Month: October 2012

As the amount and the importance of the data that people, businesses, governments capture and store electronically have increased, so has the frequency of every type of cyber-attack. Much attention has been paid to financially-driven hacking and hacktivism, the two most common forms of cybercrime. However, a rarer though much more devastating type of cyber-attack—cyber warfare—has been grabbing many of the headlines lately.  As a result, companies may be wondering what they should do to counter this threat and if it should influence their choice of infrastructure. In any case, the best option for most businesses would still be to select private cloud solutions, which provide the greatest protection from every kind of cyber-attack.

The severity of the cyber warfare threat was reinforced by a speech last week of the U.S. Secretary of Defense, Leon Panetta, in which he warned of the susceptibility of vital American assets to cyber-attacks by enemy governments and extremist groups. He pointed to the recent cyber-attacks against the websites of major U.S. banks and the Shamoon virus that targeted oil companies in Saudi Arabia and Qatar as evidence of the potential impact of cyber warfare. Panetta also warned of cyber-attacks that would target the nation’s chemical, electrical, and water facilities and transportation networks and “could be as destructive as the terrorist attack on 9/11.” He used the example of terrorists hacking into an electronic transportation system and derailing and crashing trains, some filled with passengers and others carrying hazardous chemicals. Panetta went on to say, “No one has a greater interest in cybersecurity than the businesses that depend on a safe, secure and resilient global, digital infrastructure.” He added that the private sector cannot expect the military or the government to protect it from cyber-attacks. Instead, companies have to beef up their own network security. They also need to be willing to share data about attempted and successful cyber-attacks with the government.

Some observers have dismissed Panetta’s speech as an attempt by the Obama administration to pressure the opponents of a cyber-security bill that has stalled in the Senate. Others worry that the Secretary of Defense may be using the threat of cyber war to increase government and military control over the Internet. PC Magazine writer John C. Dvorak also puts forth the interesting argument that the conditions for a widespread and destructive cyber war do currently not exist, since terrorists and terrorist states do not have the resources to conduct massive cyber-attacks and because China and Russia would harm their own economies too much if they succeeded in crippling the infrastructure of the United States.

However, even if one discounts the train example and the “cyber Pearl Harbor” rhetoric as over-dramatic, the recent bank and Shamoon cyber-attacks—which were perpetrated by Iran, according to most intelligence experts—should be enough to convince businesses of the significance of the cyber war threat by themselves. The bank attacks in particular demonstrate that a company doesn’t have to be the target of a cyber-attack to be harmed by one. In this case, consumers and businesses could not access their online bank accounts, resulting in delays or cancellations of sales and transfers. Similarly, cyber-attacks aimed at the electricity grid and the transportation system would affect thousands or millions of companies in addition to the targeted utility or transport organization.

Business owners may look at this situation and say to themselves, “I don’t have anything to do with defending banks or utility companies from cyber-attacks. There’s nothing I can do to protect myself from a cyber war.” In fact, private clouds offer significantly better protection from advanced cyber-attacks than public clouds or on-site infrastructures. First, many private clouds have in-place, enterprise-level network security. Smaller businesses can afford this degree of network security because they share the costs with their hosting provider’s other clients instead of paying for its design, implementation, and maintenance themselves. Second, private clouds would not be affected by an attack targeting a local electricity grid or transportation system because of their off-site location. Responsible private clouds providers also have backup systems spread throughout the country to prevent any kind of disruption or data loss. Finally, if a foreign government were to target a cloud computing service, it would likely set its sights on the millions of IT infrastructures hosted by a large public cloud, not the dozens of IT infrastructures on a normal-sized private cloud.

