OTTAWACyber threats and ransomware attacks are no match for cloud computing design-built from the ground up for information technology security.
In physical security, particularly access control, the history of hacking formerly focused solely on stopping unauthorized users from duplicating or cloning information housed on cards and other devices. Now, its all about stopping criminals from gaining access to or attacking a customers network and its data through vulnerabilities in their physical security systems.
The mounting case for cybersecurity is real and escalating. Cyber threats and ransomware present a formidable threat across all businesses and vertical markets. In the example of ransomware an attacker manages to successfully place malware on the network with the intent of encrypting critical data or entirely locking systemsto hold the business ransom for payments, with the promise of releasing the information or unlocking the system. Much of the ransomware is coming from out-of-country hackers who are quite sophisticated in their attacks, often demanding bit coin as payment.
Online extortion had a banner year in 2016, according to Trend Micros annual security assessment report: 2016 Security Roundup: A Record Year for Enterprise Threats. In 2016 there was a 752 percent increase in new ransomware families, with $1 billion losses to enterprises worldwide.
Ransomware attacks are growing in frequency, causing devastating consequences to enterprises and organizations across the globe. Numerous, widespread breaches around the world occurred prior to and through Mothers Day weekend 2017 as the WannaCry ransomware spread. Britains National Health Service was hit by the cyber-attack and the same perpetrator froze computers at Russias Interior Ministry while further affecting tens of thousands of computers elsewhere.
Across Asia, several universities and organizations reportedly fell prey, including Renault, the European automaker. The attacks spread swiftly to more than 74 countries, with Russia worst hit and included Ukraine, India, Taiwan, Latin America and Africa.
The fact of the matter is that anything riding on the network is at risk. Physical security systems are vitally important to daily operations of every organization today. At many facilities any downtime of these systems may significantly affect the safety of people, property and assets.
Tackling data security risks
Cloud computing creates a solid path for customers to lower their total cost of ownership (TCO) with open architecture and other installation efficiencies that provide ready scalability. But it also provides healthy TCO in providing inherent safeguards that protect data regularly and automatically.
Cloud computing Access Control as a Service (ACaaS) Security Management Systems (SMS) offers respite to the practice of housing access control systems on premises, with inherently higher security. Many of the cloud-based solutions today redundantly store system data and video automatically or on schedule. In addition, most cloud providers are held to an extremely high level of cybersecurity with various levels of encryption and automatic disaster recovery. Acceptance of cloud solutions by organizations is at an all-time high and manufacturers are releasing cloud solutions for numerous technologies. Integrators need to take advantage of the opportunity to offer cloud solutions to customers for enhanced security and reliable network authentication.
What end users and security integrators are beginning to understand is that the cloud is much safer than a non-hosted environment. In the example of ACaaS SMS, there are multiple layers of safeguards and security in the technology available as opposed to on-premise software-based platforms using local servers. Cloud-hosted security management systems are purpose-built and designed with software security as a leading backbone. Hosted systems can follow what Microsoft refers to as SD3+C: Secure by Design, Secure by Default and Secure in Deployment in Communications.
Two-Factor Authentication and Password Policies
For those who have had their Facebook account hacked, the reality of the insecurity of passwords hits home. Secure cloud-hosted systems dont use default user names and passwords. Each hosted system is issued a unique password, providing the first step to an ultra-secure solution. In addition, the ability to create password policies for users that can be set for low, medium and high adds another layer of protection. Lastly, two-factor authentication, which is being used much more frequently with consumers, can be attached to the log-in credentials of any user.
With two-factor authentication, user accounts are linked with a second source of verification, such as a code generated for further authentication. Users must provide this code when entering their user name and password, while a potential hacker would need three things in order to access the system: user name, password and access to open the device which generates the two-factor authentication code. Two-factor authentication at the login for cloud-hosted access control reduces the risks of weak passwords while also simplifying password policy management for the IT staff.
Standards-based TLS 1.2 encryption
In addition to the SD3+C design concept, encryption further protects the transmission of data between the client and the cloud-based server using Secure Sockets Layer (SSL), a standards-based security technology for establishing an encrypted link between a server and a client. The SSL Transport Layer Security (TLS) 1.2 encryption secures the data connection to connected field hardware as opposed to using easily hacked Open SSL protocols. Further, TLS 1.2 encryption allows the server and client to authenticate each other and to negotiate an encryption algorithm and cryptographic keys before data is exchanged. Cloud computing takes this a step further: manufacturers auto-negotiate the TLS encryption with the access control controller boards as they initiate contact with the server.
Once logged in, SSL certifications further safeguard the communications between applications while TLS certificates protect the communications between field devices and the ACaaS SMS platform. Proactive and consistent vulnerability scanning also provides additional protection against emerging threats.
