOBILITYSTRIKE A SMARTPHONE DEAL Intel and Motorola Mobility have

cemented a deal that will put bothIntels mobile processor technology

and Motorolas device manuacturing

expertise on a ast track to market. The

two companies will work together as

part o a multiyear relationship that

will result in numerous new Motorola

smartphones and tablets using Intels

Atom processors and running the

Android platorm. Our long-term

relationship with Motorola Mobility

will help accelerate Intel architecture

into new mobile market segments,said Paul Otellini, president and CEO

o Intel, in a statement. Sanjay Jha,

chairman and CEO o Motorola Mo-

bility, added, With Android as the

leading smartphone OS globally and

advancements in computing tech-

nology we see tremendous opportu-

nity or the con-

verged devices

market.

APPLE CONFIRMS ANOBITACQUISITION With the $390 million buyout o

Anobit Technologies, Apple has con-

tinued its ongoing series o rela-

tively small acquisitions. Based in

Israel, Anobit manuactures the ashmemory component Apple uses or

its iPhone devices. In addition to the

manuacturing capabilities it gained

rom the deal, Apple gained a work-

orce o engineers. Aside rom con-

irming the acquisition, an Apple

spokesperson did not comment on

any other details o the acquisition.

GMAIL GETS MORE BUSINESSMANAGEMENT FEATURES

Ater acquiring Postini, an emailsecurity and compliance company, in

2007, Google began incorporating

some Postini eatures into its own

email service in 2011. Google recently

rolled out another set o Postini-related

eatures or Google Apps customers

using Gmail, mainly ocused on im-

proving compliance control and email

traic management. System admins

will be able to manage the new ea-

tures within the Google Apps con-

trol panel. Admins can, or example,

customize settings based on user

types and manage ooters. As part o

this rollout, GMS (Google Message

Security) will no longer be needed

or oered. In other Google news, the

company recently got a boost rom

State o Utah, which announced plans

to convert its productivity programs

to Google Apps or Government, and

(in Googles largest enterprise deal

to date) a contract rom Banco Bilbao

Vizcaya Argentaria, a Spanish bank

PC Today / February 2012 5


6/80

OUTBOX RAISESMILLIONS FOR DIGITALPOSTAL SERVICE BUSINESS Austin-based Outbox, a startup yet

to launch a website at press time, has

reportedly raised $2.2 million in seed

unding or its business, which aims

to digitize traditional postal mail and

deliver it to users tablets. Silicon Valley

venture capital irm Floodgate Fund

led the investment eort or Outbox,

which Harvard Business School grad-

uates Evan Baehr and Will Davis are

heading up. Statesman.com reported

that Outboxs service will accumulate

users mail at the post ofce, open and

scan it, and then store the mail in a

digital mailbox, all or ree. Revenuewould be raised via ad support. The

recent unding will go toward hiring

employees and fnishing product devel-

opment. Reportedly, Outbox will begin

testing the service this spring.

MAXYMISER ATTRACTS $12MILLION IN SERIES B FUNDING Maxymiser (www.maxymiser.com), a

provider o multivariate testing, per-

sonalization, and optimization products

aimed at helping businesses improvetheir ecommerce eorts, recently ob-

tained $12 million in new investments

rom Investor Growth Capital and its

Series A investors. The companys solu-

tions combine online testing and au-

tomated personalization elements into

a platorm that helps marketers make

appropriate changes to their websites.

The company stated it plans to continue

enhancing and broadening its opti-

mization solutions, as well as release

enhanced user interaces, including a

visual campaign builder.

CLOUDONS DOCUMENT-BASEDAPP PROVES TOO POPULAR The Silicon Valley-based startup

CloudOn (site.cloudon.com) recently

launched a ree sel-named app in

Apples App Store or the iPad that

enables owners to create, review,

and edit Microsot Word, Excel, and

PowerPoint documents. The app also

integrates with Dropbox to let users

save fles to a Dropbox account. Due

to the tremendous number o initial

downloads, CloudOn had to take the

app down. Shortly ater, however, it

relaunched the app and now has a

Status Page available to indicate the

apps download availability.


STARTUPS

LITHIUMTECHNOLOGIESNETS $53.4 MILLIONFOR SOCIALSOFTWARE EFFORT Lithium Technologies (www

.lithium.com), a provider o so-

cial CRM sotware or busi-

nesses, has $53.4 million in

Series D unding. The com-

pany, whose oerings include

a suite o integrated tools or

monitoring, hosting, and man-

aging social communica-tions, stated it will use

the unds to increase

sales and marketing

investments in new

and existing areas, as

well as invest in engi-

neering, new product

development, and

service delivery or

current customers.

NEA (New Enterprise

Associates) led theunding, which in-

cluded participation

rom SAP Ventures. In

a statement, Lithium an-

nounced NEAs Pete

Sonsini will join Lith-

iums board o directors. Lith-

ium president and CEO Rob

Tarko stated, Its clear that

brands will continue to go

social in an even bigger way

in 2012 and beyond. Its equal-

ly clear that Lithium is incred-

ibly well positioned to drive

this transormation.SUVOLTA ACQUIRES $17.6 MILLION FOR CHIP TECHNOLOGY SuVolta (www.suvolta.com), the Caliornia-based developer o a low-power IC (inte-

grated circuit) technology called PowerShrink, secured $17.6 million in venture unds

recently. PowerShrink is touted as being able to cut a chips power consumption by 50

to 90% without sacrifcing perormance, losing unctionality, or having to migrate to

a more advancedand costlysemiconductor process node. Fujitsu Semiconductor

Limited serves as a development and licensee partner to SuVolta, which states that its

technology can cut in hal the active power consumption o 65nm process technolo-

gies as well as reduce leakage power consumption by 5X or more.

