Category Archives: Cloud Storage
BitDam Advanced Threat Protection now available on Microsoft Azure Marketplace – Help Net Security
BitDam announced the availability of its Advanced Threat Protection in the Microsoft Azure Marketplace, an online store providing applications and services for use on Azure. BitDam customers can now take advantage of the productive and trusted Azure cloud platform, with streamlined deployment and management.
OneDrive is Microsofts storage service for hosting files in the cloud, available for free to owners of a Microsoft account. OneDrive offers a simple way to store, sync, and share files and synchronize system settings, visual customizations, themes, app settings, and even Microsoft Edges tabs, browsing history, and saved passwords.
BitDam delivers Advanced Threat Protection against content-borne attacks while enabling enterprises to take full advantage of all that OneDrive has to offer.
With impressive detection rates across business collaboration platforms (email, cloud drives, instant messaging), BitDam protects enterprise OneDrive end users from malware of any type, preventing hardware and logical exploits, ransomware, phishing and zero-day attacks.
Every file that is uploaded to cloud storage is scanned so that other users view and download only clean files.
BitDams unique approach to security is attack-agnostic: It flags and quarantines malicious files and links, never needs updating, and makes Microsoft OneDrive safer, said Liron Barak, CEO, BitDam. Were so pleased to be available in the Microsoft Azure Marketplace to enable end users to open their email with peace of mind.
Through Microsoft Azure Marketplace, customers around the world can easily find, buy, and deploy partner solutions they can trust, all certified and optimized to run on Azure, said Sajan Parihar, Senior Director, Microsoft Azure Platform at Microsoft Corp. Were happy to welcome BitDams solution to the growing Azure Marketplace ecosystem.
The Azure Marketplace is an online market for buying and selling cloud solutions certified to run on Azure. The Azure Marketplace helps connect companies seeking innovative, cloud-based solutions with partners who have developed solutions that are ready to use.
In addition to OneDrive, BitDam Advanced Threat Protection is available for Office 365 email and Microsoft Teams, bundled in one solution, all available in the Microsoft Azure Marketplace.
Read the rest here:
BitDam Advanced Threat Protection now available on Microsoft Azure Marketplace - Help Net Security
Nexsan Unity taps into cloud and Assureon archive – TechTarget
Nexsan expanded the unification process of its Unity appliances to the cloud, as well the vendor's Assureon archive and legacy devices.
Nexsan's launch of its third-generation Unity storage appliances can connect to Assureon object-based archive appliances to make it harder for bad actors to introduce unwanted encryption. Nexsan also introduced Cloud Connector and Data Migration to Unity, allowing it to replicate between on premises and cloud and to migrate data off legacy systems to Unity.
The Unity series is designed for primary and backup storage, with support for hard disk drives and flash. Unity third-generation appliances come in a 3300 model and a 7900 model. The 7900 has more disk bays, raw capacity and system memory. Both models are priced by capacity. According to Nexsan CTO Surya Varanasi, the 3300 is typically a backup target, while the 7900 is geared toward customers looking for high-performance storage.
Nexsan described Unity's connection to Assureon as "unbreakable" backup. Nexsan's Assureon appliance is object storage with file fingerprinting and serialization, used for creating an immutable archive. Unity is certified to work with backup products from Veeam and Commvault, but Assureon adds immutability, making it harder for malware to cause any unwanted changes to the data. Because Assureon is a locked-down appliance serviced by StorCentric (Nexsan's parent company), it's an extra layer that cybercriminals have to penetrate in order to get to the data.
"To breach the Assureon, you also have to breach us," Varanasi said. "Everybody's getting smarter, but the more levels you have, the more difficult it is to breach."
Marc Staimer, president of Dragon Slayer Consulting, described Assureon as, "very viable immutable storage for backup." Assureon itself isn't a backup appliance, as it doesn't manipulate the backup data, but it can store backup data, encrypt it, put multi-factor authentication on it, and generally make it harder for bad actors to access it. Even if everything else is compromised, Assureon will have an untouched backup copy to restore from.
