Month: September 2012

Increased mobility is one of the more obvious and utilitarian benefits of cloud computing. It lets employees access their files and applications from home, coffee shops, the train, or anywhere else with an Internet connection. Outside of work, it allows everyone everywhere to use their tablets and smartphones to play games, listen to music, watch movies, and communicate via Twitter and Facebook. Recently, the streaming media and remote access features of cloud computing have also been extended to the onboard systems of several mass-produced cars. But some auto industry observers and companies have begun looking beyond simple “infotainment” suites to more substantial features that will increase the safety, reliability, and functionality of vehicles.

In a far-sighted article, Justin Stoltzfus of Techopedia looked ahead to some of the possible applications of in-vehicle cloud computing beyond infotainment. A few of his more interesting predictions include:

-Cloud technologies will decrease the “on-site” hardware requirements of cars. Some of the computing equipment in the dashboard can be removed, increasing legroom and lowering the price of the car.

-A cloud-based system could adjust the suspension and/or sway bar of a vehicle according to the driver’s previous behavior or driving style and the conditions and topography of the road.

-Lane departure and pre-crash warning systems using satellite and sonar technology already exist. But a cloud-based system that tracked the location every car on the road would be more accurate and less costly.

-A cloud-based system could interpret weather data to automatically initiate the defroster, the windshield wipers, or other parts.

Two well-known features of cloud computing—its ability to reduce or eliminate on-site hardware and to crunch large amounts of complex data quickly and cost-effectively—inform many of Stoltzfus’s ideas and predictions. Meanwhile, another widely-regarded feature of cloud computing—the way it lets people stay integrated with their work (through remotely accessible files and applications) and lives (through online email and social media sites) no matter their location—has been incorporated by Ford in its Evos concept car and long-term cloud computing strategy. The company suggests that its cloud-enabled cars will eventually have the ability to:

-Start themselves up in the morning

-Lock the doors and set the alarm of a home connected to the same cloud

-Change the settings of the drivers’ alarm clocks based upon alterations to their cloud-based calendars

-Drive itself if its sensors detect that the driver has suffered a heart attack

-Parse traffic data to automatically suggest alternate routes

These ideas and developments also reinforce the high confidence of the public and major companies in the reliability, performance, and availability of cloud computing. A technology that was intrinsically prone to frequent downtime and slow or inconsistent performance would never be utilized to assist a car with its steering and emergency systems. Companies should therefore not feel any trepidation hosting their data in a Private Cloud from IronOrbit. We also supplement the already secure and reliable technology of the cloud with our impenetrable Orbital Security System (including antivirus, antispyware, and firewalls) and our performance-boosting Atomic Speed Technology. So while you wait for the cloud computing-enabled cars of future, hitch a ride with a present-day IT marvel that lets you access your files and applications from anywhere, quickly and securely—IronOrbit Private Cloud Solutions.

Most businesses rarely perform all of their processes in-house anymore. Today’s economy requires flexibility and high specialization. With specialization, companies adapt more quickly to changes in their specific market. At the same time, it gives stability and focus to employees, resulting in more knowledgeable and efficient personnel. However, without perfect coordination between the multiple companies of a supply chain, many of the benefits of specialization disappear.

To achieve high levels of coordination and synchronization, companies have turned to collaboration technologies such as supply chain management software, project management software, and enterprise resource planning software. These programs let the companies share collaborative documents (blueprints, product designs, advertising concepts, etc.) and maintain consistent schedules and records. On-site deployment of these technologies can be difficult and complicated, however. Integrating several different on-premise systems requires costly and extensive customization. The alternative—where one of the companies hosts the software internally and gives the other businesses conditional access to it—can also be tricky. With this arrangement, the host company has to give its business partners access to its internal network. On-site hosting also raises questions about cost-sharing and ownership. Should all the companies in the partnership pay to obtain, install, and manage the hardware and software of the hosted application? Which company “owns” the data, ultimately? How should the host company be held accountable for breaches and data loss incidents?

To avoid the issues of access, cost, and ownership altogether, companies should host their collaboration technologies in the cloud. With cloud-hosted software, none of the companies in the partnership have to deal with configuring firewalls, purchasing and maintaining hardware, or protecting data. The partnership’s software and files will reside in the data centers of a third-party hosting company. The company that hosted the on-site program will not have to compromise the security of its internal network. Everyone in the partnership will have equal access to and ownership over the data.

