Solar VPS Blog

Is Your Data Secure When Stored in the Cloud?

Image by Gerd Altmann from Pixabay

As you are considering storing your data in the cloud, you may be concerned about its security. Many users have been increasing their cloud usage because of large amounts of data they are utilizing and storing for various reasons. However, some people are still cautious until they are confident about the cloud security issues.

How’s the Data Stored in the Cloud?

You will be happy to know that the data that is stored in the cloud is almost always stored in an encrypted form. An intruder will need the encryption key to get access to your data. Encryption methods use complex algorithms to conceal your information. Your data that is stored in the cloud is generally safer than your locally stored data. Each user’s data is encrypted with a specific encryption key, and without the decryption, the data will not make any sense. You have the choice of storing the key yourself or have the service provider store it for you. Most users keep the key themselves.

Added Protection

In order to maximize cloud storage security, you can also add more security yourself. Before uploading data to the cloud, you can first encrypt it using your own encryption software and then upload to the cloud. This adds an extra step every time you have to upload or download but gives you added protection.  It may, however, limit you from accessing different features of a cloud service provider.

Authenticated Encryption

Another approach you can adopt is called authenticated encryption. When you use this method, the cloud will not only have your encrypted file but additional metadata that lets you detect whether the file has been modified since it was created. This gives a lot more security and added benefit.

 What Else Can You Do?

You can take some responsibility along with the cloud service provider to keep your data secure. For instance, you can avoid using the same password over multiple platforms and choose a strong password. You should use unique and randomized passwords for data stored in the cloud. You can also protect your login with two-factor authentication. At Solar VPS, regardless of which operating system you choose, you can opt for managed or unmanaged cloud VPS plans. While unmanaged hosting saves you money in the short-term, you will be 100% responsible for troubleshooting and security. With our managed plan, you will get technical support and security. Contact us today for all your cloud hosting needs.

How the Grinch Stole the Retail Industry's Christmas… And Keeping the Grinch Out of Your Cloud Data

IT breach You have probably heard by now that the Grinch was busy this Christmas. A total of six major retailers, including Target and Neiman Marcus, were successfully infiltrated by malware, and massive amounts of user data were stolen. This trend is not just ominous for consumers. It highlights the sophistication of malware, the boldness of hackers, and the continuing threat to all businesses, especially SMB. The reason that SMB are more vulnerable to attacks is that they may not have as many goodies for cybercriminals to grab, but they often don’t have proper protections in place, and a single hack is more likely to drive them out of business. How serious is the threat for businesses? PCWorld tells the story of an executive at a Chicago manufacturing company that barely escaped a loss of hundreds of thousand dollars to controllers of malware. A virus downloaded to the CFO’s computer used standard phishing protocol to steal from the business. When the CFO browsed to the company’s bank account, she was redirected to a fake but otherwise identical site owned by the hackers. A message informed her to call customer service about a problem with the account. When the CFO called the number, she was asked a handful of “verification” questions. Moments later, $300,000 had been withdrawn by a third-party. Luckily, the company responded swiftly, and the bank was able to retain the funds. Despite the happy ending to the Chicago firm’s hack, many small-to-medium businesses do not fare as well. PCWorld cites statistics from the National Cyber Security Alliance that demonstrate how prevalent and damaging hacking is for SMB:
  • 31% of companies breached in 2012 were small businesses
  • 20% of the hacks were successful
  • 60% of the companies successfully hacked were bankrupt within half a year.
Who was behind the attack? A teenager? Web security company IntelCrawler (watch out for their super-creepy 404 error message page) investigated the incident, which according to Target impacted 70 million of its shoppers. Its findings revealed that BlackPOS, a pre-packaged and relatively unsophisticated piece of malware designed by a Russian teenager and purchased by the attackers, was used to infiltrate both Target’s and Neiman Marcus’s systems. Originally called KAPTOXA  (Russian slang for potato) and responsible for all six additional retailer attacks, the software first appeared online in 2013 and has been used for breaches of retailers based in Australia, Canada, and the United States. A report published in Slate revealed that the teenager, who used the screen name ree4, sold KAPTOXA (aka BlackPOS) to more than five dozen hackers, most of them based in Eastern Europe. It further clarifies that the attacks on Target and Neiman Marcus were launched separately: it now seems likely that the only link between them was the malware that was used. In fact, according to The New York Times, Neiman Marcus was breached in July but only became aware of the issue in December. What was taken & why it happened According to Wired, the Target hack began on Black Friday and collected information from the retailer’s point-of-sale (POS) devices. For over two weeks, it transmitted data from credit and debit cards belonging to over 40 million people to the owners of the malicious software. The hackers also received contact information for 70 million customers. All told, 11 GB of data were taken before the company was able to identify and block the intrusion. Avivah Litan, an analyst for Gartner, calls the incident “a big failure of the whole industry.” The retail giant, along with T.J. Maxx and several other retail stores and credit card processing companies, was the target of broadly destructive hacking in 2005. However, according to the analysis in Wired, the security mechanisms in place at retail stores were not substantially improved following that widescale incident, an assertion expected to be used in class-action lawsuits against the “big-box” store. Ensuring strong security In a climate in which retailers are being successfully targeted by hackers, security has become a concern of all organizations. A nonprofit called the Cloud Security Alliance (CSA) was created in 2008 with the specific goal of educating the public and industry professionals about proper security precautions to keep users safe. The organization both provides information on sound security practices with regards to web hosting and best practices for businesses to maintain and improve their systems. Similarly, Microsoft provides a security checklist, a list of considerations for organizations with regards to their own cloud systems, so that security is a top priority. Although the checklist is geared toward governmental agencies, its basic parameters are of use to businesses as well:
  • Privacy – Ideally a provider will encrypt your data, make it anonymous, and make your locations of remote access inaccessible.
  • Integration – In the case of a hybrid solution, you can make use of integration with security tools you have in place for your other systems.
  • Certification – If you have specific compliance concerns, check with your provider to make sure they are certified to meet your needs. Develop a system of metrics so you can analyze and track your cloud hosting environment. Consider the process required of your users to enter and leave the system.
  • Access – Your system should have protections (of course) to guard against malicious intrusion. Specifically consider safeguards in place for your databases.
  • Software – How does your platform keep your code from becoming corrupt? How are people vetted for managerial positions in which they might have greater access to your code? How do they test or model for security threats?
  • Location – The country in which your provider is headquartered will affect the laws surrounding your data.
  • Rights – Are you the owner of the data on your systems? Do you want to encrypt it, and do you have encryption keys that you want to use? Do you have a backup of the data? What is the process for purging the backup?
Today, malicious IT attacks are a concern for any organization. In the case of SMB, protection is especially critical, with 3 out of every 5 small business hacks resulting in bankruptcy. A cloud solution that use strong security parameters, as established in Microsoft’s checklist, can safeguard companies from harm.  