There has been a rising trend of ransomware going after backup systems, and backup vendors have been working together with security vendors in response. Staimer said this is just another step in the continuous arms race between IT and cybercriminals.
"Technology is always breakable. If it's built by humans, it has flaws," Staimer said.
Cloud Connector and Data Migration are two new features that are subsets of an upcoming Nexsan product called Data Mobility Suite, which is scheduled to launch in September. The Cloud Connector module links Unity to 18 public clouds, including AWS and Google Cloud, allowing the Unity appliance to back up to public cloud. Data Migration lets customers migrate data off legacy systems onto Unity and retire the old arrays.
Varanasi said Data Mobility Suite, which will be an entirely separate product from Unity, is designed to enable data sharing between heterogeneous devices, between cloud and on premises and from cloud to cloud. He said the reality is that organizations are using multiple products from multiple vendors, which leads to data silos and difficulty in sharing and moving data. Data Mobility Suite is meant to address that, and some of its functions are previewed in Unity.
"Managing a department with data spread between an Isilon and a NetApp is no fun at all. It's not easily shared, you need to log in multiple times, and so on," Varanasi said.
Staimer said adding the cloud and data mobility components to Unity was an important step for the product, putting them in competitive alignment with the capabilities of tiered storage vendors Hewlett Packard Enterprise Nimble and Infinidat. He said Nexsan Unity is much less expensive than its competitors, and the company has a few large customers under its belt already, including Caltech, NBC and the Australian Government Department of Defence.
View post:
Nexsan Unity taps into cloud and Assureon archive - TechTarget
Commvault integrates Hedvig with HyperScale X appliance Blocks and Files – Blocks and Files
Commvault has rejigged its product lines to better match market needs. The company has separated components for data protection, disaster recovery and data management tasks, and has integrated Hedvig software into HyperScale backup appliances.
Commvault announced the portfolio reshuffle yesterday at its Future Ready customer conference. The company has also rolled out subscription pricing to more products, while confirming ongoing support for perpetual licensing options.
Commvault chief product officer Rajiv Kottomtharayil provided an announcement quote: Customers need to be increasingly agile, flexible, and scalable. This new portfolio addresses data management risks that exist today and that may exist tomorrow, intelligently. From a natural disaster, to human error, to ransomware, our customers are covered.
Coming out of 2019, Commvault had six product lines: Commvault Complete Backup & Recovery, Commvault HyperScale, Commvault Orchestrate, Commvault Activate, Hedvigs Distributed Storage Platform (DSP) and Metallic (SaaS backup and recovery service).
The new line-up is:
Commvault launched HyperScale appliances in 2017 to provide scale-out backup and recovery for containers, virtual and database workloads. The appliances supports on-premises deployments and multiple public clouds, with data movement between these locations.
HyperScale provides up to 5PB of capacity, automatic load balancing across nodes, data caching, cataloguing, automatic rebalancing of stored data across nodes, and integrated copy data management.
The new HyperScale X, available today, brings Hedvigs DSP file system software to the appliance for the first time, adding higher performance backup and recovery as the system scales. Concurrent hardware failures are managed to maintain availability.
Commvaults standalone Backup & Recovery protects containers, cloud-native, and virtual server workloads across cloud and on-premises environments. A separate Disaster Recovery product supports on-premises and cloud environments with automated DR orchestration, replication, and verified recovery readiness.
A Complete Data Protection offering combines Backup & Recovery and Disaster Recovery.
Commvault announced Activate in July 2018, in a product simplification exercise prompted by prodding from activist investor Elliott Management. The software is now disaggregated into separate data Governance, eDiscovery and compliance, and file storage optimisation products.