Even more beneficial to the business partnership would be to host its collaboration software in an IronOrbit Private Cloud. Our Virtual Desktops are a perfect IT infrastructure for partnerships for the following reasons:

–Flexibility. The IronOrbit Virtual Desktops can be packaged with any supply chain management, project management, or enterprise resource planning application. These hosted apps will appear to users as icons in the operating system of their Hosted Desktops.

–Security. IronOrbit’s knowledgeable and experienced technicians will monitor your Virtual Desktops for malware and suspicious network activity. With our 24x7x365 availability, we can respond to any data breach at any time. The centralization of our Hosted Desktops also allows us to maintain a comprehensive audit trail (important for regulatory compliance) and to filter for spam and other dangerous content. Furthermore, infected Virtual Desktops can be isolated and deleted easily. The IronOrbit Desktops can also be configured to prevent the outward transfer of files, preventing unscrupulous partners from stealing or misplacing sensitive data.

–Cost-efficiency. You don’t have to purchase any additional hardware with IronOrbit Virtual Desktops. You only need a web-enabled device such as a laptop, netbook, thin client, tablet, or smartphone to access your files and applications. You also only have to pay for the amount of concurrent Hosted Desktops that you need, not the total number of Desktops. Instead of “assigning” desktops, our state-of-the-art infrastructure maintains the files and settings of every user and implants them in an empty virtual machine whenever the corresponding user logs in.

–Availability. IronOrbit Virtual Desktops can be accessed via the Internet from anywhere in the world. And, unlike on-site hosted software, they have been optimized for use by mobile devices. Business partners cannot only access their Virtual Desktops from any office on earth, but also from coffee shops, construction sites, the road, or anywhere else they can get a signal.

Improve the security, consistency, and availability of your infrastructure and get better synchronized with your business partners with Private Cloud solutions from IronOrbit.

Zero-day attacks aren’t the worst hacking threat for most businesses. Security breaches usually occur against well-known vulnerabilities (mainly default passwords and unpatched software) that companies and employees have not been financially or technically capable of addressing. But businesses with password management, patch management, and strict security policies that have invested time and resources protecting themselves from known vulnerabilities face a unique threat with zero-day attacks. Zero-day malware targets a software vulnerability that the developer of the application has not identified or fixed yet. Patch management will not protect against such threats because by definition the last software update of the targeted program predates the development of the malware.

Data security experts recently detected a zero-day threat aimed at the Java 7 platform. Many websites and online applications use the Java programming language. Also, many browsers have the built-in ability to access sites and services written in Java.  The recent zero-day attacks exploited a previously unknown vulnerability in the Java programming language that can force a user’s browser to download malware from an infected website. The malware can then install a remote access toolkit that gives the hacker the ability to control and explore the hijacked computer. About a week after the public disclosure of the vulnerability, Oracle released a new version of Java 7 that removed the problem.

This zero-day Java malware was unique in a couple ways. First, security experts have noted the extreme sophistication of the malicious program. In an email exchange with a journalist from theatpost.com, researcher Esteban Guillardoy said of the malware, “Finding these vulnerabilities and [using] them in a useful way is a much harder task that requires a wide knowledge of the Java JDK/JRE codebase and deep understanding of the Java security architecture.” Second, researchers were actually able to pinpoint the origin of the zero-day attacks. A hacking group called the Nitro Crew began emailing links to the infected sites to victims on August 22. Like in its previous hacking attempts, the Nitro Crew targeted workers at American, British, and Bangladeshi chemical manufacturing companies. The security firm Symantec was able to trace the group to both sets of attacks because of the common IP address of one of their command-and-control servers. Finally, some observers have interpreted the Java zero-day attacks as a prime example of the increasing “industrialization” of hacking. They point out the “division of labor” involved in the hacks (Symantec suspects that the Nitro Crew purchased the malware from a more advanced coder) and how knowledge of the zero-day vulnerability spread quickly through the hacking community, turning up in popular malware kits and inspiring copycat attacks in Europe.

At the same time, the Java attacks had the same outcome for the victims as other forms of zero-day threats: stolen account information and other data. Though some forms of antivirus software can detect zero-day malware by its distinct coding style or by executing it in a contained environment, more than half of all the major AV programs were unable to recognize the recent Java threat. Two other protections from this specific attack were suggested by experts: blocking connections to the IP addresses associated with the malware and setting the company firewall to prohibit external access to the Java application. Both of these measures would require the expertise of a network security professional, however.