5 Lessons From the Cloud

Cloud Expo Silicon Valley

So, last week, as some of you might know, Solar VPS attended Cloud Expo 2013 in Silicon Valley. While we didn’t exhibit at the Cloud conference, our COO and President, Ross Brouse, gave a few speeches and we got pretty interactive on the social media networks all those crazy kids love. (Insert shout out here to @RobustCloud, @GESoftware, @SHI_INTL, @ThousandEyes & @AriaSystemsInc). Outside of giving speeches and getting really active on Twitter and Google +, we took the time to hear from other Cloud companies both within their keynote presentations and outside within spur of the moment meetings.

This said, we want to use this space to elucidate (yes, we are trying to expand our lexicon), on five insights we learned at the show and why those insights are either excellent or terrible. So, here we go.

1. Smaller Cloud Providers Need to Rise Up

Continue

The Standard for Cloud Backups

SolarSystem Cloud Backups

Regardless who you ask, regardless what study or poll you read and regardless of who you talk to, time and time again, the markets’ main concern with Cloud based solutions are shown in the form of security. Now, most Cloud computing security concerns come in a pretty standard worry: consumers are worried:

Continue

Local Backups vs. Cloud Backups

Cloud Backup Solutions

With the Cloud becoming more and more popular for the public, a debate has popped up between Cloud providers and Cloud users. That debate centers around the use of Local Data Backups vs. Cloud Data Backups. For the vast majority of companies and personal tech consumers, the idea of storing your critically needed data locally makes sense. Use an external hard drive. Set a reoccurring backup time on a daily basis. Forget about ever backing up your data ever again. However, with the Cloud becoming more accessible to private consumers and companies of all sizes, local data backups are giving way to Cloud backups. Here’s why.

The Problem with Local Backups

  1. Local Backups Require Personal Data Encryption – Here is the thing about using your own locally stored hard drive to backup all your critical business data – it’s unsafe. Unless you are an IT expert who knows how to properly secure your local hard drive with secureExternal Hard Drive - Local Backups encryption methods and security codes to make sure hackers can’t get in, your critical data is open to the world. For the personal user who only stores music files on their local external hard drive, a hacker doesn’t mean much. But for a company storing sensitive financial data or classified documents, security is a very real threat.

  2. Local Backups are Limited – A local external hard drive is a physical piece of equipment which takes up place on your desk and is limited to a storage capacity limit. Unable to grow from its stagnate state, a local external hard drive will not grow and scale with your company as you need more storage space for sensitive data. A local hard drive is 80gb, or 120gb, or 500gb. Once you reach that maximum potential, it’s time to purchase another hard drive. This might not seem like that big of a deal but for a company of any size, who shuffles through a ton of data on a daily basis, your local limit is going to be met and exceeded quickly. This will cause headaches and cost a lot of money.
  3. Continue

Securing Your Cloud Locally

LAN Security

LAN Security

Location. Location. Location. It’s true about real estate and it’s also true about Cloud Storage Security. Even if you’re already storing your data in the Cloud, you should back up that data by storing it locally. While the Cloud has the ability to store data remotely and securely, data security is dependent on two things: Your Cloud provider and your LAN (Local Area Network) security. Why? Because all the security in the world by your Cloud provider won’t change the fact that your local machine is open game.

Cloud security or virtualization security poses risks from not just the hosting provider, but also the consumer. Why? Because even though Solar VPS takes every precaution available to ensure optimal security, in spite of our best efforts, we can’t protect your personal computers from being hacked – that’s up to you. If you’re one of the people that falls for the, “YOU’RE THE 100TH VISITOR! CLICK HERE FOR YOUR FREE IPAD!” then you can’t blame us when your server gets hacked from the inside. So, how do you accomplish true fail-safe Cloud Computing? – By utilizing the benefits of the Cloud while also storing your data locally.

Continue