Request Information

Request Information

or Call 1.877.459.4347
Upcoming Webinars
Webinar: Healthcare Ransomware Realities | April 25, 2017 2:00 pm

[Part 1] Scary Stories Impart Valuable Lesson for Network Security

October 30, 2013 / Joseph Pedano

Late one night, 911 operators received a harrowing phone call from a woman who heard strange noises at her front door. She grabbed her 6-month-old baby, a licensed pistol and locked herself in an upstairs bathroom, holding her breath while the intruder violently tore apart the first floor of her home and stole valuables. In minutes, he was gone: “like a ghost,” said the homeowner. Later, they found the crook along with over 100 different house keys, presumably, of other unsuspecting victims.

A creepy story and one that will likely remind you to set your house alarm tonight, but it’s the scary tales of network invasions that will make even the most powerful executive shudder. In fact, security is the number one greatest fear of IT Directors, according to Evolve IP’s recent survey. As alarming, a new report from Silicon Valley Bank reveals that only one-third of 200 tech executives surveyed are completely confident in the security of their information.1

Stories of cyber security attacks flood the news with disturbing frequency. A breach in Epsilon’s network leaked millions of names and email addresses from the customer databases of some of its biggest clients.2 Sony Corp.’s PlayStation Network and Sony Online Entertainment suffered a series of attacks that placed 100 million customer accounts at risk, costing the company up to $2 billion.3 A group of individuals claiming to be affiliated with the ‘hacktivist’ collective Anonymous stole 75,000 credit card numbers and 860,000 user names and passwords from Stratfor, a subscription-based provider of geopolitical analysis.4 And earlier this fall, the websites of several large U.S. financial firms were disrupted by a monster DDoS attack that reportedly exceeded 60 Gbps – much larger than the typical 5-10 Gbps attack.5

Indeed, it seems like security standards are being compromised every day, masked by the hasty assurances that the occasional breach is inevitable and that everyone takes network security as seriously as you do.

Or not. Lapses in security practices may not be obvious, especially when obscured by contract liability language and certain…ahem…unstated assumptions. But while no cloud provider can absolutely guarantee an ironclad defense against the threats of tomorrow, every cloud vendor should be expected to maintain robust procedures that anticipate and mitigate data security risks before they cause harm.

In order to ensure maximum protection from all of the existing and emerging threats to any network’s security whether in the cloud or on-premise, there are two major buckets that need to be filled with proper security measures: 1) physical construction and 2) architectural design.

Physical Construction – Critical components to ensure control and constant visibility

Fewer than 10% of cloud providers own and operate 100% of their own facilities and, instead, rely on partners to provide data center resources. As a result, you need to ask the right questions to ensure that they have selected the right organizations; ones that provide the necessary controls and visibility into the physical security measures in place to protect their service offerings.

Look for cloud providers that either own or work with Tier One data centers, those strategically located in regions with low risk of natural disasters. This helps ensure that the provider also maintains rigorous protocols for securing these centers from things like unauthorized access. For example, each data center should only be accessible at a single point of entry and exit, secured with a biometric scanner and/or a video call box that allows security guards to visually identify each visitor before granting entry. And, ask if the provider monitors each data center around the clock via closed-circuit TV cameras that also record all footage. Be sure to probe the cloud provider, also, about security within the facility. For example, are all areas individually segmented with badge-secured doors, two-factor authentication and biometric hand scanning systems? Inside the server rooms, are each rack, cage and cabinet individually locked with keys held in a monitored lockbox?

In addition to protecting a provider’s data centers from unauthorized access, each center should be safeguarded from environmental threats. Extensive environmental controls and back-up power units must be installed – complete with dual power grids, multiple battery lines, emergency generators, back-up fuel supply, fire-suppression system, smoke and thermal detectors, and a fail-secure door and alarm system. Do the data centers have adequate cooling and ventilation? Are they physically separated from underlying service providers and other third parties? These are important questions to ask when considering a new provider…whether in the cloud or not.

Last but not least, it’s critical to find out how thoroughly the provider checks the background of each employee that will be working on site. Does the provider enforce mandatory drug testing? Run full background checks? Vet each potential employee with a detailed interview process? If you’re not convinced of the reliability of their hiring process, reconsider.