Companies should select private cloud IT infrastructures if they want the best protection from zero-day malware going forward. Private clouds have a greater number and higher quality of staff than either on-site or public cloud infrastructures. With more personnel the private cloud hosting company can monitor each infrastructure closely and provide better after-hours protection. And with more experienced technicians it can spot suspicious network activity quicker and respond to potential attacks with more refined techniques.

IronOrbit private cloud-based Hosted Desktops offer even further protection from zero-day threats. With our Virtual Desktops you can easily set firm security policies and perform patch management for the entire infrastructure. It is also easy to isolate and destroy hosted desktops that have been infiltrated with malware. We provide further layers of protection with our Orbital Security System, which includes access control, firewalls, antivirus, antispyware, and intrusion prevention and detection systems. IronOrbit private cloud solutions turn zero-day threats into zero threats.

Yesterday the public cloud hosting company GoDaddy experienced a major outage. A large percentage of its 50 million registered domains, five million hosted websites, and an unknown number of its other cloud-based solutions were affected. Some websites were unavailable for as long as six hours. For many businesses, the outage occurred during the most critical hours of the workday: from 1 PM to 7 PM on the East Coast and—more devastatingly—10 AM to 4 PM on the West Coast. One e-commerce business claimed that it had lost $50,000 due to the temporary inaccessibility of its websites. The business’s owner told United Press International, “It feels to me that a company of that size, they’d have contingency plans, better security. We’re just really disappointed with what we thought was a major, able, safe Internet services provider.” Though a hacker claimed responsibility for the attack, GoDaddy said that the outage was a result of technical problems with its DNS servers (hardware that converts URLs into functional IP addresses and allows users to establish a connection with a website).

GoDaddy’s outage demonstrates several of the problems with the public cloud:

-First, many GoDaddy customers were reportedly frustrated by the lack of technical support during the incident. The wait list for the customer service line of the company reached 750 people on Monday. Public clouds often have millions of users but a much smaller number (hundreds or dozens) of support staff. When things are going well, this lopsided ratio lowers customers’ costs and raises the public cloud hosting company’s profits. When the cloud’s infrastructure fails, however, customers can expect little information and long waits for individual technical support.

-Second, the public cloud is both extremely interconnected and complex. Most of the hardware resources in a public cloud data center are shared or “pooled.” This means that a single website can either be hosted across multiple servers or crammed into a single multitenant server with several other websites. Websites (or any other service or solution) hosted on a public cloud also have to share the same networking hardware and data backup systems. Like the high customer-to-support-staff ratio, pure multitenancy lowers the costs of both the hosted and host as long as the public cloud infrastructure functions perfectly. However, public cloud data centers are composed of thousands of different hardware and software components that can fail at any time. And, as the Go Daddy outage and prior Amazon EC2 and Microsoft Azure incidents demonstrate, a singular malfunction can shut down the services of millions of customers at once due to the interconnectivity of public clouds.

-Third, even if the hacker’s claim of responsibility for the GoDaddy outage turns out to be false, the claim itself demonstrates the appeal to cybercriminals and hacktivists of attacking public clouds. Hackers do not just commit their crimes for financial reasons. Some of them will hack big-name companies for the bragging rights or to make a political statement. And public clouds are the most well-known and highest-profile type of IT infrastructure.

In contrast, a private cloud infrastructure would have protected against, contained, or mitigated the effects of an outage like GoDaddy’s. Each private cloud has a dedicated technical support team that can answer questions, provide information, and respond to problems at any time. Users of private clouds do not have wait in a customer service phone queue or check their hosting company’s Twitter feed for updates on the status of their infrastructure. The technical support team will respond immediately to any issue, minimizing the clients’ losses due to the slow performance and downtime of their hosted solutions. In addition, private clouds have a less interconnected infrastructure. An issue with a single private cloud will not spread to other infrastructures in the same data center. As a result, the widespread outages of GoDaddy, Amazon EC2, and Microsoft Azure would be impossible with private clouds.

