IBM launches Cloud Security Enforcer to counter risks from BYOD


The BYOD trend remains as strong as ever according to IBM’s recent security study.  Their research returned feedback indicating that over 30% of Fortune 1000 employees share and upload corporate data on third-party cloud apps, despite increasing awareness over the last few years of the risks of ‘shadow IT’.

The stubbornness and secrecy of Senate politician and presidential candidate Hilary Clinton in running dual public and private communications systems has certainly thrown the spotlight on cloud security risks – which affect the public sector as much as the private sector.  This has been a trigger for IBM to launch their new Cloud Security Enforcer (“CSE”).   Added to this, 25% of those surveyed link to cloud apps using a corporate log-in and password.

IBM’s new corporate protection device using their host IBM Cloud, aims to counter this by combining cloud identity management (“Identity-as-a-Service”), with the ability to discover any outside apps employees are using (including those on their mobile devices to make access more secure).

1.    CSE enables detection of unauthorised cloud app usage, followed by secure configuration of the apps as well as managing, viewing and directing how employees can use them.

2.    Can determine and enforce which data owned by an organisation can or cannot be shared by employees via specific third-party cloud apps.

3.    Security-focused connectors can connect employees to third-party cloud apps which include automatically assigned sophisticated passwords to help alleviate security breaches from human error.

4.    Finally CSE employs its global X-Force Exchange threat intelligence network to protect against employee-induced and cloud-based threats by analysing real-time threat data.  These involve scans of the internet and analysis of more than 20 billion global security events daily as a safeguard.

With connectors into Box’s cloud-based content management; a collaboration platform with Microsoft Office 365, Google Apps, + other popular enterprise software, IBM’s broad view on seeking to secure and manage the wilder risks from cloud to business should resonate in the marketplace, though as of yet the price point for Cloud Security Enforcer has yet to be published, but it is certainly indicating of intelligent packing for enterprise organisations.  As long as users retain the freedom to use their personal devices without interference from their organisations and equally, that enterprise has the ability to securely ringfence company data, then the two can sit comfortably side by side and it’s a good package.



Cloud based financial applications starting to take off in Europe

European CFOs are finally starting to show some interest in cloud-based financial applications with the maturing of data security and improved delivery models.  The rationale being that by adopting cloud delivered application services, their organisations can enjoy the benefits of reduced costs and efficiency increases.

In a recent Claranet survey of 900 IT decision-makers in Europe:

  • 40% of European IT Directors stated security was the most important factor in the delivery of finance applications.
  • 29% of respondents selected availability
  • 31% selected performance

Whilst in a separate survey by Blackline, a US financial controls and automation company:

  • 80% of financial decision makers questioned agreed that Cloud delivery increased levels of automation and productivity.
  • 75% of CFOs think their business is missing out on revenue opportunities by not having the right cloud applications and infrastructure in place to support digital business transformation.

“Cloud is not the dirty word it once was for European CFOs”, Andy Wilton, CIO of MSP Claranet commented.

With nearly 50% of organisations using third parties to manage and host their financial applications, it is little surprise that data sovereignty remains a key issue around hosting.

In-country datacentres are likely to be preferred for the hosting of financial data as we await the implementation of EU Data Protection Regulations and beyond.

One trend has been for legacy applications to remain in the private cloud to save on infrastructure costs and on hosting niche products such as financial reconciliation tools, whilst early test flavours getting favourable responses include bolt-on financial applications for a specific process eg. supplier statement reconciliation.

The upside potential is significant, with estimates of a reduction in total cost of ownership of up to 40% and a reduction in the speed and risk of implementation as companies adopt standard products, and increase their agility.

Hybrid cloud options are probably a more palatable mix to the Board, involving the use of public and private cloud, as this route stops the problems of shadow IT bypassing the internal IT department. Public cloud resources can then be applied alongside internal data management, so efficiency, performance results and ROI can be analysed in the round.

Compliance and security will always be the wrapper for any endeavour to move an organisation’s data into the Cloud environment and there will always be complexity with legacy systems to integrate. However, if well planned, professionally executed with an eye always on the security of the environment, businesses should benefit and future protect themselves through a SaaS model, despite the sense of challenge.



LastPass keeper of passwords confirms system breach


Password management isn’t as simple as it should be. Everyone recommends using unique passwords for every account you use, in addition the same people will heavily recommend each of these should be complex. With the ever increasing amount of accounts we use every day remembering all of your passwords simply isn’t as easy as it used to be.

This problem has seen the rise of password manager tools, where you would only need to remember the one password and the tool will securely contain all your other passwords within. Some password management systems also have the ability to access your passwords from any device, meaning if enabled your passwords get uploaded into the cloud. This of course is a big convenience, but putting all your passwords together on a single companies cloud is equally a big risk.

LastPass a leader in password management issued a statement this week that their system containing everyone’s passwords had been breached. Despite the system breach LastPass is remaining optimistic claiming their numerous encryption methods will keep users passwords secure.

The numerous encryption methods include passwords being salted, hashed and stretched. Salting is where random characters are inserted into each word so the same password would not produce the same encrypted text. Hashing is where the text is rearranged cryptographically so a slight change in the original password doesn’t produce a similar encrypted version. Finally stretching is the method of running the hashing part many more times over. All of these measures, especially when applied together make cracking the outputted encryption code almost impossible to break.

Even with these measures in place LastPass is issuing emails to users to reset their master password and advising enable 2-factor authentication.