In next week’s post I will look architectural design and protecting how data is moved stored and transacted in the Cloud. In the meantime for 10 Easy-to-Implement cloud security best practices click here!

Sources:

1. Wall Street Journal Online, “Survey shows majority of tech executives planning for cyber security attacks,” by Silicon Valley Bank, September 24, 2013.

2. Sophos Naked Security Blog, “Epsilon email address megaleak hands customers’ customers to spammers,” by Paul Ducklin, April 4, 2011.

3. Sophos Naked Security Blog, “Sony admits breach larger than originally thought, 24.5 million SOE users also affected,” by Chester Wisniewski, May 3, 2011.

4. Sophos Naked Security Blog, “Data leaks at Stratfor and Care2 mark the end of a year riddled with data theft,” by Chester Wisniewski, December 30, 2011.

Read Part 2 —->

Categories: Security & Compliance

Clients We Work With

  • Company Profile

    Association Resource Group is an award-winning technology consulting and brokerage firm with over 25 years as an industry-leader.

    Testimonial

    We have been Evolve DaaS clients for just about 2 years. What execs really need to know is how much productivity DaaS brings to an organization. We have estimated that each employee saves 10 minutes a day in startup and shutdown time. Probably another 5 minutes a day in work from home productivity - i.e. more likely to log in from their home PC than if they had to carry a laptop home every night and no clunky VPN or Citrix session to dissuade them from getting on.

    So, 15 minutes a day, that is 3% of their day back. 3% of an $80,000 a year employee is $2,500.

    DaaS has a 300% return, with no capital at risk. That is what I would tell your execs. Feel free to ask questions.

    Best!

    Steve Murphey, Vice President

  • Company Profile

    Based in Northern New England, ClearChoiceMD treats urgent, non-life-threatening medical needs.

    Testimonial

    "With Cloud Connect, we have eliminated intermittent phone and internet service drops, increased the reliability of daily business tasks like writing e-prescriptions. We’ve even resolved printing issues. We have zero down time now as a result of connectivity because we’re always up and running.”

    Alex Fuchs, IT Director for CCMD

  • Company Profile

    CCI Health & Wellness Services is a group practice, empowering patients to partner with staff for an unparalleled healthcare experience.

    Testimonial

    “Usability is one of the most important factors in selecting technology solutions. We needed a solution that our staff could learn quickly and rely upon each day through high call volumes. Evolve IP emerged as best choice and the deployment has been very successful.”

    John Torontow, MD, MPH Chief Operating Officer - CCI Health and Wellness Services

Awards & Recognition

View More

Compliance & Certifications

View More

Latest Blog Posts

Junior Achievement Blasts Off with Lava for Life
April 13, 2017 / Jennifer Gutekunst
Over the past six months, Evolve IP has been a host site for Junior Achievement (JA).  JA is an interactive…
Evolve IP Resolves Cryptolocker Virus Ransomware Attack
April 7, 2017 / Dave McCrystal
No company is safe from the onslaught of cryptolocker virus ransomware attacks. The unfortunate nature of these attacks is that…
Data-breach-can-cost-you-more-than-you-think
Data Breach Can Cost You More Than You Think
April 7, 2017 / Foram Joshi
The prospect of member or customer data being hacked is one of the most concerning issues facing a CEO, CIO…
View More

Lastest Press Releases

Evolve IP Announces Availability of the Global Evolved Office (GEO)
April 10, 2017 / Evolve IP
The Cloud Services Company™ Continues Global Expansion With New Product Offering and Support and Development Office WAYNE, Pa. April 10, 2017 - Evolve IP, The Cloud Services Company™, today announced…
Financial Industry IT Professionals and Executives Believe Data is Safer in the Cloud than On-Premises
April 6, 2017 / Evolve IP
Evolve IP Survey of 110+ Credit Union, Banking and other Financial Professionals Reveals Cloud Growth, Compliance Needs and Deployment Trends WAYNE, Pa.—April 6, 2017 –– Financial industry IT professionals and…
Evolve IP’s Gary Coben Recognized as 2017 CRN® Channel Chief
April 4, 2017 / Evolve IP
WAYNE, Pa.—April 4, 2017 – Evolve IP, The Cloud Services Company™, announced today that CRN®, a brand of The Channel Company, has named Senior Vice President of Channel Services, Gary…
View More
close

Contact Us

or Call 1.877.459.4347