CloudOns recently released app enables users to work with Microsot

Ofce documents on their iPads.



7/80
http://www.1and1.com/


8/80

GLOBAL PC SHIPMENTSINCREASE SLIGHTLY Comparing Q4 2010 with Q4 2011,

the research company Gartner ound

a 1.4% decline in worldwide PC ship-

ments. Gartner analysts cited a combi-

nation o reduced consumer demand

and increased prices (due in part to

hard drive shortages ollowing October

oods in Thailand) as probable reasons

or the decline in sales. Year over year,

however, global PC shipments were

up in 2011, albeit slightly; here, Gartner

reported a 0.5% increase in sales.

YOUR APPS &YOUR CUSTOMERS

I youre in the business o devel-oping smartphone and tablet apps

or your customers, keep in mind the

latest fndings rom Nielsen about cus-

tomer satisaction (or dissatisaction)

with mobile apps. In general, 51% o the

consumers Nielsen surveyed said they

dont mind advertising on apps as long

as they can access content or ree.

LTE TO SURGE,BUT HAS A LONG WAY TO GO LTE (Long Term Evolution) is the 4G

wireless technology that carriers have

been building into their networks in

earnest since 2010. Unheard o on con-

sumer devices only months ago, LTE

support is now making its way into

an increasing number o tablets and

smartphones (and even some laptops)

sold in the U.S., and LTE is now poised

or major growth. According to Juniper

Research, revenues rom LTE networks

worldwide will exceed $265 billion by

2016. Juniper says that high-end enter-prise users and other high-trafc sub-

scribers (such as those who requently

use email, Web browser, and video

applications) in North America and

Western Europe will drive the early

success o LTE.


STATS

TABLET USERS TURNING TO WI-FI According to a recent report rom

Connected Intelligence, an analysis branch

o The NPD Group, tablet users showed a

greater reliance on Wi-Fi connectivity rel-

ative to cellular connectivity as 2011 pro-

gressed. Taking survey results rom April

and October o 2011, Connected Intelligence

ound that about 65% o tablet users chose

Wi-Fi as the primary means o connecting to

the Internet in October compared to about

60% in April. That puts current usage on par

with how laptop users connect.

HTML5 ISON THE RISE On the ull-sized

Webthat is, sites you

visit using a browser on

a desktop computer

the videos, slideshows,

and animations that

you encounter oten

have been created using

Adobe Flash. Flash is a

non-starter on mobile

devices, however, and in

November 2011, Adobe

halted mobile Flash de-

velopment. That brings us

to HTML5, which Appleand other developers

have heralded as the op-

tion o choice or similar

video and animation on

mobile devices. With

mobile Flash out o the

picture, HTML5 is be-

coming a hyper-growth

technology, according

to Strategy Analytics. A

recent report rom the re-

search company indicatesthat 1 billion smartphones

with HTML5 will be sold

worldwide by 2013.

HOW B2B MARKETERS USE SOCIAL MEDIA Since 2006, Sagerog Marketing Group has been checking in with B2B mar-

keting and management proessionals to fnd out about their tactics and plans.

According to the most recent Sagerog

report, rom August 2011, 40% o

those surveyed said their companies

will increase their marketing budget

in 2012. Those surveyed plan to use

a variety o social media tactics, but

blogs and social networks still top the

list o preerred tactics with 34% and

66%, respectively. Here is a break-

down o the B2B sites they plan to use:

Notebook

Tablet

Spring 2011

Fall 2011

Spring 2011

Fall 2011

Wi-Fi vs Cellular Adoption

Wi-Fi Only Wi-Fi & Cellular Cellular Only

0% 20% 40% 60% 80% 100%

LinkedIn

Facebook

Twitter

YouTube

OnlineCommunities

Other

58%50%

43%

19%11%

3%



9/80

The Tech Info You Need, In Plain EnglishYou dont need to be an IT guru to buy and maintain computers and gadgets for your home or small office.

Smart Computingkeeps you up-to-date with plain-English articles that explain new technology and define

technical terms. Each issue includes news, tutorials, and step-by-step troubleshooting guides.

More than a typical magazine, Smart Computingis a reference tool. Benefit from the years of tech support

advice archived on our Web site as well as access to our Digital Editions from any Internet-connected PC.

Call (800) 733-3809 to subscribe!WWW.SMARTCOMPUTING.COM


10/80

DaaS (data as aservice) is ridingtechnologys coattailsto provide aster, moreefcient access to dataacross a wide range oneeds and disciplines.

DaaS provides not onlyace challenges o provid-ing clean, targeted data, butalso o educating potentialcustomers about the valueo the data and its deliverymechanism.

Granularity and otherimprovements thatboost the value odata delivery serviceswill continue to ex-pand the use andpopularity o DaaS.

Although most businessescan beneft rom DaaS, cer-tain business with specifcobligations around dataneed to be acutely aware othe circumstances arounddata delivery models.

KeyPoints

As A ServiceDaaS Grows With The Cloud

Data As the cloudslieline shits rom earlyevolution to businessrevolution, the question

is no longer i businesses

are using cloud services,

but how theyre using them.