Hedvigs DSP software, acquired last year, gets more container support. Hedvig introduced Kubernetes Container Storage Interface (CSI) support in October 2019 and with Hedvig for Containers has added:
Avinash Lakshman, chief storage strategist for Commvault, said in a statement: Cloud native applications are critical to the enterprise, and Hedvig for Containers hits that sweet spot of software-defined storage coupled with protection for containerised applications.
Hedvig for Containers is available today.
Commvault is in a data protection and storage marathon. The company competes intensely with Actifio, Cohesity, Dell, IBM, Rubrik, Veeam and Veritas for enterprise data protection and management accounts. Also, ambitious backup-as-a-service startups such as Clumio and Druva are muscling in to this territory.
Commvault has rearranged its shop window to better show its wares. Its also moved to take advantage of its Hedvig software-defined software by adding it to the HyperScale appliance line. Hedvigs latest updates should enhance the softwares appeal to enterprise DevOps cloud native users.
Commvault is claiming a stake in the general storage market with Hedvig Distributed Storage Platform providing file, block and object storage at cloud scale. This general storage market also features intense competition from new and established suppliers and the idea of a combined file, block and object storage product is not universally adopted.
Commvault can use Hedvig software in its own appliances, but it will be quite the challenge to gain wide traction in the general storage market. There are good growth prospects for the emerging stateful container market and Commvault is building a strong story here. However, the mainstream storage suppliers are not so far behind.
More here:
Commvault integrates Hedvig with HyperScale X appliance Blocks and Files - Blocks and Files
IPVanish July sale: three months of VPN cover for the price of one with this deal – Tom’s Guide UK
US-based VPN stalwart IPVanish is well-known as one of the go-to providers for those who want to maintain true internet privacy. And now its offering a cracking deal on a short-term plan three months for the price of one, which works out at just $3.99 a month.
This comes not long after IPVanish also announced that it had lifted its ten-device limit to allow unlimited connections, meaning that for less than $4 a month you can cover pretty much every device in your household whether they belong to you or not.
However, if you want to bag this deal youll have to grab it soon, as the July sale ends exactly when youd expect it to at the end of July. So, for just seven days, youve got the chance to save 67% on a low-commitment, great-value VPN deal.
IPVanish VPN & SugarSync cloud storage | three months for the price of one | $11.99Save 67% New subscribers to IPVanish can bag a great deal this July by claiming three months for the price of one. That's just $3.99 a month the VPN's cheapest option. If you're not satisfied with the service you're covered by a 30-day money-back guarantee, and all you need to do is head over to the site to save big on a short contract.View Deal
A staple of our best VPN guide and regularly featuring in our other VPN countdowns, IPVanish is a tried and trusted VPN provider. It has apps for a huge range of devices, from Windows PCs and Macs to Android devices and iPhones, right down to you Amazon Fire TV or your router.
Also, IPVanish has long been partnered with secure cloud storage provider SygarSync, and every plan comes with a complementary 250Gb of storage. In fact, paying for IPVanish is actually cheaper than signing up to SugarSync on its own, so if youre looking for a safe repository for your sensitive files, you can kill two birds with one stone here.
If youre looking for the very best service on the market, wed recommend ExpressVPN. While its more expensive at $6.67 a month, the whole experience is a little more polished and its an excellent way to access blocked streaming services. If saving money is more important to you, Surfshark is an up-and-comer which offers a two-year plan for less than $2 a month.
However, if youre after a short plan whether youre going on holiday or just hate being tied to a provider for years this IPVanish deal offers serious value for money and a ton of flexibility. But remember, the sale ends July 31, so you might have to act quickly.
Compare the best overall VPN services spec-by-spec:
Everything - the #1 best VPN
Balance of options and ease of use
Torrenting and P2P traffic
Read more:
IPVanish July sale: three months of VPN cover for the price of one with this deal - Tom's Guide UK
Q&A: Sophos poll shows how attackers are taking advantage of cloud migration to wreak havoc – Security Boulevard
Cloud migration, obviously, is here to stay.