IP Client, versus IP Server, are also characteristic of cloud-computing which greatly reduces risk from outside threats. IP Client uses outbound ports at the users site instead of inbound ports, circumventing the possibility of security breaches and data compromise. With IP Client, IT staff does not have to open inbound network ports or set up port forwarding, keeping the network secure and lowering management workload on manual configurations and set up.
Advanced security safeguards
All software manufacturers have Quality Assurance (QA) departments inspecting their own software for bugs and issues. However, what are the risks if QA misses a critical issue with the code? Third party vulnerability assessments are not only becoming prevalent in the cloud-based solutions market, but expected by savvy end users who want support documentation to assure that the manufacturer has taken additional steps to further minimize risks. Veracode is one of those that provides these services in cloud-hosted ACaaS and tests for key application security risks to enterprise solutions. Software providers of all sizes use the VerAfied security rating to demonstrate their software has undergone stringent independent testing and certification against the latest industry standards.
Gartner predicts worldwide public cloud services to grow 18 percent in 2017 to $246 billion, up from $209 billion in 2016. ACaaS thats built for and hosted by the cloud provides the industrys most robust solutions for secure, connected environments in security and the emerging internet of Things. A major factor to consider for cloud-computing SMS today is the level of security a manufacturer provides for their application. The most robust solution should incorporate multiple layers of data and privacy protection to safeguard client information while delivering the highest end-to-end security, from system login to trusted field devices.
Paul DiPeso is executive vice president of Feenics, a company that specializes in cloud-based access control solutions including its Access Control as a Service (ACaaS) platform built specifically for and hosted in the public cloud.
- What is cloud computing? - Definition from WhatIs.com - March 4th, 2019
- Cloud - Wikipedia - February 19th, 2019
- Cloud computing: A complete guide | IBM - February 7th, 2019
- FusionCloud Full-Stack Private Cloud - Huawei Enterprise - February 4th, 2019
- What is cloud computing? | IBM - January 24th, 2019
- What Is Cloud Computing? | The Basics of Digital Outsourcing - January 22nd, 2019
- Cloud Computing - Yahoo - January 13th, 2019
- Best Sellers in Cloud Computing - amazon.com - January 2nd, 2019
- Cloud Computing Explained by Common Craft (VIDEO) - January 2nd, 2019
- Cloud Computing Trends: 2017 State of the Cloud Survey - December 25th, 2018
- Cloud Computing Overview - tutorialspoint.com - December 25th, 2018
- 15 Top Cloud Computing Service Provider Companies - December 25th, 2018
- Cloud computing: Hardware & Software Security: Online ... - December 23rd, 2018
- Cloud Solutions from Cisco - Cisco - December 23rd, 2018
- Cloud Computing | The MIT Press - December 23rd, 2018
- Learn Cloud Computing Tutorial - javatpoint - December 23rd, 2018
- Standards - IEEE Cloud Computing - December 23rd, 2018
- Benefits of cloud computing | IBM Cloud - November 10th, 2018
- Cloud Computing Trends: 2018 State of the Cloud Survey - November 10th, 2018
- What is cloud computing? - LinkedIn - November 5th, 2018
- What is cloud computing? | TechRadar - September 25th, 2018
- Cloud Computing 2nd Edition: 2018: Mr. Ray Rafaels ... - September 23rd, 2018
- Cloud Computing - Articles & Whitepapers | Oracle Technology ... - September 23rd, 2018
- Cloud Computing: Theory and Practice: Dan C. Marinescu ... - September 23rd, 2018
- Programming Lesson Plan: Program Your Partner - September 5th, 2018
- Cloud Computing | Definition of Cloud Computing by Merriam ... - July 26th, 2018
- Cloud computing information, news and tips ... - April 30th, 2018
- Cloud computing - A simple introduction - Explain that Stuff - March 15th, 2018
- Doug H. - Boston Cloud Computing Meetup (Boston, MA) | Meetup - December 16th, 2017
- Cloud computing at Ifes, IFs, and hospitals | RNP - December 16th, 2017
- Cisco and Google Find Mutual Interest in Cloud Computing ... - October 28th, 2017
- How to Invest in Cloud Computing -- The Motley Fool - October 28th, 2017
- What is cloud computing? Everything you need to know now ... - September 19th, 2017
- How The Automotive Industry Is Leveraging Cloud Computing - CXOToday.com - September 7th, 2017
