Recurring Revenue Authors: Liz McMillan, Yeshim Deniz, Elizabeth White, Roger Strukhoff, Pat Romanski

Related Topics: Linux Containers, Microservices Expo, IBM Cloud, PowerBuilder, Weblogic, Recurring Revenue, Artificial Intelligence, Log Management, Server Monitoring, @CloudExpo, Cloud Security

Linux Containers: Blog Feed Post

The Threat Behind the Firewall

I had a different name for this blog entry but just ‘Jump Drive’ is an awful blog title

I had a different name for this blog entry but just ‘Jump Drive’ is an awful blog title.  They go by many names; jump drive, USB drive, flash drive, memory stick and a few others, but removable media is a serious threat to IT organizations.  Graduating from floppy disks, as early as 2003 articles were warning against the possible threats introduced with these devices – 256Mb for $160 back then – and yet we still see some sort of incident reported almost once a week!  From consultants, to government employees, to Mortgage lenders, to the International Space Station, what used to be a giveaway staple at trade shows, these tiny less-than-two-inch drives can hit and hurt you in a multitude of ways.

They can infect your Network. Just last week, the London Council’s systems were infested with Conficker-D due to an employee sticking an infected USB drive into a work computer.  Not only were the systems shut down, including their VoIP, they were unable to process parking tickets, library fines, benefit claims and rent collections.  With system repairs added to that, their bill will eclipse £500,000 ($825,000 USD).

They can deliver Malware.  As of 2008, 10.3% of malware was delivered by USB storage.  One of the biggest threats here is the AutoRun features on USB drives – just stick it in and the program launches.  One way to get your malware delivered is to just leave a bunch of infected, cool-looking USB drives in the parking lot of thedarth potential victim.  Unsuspecting, curious employees see the drive and wonder, ‘ohh, what’s on this?’  Before they even open email, they’re shoving the unknown stick into their computer to find out.  Mission Accomplished.  It could even happen with your own, purchased jump drive.  Maybe you have some important files that you need while traveling or at a conference and you don’t have (or didn’t bring) your laptop.  No problem, just find the USB port on the public kiosk or partner computer and problem solved.  Not so fast.  Either one of those un-trusted computers could be infected themselves – passing the strain on to you – which eventually makes it’s way onto your unit/network when you simply re-insert it.  USB threats can also come from a reputable vendor with their product documentation.

They can steal your Data. With the size and speed of some of the newer USB drives, it’s become fairly easy to quickly copy entire folders or even entire hard drives to a USB stick.  While I don’t touch on it that often, corporate espionage is alive and well especially in today’s economy.  Often due to regulation, companies are now storing much more data than ever before but not protecting or restricting access to that data.  While the spy might be external, insider threats have grown and disgruntled employees have IT departments concerned.  According to a Cyber-Ark survey, “74% of the 200 information technology pros surveyed know how to circumvent security to access sensitive data, and 35% admitted doing so without permission.”  The increased use of personal devices in the workplace also makes it difficult to track where and when data goes.  Earlier this year, the Ponemon Institute found that 88% of data breaches were caused by employee based negligence. Locking down devices, even within your own office, has become critical.

They can lose your Data. By the sheer fact that they are small, inexpensive, and we probably have a few extras, losing one of these doesn’t seem like a big deal.  But when a $10 device holds millions of dollars worth of sensitive data, it becomes a big deal.  Just last week in the UK, The Home Office had to revise it’s numbers pertaining to a data loss.  An unencrypted USB stick went missing in 2008 by one of it’s consultants and the new estimate jumped by 250,000 records.  The memory stick is still lost.  A couple others include a worker who copied data (against policy) so they could work at home and lost the stick, which was unencrypted.  Luckily, this one was found since it contained sensitive data on children but the BBC also lost a stick last year that contained kids personal data.  And even ‘Dear Deirdre’ admitted to losing a memory stick containing the personal matters of her readers.  Ponemon also found that while encryption is used widely to protect data on VPN, file servers and databases, mainframe and USB flash drive encryption are the least deployed applications.

Geeze!  But those things are so useful!’  I hear you.  I’m not suggesting eliminating all removable media, like the DoD, but there are a few pointers when they are in use.

Understand the risks involved and communicate to users.  While you might not restrict the use of USB sticks, it might be a good idea to remind your users of the potential perils when using them.

