Tag Archives: Cloud

Read the latest helpful updates on ransomware and cloud security from our industry partners and contacts.

We like to put our partner and media contacts to good use in helping you and your customers to understand the security landscape.

This month, we bring you three helpful new updates – two guides to ransomware (and how to defeat it) and the other an interesting short article from Cloudworks on the benefits of cloud security for small and medium businesses.

Business guide to ransomware

New from AppRiver, this guide is subtitled ‘Understand, Analyze and Protect’, and is a very readable resource covering what ransomware is, how it works, how it spreads, and the best practices and employee training that can help defend against it.

Ransomware: Malwarebytes bytes back!

Another take on ransomware and how to combat it comes from security experts Malwarebytes, who major on the importance of endpoint security (keeping PCs and devices protected) in this informative and short PDF.

Five reasons why cloud security is important for SMEs

Big servers, large infrastructure, lots of IT staff – these are all security components that SMEs just can’t afford! This is why they must look cloudward – and this article from Cloudworks describes the benefits of cloud security neatly.

We’ll be back with more helpful advice soon!

Bitdefender have updated their GravityZone cloud console with some new features over the weekend and here at Blue Solutions we are happy to guide you through these changes and how they will affect you and your customers.

Anti-Ransomware

The big news is that Bitdefender has now incorporated Anti Ransomware vaccine to all its cloud customers, and will be rolling this out through the on-premise version on Tuesday 27th Sep 2016.  This module is activated through the policy section  Antimalware --> On Access settings

Gravityzone Ransomware Vaccine Policy Setting
Gravityzone Ransomware Vaccine Policy Setting

By activating this module, machines will be protected from all currently known forms of Ransomware.

Other New Features

Update Rings - this feature allows Administrators of the program to  chose when in the validation cycle an update is received.

Anti-Exploit Techniques - a new set of powerful techniques which further enhances existing technologies to fight targeted attacks.  These are integrated into the existing Advanced Threat Control module.

Web Access Control Rules - The categories list has been updated with multiple new categories added.

Exchange Protection - This can now be enabled/disabled when editing a customer with a monthly license subscription.

 

The above features are now in place for all current users of Bitdefender Gravityzone in the cloud and will be rolled out to Bitdefender Gravityzone on-premise users from the 27th Sep 2016.

For more details on the above features and a look at the other features included please click here

logo     bs-logo

cloud-application-controlWhat customers' employees do within web, cloud and social apps can be a significant threat to their business. We look at how they can limit the risks.

We recently took a look at vendors’ web security offerings, and came to the conclusion, in this post, that much of this risk landscape is being driven by employees and their ceaseless interactions with the raft of web, cloud and social media applications on which so many agile business processes now depend.

As this excellent piece in ITPro explains, it is now imperative for businesses to “understand exactly how data is moving in, around and out of your organisation”, and to provide the “visibility and the ability to discover, analyse and control the information staff are accessing or sharing.”

Whether businesses are updating marketing posts on Facebook, drilling down into Salesforce, uploading price lists to Dropbox, liking comments on Twitter, or using cloud data storage applications (as some 52% of small and medium-sized businesses in the US alone seem now to be doing, according to this Cloudwards article), the potential for both intentional and unintentional data compromise or reputational damage is high.

So how do security vendors tackle this end-user challenge, and create cloud application control solutions that MSPs and other partners can sell and provision to customers profitably?

 Cloud application control: the all-seeing-eye?

The first thing to say here is that cloud application security is not simply about automatically blocking malware, or filtering out clicks on risky URLs, or scanning for abusive language.

Rather, it is about being able to visualise and analyse all users’ application activity simultaneously and in one place, make informed human business risk decisions on it, and, where necessary, change parameters and automated settings to suit.

So, for example, why is a user uploading or deleting a profile image? Are they trying to hide their identity?

Why is someone removing a public link – was something there that should not have been exposed to public view in the first place? If so, how do you address the process failure that allowed such a link to then be posted?

Why is someone permanently deleting files from a recycle bin – are they trying to cover their tracks? For what reason?

With or without malicious intent, these are potentially damaging behaviours – but it takes a human eye to assess them, and that can only happen if all relevant information and alerts are assembled in one dashboard, where they are easy to interpret, at minimum management overhead.

Cloud application control consoles are therefore critical, enabling end-user and MSP alike to monitor and manage both users’ behaviours and the service that is being delivered.

Cloud app control – it’s not everywhere

Yet take a look at the “Treacherous 12” top cloud computing threats recently listed by the Cloud Security Alliance at the recent RSA Cybersecurity Conference, as reported in this Infoworld article, and it hardly paints a picture of a cloud application risk landscape that has been comprehensively tamed.

On the one hand, this presents a healthy sales opportunity for MSPs, who can deliver cloud application control solutions as an inroad into new clients.

But it also provides MSPs with a means of protecting themselves against the ever more litigious risks associated with other cloud applications that they already deliver to their customers.

