Data is at its greatest risk of being compromised when it is being used, when moving from a secure database around the servers or apps in memory. So, Microsoft is launching a new technology for Windows Server and Azure that protects the data while it’s being processed.
Microsoft claims the service, called Azure confidential computing, makes it the first public cloud provider to offer encryption of data while in use. Encrypting data while it is being manipulated is pretty CPU-intensive, and there is no word on the performance impact of this service.
“Despite advanced cybersecurity controls and mitigations, some customers are reluctant to move their most sensitive data to the cloud for fear of attacks against their data when it is in use,” Mark Russinovich, Microsoft Azure CTO, wrote in a company blog post. “With confidential computing, they can move the data to Azure knowing that it is safe not only at rest, but also in use from [various] threats.”
Aruba, a Hewlett Packard Enterprise Company, is best known for its outstanding business-grade Wi-Fi products. What’s less well known about Aruba is that it has always had excellent security products. In fact, I’ve often described the company as a security vendor dressed up as a Wi-Fi vendor, as Aruba and security have gone hand in hand like the New England Patriots and winning.
However, Aruba’s security positioning has always been tactical rather than strategic because its products were used for specific purposes, such as end point protection or wireless security. That shifted this week at APAC Atmosphere in Macau when the company introduced its 360 Security Fabric, which enables it to provide end-to-end security to address the needs of a world that is becoming increasingly digitized.
Wi-Fi is one entry-point hackers can use to get into your network without setting foot inside your building because wireless is much more open to eavesdroppers than wired networks, which means you have to be more diligent about security.
But there’s a lot more to Wi-Fi security than just setting a simple password. Investing time in learning about and applying enhanced security measures can go a long way toward better protecting your network. Here are six tips to betters secure your Wi-Fi network.Use an inconspicuous network name (SSID)
The service set identifier (SSID) is one of the most basic Wi-Fi network settings. Though it doesn’t seem like the network name could compromise security, it certainly can. Using a too common of a SSID, like “wireless” or the vendor’s default name, can make it easier for someone to crack the personal mode of WPA or WPA2 security. This is because the encryption algorithm incorporates the SSID, and password cracking dictionaries used by hackers are preloaded with common and default SSIDs. Using one of those just makes the hacker’s job easier.
Property and ownership are among the most basic concepts of a modern society. Our ability to clarify who owns what separates us from savages because property and ownership help us maintain our independence and identity.
The rules of property and ownership have evolved over centuries. There are clear transfer procedures for all types of property, including real estate, cars and even books. The problem is these age-old concepts are not holding up in our connected and digital world.Cambridge University Press
“Property ownership as we know it is under attack and fading fast,” writes Joshua Fairfield in his book Owned: Property, Privacy, and the New Digital Serfdom. “The Internet of Things and digital property ownership systems are being built on the old feudal model.”
If Akamai, Cisco and Google’s post-platform security and privacy machine learning security systems protecting the web and mobile platforms are indicative of the future, IoT device makers will only be part of a larger security ecosystem. That’s because they will not have the data to train the AI machine learning models.
As a result, IoT post-platform security and privacy will become a layer on top of IoT device security. These five factors are why that will happen.1. Product developers underestimated IoT security
In their race to market, product developers building for new platforms will underestimate the security and privacy features that should be built into their products. In some cases, this will be an act of commission, but most will be an act of omission because it is difficult to anticipate the vulnerabilities until the products reach the market at scale. Windows and mobile devices experienced something similar. They have been hardened, but earlier in their evolution they were an easy target for cyber criminals.
Five years ago, IT was decentralized at the University of New Mexico. “Every school or college had their own IT, and in most cases they were completely under-resourced – a one-person shop having to do phones, apps, email, desktop, servers, storage, disaster recovery, all of that,” said Brian Pietrewicz, deputy CIO at University of New Mexico.
The university transitioned to a self-service model that enables each of its more than 100 departments to deploy infrastructure and application services itself and have them managed by the now-centralized IT team.
Adopting VMware’s vCloud Automation Center enabled departments to consume cloud resources, but also give the management team the ability to curtail that consumption if necessary.
Overlooked in the hoopla around the VMworld conference was an announcement of the availability of AppDefense, a new product that lets companies restrict the types of operations applications are allowed to run on virtualized servers.
AppDefense works with the VMware hypervisor and can also connect to third-party provisioning, configuration management and workflow automation platforms. It can send out alerts, quarantine apps, shut them down and even restore a VM from an image. All of this is based on AppDefense catching unusual behavior, such as trying to modify the kernel or communicate with an unrecognized remote server.
VMware already has some security features built into its NSX and VSAN products, but those are around networking and storage. AppDefense secures the core virtual machines in vSphere itself. It does this by using behavior-based whitelisting, which is not easy to do on desktops because they run a lot of apps. But on a server, especially a virtual server, it’s a much easier proposition. In some cases, virtual servers run only one or two apps, so shutting out everything else is simple.
Ensuring cybersecurity for computers and mobile phones is a huge, complex business. The ever-widening scope and unbelievable variety of threats makes keeping these devices safe from cyber criminals and malware a full-time challenge for companies, governments and individuals around the world.
But at least the vast majority of those devices are easily accessible, safe in the pockets or sitting on the desktops of the very people who want to protect them. The Internet of Things (IoT) devices that need protection, on the other hand, could be almost anywhere: sitting in a remote desert, buried deep in coal mine, built into a giant truck. Or, even implanted inside the human body.
Juniper today announced intentions to acquire Cyphort, a Santa Clara-based startup that offers an advanced threat detection, analytics and mitigation platform. Juniper says it will integrate Cyphort’s technology with its Sky Advanced Threat Protection (ATP) product line.
+MORE AT NETWORK WORLD: DEEP-DIVE REVIEW: How Cyphort makes advanced threat protection easier than ever +
Cyphort’s software platform detects advanced threats, evasion techniques and zero-day vulnerabilities using a combination of behavioral analytics, machine-learning and long-data security analysis, the company says. The platform can work across virtual infrastructure, cloud environments and edge devices. In addition to identifying threats, Cyphort creates real-time timelines of incidents and can integrate with network tools to update security postures.
Much work still must be done before the industrial and municipal Internet of Things (IoT) becomes widely adopted outside of the circle of innovators. One field, privacy, well understood by the public and private sector in the context of the cloud, PCs and mobile, is in the early stage of adaptation for the IoT.
The sheer volume of data that will be collected and the new more granular architecture of the IoT present new privacy concerns that need to be resolved on an equal scale as the platform’s forecasted growth.
A demonstration of this new aspect of privacy and compliance is the Privacy Guidelines for Internet of Things: Cheat Sheet, Technical Report (pdf) by Charith Perera, researcher at the Newcastle University in the U.K. The nine-page report details 30 points about implementing strong privacy protections. This report is summarized below.