Related: Threat actors add human touch to hacks
To be sure, enterprises continue to rely heavily on their legacy, on-premises datacenters. But theres no doubt that the exodus to a much greater dependency on hybrid cloud and multi-cloud resources Infrastructure-as-a-Service (IaaS) and Platforms-as-a-Service (PaaS) is in full swing.
Now comes an extensive global survey from Sophos, a leader in next generation cybersecurity, that vividly illustrates how cybercriminals are taking full advantage. For its State of Cloud Security 2020 survey, Sophos commissioned the polling of some 3,500 IT managers across 26 countries in Europe, the Americas, Asia Pacific, the Middle East, and Africa. The respondents were from organizations that currently host data and workloads in the public cloud.
Sophos found that fully 70% of organizations experienced a public cloud security incident in the last year. Furthermore, 50% encountered ransomware and other malware; 29% reported incidents of data getting exposed; 25% had accounts compromised; and 17% dealt with incidents of crypto-jacking. The poll also showed that organizations running multi-cloud environments were 50% more likely to suffer a cloud security incident than those running a single cloud.
Those findings were eye-opening, yes. But they were not at all surprising. Digital commerce from day one has revolved around companies bulling forward to take full advantage of wondrous decentralized, anonymous characteristics of the Internet, which began a military-academic experiment.
Corporations became obsessed with squeezing productivity out of an intrinsically insecure construct and threat actors became expert at quickly pouncing on fresh attack vectors opened up by this obsession. And now we have that same pattern playing out, once more, with cloud migration.
Deeper implications
Last Watchdog had the chance to drill down on the deeper implications of Sophos cloud security findings, as well as its recent report The State of Ransomware 2020
with two of its top experts, Paul Murray, senior director of product management in Sophos Public Cloud Security Group, and John Shier, senior security advisor. Here are excerpts of our discussion, edited for clarity and length:
LW: Can you frame how threat actors view the current trajectory of cloud migration?
Murray: In the eyes of the adversary, cloud migration brings their targets one step closer, introducing the potential for them to search for and target a larger and more dispersed attack surface area over the Internet. Organizations are typically very aware of physical security measures. However, in the transition to the cloud, the management plane itself is now accessible from anywhere, and organizations need to ensure their configurations are implemented securely in order to prevent discovery by attackers.
LW: So what are cyber criminals focusing on at the moment?
Murray: Attackers are going after the low hanging fruit. New cloud PaaS services, such as shared storage, containers, database services and serverless functions etc. typically cannot have a security agent running on them, so its left up to the organization to securely configure these services.
You wont have to look far to find stories of Amazon S3-related data breaches caused by misconfiguration, where S3 security settings were set to Public. AWS has even released an update to help customers from running afoul of this, one of the biggest causes of cloud data breaches. And shared storage breaches are by no means limited to Amazon customers.
LW: Isnt it more than just taking advantage of low hanging fruit?
Murray: Yes, attackers are moving to more sophisticated attacks, as well. As part of Living off the Land (LOTL) attacks, attackers are automating searches to exploit vulnerabilities in virtual machines. They can exploit cloud provider metadata services, for instance, to access temporary identity and access management (IAM)credentials. This enables them to footprint the customer environment. From there they can gain access to central storage, amongst other things, and finally proceeded to exfiltrate data.
We recently released an article about a malware we dubbed Cloud Snooper. This is a rootkit that establishes an APT-like command-and-control client on a machine . . . In essence it makes the command-and-control traffic look like benign traffic.
LW: Your cloud security report shows how misconfigurations can translate into a major exposure. How so?
Murray: Reading about the thousands of cases out there, youd be forgiven for thinking that attackers are only after an organizations sensitive data in these attacks. In addition to financial data and personal information, one of the main uses of cloud storage accounts like Amazon S3 buckets is to host static website content like HTML files, JavaScript and Cascading Style Sheets (CSS.) Attacks targeting these resources arent targeting exposed data. Instead, they look to maliciously modify website files; this is being done in order to steal the website visitors financial information.
