Your data is your business. Your databases, and the data-driven applications that leverage them, should be regularly audited for vulnerabilities. One of the top risks facing your data today is SQL injection (SQLi). According to the 2018 Verizon Data Breach Incident Report (DBIR), SQLi was the second most common form of hacking varieties within information breaches, exceeded only by stolen credentials.
This attack vector involves the exploit of programmatic weaknesses in applications to run unintended code to manipulate your backend SQL databases, and thus access information or even gain administrative access and credentials.
Any application that uses SQL could be subject to this type of attack, from simple websites to SaaS apps like your CRM and ERP — even VoIP systems. This attack is also not limited to applications exposed to the internet. Internal applications are prime targets for attackers who have breached your external boundary (e.g., through phishing).
GDPR? Old news. (We’ll just pass over the fact that many organizations have yet to reach compliance…that’s another story.) While hosting providers that advertise to European companies and individuals must comply with the EU law, there are other legal requirements that US-focused organizations have to consider, namely Data Shield and an upcoming compliance mandate in the state of California that is similar to GDPR itself.
Privacy Shield is an international law in flux, with EU lawmakers threatening to withdraw entirely if the USA does not enforce compliance. The California Consumer Privacy Act (CCPA) will go into effect in 2020.
What do these laws entail? And should your organization be concerned with these data privacy measures?
Let’s get this out of the way first: two factor authentication is an effective mode of account verification and far, far better than a simple username and password (single factor) authentication method. But it isn’t a magic bullet and can be overcome, especially with clever social engineering (unsurprisingly, the weakest link in security remains people rather than technology). Ultimately, 2FA is only as secure as the method and technology or product used to secure it.
Here’s how 2FA can be overcome by determined hackers and how you can best maintain account integrity across your organization or personal accounts.
A new report from Deloitte found that IT spending is on the rise, with executives taking a more hands-on role in procuring or ordering investment in technology and related staff. But while 57% of execs reported spending more on technology, 33% said they have little or no formal IT governance policies.
If it seems slightly foolish to spend significantly more on technology without certifying a business purpose and implementing controls over the lifespan of that technology — well, it is. The report does come with the caveat of polling only midmarket and private organizations. We would expect more public businesses to have formal IT governance in place. But that doesn’t excuse organizations of all sizes from measuring the effectiveness of IT in meeting business and compliance goals.
Get started with an overview of IT governance and what you should include in your policy.
As cloud adoption rates have increased and cloud models for enterprise IT mature, multicloud deployments have become more and more popular. They happen for a variety of reasons: some cloud platforms are better suited for specific applications, others may have security or compliance measures that are necessary. They might be located in different physical sites, fostering failover and disaster recovery or serving satellite markets. For many users, avoiding being locked in with a single vendor is huge for negotiation and data sovereignty.
Going multicloud isn’t a simple task, however, especially if you want to manage everything with a simple workflow. Here are the biggest stumbling blocks companies are facing when implementing multicloud.
With all the talk about digital transformation and IT modernization, you’d think that everyone was all-in with the cloud at this point. But there are many legacy systems still in production, even at enterprise organizations.
Regardless of why you still have them, there are almost certainly legacy systems within your IT ecosystem, and keeping them secure is of paramount importance, especially if they’re past their support lifecycle and have become exposed to potential vulnerabilities.
Encryption over the HTTP protocol, also known as HTTPS or TLS over HTTP is the reason you see a little lock icon next to your web URL. As you likely know, a website using HTTPS has encrypted network traffic. In other words, outside parties or malicious software should not be able to intercept your communications to and from that website, because it is encrypted. Any time you perform a transaction over the internet that involves financial or personal information, you should be certain the web server is using HTTPS.
However, even as TLS (Transport Layer Security, referring to encrypting at the Transport Layer of the seven layer OSI model of networking) has spread to over half of the internet, clever cybercriminals have engineered network packets that actually use TLS within their malware to disguise it.
HTTPS is increasingly being used as a vehicle for malware to spread across the ‘net. While your information may be secure while it is transmitted, the website you’re visiting could still accidentally slip malware to your computer, or host it on its own servers, harvesting your information or installing a virus.
Here’s how TLS / SSL is being used by malicious actors across the net.
The Green House Data blog has hit a major milestone this month, rocketing from around 8,000 monthly unique visitors to 12,000 unique visitors in March. As we pass the 10k mark, we want to say thanks to everyone who has come to our little corner of the internet and also take a look back at our most enduring and popular posts over the years.
From cloud hosting to data center design to information security, the blog has covered a lot of ground in the past five or six years, with experts from our staff joining our marketing and content teams for weekly updates.
Here are the top 10 all time posts from the Green House Data blog.
GDPR (General Data Protection Regulation) compliance is coming on May 25th to companies that operate in the European Union or have customers there. Fines for noncompliance can run into the tens of millions. Are you prepared? And do you even have to worry about it, if you’re a US-based operation?
Learn what security requirements fall under GDPR, as well as what situations would require compliance, and how you need to change your operations to avoid sanctions.
VMware vSphere 6.5 introduced policy-based encryption, which simplifies the security management of VMs across large scale infrastructure, as each object no longer requires individual key management.
vSphere VM encryption offers quite a few advantages compared to other encryption methods, but it might not be a great fit for every workload. When weighing whether to encrypt or not, you’ll want to consider a few limitations, caveats, and performance issues first.