An important lesson to lean is be careful where you keep your own passwords and no matter how secure you believe your IT system and network security is, so must be your data and not all encryption is equal.

Beware of the local cloud


A new wearable device is currently being crowdsourced called the ReVault. On the face of it, it looks like a fairly standard smartwatch – but its secret weapon is invisible – your own local cloud.

The Revault watch comes in both 32GB and 128GB variants and can connect to your phone, tablet or even PC as a wireless hard drive.  The pitch is that you can have one copy of your data on your watch and can then access it across all your devices without the need of syncing each to a PC or a cloud in advance. You can even access this data when you have no internet connection as it connects locally via either Bluetooth or WiFi so this local cloud will work in places where you can’t connect to your regular cloud services.

The idea of separating physical storage from your device is not a new one, although the idea has faded away in recent years due to Cloud storage offerings and manufacturers being able to charge more for high capacity flash storage models. Having a memory card in your phone is seen by some as an advantage as you could get additional storage (including capacity far outreaching the device manufacturers options for a lot less), plus the flexibility to move your content to your next device, again without the additional cost on a pricier high capacity model.

Portable wireless storage could be the replacement for memory cards as it has distinct advantages and doesn’t require the device manufacturers to physically include compatibility – which is something they have little incentive to do.

A real concern is when these devices, personally owned by employees, are taking into the work space. Many companies will block the use of USB storage and block public cloud networks, however as the Revault is neither reliant on a physical or internet connection these devices is unlikely to be blocked by a standard company security policy.

The Revault will probably be a niche product and the chances of copycat devices or functionality remains uncertain at this point.  However, the strength of this crowdsourcing campaign could play a vital role in its success if personal clouds become relevant to a larger market.  One thing is certain though, new devices will always test your security practices and you will need to be vigilant to safeguard your corporate data from the ever evolving and unmonitored consumer device and services market.


Europe aims to close the door on encryption flaw risk

There has been a lot of talk recently about whether Government entities be allowed direct, back door access to encrypted messaging systems such as Apple’s iMessage and Facebook’s acquired WhatsApp.

In the US, the FBI asked the U.S. Congress to make encryption back doors in mobile devices mandatory to help combat crime.    Apple, Google and other major  tech companies are currently urging Barack Obama to reject the proposals for back doors for smart phones.

This conversation has mostly taken place in America where government bodies have argued that without back door access to these systems, how can they have a clear avenue for investigating terrorism claims?   There are two main arguments against allowing this. First is users rights’ to have private information. The second is a technical one, with any back door access, you are making a once secure system less-secure, and introducing a new front through which the system can be breached.

European Commission Vice President Andrus Ansip states there are no plans to require backdoors in communications encryption in Europe, “We don’t want to destroy people’s trust by creating some back doors,”

It is reassuring that back doors to secure, encrypted services that users trust is not on the cards for Europe, but if America does get its way then these services and our own mobiles could in fact have back doors – whether or not Europe chooses.  With such security flaws in place, how long would it take a resourceful hacker to use it for their own needs?   Hopefully in a post back door world, countries which do not enforce such a policy will have their own data unreachable from those who do.   If not we could see a new market for European-only encrypted services which promise no back doors for anyone.

IBM in race to be fastest data transfer


IBM has developed a new silicon photonic technology which will significantly speed up data transfers. The technology can produce speeds of 100Gbps in tests using pulses of light over a distance of 2km. The silicon photonics technology has been in development for a decade and utilises 4 different colour channels over a single fibre and is aimed at data centres.

With greatly increased data transfer speeds between servers, large processor demanding tasks such as big data analytics and machine learning will be able to be performed much quicker and more efficiently.

Silicon photonics technologies amplified speed could also be the key to dividing up a servers’ core components:  processor, memory and storage. In this fashion the processor can be handled a lot like storage is today by bringing extra flexibility ie. taking advantage of additional available processors when needed.  The decoupling of each component could reduce costs by combining fans and power supplies for each.

IBM is not alone in the race for superfast super servers.   Intel also has their own silicon photonic chip, but recently delayed shipment till 2016.  IBM’s chip is supposedly more manufacturable with a simple integrated silicon structure – and will be cheaper to produce.

IBM has yet to confirm when their silicon photonics chips will reach the market so the race is on!   However, the money is on IBM.   More importantly when both are deployed in real world data centres, we can then review which is truly the fastest and most reliable technology.   Either way Cloud will soon be becoming a lot smarter than it is today.

Microsoft announces Customer Lockbox for Office 365

Microsoft announces Customer Lockbox for Office 365

During this week’s RSA conference in San Francisco Microsoft has announced a new feature for Office 365 called ‘Customer Lockbox’. This new feature is designed to provide unprecedented control over a customer’s content stored on Microsoft’s platform.

Customer Lockbox administers access control through multiple levels of approval within Microsoft. It logs and audits all Office 365 control actions and provides access with limited and time-bound authorisation.

Essentially this enables the owner of the Office 365 account to scrutinize any request for access to their data including support from Microsoft themselves. By default requests have a lifetime of 12 hours, after this time the engineer will be unable to access customer content and will have to submit another request for access.

Customer Lockbox will be available by the end of the 2015 for Exchange online and Q1 2016 for SharePoint Online. The new feature will not be enabled by default but those who do opt-in will increase the separation of server administration from the data stored in Office 365 resulting in an added layer of security.