ESSENTIAL BUSINESS TECHEXECUTIVES, PROFESSIONALS & ENTREPRENEURS



11/80


they need or a price that reects what

they actually use, Klopenstein ex-

plains.

MEETING THE DATA DEMANDInnovat ions in networking,

storage, and processing speed have

helped to create a nearly insatiable

demand or data that can be used

to help urther business goals. For

DaaS providers, this demand heaps

a virtual ton o challenges upon their

shoulders as they attempt to deliver

data quickly and accurately. Shion

Deysarkar, CEO and ounder o

Datainiti (www.datafiniti.net ), explains

that data storage, maintenance, and

deliverability all represent huge chal-

lenges or DaaS providers as data

volume expands and data consumers

Data, in particular, remains

as valuable in the enter-

prise as it always was, but

providers are discovering more

unique and useul ways to deliver it

through a service model. DaaS (data

as a service) is not a new concept, but

the clouds booming popularity is

helping to improve the DaaS model

to aid enterprises in their endless

quest or business advantage.

DaaS has changed with the amount

o computing power available, either

in the cloud or on premise, says Scott

Robinson, director o global data prod-

ucts at Pitney Bowes Business Insight

(www.pbinsight.com). Computing is in-

expensive and abundant, so as a rawmaterial or DaaS, its availability has

allowed data providers to make their

assets readily available in on-demand

environments.

The premise behind DaaS is su-

premely logical in the larger picture

o other cloud-driven services, such as

computing, applications, inrastructure,

and storage. I customers are turning to

cloud services to satisy those needs, it

makes sense that busi-

nesses would also turnto the cloud to access

datasuch as census,

geographical, or risk-

based datathat other-

wise is difcult to locate,

download, host, or even

analyze. Although

DaaS has been available

or years, changes are

helping it to approach

the popularity o its

cloud counterparts, in-

cluding those with more

amiliar initials such as

SaaS (sotware as a ser-

vice) and IaaS (inra-

structure as a service).

STEADY CHANGEAccording to Chad

Klopenstein, senior con-

sultant, SWC Technology

Partners (www.swc.com),

changes in the DaaS

model have been evolutionary or quite

some time. In act, the last revolutionary

change he recalls occurred in the 1990s

when he was working or an academic

library. A CD-ROM catalog vendor that

used to send 30-disc packages sent a

package containing only one discbut

the disc included instructions detailing

how to connect to the vendors online

resources.

R e c e n t l y , D a a S h a s b e e n

evolving in the direction o broad-

ening the population o both pro-

ducers and consumers. For many

years, DaaS was oten seen as most

valuable to organizations needing

access to massive amounts o statis-

tical or demographic data. The com-panies selling that data were strictly

data vendors, charging exorbitant

prices or a deluge o data. Slowly,

we are seeing that model change,

Klopenstein says.

For example, he notes that data mar-

kets now serve as a resource or smaller

or less-specialized companies looking

to realize the beneits o data in the

cloud. Businesses with useul data can

monetize it without signif-

cantly shiting the ocus otheir core business, he says,

while businesses with very

specifc data requirements

now have a place to shop

around, where providers

have already perormed

the work o collecting and

cleaning the data. Further,

he notes that companies

can now be more selective

about what they acquire

in other words, they can

pay or only the data they

want.

Regardless o whether

you are a data producer or

consumer, new channels

are becoming more and

more available that provide

the right amount o service

or any sized dataset or or-

ganization. Organizations

are inding it simpler to

ind the amount o data

Putting Data To Work

In an age where information is king,

todays businesses increasingly seek

solutions that can deliver targeted data

at a moments notice. A successfulexample of DaaS revolves around map-

ping and GIS (geographic information

system) data, which various companies

can use to improve their business pro-

cesses and gain tactical advantages.

Scott Robinson, director of global data

products at Pitney Bowes Business

Insight, sheds light on the types of

companies that can use such services.

Insurance companies that want to

underwrite accurately and that use

risk data (e.g., hurricane, wind, wild-fire, flood, and tornadoes) to precisely

rate risk for a specific address and/or

geographic area.

Retailers that want to open loca-

tions in international markets. For

example, they might want to know

the demographic profile of Monterrey,

Mexico, or they might want to gather

business location, competitor, and

traffic data for the UK.

Local governments might be inter-

ested in accessing parcel boundary data

to compare market versus assessed

land values in determining property tax.

Chad Klopfenstein

senior consultant, SWCechnology Partners

With so much com-

petition, successul

DaaS products have

to be marketed just

as well as they need

to be technically

architected. For some

companies that have

relied mostly on their

technical expertise,

this can be a difcult

hurdle to get over.



12/80


speciic regulatory or

contractual obligations

surrounding their data

need to be intimately

aware o the nature o

data lowing into and

out o their systems.

Certainly, any mis-

sion-critical system that

relies on an external

data provider has the

potential or a disas-

trous point o ailure. I

have had many conver-

sations with potential

clients who are excited

about a cloud-based ap-

proach to one thing oranother until we start

talking about potential

outages and disaster

r e c o v e r y s c h e m e s .

I a business will cease to unction

without a certain data eed, relying

on the stability o an external pro-

vider can be risky, he says.

