Featured content

In 1994, TV journalists Bryant Gumbel and Katie Couric famously didn’t know the difference between a web and an email address. Twenty-one years later, many of us have the same beginner’s confusion about cloud computing services, or Enterprise File Sync and Share (EFSS).

The University of Liverpool recently found over 3,000 individual instances of Dropbox running on their network. These unmanaged file sharing points throughout their network were causing an ever growing list of increasingly serious complaints from their users:

There’s incredible excitement about the Windows 10 release. If you completely quantum leap over Windows 9, you’d expect big things. In December, I was talking with NYU-Poly’s Professor Justin Cappos. He’s a security expert and had nothing but high praise for Microsoft’s security group. But he added their cutting-edge research doesn’t necessarily make it into their products.

CryptoLocker is by now a well known piece of malware that can be especially damaging for any data-driven organization. Once the code has been executed, it encrypts files on desktops and network shares and “holds them for ransom”, prompting any user that tries to open the file to pay a fee to decrypt them. For this reason, CryptoLocker and its variants have come to be known as “ransomware.”

If you’ve ever been tasked with recovering a lost file or folder and had to explain exactly what happened (Who moved or deleted it? When did it happen? Why?), you know how annoyingly time-consuming it can be. And sometimes you simply don’t have any good answers. All you can do is restore from backup.

Last year, Microsoft ended its support for SQL 2008/R2. Customers with an enterprise agreement are still supported, but it’s a good idea to start planning your upgrade. Upgrading your production SQL Servers without a detailed plan of attack can be risky and result in a messy, time-consuming weekend (or two).

The Payment Card Industry Data Security Standard (PCI DSS) is not just another list of requirements for protecting data. In 2013, the number of credit and debit card transactions worldwide reached over 100 billion—that’s lots of swipes and 16-digit numbers entered! With its almost 300 controls, PCI DSS provides the rules of the road for protecting and securing credit card data for every bank, retailer, or ecommerce site.

As someone once said in a different context, never let a good crisis go to waste. While we still don’t have definitive proof, there’s good evidence that employees were in some way involved in the Sony meltdown—see Did North Korea Really Attack Sony? from Schneier. The larger point is that the Sony breach opens the door to a public discussion on a specific topic—malicious insiders —one which many companies have been very reluctant to discuss or comment.

More devices than ever. More platforms to choose from. An expanding universe of data choices that can be both exciting and confusing at the same time. Tablets, phablets, laptops, iOS, Android, Windows, UNIX/Linux file servers, and NAS devices. Add SharePoint, Dropbox, Google Drive, and LinkedIn to the mix. These are all awesome platforms for allowing businesses, organizations, and individuals to connect and collaborate on documents and projects through portals.

I had the chance to talk with cyber security expert Justin Cappos last month about the recent breaches in the retail sector. Cappos is an Assistant Professor of Computer Science at NYU Polytechnic School of Engineering. He’s well known for his work on Stork, a software installation utility for cloud environments.

Note: This post has created a bit of controversy among the security illuminati! A post on Still Passing the Hash Blog 15 Years Later explains the issues. I think a large part of their argument is that I’m saying vulnerabilities related to Silver Tickets are now once and for all resolved by Microsoft. Yes, I should have been a little clearer in this post but I’m referring to a very specific scenario. For those who live and breathe ticket-based attacks — my apologies. I’ve adjusted the title to reflect this. I’ve reached out to the author of the post to explain more about the specific attack I’m referring to. I’m hoping to relay back his deep knowledge as soon as possible.

Moving your company’s data to cloud-based storage is a big job, and we want to make sure you understand what it takes to ensure that your Office 365 data is managed, protected, and accessible.