Companies looking for the best protection from every kind of cyber threat should select Private Cloud Solutions from IronOrbit. Our Orbital Security System protects your data in transit (network security, encryption), in storage (access control, audit trail, antivirus, antispyware), and in use (performance monitoring, content filtering). We include with all of our solutions a data backup system that features daily off-site backups, weekly server snapshots, geographically-separated facilities, and an ambitious Recovery Time Object (RTO) of 12 hours and a Recovery Point Objective (RPO) of 4 hours. Our Virtual Desktops can also prevent unintentional data loss by prohibiting the outward transfer of data. Despite all of these security features, IronOrbit Private Cloud Solutions also possess unsurpassed performance, reliability, and accessibility. With IT solutions from IronOrbit, you can take shelter from cyber threats without sacrificing costs, collaboration, or speed.

The number of companies that allow their employees to use their personal laptops, tablets, and smartphones at work has been steadily increasing. A permissive Bring Your Own Device (BYOD) policy has several advantages, including lower hardware costs and increased worker mobility, productivity, and morale. Securing these devices will require IT administrators to install remote access tools on them, integrate them into the company network, and set firm security policies and settings. To avoid the costs and hassles of integrating and monitoring dozens of mobile devices, companies can also sign up for hosted desktop, which centralize and restrict access to data without sacrificing mobility or performance. However, just when businesses had begun to get a handle on BYOD, employees have recently acquired an additional mobile capability: the ability to create a personal Wi-Fi network with their smartphone. Bring Your Own Network (BYON) has its own benefits, challenges, and solutions independent of BYOD.

Anyone can create a personal Wi-Fi network with a compatible smartphone or mobile hotspot. For example, certain smartphones have built-in Wi-Fi chips that let them convert cellphone signals into bandwidth. The phone can be turned into a router, connecting nearby laptops and tablets to the Internet. Just like a router, the phone protects its signal from unauthorized users and hackers with an authentication system and WPA2 data encryption. A personal Wi-Fi network beats the alternatives of a mobile data network and the Wi-Fi hotspots of cafes and hotels. Mobile data networks only support smartphones and tablets. Wi-Fi hotspots are slow, insecure, and pricey. Personal Wi-Fi networks are a more flexible, secure, and reliable way to for mobile employees to access their files and applications and stay connected with the office.

BYON also complicates the network security measures of businesses and IT administrators, however. Most company’s networks have carefully-implemented authentication systems, firewalls, and security policies and settings. Hackers can use a BYON as a back door, targeting its lesser access control and data protection systems to gain entry to a company’s main internal network. Any applications or data transferred from the more secure internal network to the less secure personal Wi-Fi network would also be vulnerable.

To avoid these access and security issues, businesses should sign up for virtual desktops from a hosted solutions provider. No data gets transferred to the mobile device with hosted desktop. Users have to log in to their web-based operating system to access their files and applications. The security of the mobile device does not matter in this case because anyone hacking into it still wouldn’t have any direct access to company data or systems. Virtual desktops also require no integration with the networks of mobile devices.

Businesses that decide to go with virtual desktops should select the best virtual desktops available: IronOrbit Hosted Desktops. Our partnerships with virtualization leaders VMware, Microsoft, and Citrix have allowed us to develop the most highly-customized Virtual Desktops with the best performance, security, reliability, and availability. Get Internet access from anywhere and access your files and applications from anywhere with a combination of BYON and IronOrbit Hosted Desktops.

Companies, consumers, and journalists in the tech world have focused a lot of their attention on mobile devices lately. The surge in interest may have started with the court battle between Apple and Samsung a couple months ago. Aside from the petty squabbles of smartphone and tablet manufacturers, however, leading IT analysts have had more substantial discussions about how businesses should manage and protect their mobile devices. Overall, they suggest that companies have to do a better job of balancing security concerns with the privacy and freedom of mobile employees.

Enterprise mobile security and Bring Your Own Device (BYOD) policies were a central topic at last week’s Interop conference (arguably the largest and most important IT expo in the world). Network World’s Jon Gold quoted one attendee as saying, “It’s inevitable that you will have to support mobile devices…however, heavily regulated industries do actually have specific policies. There are actually companies out there where it is a fireable offense to bring a smartphone in.” Statistics back up the conference-goer’s statement about the inevitability of enterprise mobile support: according to Cisco, 95% of all businesses allow some form of BYOD. Meanwhile, the statistics also reinforce the concerns of regulators and IT experts about the security of mobile devices: according to McAfee, malware threats targeting smartphones and tablets rose 600% this year.