Create a Policy around the use of jump drives.  Maybe only IT provided devices can be used, or only encrypted devices or none at all.  Maybe disable or lock down USB ports on laptops that are connecting remotely.  Disable USB (maybe via Group Policy) on any un-trusted (non-IT) computers requesting access to the network.  Make sure your policy also includes what areas/subnets/VLANs of the network the user can access so sensitive data is not inadvertently removed.

Encrypt the data.  If your users are able to access sensitive data and it’s likely to be copied (for whatever reason), encrypted USB devices are the way to go.  Heck, there are even fingerprint secured USB sticks on the market.

Educate your users.  Educating your crew on all the perils of data security, Data Loss Prevention, how to handle sensitive materials and the ramifications of not doing so, can help.

Read the original blog entry...

More Stories By Peter Silva

Peter is an F5 evangelist for security, IoT, mobile and core. His background in theatre brings the slightly theatrical and fairly technical together to cover training, writing, speaking, along with overall product evangelism for F5. He's also produced over 350 videos and recorded over 50 audio whitepapers. After working in Professional Theatre for 10 years, Peter decided to change careers. Starting out with a small VAR selling Netopia routers and the Instant Internet box, he soon became one of the first six Internet Specialists for AT&T managing customers on the original ATT WorldNet network.

Now having his Telco background he moved to Verio to focus on access, IP security along with web hosting. After losing a deal to Exodus Communications (now Savvis) for technical reasons, the customer still wanted Peter as their local SE contact so Exodus made him an offer he couldn’t refuse. As only the third person hired in the Midwest, he helped Exodus grow from an executive suite to two enormous datacenters in the Chicago land area working with such customers as Ticketmaster, Rolling Stone, uBid, Orbitz, Best Buy and others.

Writer, speaker and Video Host, he's also been in such plays as The Glass Menagerie, All’s Well That Ends Well, Cinderella and others.