To give just one rather urgent example, according to this TechTarget article some 75% of all cloud apps used in European enterprises are out of compliance with the new EU data protection regulations that are set to take effect in less than two years – and any MSP providing or provisioning them will be liable, as the incumbent “data processor”, for any security breaches sustained.

Overlaying cloud application control on these existing apps could help to significantly reduce many MSPs’ exposure to this kind of risk, or at least expel any ambiguity as to what is a breach occasioned by vulnerabilities in the application itself, and what is a breach caused by risky operator interaction with the cloud application environment.

Who sells cloud application control solutions?

Unsurprisingly, these factors (and others) have encouraged industry analysts to comment enthusiastically on the projected rise of cloud application-specific security solutions. Channel Pro, for example, has cited Gartner’s statement that, in 2016, 25% of enterprises will use a cloud access security broker.

But this presents something of a difficulty, given that there are actually so few vendors producing solutions in this space.

One player that has broken the mould, however, is CensorNet, and for good reason. It has developed a cloud app control solution that hits on all the critical MSP hot buttons at once – it is white-labelled to boost the MSP’s brand profile, can be up and running without infrastructure costs, is deployable in minutes, and offers stellar system performance and scalability thanks to its proxy-less architecture.

Yet one swallow does not a summer make. Can MSPs take cloud application control mainstream with so few vendors in the frame?

Put it this way, they’re going to let down a lot of customers if they don’t. Consider this: the average employee already accesses seven different web applications at work, but according to one recent article, 58% of respondents had no training in how to use those apps safely, 39% were unaware of the risks associated with them, and 44% hadn’t been trained in how to transfer and store corporate data securely.

Add to that the revelation, in the same article, that 23% of respondents have already experienced cloud data losses or breaches, and 20% have reported unauthorised access to their data or services, and the need for organisations to understand who is doing what in the cloud, to what, and why, is no longer a nice-to-have – it’s a critical imperative.

Over to you, MSPs...

As of the 8th March 2014, currently 3 days away Trend will be migrating all licenses registered on the OLR Portal (https://olr.trendmicro.com) to the newer and much shinier CLP Portal (https://clp.trendmicro.com) – The CLP previous had only been compatible with SAAS product and by far was the more simplistic way to register your new licenses, so all in all, I think a good decision. Good on you Trend Micro!

Okay, so what does this mean… Simply use the CLP Portal to register/login instead of the OLR Portal. Trend Micro will automatically migrate all the current license information, so no need to worry there.

Remember! Use the CLP Portal from the 8th of March onwards!

JAMES TOMLINSON, TREND MICRO SPECIALIST

For Resellers and Solution Providers looking to spread their wings with sticky services, Cloud Backup has to be a logical place to start if you haven't already. The sales process won't differ that much from selling tin and a licence but once the order is signed you will remain closer to your customer for the duration of the contract. Your customer can sleep peacefully at night knowing their data is securely backed up offsite and mirrored in case of a disaster. Whilst you have a  guaranteed revenue stream coming in each month. As you add more customers you benefit from the aggregated purchasing of the storage. More options are now available with partners being able to choose from fully hosted and managed cloud backup solutions to hybrid cloud models with either you or your end user hosting a storage platform. This can obviously reduce costs utilising existing hardware and provide faster data recovery for large files.

DataFortress is a multi-tenanted solution that can be white-labelled. Data is secured and transmitted with AES 256bit encryption and is FIPS compliant. The DataFortress service is now available in a variety of new deployment offerings. Depending on the size of the backup requirement, available hardware, your technical expertise and the recovery objectives of the end user. Fully Managed, Self Hosted, Hyrbrid, End user hosted and mirror service are now all available.

disaster recovery for SMBs
With consultancy and support from distribution, it becomes possible for anyone in the channel to become an MSP, handling disaster recovery on behalf of the end-user client simply by using the right vendor products

Last week StorageCraft announced a partnership with Intel to offer a backup and recovery “appliance” for Intel’s Hybrid Cloud platform. The Platform involves a customer owned, on-premise server, tied to the cloud, with business applications provided and billed by Intel. The new appliance will be offered and supported by channel partners including Managed Service Providers (MSP), giving them a business continuity and disaster recovery solution for their small-to-medium-business (SMB) clients.

This got me thinking about the importance of disaster recovery for SMBs and the opportunities for the channel. Almost every small business today uses IT and in many cases, this is critical to the smooth running, profitability and ongoing viability of the business. Losing front line services because of IT failure can be devastating. This is not just scare mongering; some services simply cannot be done without. Accordingly to a 2011 survey by Internet security firm Symantec, the median cost of downtime for an SMB is almost £8,000 per day.

Rapid recovery in the event of a disaster is essential. All businesses including small business need to be prepared (after all, disasters don’t just strike big firms). I am now seeing positive signs that SMBs recognize the need to prepare for loss of mission critical IT systems. And as these systems are becoming more complex, the shift is towards simplifying the restore by not only backing up the Office documents and emails, but also the operating system, applications, and PC profiles, using an image backup.

...continue reading