Fortunately, IT security experts have come up with some solutions and best practices to counteract the rising mobile security threat. Their advice includes:

–Don’t trust mobile antivirus software. The antivirus program on a mobile device isn’t as reliable as the one on a PC. Mobile antivirus software can only protect against well-known malware threats. Because mobile operating systems do not have root administrative access, mobile antivirus programs cannot detect previously-unknown threats using behavioral analysis.

–Be wary of Android smartphones. Apple requires users of its phones to download all of their applications from the company’s official store. Apple’s store will reject any application with vulnerabilities or malicious code. In contrast, Android users have the freedom to download and install any application from any source. Many Android owners may have downloaded a hacked version of a legitimate application without realizing it. The total number of malware targeting Android phones increased more than 4,000% last year.

–Other tips. This article from CSO Online and this report from EMC’s security division, RSA, provide additional guidance about the secure deployment of mobile devices.

However, security shouldn’t be the only concern of businesses when deploying or integrating mobile devices. Companies also need to consider usability and privacy when managing their employees’ smartphones and tablets. “MDM [Mobile Device Management] is about locking down devices, preventing users from performing certain tasks they might want to do on their phones and tablets,” Bytes’s Larry Seltzer wrote recently. “From a security standpoint this is a perfectly reasonable thing to do, but users don’t like it….And in a BYOD environment, restricting what users can do and threatening to wipe their devices is a recipe for bad will.” Mobile devices let workers take their files and applications anywhere, improving their productivity. But overzealous security controls negate many of the benefits of enterprise mobility by discouraging employees from using their devices. Consequently, businesses need the find a happy medium between security and usability.

Luckily, the Chief of Computer Security of the National Institute of Standards and Technology (NIST), Donna Dodson, has recommended a solution to the security-usability conundrum. As Mobile Enterprise tells it, “Her recommendation is a virtual desktop. She says this provides a way to isolate an environment for individuals, constructing it to provide the tools they need without a lot of additional surface space for an attacker. ‘This will ensure a safer working environment and one that can be upgraded very quickly to address a threat of tomorrow that you were not expecting as you plan today,’ she points out.”

We couldn’t agree more at IronOrbit. With our Virtual Desktops, users can access their files and applications from anywhere with any web-enabled mobile device. IronOrbit users don’t have to compromise performance for mobility, either—our Hosted Desktops allow them to access the superior processing power and limitless functionality of a locally-installed PC operating system from their smartphone or tablet. Our data protection measures include multidimensional security (antivirus, antispyware, and anti-spam), complete data backups, 24x7x365 network security monitoring, and AES 256bit encryption. And, while authorized users can always access their files and applications from their Virtual Desktops, the data will always remain on the IronOrbit servers and cannot be directly transferred to mobile devices. Companies don’t have to balance or compromise anything with IronOrbit Virtual Desktops because we give them everything they want from their Hosted IT Infrastructure: the utmost mobility, security, usability, and performance.

Facebook, the social networking site, consistently ranks as either the first or second most-visited website in the world. It celebrated its one billionth unique active user last week. It stores a total of over 100 petabytes (about 100 million gigabytes) of user data and continuously adds more than 500 terabytes per day. Its IT infrastructure consists of over 60,000 servers in about 15 full-size data centers. With the exception of advertising, Facebook provides all of its services for free. How can the site support so many simultaneous users? How can it store such large amounts of accessible data? How does Facebook maintain its IT infrastructure costs at a manageable level without charging for anything? The answer: cloud computing.

Not many people recognize Facebook as a form of cloud computing. Many probably view it as nothing more than an interactive or customizable website. However, Facebook has all the required characteristics of a cloud-based application, including: 1) it can be accessed via the Internet and doesn’t have to be installed on the user’s hard drive; 2) multiple people can use it at once without affecting the performance of the application, the integrity of their accounts, or (if they choose) the privacy of their data; 3) it has a scalable infrastructure that can be quickly and easily expanded without disrupting the application. Though a normal website shares some of these characteristics, it also lacks the “computing” features of Facebook and other cloud-based solutions, such as the ability of users to store data and perform a variety of actions.