- Huawei ups its bet on cloud computing with broader support for Microsoft apps - GeekWire - September 7th, 2017
- Cloud computing to drive Billabong's omnichannel experience - Chain Store Age - September 6th, 2017
- Cloud Computing Testbed Chameleon Renewed for Second Phase - HPCwire - September 6th, 2017
- The Software Alliance Advances Discussion on India's Cloud Computing Policy - ETAuto.com - September 6th, 2017
- Assessing Alibaba's Cloud Computing Opportunity - Market Realist - Market Realist - September 2nd, 2017
- 3 No-Brainer Stocks to Buy in Cloud Computing - Motley Fool - September 1st, 2017
- Telecom ponders future amid surging cloud computing popularity - TechTarget (blog) - September 1st, 2017
- Heads in the cloud: banks inch closer to cloud take-up - Risk.net (subscription) - August 31st, 2017
- Walmart Taps Nvidia for Massive Cloud to Take on Amazon - Fortune - August 31st, 2017
- It's Only the Early Innings for Cloud Computing - Morningstar.com - August 29th, 2017
- What are the key benefits of cloud computing? - Information Age - August 29th, 2017
- VMworld 2017: Everything you need to know about VMware's hybrid cloud strategy - ZDNet - August 29th, 2017
- Saudi Telecom Company creates cloud computing giant - ComputerWeekly.com - August 29th, 2017
- Now with VMware and Pivotal, the Cloud Native Computing Foundation is becoming the hub of enterprise tech - GeekWire - August 29th, 2017
- Cloud Computing | HHS.gov - August 27th, 2017
- Oppo, Vivo plan to move cloud storage to India - Economic Times - August 27th, 2017
- Top 2 aspects of cloud computing you need to consi - Accountingweb.com (blog) - August 27th, 2017
- Biz Cloud Computing - Four States Homepage - August 27th, 2017
- Marketo decides to go all-in on cloud computing, and picks Google as its home - GeekWire - August 27th, 2017
- Cloud Computing Confirmed for Travers | TDN | Thoroughbred Daily ... - Thoroughbred Daily News - August 27th, 2017
- Why 2017 Is The Year To Understand Cloud Computing - Nasdaq - August 23rd, 2017
- Microsoft acquires cloud computing firm Cycle Computing to boost ... - The News Minute - August 23rd, 2017
- The Benefits of Multi-Cloud Computing Architectures for MSPs - MSPmentor - August 23rd, 2017
- VMware shares to surge more than 20% because the Amazon cloud threat is overblown: Analyst - CNBC - August 23rd, 2017
- Goldman Sachs just poured $45 million into a company picking up Amazon's slack in the cloud - Yahoo Finance - August 23rd, 2017
- Cloud Computing confirmed for Travers Stakes 2017 - Horse Racing ... - Horse Racing Nation - August 23rd, 2017
- Cloud computing in focus at e-Commerce forum - Oman Tribune - August 21st, 2017
- World's Largest Open Source Cloud Computing Summit to be Hosted in Sydney - Business Wire (press release) - August 21st, 2017
- AT&T, GE and Oracle offer juiciest cloud salaries, new data reveals - Cloud Tech - August 21st, 2017
- Cycle Computing will make Microsoft Azure more appealing to more enterprises - TechRepublic - August 21st, 2017
- Manage containers in cloud computing to prevent sprawl, cut costs - TechTarget - August 19th, 2017
- Business continuity is the ultimate killer application for cloud - ZDNet - August 19th, 2017
- Thailand urged to opt for cloud computing - The Nation - August 19th, 2017
- Cyberattacks Rain Down on Cloud Computing Infrastructure ... - Bloomberg BNA - August 19th, 2017
- Brown to decide Monday if Cloud Computing runs in the Travers - Horse Racing Nation - August 19th, 2017
- Cloud computing reversal: From 'go away' to 'I can't miss out' - InfoWorld - August 18th, 2017
- Alibaba Stock: Why Cloud Computing Could Be Equivalent to AWS - BNL Finance (press release) (registration) (blog) - August 18th, 2017
- Microsoft Acquires A Cloud Technology Company From Right Under Google And Amazon's Noses - Inc.com - August 18th, 2017
- Alibaba's cloud computing revenue almost doubles - SiliconANGLE News (blog) - August 18th, 2017
- Big Data and Cloud Computing Software, Platforms, and Infrastructure 2017 - 2022 - Markets Insider - August 18th, 2017
- Microsoft acquires cloud-computing orchestration vendor Cycle Computing - ZDNet - August 16th, 2017
- Cloud computing decision guide: Breaking down 7 top solutions for healthcare - Healthcare IT News - August 16th, 2017
- Amazon: Earnings Are Not The Holy Grail - Seeking Alpha - August 16th, 2017
- Notes: Cloud Computing still in running for Travers - Albany Times Union - August 14th, 2017
- Assessing the key reasons behind a multi-cloud strategy - Cloud Tech - August 14th, 2017
- Intel runs rule over new data centre storage design - Cloud Tech - August 14th, 2017