LOOKING AHEADF r o m t h e p e r s p e c t i v e o

TeamLogic ITs Plaza, current hotcloud services such as SaaS and IaaS

will continue to be the primary at-

tractions or businesses in the near

uture, though he suggests that ocus

could change in the next three to

fve years. Looking ahead, its dif-

cult to predict exactly how the DaaS

market will evolve, as Klopenstein

notes that theres no way to provide

an accurate valuation o one dataset

against another.

Defnitions o data completeness,

quality, or cleanliness are all based

on assumptions that both producers

and consumers bring to the table,

Klopenstein says. With no way to

establish a air-market value or a

specifc service oering a specifc set

o data, it eels a little like the Wild

West out there. When the dust settles,

data will cost what people will pay.

Until then, I wonder how new pro-

ducers and consumers will evaluate a

datasets value.

rising expectations

urther compounds

those challenges.

Its not enough to

deliver a bulk data

set, Deysarkar says.

It has to be seg-

mented to the exact

s p e c i i c a t i o n s o

the customer. New

big data technolo-

gies are helping data

providers meet this

demand; even these

require a lot o work

to meet expectations.

Our team, or ex-

ample, has invested alot o time in building

a ully searchable da-

tabase o business in-

ormation by taking

open source technologies and ftting

them to our exact needs.

DaaS providers also ace in-

creasing challenges as all things

cloud-related continue to proli-

erate, as locating customers that

can use their data can seem akin to

fnding needles in a mountain-sizedhaystack. Vince Plaza, vice presi-

dent o inormation technology at

TeamLogic IT (www.teamlogicit.com),

says it can be difcult to fnd target

customers and educate them on the

value that the providers data can

bring to the business.

The other challenge is to make

customers comortable that the data

[providers] are providing is good.

Convincing the customer to invest in

the development necessary to inte-

grate the DaaS into existing tools or

to use the providers tools are [also]

challenges, Plaza says.

EXPANDING POTENTIALTheres no doubt that todays

businesses treasure data that can

improve their market knowledge or

add value to existing or uture o-

erings. According to Klopenstein,

an increasing number o businesses

will be able to fnd this data as DaaS

solutions become more granular. This

granularity and other advancements

that ease DaaS use and integration

will help to expand the potential cus-

tomer base or DaaS providers.

Easy access to real-time data is

critical or managing a business,

and the best businesses use it tocreate competitive advantages,

Deysarkar says. Using DaaS, mar-

keters can identiy opportunities

and develop prospect lists on the

ly. Researchers now have access

to volumes o data with a query o

a database instead o conducting

months o custom research to col-

lect the appropriate inormation.

Security and risk departments can

use DaaS to track and create models

o the optimum and riskiest cus-

tomers and oer the appropriate

products and processes or pro-

viding their services.

Klopenstein acknowledges that

practically any business that has

customers or vendors could ben-

eft rom DaaS, assuming that most

commonly consumable data will be-

come easily available in the coming

years. However, he adds that DaaS

isnt necessarily a good ft or all busi-

nesses. For example, companies with

Shion Deysarkar

CEO and ounder,Datafiniti

DaaS levels

the playing field

when it comes

to analytics and

processingcapabilities or

businesses.

Vince Plaza

vice president oinormation technology,

eamLogic I

Te technology

behind the delivery

o DaaS has moved

orward, allowingor better adoption

in the enterprise.

Scott Robinson

director o global dataproducts, Pitney Bowes

Business Insight

Users can access

very complex inor-

mation that is critical

to business processesin a matter o

seconds, on demand.



13/80

IT and data center technologies and trends change fast.

Make sure your company stays a step ahead with PC Todayssister publication, Processor.

While you get the executive overview version here in PC Today, your IT and data center

managers get the in-depth, detailed information they need in Processor.

Each issue contains

(800) 819-9014 | www.Processor.com
http://www.processor.com/http://www.processor.com/


14/80

organized crime ring, or it can be the

product o simple carelessness, such

as an employee tossing out a data CD

without destroying it frst.

The risk o a data breach is well

known. According to igures com-

piled by Seattle-based Datacastle

(www.datacastlecorp.com), the average

cost o a data breach in 2010 was $7.2

million, working out to about $214

or every record breached.

KEEP DATA SAFEHow can you keep your data sae?

There are a lot o ways, many o

which have to do with using common

Its unlikely that you would

leave your businesss doors un-

locked when you leave or the

night, right? So why wouldnt you

do everything possible to protect

your data? Leaving it vulnerable is

worse than leaving your petty cash

and physical fles out to be pilered.

But there are ways to prevent data

breaches rom happening.

As the name suggests, a data

breach reers to the unintentional

exposure o private or sensitive in-

ormation to someone whos not sup-

posed to see it. It can be the result o

a malicious hack by an individual or

sense. A good starting point is to take

stock o your data and what is critical

to your operations.

The irst step every business

needs to take to protect themselves

rom data breaches is to sit down

and determine what critical inorma-

tion means or their business, says

Elizabeth Ireland, vice president o

marketing at nCircle (www.ncircle.com)

in San Francisco.

John L. Nicholson, an attorney with

Pillsbury Winthrop Shaw Pittman law

frm in Washington, D.C., outlines the

our general categories o critical data.

The frst is credit card data, or which

Protect Your

Companys DataThe Facts About Data Breaches

The average cost o adata breach in 2010was $7.2 million.

Companies shouldidentiy data that needspriority protection.

Employees should betrained on how to protectsensitive data.

Most states have lawsregarding preventing andreporting data breaches.