The example of Facebook shows how cloud computing can improve collaboration and increase the IT flexibility of an organization. The social networking site would be worthless as an offline version installed on the hard drive of a single user’s computer. The usefulness of the site would also be limited if it were restricted to a local network such as the LAN of an office or dormitory. Cloud computing, which can be accessed by any authorized user with an Internet connection, unlocks the full potential of Facebook by letting anyone in the world join and contribute to its community. In the same way, business applications should be hosted in the cloud so that they can be readily and securely accessed by off-site employees, contractors, and business partners.

Facebook also demonstrates the value of scalability. The site’s scalable architecture allows it to absorb large amounts of data without having to disrupt or divide its services. Facebook would not be able to support as many users or as much data without scalability. Expanding it would be much more expensive and require extensive customization: the separate software and hardware systems would have to be manually integrated. Organizations only have to connect additional hardware to a scalable IT infrastructure to increase its storage capacity or processing power. This is because the virtualization platforms of a scalable infrastructure can recognize and integrate new hardware into an existing system automatically. With scalability, a rapidly growing business (a social networking startup that metastasizes from an IT pet project into a 60,000-server mega-site, for example) can keep the same core infrastructure as it adds new users, data, and applications. While cloud-based and on-premise IT infrastructures can both be designed to be scalable, a cloud-based infrastructure does not require the purchase of new hardware (giving the organization flexibility in case of a temporary or seasonal expansion) and can be accessed from anywhere (letting the employees of an organization that has added new offices or locations utilize the same IT infrastructure).

As mentioned in the introduction, Facebook purchases and maintains its own data centers and servers. Most organizations that utilize cloud computing will select a third party company to host their infrastructure or applications for them. This saves the organizations from having to purchase their own IT hardware or hire their own personnel, dramatically lowering their overall IT costs. It wouldn’t make financial sense for Facebook to utilize third party hosting, however. For businesses with average-sized IT infrastructures, cloud computing lets them share the costs of building and maintaining a data center with their hosting company’s other clients. Facebook, on the other hand, requires full data centers worth of computing resources—it would be impossible or impractical for the website to share the resources or costs of a data center with anyone. This is not to say that cloud computing could not support a service of Facebook’s size (it certainly could) or that the site does not benefit at all from the innate cost-efficiencies of the technology.

For their own part, the 99.9% of businesses with data storage requirements less than 100 petabytes can expect to benefit from the increased collaboration, scalability, and cost-efficiency of cloud computing with a Private Cloud Solution from IronOrbit. For example, users can access their files and applications from anywhere with our Virtual Desktops. Also, our Hosted Infrastructure can be scaled up to support any amount of processing power or storage capacity. IronOrbit delivers a complete and fully-maintained IT Infrastructure—Hosted Desktops, Data Backup, 24x7x365 Technical Support, and 100% Uptime Guarantee all included—at a fixed low monthly rate. Make friends with the fastest and most cost-efficient and reliable cloud-based IT solution today!

European businesses have generally not been as eager as their American counterparts to adopt cloud-based IT infrastructures and solutions. Their reluctance has been variously blamed on the greater demand of European consumers for the privacy of their data; restrictive and complicated regulations; public skepticism about the benefits of cloud computing; and the more fragmented marketplace of the 27-nation European Union. However, the EU recently attempted to negate many of these objections by announcing a plan to 1) educate the public on the financial benefits of cloud computing; 2) demonstrate its confidence in the technology by supplying €45 billion ($60 billion) in government money for new cloud computing ventures; and 3) simplify and standardize the data security regulations of its members. The technology-cautious and privacy-conscious EU’s endorsement of cloud computing is a further vindication of the cloud’s security, reliability, and business value.