To further ensure the reliability of their IT infrastructure, companies should select Hosted Solutions from the private cloud hosting provider IronOrbit. Our helpful and experienced technicians are available 24x7x365 to assist you with any questions or problems. We also provide around-the-clock security and performance monitoring to protect and maintain your infrastructure all day and all night long. Furthermore, our Orbital Security System uses access control, firewalls, antivirus, antispyware, and IPS/IDS to ensure the maximum reliability of your Hosted Solutions. With IronOrbit you don’t have to worry about outages or unintended downtime—our private clouds are too well-managed and secure to fail.

The majority of data security solutions and practices concentrate on preventing or identifying and responding to intrusions. Discussions of security often center on automated protections such as antivirus, anti-spyware, and firewalls or the policies and tactics of administrators. Until recently, data security has not been approached as a user-centric process. But security experts have begun to focus more on identity management—or the management of authenticators (such as passwords) and permissions. Identity management (or IdM) has risen in importance because: 1) many data breaches occur because of poorly selected or managed passwords; 2) it is more important to establish the identity of users of cloud computing (who do not have to be in the same location as the hardware they are accessing) as opposed to internal resources and networks that have to be accessed from on-site workstation; 3) of the need for off-site contractors and business partners to access the same IT resources as on-site employees without compromising security.

Identity management has several main components: password management, provisioning, and policy enforcement. A more descriptive term for IdM would be “identity lifecycle management.” Usually a long-term process, the identity management lifecycle begins with the introduction of any new employee, contractor, or business partner to a company or project team. All the new users have to be “provisioned” an account, usernames, passwords, biometric (fingerprint or retina scans) or physical (tokens or smartcards) authenticators, and access to computing resources such as virtual desktops, applications, and databases. The IdM system then manages these identifiers and permissions over the course of the users’ tenure with the company. Password management will ensure that the user adopts security best practices such as selecting strong passwords (with numerals, symbols, and a sufficient length) and switching passwords for each account every 90 days to a year. The identity management system will also provision and de-provision based upon the progress, decline, or completion of a user’s career. For example, employees that have earned a promotion may have to be given access to the more secure areas of a company’s IT infrastructure. Instead of providing them with a new “executive” account, the IdM system provisions high-security clearance to their existing accounts and retains the users’ singular virtual identities.

Maintaining consistent user identities in an organization: 1) makes it easier for users to retrieve forgotten passwords; 2) allows companies to protect the more sensitive parts of their infrastructure from unauthorized access; 3) creates a reliable audit trail of user activity for regulatory purposes; 4) makes it easier for intrusion detection systems to spot unusual user behavior (for example, a user that consistently only logs in between 9 AM-5 PM accessing the system at 3 AM); 5) helps administrators to keep track of all the accounts, passwords, devices, and permissions of all users (especially important when needing to revoke access for departed employees and given the increasingly large number of users that access the infrastructure from multiple devices such as laptops, smartphones, and tablets). To enact identity management, companies need identity management software; automated registering, monitoring, and recordkeeping tools tied together with middleware; or manual management tools overseen by IT administrators with good memories.

Trust networks are a recent trend in identity management. With a trust network, not every website or service has its own internally-managed authentication system. Instead, a user has to set up an account with a credential provider. The user can then log in to any of the sites and services of a trust network with their account info (username, password, and other authenticators) from the credential provider. Behind the scenes, the credential provider confirms the user’s identity to the members of a trust network in Security Assertion Markup Language (SAML). With trust networks, users only have to remember one password or authentication process for multiple sites and web-based services (in the same way that consumers do not need a new credit card and PIN number for each ATM). Credential providers (in theory at least) will make the authentication process more reliable, secure, and private by absolutely guaranteeing the identity of the user (through two-factor authentication, security tokens, or personalized questionnaires) and sharing only relevant information to sites and services through SAML (for example, intuitively sending account numbers to banking and e-commerce websites but not to social networks and online email services). The U.S. federal government has already allotted $25 million for its National Strategy for Trusted Identities in Cyberspace (NSTIC) program to test out better authentication methods for both government and commercial networks.

Companies do not have to wait for the result of any experimental program to enjoy highly personalized and secure IT solutions. With IronOrbit Hosted Desktops, users maintain a consistent virtual identity by logging in to their assigned virtual operating system. From within their Virtual Desktop they can access any of the sites and services they need, including the Internet and all the applications (Microsoft Office, QuickBooks, and millions of options) packaged with their customized IronOrbit solutions. And, like with a trust network, with IronOrbit users only need to remember one password. We also uniquely support our desktops with a combination of multi-dimensional security—protecting your data at every phase and from every kind of threat—comprehensive audit trails for regulatory compliance, strict enforcement of security policies and permissions, 24x7x365 network and infrastructure monitoring, and high-performance Atomic Speed Technology. True to our name, IronOrbit provides companies with true virtual workplaces of individualized hosted desktops and fully-integrated applications.