Murray
Both attack chains look the same at the start, with attackers scanning the Internet for misconfigured S3 buckets, using automated S3 scanners. But this is where the attack paths diverge. In your typical S3 data breach, attackers will list and sync the valuable contents to a local disk and then access all the data that was misconfigured in public mode.
In the case of a data modification attack, once access is gained, attackers look for JavaScript content and modify it to include malicious code. Now, when a user visits the infected website, the malicious JavaScript code loads, logging all credit and debit card details entered onto payment forms. This data is then sent to the criminals server.
LW: How much of these new attack vectors stem from high-velocity software development involving microservices assembled in containers?
Murray: DevOps is the great enabler. The challenge for many organizations is that the DevOps process will be employed to automate the build of this infrastructure. Security teams must therefore enable developers to secure their automated process with tools this way security enables digital transformation, rather than holding it back, or, worse still, cause security measures to be worked around in order to maintain agility.
LW: Whats a concrete example of a pervasive exposure opened up by cloud migration?
Murray: We used our cloud security posture management tool, called Sophos Cloud Optix, to learn that two of the most widespread exposure points come from organizations exposing Remote Desk Protocol (RDP) and Secure Shell protocol (SSH.) Cybercriminals are actively searching for these entry points through automated searches. These protocols need to be accounted for.
Organizations need to secure virtual private cloud (VPC) traffic, as well. We all want a simple, sure-fire route to ensure we dont accidentally make a private subnet public. The challenge its been all too easy to do just that, with route tables in a VPC that can only be associated with subnets, and no simple way to specify routing rules to direct traffic to subnets through a firewall when entering VPCs.
LW: Your cloud security report shows a high level of awareness of these exposures 96% concerned yet an apparent low level of corporate will to do something about low staffing levels. How do you explain that?
Murray: Almost half of survey respondents didnt fully understand their responsibilities for securing cloud environments. The problem is in all of the gray areas, where the responsibility is quite literally shared. The platform vendors want to communicate that while they will provide the tools, such as security groups and IAM tools, the subscriber is responsible for implementing them correctly.
Its the same thing as buying a firewall and only adding any-to-any rules. That sounds good in theory, but in practice it means that for a lot of the security provided by the platform, the ultimate responsibility is still with the customer. But just enabling something doesnt make it secure. In order to properly secure a cloud environment, you need a good design and clear use case so you can wield the platform tools effectively and extend them with third party services where needed.
LW: Shifting gears a bit, whats going on with ransomware? Your recent white paper shows its still at as high a level as in 2017? Why so?
Shier: The most significant shift in the ransomware landscape is the switch from a strictly opportunistic model to a more targeted one, and from individuals to businesses. While individuals are still being victimized, the most active ransomware gangs are laser-focused on breaching organizations.
Shier
Less skilled attackers, those focused on infecting individuals, have largely been pushed out of the market, driven by better protection and higher awareness, in favor of more capable professional gangs. This has meant a lower overall incidence of ransomware infections but with increased impact to victims.
LW: What do ransomware attack pattern across the globe look like today?
Shier: Attackers are choosing their targets more deliberately. These gangs still employ some opportunistic methods for target discovery. This includes using scanners to discover unpatched machines or exposed services (i.e. Remote Desktop Services) and the use of automated tools to gain brute-force access to said services. But once inside a network, the humans take over.
Some gangs have also resorted to shaming companies on social media in an effort to increase the likelihood of payment, leaking sensitive information if the victims dont pay, or even urging the employees of victim organizations to put pressure on their IT departments to pay the ransom. Weve also seen the higher end attackers continue to develop and improve their payloads in order to evade detection and increase the rate of successful infections.
LW: GDPR has been in effect for two years now, and your reports show that Europes tougher data protection laws appear to be contributing to a reduced rate of ransomware in the EU? How so?
