The UKIP approach to data security
By Davey Winder in Editorial
Posted in Cloud, Business, Data Protection, Government, Security on
Just how much does the average Brit hate Europe? Ask them about data security in the cloud and you’ll find out.
Size does matter, and the bigger it gets the harder it becomes to remember where you put it. I’m talking about data storage and the data stored within it, in case you wondered. The findings of a poll published by the Business Software Alliance (BSA) on its third European Cyber Security Awareness Day in Brussels reveal that the majority of European citizens not only don’t know where their online data is being stored but they are less than certain whose job it is to protect that data, wherever it may be.
I kind of know the feeling. I have plenty of network attached storage, so much that only a few years ago I would have had to have been Bill Gates to afford it. I even have my own personal cloud thing going on courtesy of the rather nifty Pogoplug which I like to think of as my little bit of pink Linux data fluffiness. However, the fact that I have huge amounts of data stuffed onto huge amounts of storage doesn’t mean I know where it is. Indeed, if it were not for some seriously smart local search software I’d never remember exactly where I put anything, especially if I had put it there a few years ago. Documents are not a problem, I know where they are as I keep a copy of everything I write on a heavily encrypted USB stick which I carry with me at all times, with a further encrypted back up stick stored away for good measure.
Luckily, I also know where the buck stops when it comes to securing all the data: that would be with me. I run my own business, it’s my responsibility to look after the data it generates and do so in a secure fashion. But what about data generated about you by someone else, and stored ‘in the cloud’ as everyone, including my elderly mother, likes to say these days? back to that BSA survey, and 60 percent of those asked didn’t actually know what ‘in the cloud’ means, including my mother had she been asked, funnily enough. What’s more, 1 in 5 were unaware if their personal data was being held there or not.
What two thirds did know, or at least agree upon,was that responsibility for securing data held ‘in the cloud’ lay outside the businesses that actually use the data. Most agreed that there was a need for some kind of international handling of cyber security rather than an individual national approach to the problem. Spain on 77 percent and Poland on 74 percent were most enthusiastic about an international approach to data security, with most other Europeans being broadly in agreement with the concept. Apart, that is, from us Brits. Despite recent calls by the House of Lords for just such greater involvement by the EU and increased cooperation with NATO on matters of cyber security, only 46 percent of us increasingly isolated islanders thought it was a good approach.
The BSA is preparing a global cyber security policy framework to guide this notion of international cooperation to secure the online environment, and its senior director of government relations, Francisco Mingorance, insists “most Europeans are looking for global leadership and collaboration to protect their personal information from hackers and cyber criminals”. I guess that most Brits just don’t consider themselves to be European, at least when it comes to online data security matters. Either that or the BSA just happened to be questioning a bunch of UKIP supporters.
Rated: 100% (1 votes)
Loading ...
Will OpenDNSSEC secure the Cloud for business?
By Davey Winder in Editorial
Posted in Business, Cloud, Data Protection, Blog, Security, Internet on
The rapid advance of the cloud, along with other existing Internet-based services, into the business space has highlighted the need for trust in the underlying protocols that provide the driving force behind the Internet. Some are now arguing that a secure software-based DNS signing system is essential if business is to maximise the potential of the cloud.
With the release of OpenDNSSEC, software under a BSD licence which helps simplify the process of creating and managing DNSSEC signatures, that goal could have got a little nearer. Not least as the software can be downloaded and installed on existing systems, without interfering with existing infrastructures, and used to quickly set up and provide a secure DNS service without hassle.
What is DNSSEC do I hear you ask? Well DNSSEC essentially secures the data used to translate domain names by the addition of a cryptographic signature to that data and so providing proof that the query has not been modified in transit. This is increasingly important as the bad guys start targeting the data in DNS caches which, without such measures, is now hugely vulnerable to attack. OpenDNSSEC has been developed as an open-source turn-key solution for DNSSEC to secure zone data just before it is published by effectively taking in unsigned zones and adding signatures and other DNSSEC required before passing it on to the authoritative name servers for that zone.
Natalie Booth, organiser of the 360°IT infrastructure and security conference, is a fan of the open source initiative. She reckons that by allowing site owners and operators to download the OpenDNSSEC software, the open source initiative is paving the way for a new generation of Internet software and browser add-ins that uses this important new technology. “360°IT welcomes the release of the open beta of this BSD licensed software and expects to see a flurry of software arriving in the coming months that advances what looks like being a major evolution in Internet security” Booth says.
Rated: 100% (1 votes)
Loading ...
Microsoft reveals time-based licensing model
By Davey Winder in Editorial
Posted in Cloud, Business, Blog, Windows, Microsoft on
It is always worth keeping an eye on patent applications from the bigger players in IT as they have the potential to reveal possible future business models long before any official statement.
In the past Microsoft has been held up for ridicule with some of the patent applications it has made. Perhaps most notable amongst these was the infamous Page Up Page Down patent. The latest Microsoft patent application to reach my radar will not, most likely, cause quite the same amount of sheer disbelief although it does point to something of a change in the way the Seattle giant sells us software and services.
Microsoft has filed for a patent for ‘Time-Based Licenses’ and the application abstract reveals this to be a method and system for “issuing a number of different types of time-based licenses associated with software products”.