KeyPoints

http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/


15/80


TRAINING IS IMPORTANTAter you identiy data that is cru-

cial to your company, youll want to

train your employees to protect that

data and to recognize and handle anysensitive data.

For those o us who live every

day in data security, this is a matter

o reex, but most employees who

are trying to add a new employee

to payroll, [signing] an agreement

with a partner, or working with

consumer data are just trying to do

their jobs, says Gunter Ollmann,

vice pres ident o research at

Atlanta-based Damballa (www.dam

balla.com). Most are blissully un-

aware o the risks o mistreatingthat data. The frst order o business

is to adequately train employees to

identiy and handle sensitive inor-

mation and, just as importantly, the

risks o mishandling it.

This task is complicated by the

act that some employees see secu-

rity training as an obligation. As the

owner, you need to impress on your

employees that a data breach can

mean the end o the company and,

thereore, their jobs.As employees have access to an

ever increasing range o devices capable

o storing large amounts o data, they

a company must comply with the

Payment Card Industry Data Security

Standard. The second category in-

cludes data covered by data breach

notifcation laws, which exist in most

states and address personal inorma-

tion, such as bank account or drivers

license numbers, in electronic orm.

These laws are intended to help pre-

vent identity thet, says Nicholson.

Some state laws also cover inorma-

tion on paper, and some cover med-

ical inormation, as well.

The third category is medical data.

I your company is covered by the

Health Insurance Portability and

Accountability Act (HIPAA) or the

HITECH Act, there are speciic re-quirements or protecting certain in-

ormation and reporting breaches.

The inal category involves non-

fnancial, non-health related inorma-

tion such as user IDs, passwords, and

email addresses. For some smaller

businesses, such as those that de-

velop games or sotware or social

media siteswhere users purchase

virtual goods and spend moneya

breach o a user ID/password com-

bination can hurt customers becauseall o their virtual goods could be

sold o, according to Nicholson. For

others, the inormation about users

could be used to make phishing at-

tacks more accurate and convincing,

he explains.

Identiying where your data its

in those categories can help prevent

data breaches and equip you to re-

spond i and when a breach occurs.

Content management and knowl-

edge management systems oten a-

cilitate data classifcation, says Joe

Gottlieb, president and CEO o San

Francisco-based Sensage (www.sensage

.com). Data loss prevention and en-

cryption eorts oten lead to a better

understanding o and cataloging o

data relative to breach risk and sensi-

tivity. Also, known revenue produc-

tion servers are typically isolated orextra security precautions.

James McMurry, a CEO o Ful -

lerton, Cali.-based Milton Security

Group (www.miltonsecurity.com), ad-

vises creating a list o every category

o vital inormation and where its

stored. This allows businesses to

evaluate data storage that is many

times orgotten, he says. Email

communication internally to the com-

pany is one area that some frms do

not think is high on the priority list,yet it is used to send critical docu-

ments with data that is considered

high priority.

Elizabeth Ireland

vice president o mar-keting, nCircle

Sit down and

determine what

critical inormation

means or

(your) business.

James McMurry

CEO, Milton SecurityGroup

Email is used to

send critical

documents with

data that is

considered high

priority.

Joe Gottlieb

president and CEO,Sensage

Data loss

prevention and

encryption eorts

oten lead to a

better understanding

o data.

Gunter Ollmann

vice president oresearch, Damballa

Adequately

train employees

to identiy

and handle

sensitive

inormation.

Vince Schiavo

CEO, DeviceLock

rusted insiders

can sit down at a

laptop and transer

whatever inormation

they have access to on

that workstation to

their iPhone.

http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/


16/80


used in various combinations, they

can provide a strong line o deense.

And i a breach does occur? You

should have a plan in place that you

can turn to quickly to ensure damage

is minimal. Many states have laws that

require you to immediately inorm a-

ected customers o what personal data

has been compromised. The uture o

your company might depend on doing

this quickly and accu-

rately, and also being

available to answer

questions.

Should your com-

pany experiences a data

breach, youll also need

to notiy the inancialinstitutions that handle

your credit card and

other transactions, as

well as your companys

attorney so that youre

aware o any potential

liability that can stem

rom the breach.

McMurry recom-

mends establishing

a irst response team

that is made up o acompany-wide deci-

sion maker, a member

o the technical sta,

a customer relations person, and one

person rom each data group.

When a data breach occurs, the

irst response team will deploy

and investigate what inormation

was breached. It will secure the a-

ected systems to prevent continued

breaches and review interconnected

systems to ensure the data breach

hasnt progressed urther. Then, the

team will contact the authorities as

required by law and keep records o

all steps in assessing damage and the

results o those steps.

The key to protecting yoursel in

the event o an attack is preparation,

including developing and rehearsing

a data breach response process, says

Gottlieb. This will orce you to con-

ront the signifcant requirements or

proper preparation.

become custodians o potentially vast

amounts o sensitive inormation, says

Ollmann. The kind o awareness and

training that was acceptable fve years

ago is simply not suicient when its

possible to carry terabytes o storage

around in someones briecase.

The portability o data is another

signifcant actor in your exposure to

a data breach. Figures rom Datacastle

indicate that laptops, especially, are

a central part o data breach risk.