For managers and small business owners, the decision of whether or not to adopt a content filtering system can be tricky. In the best-case scenario, a content filtering system improves productivity and security, cleanses offices of irrelevant and inappropriate media, and protects employees from their own bad impulses and web-browsing habits. In the worst-case scenario, the system actually reduces productivity by slowing Internet speeds and inadvertently blocking normal business-related websites. Employee morale may also be affected if workers interpret the content filtering system as an invasion of their privacy or an indirect criticism of their performance. And not only is the decision to adopt the filter difficult, setting up and configuring the system can also be a lot of work. Managers will oftentimes have to select prohibited sites manually and monitor Internet traffic for attempts to bypass the filter and misuse (mainly overuse) of legitimate websites. Ultimately the decision to adopt content filtering will depend on company-specific factors such as bandwidth usage, prior security incidents related to inappropriate websites, the current productivity level of the office, and whether anyone has already complained about being exposed to obscene content at the workplace.

For the still-undecided, this PC magazine article gives a further outline of the pros and cons of content filtering. It points out that data security regulations such HIPAA and Sarbanes-Oxley make content filters a requirement for companies in certain industries. It also provides some tips for setting up a filtering system that satisfies both managers and employees:

-To provide employees with more control, managers can enable features such as soft blocking (“in which a warning page is sent to the user instead of the requested page but access to the URL is still allowed through a link”) and review requests.

-Management should notify employees about the installation of a content filter. Not only does this protect the company from potential litigation, it also helps to maintain trust between managers and workers. Furthermore, notification gives employees a chance to modify their behavior on their own, saving managers the trouble of having to reprimand them.

-Content filters cannot stop malware and hacking attacks by themselves. They have to be paired with firewalls and antivirus to provide adequate data security

If the PC magazine article seems to underestimate the downsides of unmonitored Internet use at the office (“There haven’t been that many lawsuits, productivity is up overall, and bandwidth is cheap,” it quotes Gartner analyst Bill Gassman as saying), it may be because the article was published in 2004. Since then, social networking platforms such as Facebook, Twitter, and YouTube and media streaming sites such as Netflix, Hulu, and Pandora have attained the status of the workplace’s most prominent time-sinks. According to Nielsen, when Americans browse the Internet they spend 22.5% of their time on social media and a combined 53.5 billion minutes per year on Facebook. The research company also found that 44% of all online video viewing was occurring in the workplace. Social networking and media streaming sites aren’t just newer and trendier versions of instant messaging and Peer-to-Peer file sharing networks, either. They are uniquely wasteful of employees’ time and employers’ resources: social media has many more variations and features than IM, for example, and streaming media (higher quality and more frequently accessed than its predecessors P2P and direct download) utilizes a costly amount of bandwidth.

For many managers, social networking and streaming media by themselves are enough of a justification for a content filter. According to Tech Republic, over 70% of businesses have already banned the use of social media at the workplace. The manufacturing conglomerate Procter & Gamble also recently made headlines by cutting off internal access to Pandora and Netflix due to the excessive bandwidth consumption of its 129,000 employees. On the other hand, some people have defended the use of social media in the workplace, citing positives such as free advertising and it being an excellent source of market research and testing.

No matter what an organization decides about installing a content filter, they should select a hosting company with quality solutions and the flexibility and expertise to include or leave out a filter system—like IronOrbit. Our virtual desktops can all be packaged with a content filter. Managers can customize the settings of our filtering system to prohibit inappropriate Internet locales such as social networking, media streaming, gossip, sports, and adult websites. IronOrbit Hosted Desktops are also extremely secure as a result of our built-in security measures such as antivirus, anti-spyware, spam filters, intrusion detection and prevention systems, and firewalls. In addition, because of our infrastructure’s unique non-persistent architecture we can delete a user’s virtual desktop after every session (along with whatever malware it contains) while still retaining the user’s data and audit trail. IronOrbit Virtual Desktops have the flexibility, security, and performance to support your business and technical operations regardless of your company’s type, size, or IT requirements.