Shier: Compliance with GDPR has provided an incentive for some companies to do the bare minimum. For example, this could be adding protection to servers where it might have been absent in the past, or implementing multi-factor authentication for all your externally facing accounts and services.
In other cases, encrypting your backups, a good practice from a data protection perspective, has also meant they were useless to criminals as additional extortion pressure. When companies build better security foundations it puts much of the proverbial low hanging fruit out of reach to cybercriminals.
GDPR compliance also requires better visibility into your assets and data. Today, more often than not, ransomware is the last stage acting as a distraction in an attack whose main motivation is data theft. This added visibility provides companies with a chance to spot the initial stages of any attack much sooner.
LW: Your reports show that the U.S. has done well, too. What impact has rising regulation played? Im referring to the New York Department of Financial Services certification rules; and also Californias Consumer Privacy Act and the Department of Defenses Cybersecurity Maturity Model Certification.
Shier: The increased adoption of next-gen security technologies, as well as, regulatory pressure has contributed to better resilience against ransomware attacks. This is true of the U.S. and other regions as well. This is offset, however, by widespread abuse of stolen credentials, lack of ubiquitous multi-factor authentication, too many exposed and vulnerable services, and careless user behavior.
Acohido
Pulitzer Prize-winning business journalist Byron V. Acohido is dedicated to fostering public awareness about how to make the Internet as private and secure as it ought to be.
(LW provides consulting services to the vendors we cover.)
Recent Articles By Author
*** This is a Security Bloggers Network syndicated blog from The Last Watchdog authored by bacohido. Read the original post at: https://www.lastwatchdog.com/qa-sophos-poll-shows-how-attackers-are-taking-advantage-of-cloud-migration-to-wreak-havoc/
See the original post:
Q&A: Sophos poll shows how attackers are taking advantage of cloud migration to wreak havoc - Security Boulevard
Life After COVID 19: E-Discovery Considerations for Attorneys and Clients – JD Supra
Life around the world has significantly changed in the last three months. From job losses, homeschooling, and working from home, daily life is not the same as it was in February. The world of E-Discovery has not been immune. Law firms and service providers have been forced to adapt to a quickly changing environment. Here in North Carolina, our governor issued a statewide stay at home order effective on March 30. However, most of the people heeded the advice of firm management and began working from home several weeks earlier.
Since that time we have seen a flood of articles and news reports about how people are adjusting to using video conferencing and collaboration tools such as WebEx, Zoom, Skype, and Google Docs. These tools enable us to maintain invaluable connections with our colleagues and clients, but they also have an effect on discovery we might not have previously considered. From an E-Discovery perspective, the use of these remote working tools creates new data sources for preservation and collection. Diligent attorneys and clients would be wise to consider and discuss how these tools might impact the phases of E-Discovery moving forward. Below is a list of considerations to help get the conversation started.
Most workplaces probably have some type of work from home or telework policy. However, even the savviest employers likely did not foresee the world as we knew it coming to a screeching halt. I presume that these policies most likely pertain only to requests to work remotely versus in the office. As counsel, we should engage our clients in a discussion about whether their current policies sufficiently address the use of technology while working from home. For example, employers should consider which technology platforms are currently authorized and which are being utilized by the employees, such videoconferencing tools. Employers should consider whether to limit (or eliminate altogether) the use of unauthorized platforms. If an employer decides to limit the use of certain platforms for safety, privacy or other reasons, that message should be effectively communicated to the employees.
As stated above, an employer should inquire of its employees what tools they use and then consider the privacy and security implications of each. A work from home policy should identify which tools may be used for work purposes and which may not (since work inevitably includes handling private and protected information). While some employees may have already had access to their entire work environments on mobile devices or home computers, other employees may not. Employers may now be paying for or subsidizing mobile devices for employees that were solely personal prior to the pandemic. Employers will need to closely examine their BYOD policies and consider whether revisions to the policies are warranted. Enforcement of policies related to mobile device usage is more straightforward with employer-provided devices, but more difficult if employees use their own devices for remote work. For more information on BYOD policies, clickherefor an extremely informative article from my colleague Russ Beets on the advantages and drawbacks of a BYOD policy.