Consider that more than hal o laptop

thets or losses result in data breaches;

one out o 10 laptops will eventually

be lost or stolen; and only 8% o cor-

porate laptop data is ever backed up

to a corporate server.Thereore it is important to in-

struct employees on the importance

o diligence, not just in doing reg-

ular backups o their data, but by

also avoiding classic scenarios that

almost inevitably lead to thet, such

as leaving a laptop on a car seat. And

i clients, vendors, or others have ac-

cess to your data, make sure that you

protect anything sensitive with pass-

words, restricted administrative ac-

cess, or perhaps encryption.What many organizations still

seem to overlook is that in spite o

their very sophisticated and extensive

perimeter security barriers, trusted

insiders can still walk right in the

ront door and sit down at a laptop

or desktop computer somewhere in

the organization and transer what-

ever inormation they have access to

on that workstation to their iPhone,

iPad, USB stick, or other easily por-

table and concealable mobile de-

vice, says Vince Schiavo, CEO o

San Ramon, Cali.-based DeviceLock

(www.devicelock.com), which makes

data loss prevention sotware.

This opens up the enterprise to

huge risks o data leakage, both via

intentional malicious thet and via un-

intentional or inadvertent transer o

private inormation rom the endpoint

device to a mobile device, which can

easily leave the workplace and release

that inormation into the wild.

TOOLS TO PROTECTYOUR DATA

Aside rom encouraging best

saety practices among employees

and others who have contact with

your data, there are numerous tech-

nologies that can lessen the chances

o you experiencing a data breach.

Although theres no single solution

that will cover all your needs in this

area, a combination

o tools can provide

strong protection.

Among the tech-

nologies that can work

in tandem to prevent

a data breach are ire-

walls, antivirus sot-ware, and anti-spam

programs. Going a step

beyond those basic so-

lutions are intrusion

prevention sotware to

monitor network trafc;

network access control

to grant or deny access

to devices connected to

your network; and even

IP blacklists o mali-

cious IP addresses andwhitelists o sae IP ad-

dresses.

One fnal option or

protecting your company is one o

the most old-ashioned: purchasing

insurance. Cyber liability insurance

is a growing area o coverage that

can protect your company against

lawsuits resulting rom a data breach.

Nicholson advises shopping

around beore purchasing cyber li-

ability insurance.

Unlike typical general liability

insurance, the oerings or cyber li-

ability insurance vary signiicantly

rom company to company in

terms o coverage and exclusions,

Nicholson says. This is an area

where companies need an expert to

evaluate their current coverage, i

any, and competing oerings rom

insurance carriers.

None o these options by them-

selves will prevent a data breach, but

Consider thatmore than hal olaptop thets or

losses result indata breaches; oneout o 10 laptopswill eventually

be lost or stolen;and only 8%o corporate

laptop data is everbacked up to a

corporate server.

http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/


17/80


so employees cant install

applications.

McMurry says that com-

panies should always have

ully patched operatingsystems because they

have a ew built-in security

measures and general fxes.

A NAC (Network Access

Control) system is also im-

portant to see who is on the

network and where those

connections are coming

rom. And i your com-

pany regularly does online

banking, McMurry rec-

ommends booting rom

a bootable CD with Linux

distribution so your ac-

counts are isolated rom

potential threats.

ACT NOW, PREPAREFOR THE FUTURE

The key to securing your company is

to always be orward-thinking and on

the lookout or new threats. Constant

education is necessary to ensure your

company is prepared or the worst, and

taking advantage o the newest secu-rity solutions will help keep your com-

pany sae. Failure to mitigate risks now

means spending even more money later

on, or loss o the business itsel, says

McMurry. The real ROI or security is

preservation o the business itsel. Its

important to invest in long-term solu-

tions early on, so there will be more

peace o mind in the uture.

As budgets cont inue to

tighten, companies are on

the lookout or new ways to

reduce expenses. Some companies

may see security as a good place tocut costs based on history or com-

pany size, but with ewer employees

and resources in place, security

threats pose an even greater danger.

Mosti not allirms believe

that a breach wont happen to them,

or that they are so small that there

is nothing o value to an attacker,

says James McMurry, president and

CEO o Milton Security Group (www

.miltonsecurity.com). Most small busi-

nesses and some midsize frms stick

to the belie that they are well pro-

tected because it has not happened

to them yet. Sooner or later, every

frm will be touched by the real and

growing threats.

According to McMurry, security is

one place where companies shouldnt

cut back. Instead, they should fnd new

ways to prepare or possible security

threats to prevent damage, data loss,

and higher security costs in the uture.

UNDERSTAND THE THREATSThe frst and most important step

in stopping security threats is to ully

understand them. Education and

knowledge seem to be the largest

issues in the SMB market, says

McMurry. Business owners and

managers dont ully recognize the

potential threats that exist and take

steps to mitigate them.

McMurry says that

companies must rec-

ognize botnets, key

logging viruses, and

other types o threatsand teach employees

how to avoid them. In

many cases, a virus can

gain access to a com-

panys network, and

eventually its internal

resources, through a

single computer. I your

entire workorce can

spot the telltale signs

o a potential threat, it

will be able to stop the

threat at its source.

KNOW HOW TOSTOP THEM

According to McMurry,

companies should take a layered ap-

proach to security and combine the

eatures o multiple solutions to ully

protect data and other assets. He rec-

ommends starting with a frewall that

determines what is and what is not

allowed into your network as well as

an anti-virus program with an extensivethreat database.

Encryption is the next consideration.