The EU predicts that its cloud computing initiatives will raise Europe’s GDP by €160 billion ($210 billion) and create 2.5 million jobs. Its data shows that 1/5 of businesses that have switched to the cloud have lowered their IT costs by greater than 30% and that the remaining 4/5 have lowered their costs by at least 10-20%. Sizable percentages of European companies also reported that their mobility (46%), their productivity (41%), and their ability to expand to new locations (32%) were increased by their adoption of cloud-based solutions.

According to 451 Research, Europeans are responsible for about 31% of the world’s total expenditures on cloud computing, only a little over half of the percentage (57%) spent by people and organizations in the United States. In a greater imbalance, 93% of spending on cloud-based Infrastructure as a Service (IaaS) occurs in the US, but only 6% happens in Europe. And, even though 64% of European companies utilize some form of cloud computing, their expenditures on public cloud services amount to only 1.6% of their total IT spending.

Harsh, complex, and inconsistent data protection laws are perhaps the main reason that Europe lags behind the United States in cloud computing. Companies in the Eurozone are required to:

-Promptly notify the government of any serious data breach

-Get explicit consent before collecting data on anyone

-Give everyone unlimited access to data owned by them, about them, or concerning them

-Delete all of a person’s data and records if he or she requests it (“the right to be forgotten”)

Businesses that fail to obey these laws have to pay a penalty of up to €1 million per violation. In addition, the separate data privacy laws of each nation complicate the regulatory situation even further. For example, several countries prohibit companies from hosting or transferring data about its citizens to servers located outside their borders. And, while these laws can make things difficult for European cloud hosting companies, they also make it nearly impossible for American hosting firms to expand their operations overseas. This is because US companies have to comply with both the American Patriot Act, which requires them to hand over the data of the their customers to the US government at any time and for any reason, and European privacy laws, which require the prior consent or notification of customers when transferring their data to a third party.

The EU’s new plan will attempt to soften and consolidate some of these data protection laws. It will also introduce more standardization into the processes of initiating contracts (Service Level Agreement or SLAs) with cloud hosting providers and of migrating data between the infrastructures of different hosting firms. As the head of EU Telecom Neelie Kroes put it, “You shouldn’t have to have a law degree to use the cloud.”

At the same time, it would be incorrect for anyone conclude that the EU had to lower its data protection standards in order to embrace cloud computing. The EU’s plan calls not for declawing but for clarifying and consolidating the 27 different data privacy laws of its members. The security and privacy of cloud computing technology is not the issue. In fact, the EU’s focus on regulating IT hosting providers rather than the technology correlates with what we have argued in prior blog posts: that poorly managed and maintained clouds are insecure, not “the Cloud” itself.

Finally, regarding the business value of the cloud: has there ever been a surer indication of the business value of a technology than the sight of a supremely cautious and pragmatic governing body practically begging  its citizens to convert to a more cost-efficient, mobile, and dynamic form of IT?

Aside from the EU, there is also another large group of people that fully appreciate the ability of cloud computing to galvanize, improve, and enlarge businesses: IronOrbit users. And who could blame them, when with their patented Atomic Speed Technology and Orbital Security Systems IronOrbit Hosted Desktops are some of the fastest, securest, and most reliable cloud-based solutions in the world? In addition, all of IronOrbit’s Private Clouds come packaged with 24x7x365 technical support and full data backups. Companies that select our Cloud-Based Solutions will eliminate their up-front hardware costs and replace their unpredictable IT budget with a low, fixed monthly rate. Join the EU and get behind Cloud Computing today!

Crowdsourcing, the business practice of submitting tasks to or soliciting advice from the general public, has drawn a lot of interest lately. The “crowdfunding” website Kickstarter, for example, may be the most talked-about new company, having been featured in all the major publications like the New York Times, the Wall Street Journal, and Businessweek.