The technical stuff about the system including an activation server which might maintain licensing information in a licensing database, along with a licensing platform which may might request issuance and renewal of time-based licenses, is interesting enough. But not nearly as interesting as the statement that each of the time-based licenses may be associated with respective product keys and may have a number of configurable parameters to make time-based licenses suitable for different licensing business models. Microsoft says, in the patent application, that licensing business models could include “a non-renewable evaluation license, a renewable trial license, a one-time promotion license, and a subscription license” as well as “a configurable parameter” which indicates “an amount of time for a grace period after a time-based license would have normally expired”.
I’m not sure how well this is going to go down with folk who are used to paying for their software with a single, one-off, license. Does this application reveal that Microsoft is going to get serious about Software as a Service after all? However, as we get increasingly comfortable renting our applications (anti-virus being a prime example) and increasingly comfortable with our software being in the cloud, it is surely only a matter of time before that includes the OS. Anyone prepared to wager if Windows 8 will be the first OS for hire from Microsoft?
Rated: 80% (4 votes)
Loading ...
Inflated expectations in the security cloud
By Davey Winder in Editorial
Posted in Cloud, Business, Data Protection, Blog, Security on
I don’t think that anyone with an eye on the future could seriously dismiss ‘the cloud’ as not being right up there as far as game-changing business technologies go. However, that doesn’t mean that the services are not suffering at the hands of over-exposure and hype right now.
IT powerhouses have, it would seem, been happy to jump aboard the cloud hype bandwagon in what some have described as being an all puff and no trousers move.
While I would not dream of suggesting for one moment that cloud-based security services do not have the potential to be really important players as far as the next few years are concerned, I would have to agree with the Gartner overview that they have yet to deliver on customer expectation. I’m thinking in terms of delivering managed firewalls to the enterprise, distributed denial of service protection services and antivirus for example.
According to the latest Security Related Hype Cycles report, in the cloud security services have hit an inflated expectations peak this year. Ray Wagner, a Managing VP at Gartner, explains that in the cloud security services made the top of the list courtesy of a combination of limited successful implementations coupled with unrealistic expectations. “Cloud security providers must deliver on customer expectations for the effectiveness, scalability and cost savings of performing security filtering in the cloud or as a service” Wagner says, concluding that “the small or midsize business is an appealing initial market for these delivery models at lower price points, and we expect that the technology will become mainstream within two to five years”.
Why should anyone care about whether cloud security is on this list? Well, looking back it would appear that those technologies that do rise to a ‘peak of inflated expectations’ level on the hype cycle list tend to pretty soon end up reaching a tipping point whereby they are left on the wrong side of that hype peak, and users are left disillusioned with the technology.
In other words, maybe it is time to stop with all the ‘next big thing’ hyperbole from the cloud service providers and instead time to start giving the technology a chance to talk for itself. Do that and corporate users might just discover that there actually is something to be said for consolidating premises-based security into a cloud-based delivery model after all. Surely the cloud has, by now, gone past the ‘too early in the development cycle to be worth evaluating’ stage even if it has not, at least when we are talking security services, reached a stage of maturity where it can be said to be capable of delivering competitive advantage.
As my late father used to say “don’t jump in with both feet unless you’ve measured the water depth first” and, as usual, he wasn’t wrong.
Rated: 100% (1 votes)
Loading ...
Tag cloud
Archives
- June 2010
- May 2010
- April 2010
- March 2010
- February 2010
- January 2010
- December 2009
- November 2009
- October 2009
- September 2009
- August 2009
- July 2009
- June 2009
- May 2009
- April 2009
- March 2009
- February 2009
- January 2009
- December 2008
- November 2008
- October 2008
- September 2008
- August 2008
- July 2008
- June 2008
- May 2008
- April 2008
- March 2008
- February 2008
- January 2008
- December 2007
- November 2007
- October 2007
- September 2007
- August 2007
- July 2007
- June 2007
- May 2007
- April 2007
- March 2007
- February 2007
- January 2007
- December 2006
- November 2006
- October 2006
- September 2006
- August 2006
Most commented posts
- 80 percent of viruses love Windows 7
165 comments
- Has Microsoft gone mental?
- Has the US Army declared war on Windows 7?
- Cuil frozen out: market share drops to next to nothing
- Xbox 360 FAIL
- The 24GB RAM Desktop is born
- Use old version of Windows instead of Linux, says teacher
- Microsoft reveals time-based licensing model
- How Marblecake Hacked Time
- Nexus Two - The Next Generation
Highest Rated Blog Posts
- Why ecommerce fails (100%)
- Google Chrome stands alone at PWN2OWN (100%)
- Betting on Hubdub technology (100%)
- Has Google gone insane as GMail goes back to beta? (100%)
- Chinese whispers as government implicated in UK hack attacks (100%)
- Crimeware toolkit targets 10,000 trusted sites (100%)
- Black Hat risk to migrating VMs (100%)
- Tough on cyber crime, tough on the causes of cyber crime (100%)
- Firefox 3, Beta 4, Enhancements 900, Tested 5 (100%)
- Has the US Army declared war on Windows 7? (100%)
