Cloud Computing and Data Security

We cannot attribute the beginning of cloud computing to a particular person or time. It evolved with the evolution of Internet and enterprise computing. We may be able to trace its roots all the way back when Dr. Larry Roberts developed the ARPANET in 1969. (Whitman & Mattord, 2016)

While the evolution of ARPANET, to Ethernet and then to Internet happened, enterprises were discovering new ways to compute from mainframes to multi-tier computing. During the early stages of enterprise computing, enterprises were purchasing hardware and software to host internally. Though not in the form that we see today, enterprises had an early version of cloud in the form of networked mainframe systems with dumb terminals. They then slowly began to outsource their information systems to Internet Service Providers (ISPs) and Application Service Providers (ASPs).

The concept of using computing, as a utility was probably first proposed by Professor Noah Prywes of the University of Pennsylvania in the Fall of 1994 at a talk at Bell Labs. “All they need is just to plug in their terminals so that they receive IT services as a utility. They would pay anything to get rid of the headaches and costs of operating their own machines, upgrading software, and what not.” (Faynberg, Lu, & Skuler, 2016). It came to fruition when Amazon launched its limited beta test of Elastic Cloud Compute Cloud (EC2) in 2006. Meanwhile, has already mastered how to deliver an enterprise application using a simple website. Continue reading “Cloud Computing and Data Security”

Secure Mobile Device For Enterprise

With the introduction of cool mobile devices available for the corporate world, executives feel their existing blackberry out of fashion. For a while, blackberry devices ruled the corporate world for mobile communications. They are efficient and highly secure.

Blackberry security is still considered the gold standard for enterprise mobile communications. However, with generation Y taking over the corporate world, enterprise infrastructure have a hard time meeting their demand to have social networking and other mobile applications available on their mobile devices. RIM’s product is no more preferred; rather it is now one of the options that should be available to the corporate users.

There is also increasing demand among employees to use their personal mobile devices (individually liable) for enterprise use. They view pervasive wireless LAN (WLAN) and mobile cellular coverage as “must have” capabilities and consider smartphones as “must have” tools that would help integrate their personal and professional lives.

Until recently every enterprise had a web address advertised along with their products. Now, their applications are showing up in mobile device application (app) store and their mobile web addresses (example are advertised along with their web address (example increasing their competitiveness.

So how do we secure such diverse devices while making them available for corporate use?

Continue reading “Secure Mobile Device For Enterprise”

Microsoft warns of new zero-day hole

According to Microsoft Security Advisory – 973472, a zero-day hole in Office Web Components ActiveX Controls could allow an attacker to execute malicious code remotely. This happens on Internet Explorer that has the ActiveX Control enabled.

The ActiveX is used to display and publish spreadsheets, charts and databases to websites. There is no patch yet issued for this hole. However, Microsoft recommends certain manual steps to prevent the attack.

Microsoft recommends defaults settings of IE in Windows Server 2003 and Windows Server 2008 as it will prevent the an IE user on such servers from downloading such malicious contents.

Users of Microsoft Outlook and Outlook Express are safe if they are operated in the Restricted Sites Zone.

The web based attacked is not possible unless an IE user is forced to use a website infected with the malicious content. So beware of spams and phishing emails.

Once compromised, the IE user machine provides local admin rights to the remote attacker. Users with few local admin rights on the computer will have low impact.