McMurry says companies should ini-

tiate ull disk encryption on all media,

put tight restrictions on email, and en-

crypt all email trafc. And to prevent

potential user error rom employees,

companies should remove local ad-

ministrator privileges rom computers

Help Your IT DepartmentFight Security ThreatsAdvice From Milton Security Group

James McMurry

president and CEO,Milton Security Group

Without any security

in place, you are wide

open. Here is an anal-

ogy: How oten do you

leave your car parked

with the keys in it and

the doors unlocked?Sooner or later that car

is not going to be there

when you get back.

Milton Security Group | (888) 674-9001 | www.miltonsecurity.com

http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/


18/80

to properly conigure the required

protection. As a result, such compa-

nies ultimately move data into the

cloud without proper protection.According to Norm Laudermilch,

chie operating ofcer o Terremark

(www.terremark.com), applications

in the cloud are running on virtual-

ized instances o the same operating

systems already in use elsewhere.

As such, these applications can all

victim to the same vulnerabilities and

attacks that have plagued businesses

or years.

Unpatched systems, weak au-

thentication, bad irewall conigu-rations, and running unnecessary

services can be just as big a threat

as the more sexy vulnerabilities like

zero-day exploits and advanced per-

sistent threats. On top o that, vir-

tualization introduces cloud-specifc

vulnerabilities like attacks against

the hypervisor, which could allow

one guest to compromise another

guest, or worse, the hypervisor

itsel, allowing access to all guests,

Laudermilch says.

Casual cloud observers might pointto high-profle breaches as examples

o the clouds inherent insecurity. But

Laudermilch says that rather than

considering cloud services unsae

Y

ou might expect sunshine to

poke through holes in a cloud

in the sky. But its a ar darker

situation when dealing with cloudservices in the enterprise, where

holes can allow devastating breaches

o data and privacy. Although cloud

providers continue to boost security,

adopters o these services nonetheless

need to be aware o potential security

holes and how to prevent them.

The intrinsic nature o the cloud

gives way to a certain level o

reedom between providers and

customers to ensure that services

are eective, exible, and efcient.However, as a skyrocketing number

o businesses begin to rely on cloud

services or critical processes, more

attention is being given to secu-

rity around these implementations.

Service providers are certainly

lending more resources than ever

to the security o their products, but

a good deal o responsibility can

also all on the shoulders o cloud

users themselves.

FAMILIAR FOESWhen Pierluigi Stella, chie tech-

nology ofcer o Network Box (www

.networkboxusa.com), started dealing

with cloud security about two years

ago, he said he elt as though he trav-

eled back nearly 10 years in terms o

how security was handled. A decade

ago, many companies used simplefrewall and antivirus technologies to

protect their workstations, Stella says.

Threat levels at that time generally

werent high enough to warrant more

stringent security measures, but Code

Red and other severe threats eventu-

ally emerged and began to change

the security landscape. Now, he says,

an average o 200,000 new zero-day

threats appear every day.

The unortunate discovery I have

made in dealing with cloud securityis that we seem to be stuck in a world

that has not truly realized all this,

Stella says. Unless some regulator,

auditor, or law tells me what to do, I

will do almost nothing at allthis is

the common approach. In the cloud,

this is accentuated by the act that

companies are moving there to save

money, and when they run into the

issue o having to set up a separate

virtual server to run a virtual security

device, they realize they had not bud-

geted or it, so they end up going orthe cheapest and simplest solution.

This solution is oten sel-man-

aged, he adds, even i the company

is ully aware that it lacks the skills

Overly inexpensive, simplesecurity methods arentenough to protect businessesagainst a security landscapethats changed greatly overthe last decade.

Many o the same secu-rity mistakes that doomtraditional computingdeployments can alsopose big dangers tocloud environments.

Because cloud servicesoten involve remoteconnections, securingdata ow through VPNsand other methodsbecomes paramount.

Cloud services typicallyaccommodate many cus-tomers, so its crucial toensure that sensitive dataremains protected byproper security devices.

KeyPoints

Bolster YourCloud DefensesHow To Prevent Cloud Security Holes


http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/


19/80


CHOOSE YOURAPPROACH

The prevalence and

severity o cloud se-

curity holes can vary

widely depending on

the service, the service

provider, the imple-

mentation, and the

ability and/or practices

o the customer. Robert

Jenkins, chie technology

oicer o CloudSigma

(www.cloudsigma.com),

says that dierent cloud

implementations can

have dierent bound-aries in terms o client

and provider responsi-

bility and control.

For instance , i

a provider gives the

client complete con-

trol over the sotware

layer, the customer

be come s ab le to la rg el y manage

their own security, Jenkins says.

It becomes a much tougher job or

the provider i they take on the re-sponsibility o securing their clients

implementations, since the provider

may create rules that arent appli-

cable to every customer and may

actually interere with their com-

puting. Security is very dierent

rom customer to customer, and a

one-size-its-all approach doesnt

usually work, or is at least hard to

manage eectively.

Some cloud providers deliver a

secure path to their services and

leave the rest o the security con-

fguration and management to the

customer. For businesses with ca-

pable sta, this can be a preerred

approach, as it provides the lex-

ibility and power to control cloud

environments as desired. However,

businesses without sta trained in

security confgurations, or without

the manpower to handle these du-

ties, may preer cloud providers

that deliver end-to-end security.

across the board, con-

sider that the cloud

simply requires the

same security dili-

gence as non-virtual-

ized environments.