The remote work policy should reiterate that employees should continue to save all documents and information to a centralized, secure location, whether that location is on the organizations network or other centralized document management system. If employees regularly and consistently save documents to a centralized location, this lessens the need for the preservation and collection of data from employees' devices. While working remotely, employees should regularly be reminded to save documents to centralized, secure locations.
Employers may also need to remind employees that communication via a direct messaging platform utilized by the employer may be a more favorable means of communication over other nonstandard or non-enterprise communications such as text messages, etc. These direct messages are likely already addressed in an organizations data retention policy and, depending on an organizations storage capabilities, may be stored and preserved in a central location.
I suspect that most policies are broad enough to cover these tools, but organizations should review their data retention policies and determine whether the data generated by these remote working tools is adequately addressed. If it is not, the policy will likely need to be updated. In some cases, an organization may need to provide additional training to its internal IT team to ensure they will be able to preserve and collect the data generated should the need arise. The IT team should consider how the tool generates, organizes, indexes and saves data.
When it comes time to identify, preserve and collect data that might be relevant in a dispute, most litigation attorneys and E-Discovery professionals already have a few items in their toolbox to navigate this new world of remote work. The most important tool is the custodian questionnaire. You will need to know how the custodian was communicating and collaborating while working remotely. An existing custodian questionnaire may need to be revised to take into account the use of remote working tools, such as video conferencing and collaboration platforms that may have been utilized by the custodian. The custodian questionnaire should also consider whether the custodian generated any paper documents and the location of those paper documents to ensure they are also properly preserved.
In-person data collections are seemingly a thing of the past. Before COVID, while we conducted remote collections when it was necessary to do so, we preferred in-person collections because we found sitting face to face with an often anxious custodian to be the most effective means of garnering their trust and successfully drilling down to the heart of where relevant data is stored. In todays climate, however, almost all data collections are conducted remotely by accessing an individual employees computer, mobile device or cloud storage location, or an organizations network. Conducting collections from a distance comes with its own challenges, such as scheduling time to meet with custodians who are also trying to work from home, accessing various data sources, loading collection software and keeping a custodians attention. Thankfully, the remote collection tools and workflows we have used in the past are still ripe for todays new world and people are learning how to manage their time and space. With employer and state travel restrictions in place, as well as restrictive stay at home orders, we are actually learning how to successfully connect with our clients and custodians from afar. I believe that this is a lasting change and the majority of collections after the pandemic ends will be performed remotely.
Clients will almost inevitably have questions and concerns about safeguarding their private and confidential data during a remote document review. Truthfully, a remote document review comes with security challenges, simply because we cannot know with 100% certainty where the review is performed or who may have access to view an attorneys computer screen or who may have access to review protocols and case memos. However, a remote document review can be performed safely if certain precautions are taken.
The most secure means of performing a remote document review is to require contract reviewers to use a VPN tunnel or other type of secure portal when accessing the review platform. If a VPN tunnel or secure portal is not an option, two-factor authentication should be implemented for any person remotely accessing the review platform that is not connected via a VPN or secure portal. In addition, document review contract attorneys should be required to follow any remote document review policy in place by the law firm or vendor, such as:
Because contractors are remote, it is even more important that they attend regularly scheduled (even daily) meetings about ongoing reviews to discuss any issues that arise. Similarly, contractors should provide daily reports that provide an overview of the documents they reviewed and any hot documents they encountered. It will also be important to track review rates, including documents viewed and edited per hour, and then discuss how to address outliers.
When daily life has reached some type of stability and we have all adjusted to the new normal, companies will need to determine if their work environment has substantially changed, how long the change may last, and whether their internal policies need to be adjusted. Hopefully, this time comes soon and without additional disruption. Who knows maybe this will lead to more telework, more time with families, and a better quality of life.
