Profile Facebook Twitter My Space Friendster Friendfeed You Tube
Kompas Tempo Detiknews
Google Yahoo MSN
Blue Sky Simple News Simple News R.1 Simple News R.2 Simple News R.3 Simple News R.4

Sunday, January 23, 2011

STAY SAFE When Using The Cloud

it articles
Many workers use Web-based tools to get work done in the cloud whether they’re at the office or on the road. As cloud tools and services continue to offer more features and capabilities, the benefits of using them become more obvious. Popular cloud services including email, office applications, and online videoconferencing and presentation tools allow employees to do a tremendous amount of work on their own as well as with other remote workers.

Yet although cloud-based tools can be a huge boon to productivity, there are some security considerations to keep in mind.

Choose Your Partners Wisely
You wouldn’t do business with shady characters, companies with less-than-stellar reputations, or those with poor security, and so it follows that you should look for the cloud tools and services your employees use that provide the same level of trustworthiness and security practices.

Your IT department should vet any Web-based applications your employees use. Any service should have basic security protocols in place, including SSL (Secure Socket Layer) encryption to protect sensitive data. Any additional security measures are welcome; for example, Microsoft developed the Security Development Lifecycle (SDL), which is designed to limit poor security design and exploitable coding flaws.


Any cloud service should have passed a SAS-70 Type II audit. Developed by the American Institute of Certified Public Accountants (AICPA), SAS-70 Type II certification ensures that a given cloud provider has adequate controls and protections in place. The U.S. Government Services Administration (www.gsa.gov) offers FISMA (Federal Information Security Management Act) certification, yet another check that certifies that a cloud provider has complied with the FISMA guidelines for security.

The People Problem
No matter how robust your company’s internal IT security and the security of the online services your employees use, there is always one glaring vulnerability: people. Employees must engage in smart (and thankfully, usually very simple) practices to close that vulnerability. Even the most impenetrable fortress has a drawbridge, after all.

Authentication is how you access a given site or service. At its most basic, authentication consists of a username and password; when you enter the requisite information, the service compares your entry to its database to authenticate you as the rightful user.

Although certainly useful, that’s a very basic type of authentication, and one that unfortunately can be compromised fairly easily. Browsing the Internet on a public, unprotected Wi-Fi network, as many do on the road, is unsafe, leaving your login credentials and browsing history open to anyone with even a modicum of knowledge as to how to snag that data from the ether.

Many believe that using SSL-protected Web sites (such as those with “HTTPS” instead of “HTTP” in the URL) is a way around the problem of unsecured Web browsing. However, in recent years, a technique known as “sidejacking” has emerged. Someone figured out that even SSL protection is only in effect during the login process; thereafter, many Web-based services hand off to an unsecured connection (i.e., “HTTP”), which leaves the session ID unprotected. That’s all a nearby hacker needs to join your session, which may include reading your email. In addition to that being an uncomfortable privacy violation, a sidejacker can also search through your account to dig up stored information such as financial records, credit card numbers, and confidential company data.

To protect against packet sniffing or sidejacking, use a VPN connection when on a public, unsecured Wi-Fi network. Even better, use a 3G adapter on your notebook or tether your smartphone to it to create your own mobile hotspot.

Use Better Passwords
Virtually every Web-based service requires a username and password to keep accounts secure, but many people use weak username and password combinations or use the same ones for every account. Some, unfortunately, are guilty of both. Some of the most commonly used and weakest passwords, such as “12345” or “password” may be easy to remember, but they’re incredibly easy for a ne’er-do-well to guess. Once a crook figures out your login credentials, he can wreak havoc with that particular account. If you use the same login credentials for all your accounts, he has the keys to your entire online life. Indeed, one of the downsides of using Web-based services is that users have ever-increasing numbers of usernames and passwords to remember. Many users have dozens of accounts, and remembering so many unique combinations is nearly impossible.

The good news is that strengthening usernames and passwords is one of the easiest security strategies to implement. In addition to using a healthy mix of numbers and upper- and lower-case letters, one option is using a password manager to keep all of your usernames and passwords secure and accessible only with a very strong password; this allows you to create very different and strong login credentials at each of your online accounts without having to remember all of them.

Another option is to develop a code for yourself, so each username and password combination is unique, but even if (or perhaps more appropriately, when) you forget them, you can decipher your own code based on certain criteria. For example, you can use the first letter of each word of an easy-to-remember (but unique) sentence or develop an alpha-numeric rubric. There are a number of password strength testers online, such as Microsoft’s at bit.ly/1F3MKA.

One pitfall to avoid is writing down your login credentials. Never, ever write down that information, especially on or near your computer or workspace—that’s like hanging a key on your doorknob in case you forget your set.

Two-Pronged Approach To Cloud Security
On the IT side of things, ensuring that any and all cloud services employ adequate security measure will go a long way toward maintaining security, but individuals within a company also must be properly educated and take certain precautions in order to stay safe in the cloud. ▲

Total Training for Microsoft Expression Web
New Avanquest Webeyes 2.2 Makes The Web Easier To Read Popular High Quality Modern Design

Related Post:

Widget by [ Iptek-4u ]

0 comments:

Post a Comment

 
Copyright © 2010 - All right reserved