STAY SECUREKeeping cloud ac-

tivities secure requires

the constant reminder

that business data may

be leaving the prem-

ises. With this in mind,

strong remote com-

puting security prac-

tices apply to ensure

that eavesdroppers orother intruders dont

gain access to your

data. Stella recom-

mends using a strong

VPN (virtual private

network) such as a

certiicate-based, SSL-

protected VPN with

AES-256 encryption. I youre not sure

what kind o protection is oered by

your cloud provider when connecting

to its services, check with the providerbeore moving any data.

You should also investigate how

the hardware side o your virtual

environment is handled to ensure

that your virtual neighbors have no

accidental access to your data. I have

seen an MSP [managed services pro-

vider] set up a number o servers

on a virtual LAN [with] each server

belonging to a di erent customer.

So now you are in a situation where

I can log on to my server remotely,

and I am on the same LAN with

servers that do not belong to me. I

can use that as a bridge to attack all

those servers and steal their data,

Stella explains.

He notes that because businesses

dont know their neighbors in the

cloud, they should trust no one and

always ensure that their LAN en-

vironments stay exclusive to them.

Joseph Pedano, senior vice presi-

dent o data engineering at Evolve

IP (www.evolveip.net), adds that

when using public clouds, busi-

nesses should conigure a host-

based irewa ll, while users oprivate or hybrid clouds should use

both a frewall and an IDS/IPS (in-

trusion detection system/intrusion

protection system) to prevent or

mitigate security holes.

Pedano also advises against

opening yoursel to holes in the

irst place. For example, he says, i

someone is utilizing a public inra-

structure, are you comortable with

any o that data being advertised to

the public i it was compromised?

Regardless o the answer, sensitive

datasuch as database or transac-

tional datashould reside on hard-

ened machines behind proper security

devices, he says. Further, i server ac-

cess is granted as part o the inra-

structure, that inrastructure should

be patched and regularly scanned.

Pedano recommends considering the

placement o a DLP (data loss preven-

tion) program to understand whats

moving onto and o o the server.

Pierluigi Stella

chie technology ofcer,Network Box

Customers should

be more demand-

ing, should do due

diligence and test

the security o theirnetworks, and should

ensure that whoever

is in charge o actually

setting things up has

good knowledge o

what to do and how

to do it.

Joseph Pedano

senior vice presidento data engineering,

Evolve IP

Understand what your

security requirements

are and have them well

defined beore searchingor [cloud] inrastruc-

ture. Having so many

choices today will

only make the

matters worse i

your security needs

are not defined.

Norm Laudermilch

chie operating ofcer,erremark

he mechanics

o an attack

against a cloud

computing

inrastructure arealmost exactly

the same as weve

seen against all

o our other

environments over

the years.

http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/


20/80

Boasting a collection o hype

large enough to rival the Earths

largest cirrus ormations, cloud

services would appear to be ideal

solutions or all IT needs. Althoughthe cloud is well-positioned to serve

businesses into the uture, the con-

cept and its technologies ace their

Cloud CriticsAre Arguments Against Cloud Services Valid?

Security, privacy, andcompliance concernsrun rampant in the cloudsphere, but many problemscan be avoided with simplehomework and strong SLAs(service-level agreements).

Criticisms leveled againstcloud services stem in partrom problems with earlyadoptions, but cloud provid-ers have since vastly improvedboth the services and thetechnologies behind them.

Because some businessesthink they must trust all otheir data and processesto cloud services, certainpotential problems, suchas security, becomeoverly magnifed.

Cloud services sat-isy a wide range o ITneeds, but potentialcustomers shouldkeep in mind that theyarent a perect ft orevery organization.

KeyPoints

ESSENTIAL BUSINESS TECH

EXECUTIVES, PROFESSIONALS & ENTREPRENEURS

http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/http://www.processor.com/


21/80

ESSENTIAL BUSINESS TECH

EXECUTIVES, PROFESSIONALS & ENTREPRENEURS

as security, privacy, and lack o con-

trolwere indeed prevalent as cloud

providers elt their way through this

new realm.

But in recent years, cloud providers

have worked diligently to improve

not only the perormance o their ser-

vices, but as well as the security and

share o criticisms that suggest the

cloud isnt all its cracked up to be.

But are these arguments against the

cloud valid?

TROUBLE AHEAD?By ar, one o the biggest arguments

against the cloud revolves around secu-

rity. Todays organizations struggle to

keep their data secure when its under

their own control, so how can they trust

a third party to ensure that data will

remain secure? A cloud service provider

might tout tight security, but thats not

necessarily a guarantee that strict pro-

cedures will be ollowed to protect data.

Related to security criticisms are

privacy concerns, because cloud pro-viders can have the power to mon-

itor the data being handled through

the cloud service. Both security and

privacy issues also combine to create

criticisms around the clouds ability to

satisy compliance requirements be-

cause certain regulations or certain

data types are strict and could prevent

companies rom, or ex-

ample, storing data in

the cloud.

While some SaaS[sotware as a service]

providers have entered

into specifc markets or

specifc application oer-

ings and are able to pro-

vide compliance or PCI

and other fnancial regu-

lations, global cloud pro-

viders have a signifcant

hurdle in providing all

the requirements across

email, data, and propri-

etary applications, saysJerry Irvine, chie inor-

mation oicer o Pre-

scient Solutions (www.pre

scientsolutions.com).

Yet another argument

against cloud services

is that SLAs (service-

level agreements) dont

cover what they should.

Mark Gilmore, president

o Wired Integrations

(www.wiredint.com

pc today magazine data in cloud - february 2012

Documents