@ThingsExpo Stories
DXWordEXPO New York 2018, colocated with CloudEXPO New York 2018 will be held November 11-13, 2018, in New York City and will bring together Cloud Computing, FinTech and Blockchain, Digital Transformation, Big Data, Internet of Things, DevOps, AI, Machine Learning and WebRTC to one location.
DXWorldEXPO | CloudEXPO are the world's most influential, independent events where Cloud Computing was coined and where technology buyers and vendors meet to experience and discuss the big picture of Digital Transformation and all of the strategies, tactics, and tools they need to realize their goals. Sponsors of DXWorldEXPO | CloudEXPO benefit from unmatched branding, profile building and lead generation opportunities.
DXWorldEXPO LLC announced today that "Miami Blockchain Event by FinTechEXPO" has announced that its Call for Papers is now open. The two-day event will present 20 top Blockchain experts. All speaking inquiries which covers the following information can be submitted by email to [email protected] Financial enterprises in New York City, London, Singapore, and other world financial capitals are embracing a new generation of smart, automated FinTech that eliminates many cumbersome, slow, and expe...
The best way to leverage your Cloud Expo presence as a sponsor and exhibitor is to plan your news announcements around our events. The press covering Cloud Expo and @ThingsExpo will have access to these releases and will amplify your news announcements. More than two dozen Cloud companies either set deals at our shows or have announced their mergers and acquisitions at Cloud Expo. Product announcements during our show provide your company with the most reach through our targeted audiences.
DevOpsSummit New York 2018, colocated with CloudEXPO | DXWorldEXPO New York 2018 will be held November 11-13, 2018, in New York City. Digital Transformation (DX) is a major focus with the introduction of DXWorldEXPO within the program. Successful transformation requires a laser focus on being data-driven and on using all the tools available that enable transformation if they plan to survive over the long term. A total of 88% of Fortune 500 companies from a generation ago are now out of bus...
With 10 simultaneous tracks, keynotes, general sessions and targeted breakout classes, @CloudEXPO and DXWorldEXPO are two of the most important technology events of the year. Since its launch over eight years ago, @CloudEXPO and DXWorldEXPO have presented a rock star faculty as well as showcased hundreds of sponsors and exhibitors! In this blog post, we provide 7 tips on how, as part of our world-class faculty, you can deliver one of the most popular sessions at our events. But before reading...
Cloud Expo | DXWorld Expo have announced the conference tracks for Cloud Expo 2018. Cloud Expo will be held June 5-7, 2018, at the Javits Center in New York City, and November 6-8, 2018, at the Santa Clara Convention Center, Santa Clara, CA. Digital Transformation (DX) is a major focus with the introduction of DX Expo within the program. Successful transformation requires a laser focus on being data-driven and on using all the tools available that enable transformation if they plan to survive ov...
As IoT continues to increase momentum, so does the associated risk. Secure Device Lifecycle Management (DLM) is ranked as one of the most important technology areas of IoT. Driving this trend is the realization that secure support for IoT devices provides companies the ability to deliver high-quality, reliable, secure offerings faster, create new revenue streams, and reduce support costs, all while building a competitive advantage in their markets. In this session, we will use customer use cases...
DXWorldEXPO LLC announced today that ICOHOLDER named "Media Sponsor" of Miami Blockchain Event by FinTechEXPO. ICOHOLDER give you detailed information and help the community to invest in the trusty projects. Miami Blockchain Event by FinTechEXPO has opened its Call for Papers. The two-day event will present 20 top Blockchain experts. All speaking inquiries which covers the following information can be submitted by email to [email protected] Miami Blockchain Event by FinTechEXPO also offers s...
With tough new regulations coming to Europe on data privacy in May 2018, Calligo will explain why in reality the effect is global and transforms how you consider critical data. EU GDPR fundamentally rewrites the rules for cloud, Big Data and IoT. In his session at 21st Cloud Expo, Adam Ryan, Vice President and General Manager EMEA at Calligo, examined the regulations and provided insight on how it affects technology, challenges the established rules and will usher in new levels of diligence arou...
Dion Hinchcliffe is an internationally recognized digital expert, bestselling book author, frequent keynote speaker, analyst, futurist, and transformation expert based in Washington, DC. He is currently Chief Strategy Officer at the industry-leading digital strategy and online community solutions firm, 7Summits.
Digital Transformation and Disruption, Amazon Style - What You Can Learn. Chris Kocher is a co-founder of Grey Heron, a management and strategic marketing consulting firm. He has 25+ years in both strategic and hands-on operating experience helping executives and investors build revenues and shareholder value. He has consulted with over 130 companies on innovating with new business models, product strategies and monetization. Chris has held management positions at HP and Symantec in addition to ...
Cloud-enabled transformation has evolved from cost saving measure to business innovation strategy -- one that combines the cloud with cognitive capabilities to drive market disruption. Learn how you can achieve the insight and agility you need to gain a competitive advantage. Industry-acclaimed CTO and cloud expert, Shankar Kalyana presents. Only the most exceptional IBMers are appointed with the rare distinction of IBM Fellow, the highest technical honor in the company. Shankar has also receive...
Enterprises have taken advantage of IoT to achieve important revenue and cost advantages. What is less apparent is how incumbent enterprises operating at scale have, following success with IoT, built analytic, operations management and software development capabilities - ranging from autonomous vehicles to manageable robotics installations. They have embraced these capabilities as if they were Silicon Valley startups.
Internet-of-Things discussions can end up either going down the consumer gadget rabbit hole or focused on the sort of data logging that industrial manufacturers have been doing forever. However, in fact, companies today are already using IoT data both to optimize their operational technology and to improve the experience of customer interactions in novel ways. In his session at @ThingsExpo, Gordon Haff, Red Hat Technology Evangelist, shared examples from a wide range of industries – including en...
The standardization of container runtimes and images has sparked the creation of an almost overwhelming number of new open source projects that build on and otherwise work with these specifications. Of course, there's Kubernetes, which orchestrates and manages collections of containers. It was one of the first and best-known examples of projects that make containers truly useful for production use. However, more recently, the container ecosystem has truly exploded. A service mesh like Istio addr...
Rodrigo Coutinho is part of OutSystems' founders' team and currently the Head of Product Design. He provides a cross-functional role where he supports Product Management in defining the positioning and direction of the Agile Platform, while at the same time promoting model-based development and new techniques to deliver applications in the cloud.
Predicting the future has never been more challenging - not because of the lack of data but because of the flood of ungoverned and risk laden information. Microsoft states that 2.5 exabytes of data are created every day. Expectations and reliance on data are being pushed to the limits, as demands around hybrid options continue to grow.
Business professionals no longer wonder if they'll migrate to the cloud; it's now a matter of when. The cloud environment has proved to be a major force in transitioning to an agile business model that enables quick decisions and fast implementation that solidify customer relationships. And when the cloud is combined with the power of cognitive computing, it drives innovation and transformation that achieves astounding competitive advantage.
Poor data quality and analytics drive down business value. In fact, Gartner estimated that the average financial impact of poor data quality on organizations is $9.7 million per year. But bad data is much more than a cost center. By eroding trust in information, analytics and the business decisions based on these, it is a serious impediment to digital transformation.