Crowdsourcing possesses definite financial and cultural value. A business can get tasks done more efficiently and for less cost with it. Crowdsourcing lets people contribute to the economy that would otherwise be idle, out-of-work, or over-protective of their ideas or money. It reinforces the “wisdom of the crowd” and “the customer runs the business” philosophies of social media. Some people might interpret from all the attention that crowdsourcing has received that it has replaced cloud computing as this era’s “game-changer” or most disruptive technology or business practice. But crowdsourcing and cloud computing are actually just the same approach to two different areas of business—nothing is novel or groundbreaking about the idea or the activity of crowdsourcing.

The developments of crowdsourcing and cloud computing were both caused or motivated by the limitations of the preceding business or technological models. For instance, before the cloud, companies had to purchase and manage their own on-site IT infrastructure hardware. When business was slow, most of a company’s computing resources (the processing power of its servers and the memory of its storage devices) would remain idle or unused. Conversely, the company’s on-site IT infrastructure would probably be overwhelmed once business picked up. But a cloud-based IT infrastructure does not require any new hardware purchases and has the flexibility to add or subtract computing resources on-demand.

On the other hand, a business that does not use crowdsourcing would have to hire a full-time, part-time, or contract employee to perform all of its operations and projects. With this model, about 90-95% of the company’s work will be completed in an efficient way. But 5-10% would either be too sophisticated or too simple to be done efficiently with internal workers. With crowdsourcing, a company can complete this 5-10% of work without diverting any of its own personnel and resources and without overpaying for either high- or low-level contractors.

The Netflix algorithm contest is a famous example of high-level crowdsourcing. In 2006, Netflix offered $1 million to anyone that could improve the accuracy of its movie recommendation system by 10%. Freakonomics co-author Steven D. Levitt praised the company’s decision on his blog, writing, “They could easily spend $1 million internally hiring some programmers or Ph.D’s to try to improve their algorithm, with uncertain results. Instead, by making it a contest and offering up data to outsiders, they will probably succeed in having 100 times as many person-hours devoted to the problem for the same price.” At the other end of the spectrum, sites such as CrowdFlower and Mechanical Turk pay online workers as little as $.01 per task. These are jobs—organizing a database, transcribing audio, performing basic research—that a computer cannot do, that a well-paid employee would rather not do, and that a manager would consider wasteful of their employees’ time and labor.

While crowdsourcing and cloud computing both developed as a result of the inefficiencies of their predecessors, they also both create efficiency by increasing the productivity of people (the crowd) and servers (the cloud); they both let any person participate regardless of location; and they can both be temporary. For example, whereas a company would normally have to purchase its own hardware (utilizing about 20% of the server at any given time), cloud computing lets an individual server support the IT infrastructure of multiple companies (utilizing 100% of the server’s resources at all times). A cloud-hosted infrastructure can be accessed via the Internet from anywhere, not just from a workstation connected to an internal network. Also, because of the cloud’s on-demand and flexible architecture, cloud-based solutions can be deployed or uninstalled within seconds.

Likewise, in the same way that cloud computing turns underutilized hardware into fully-utilized virtualized servers, a lot of crowdsourcing sites let people do something productive with their normally-squandered spare time and money. A profile by Salon writer Katherine Mieszkowski of a frequent user of the lower-end crowdsourcing website Mechanical Turk partly explains why anyone would want to do anything for $.01: “Curtis Taylor, 50, a corporate trainer in Clarksville, Ind., who has earned more than $345 on Mturk.com, doesn’t even think of turking as work. To him, it’s a way to kill time…Taylor travels a lot for business and finds himself sitting around in hotel rooms at night. He doesn’t like to watch TV much, and says that turking beats playing free online poker.” In addition, most crowdsourcing work can be done remotely. Crowdsourcing websites are also designed to be flexible: crowdsourced tasks can quickly be posted or taken down.

Looking for a low-cost way to for your business to perform restrictively simple or sophisticated tasks? Go to the crowd. Looking for the most cost-effective and reliable way to host your IT infrastructure? Go with an IronOrbit Private Cloud. Our Virtual Desktops are fully scalable and therefore capable of supporting businesses of any size. With our advanced Orbital Security System and 100% Uptime Guarantee, a business’s files and applications will always be secure and available.