Read more here:
Life After COVID 19: E-Discovery Considerations for Attorneys and Clients - JD Supra
4 Ways to Advance Your Tech Without Sacrificing Security – Security Boulevard
Data and security are two of the most crucial topics of discussion regarding modern networks. As the internet grows in scope and complexity, it provides greater benefits to the way people interact and do business, but it also presents a greater number of variables that must be maintained in order to keep things running smoothly. Tech experts are becoming an indispensable part of the workforce at large, as well as within individual organizations for this very reason. Heres what you need to know in order to create the stable and secure infrastructure your business needs in order to thrive in the digital age.
Keeping Up With Advances in Technology
Cutting edge technology almost universally corresponds to an improvement in every aspect of a given organization. However, there remain valid concerns about the weaknesses of modern data infrastructure. TLS 1.3 is all but necessary in order to remain competitive and relevant moving forward, because it improves the functionality of your network in a straightforward way. However, it creates some potential security concerns that need to be addressed. Most notably, TLS 1.3 makes it more difficult to track network traffic effectively, and analytics are a major component of network security. The biggest obstacle for modern businesses is giving themselves a technological edge without sacrificing security in order to do so, and thats where your IT department comes in.
Hire Tech Savvy Professionals
There is a growing representation of tech workers across the board in the professional world. That is because, as technically becomes more powerful, it becomes more complex. For every additional benefit that the internet provides, it also provides another potential backdoor for hackers, and the only surefire way to make your network foolproof is with the help of experts in the field of network security. However, there are additional benefits to a strong IT department. In much the same way technological advancements can have drawbacks in terms of security, they can also introduce new errors that may occur and disrupt your business. IT professionals can help you assess your network and connected devices for potential weakness and fix problems as they arise.
Adopt Cloud Technology
Cloud technology refers primarily to cloud computing and cloud storage, and these twin technologies have transformed the landscape of data as you know it. Cloud storage refers to digital file storage over the internet. This has a few benefits, namely expanded storage and the easy sharing of files across an organization or group. Cloud computing operates in a similar manner but is broader in scope. Cloud computing refers to the sharing computational assets with other machines over a network. This allows, for example, one computer to aid another temporarily for the duration of a computational problem, before the two devices return to their default allocation of resources. In summation, cloud technology massively increases the potency of a business by allowing individual devices to cooperate directly, and this tech is quickly becoming the norm for professionals of all kinds.
Backup Everything
Another crucial aspect of network security is that you need to always make sure your data is backed up, just in case. Any number of problems can arise unexpectedly to compromise your computers, your network, or both, so it is imperative that you ensure that your files are always within reach. The recent explosion of data has rendered physical file storage an untenable option, however, so youll need to use cloud storage to backup your files. In addition to allowing files to be shared among a group, cloud storage also vastly expands available storage capacity.
Staying ahead of the curve with regards to technological advancement is a kind of Sisyphean exercise in futility. However, you must do your absolute best to stay on top of new advancements and remain in control of your businesss data infrastructure. Otherwise, you will be supplanted by more tech friendly, and more tech savvy, companies who will do what it takes to beat the competition. With this primer in hand, youll be better prepared to take the necessary steps to keep your business in lockstep with progress.
Read more from the original source:
4 Ways to Advance Your Tech Without Sacrificing Security - Security Boulevard
Cloud Storage Market Is expected to Witness Significant Growth between 2020 to 2028| Top Key Players- AWS, IBM, Microsoft, Google, Oracle, HPE – Owned
Cloud Storage Market is analyzed with industry experts in mind to maximize return on investment by providing clear information needed for informed business decisions. This research will help both established and new entrants to identify and analyze market needs, market size and competition. It explains the supply and demand situation, the competitive scenario, and the challenges for market growth, market opportunities and the threats faced by key players.
Sample Copy of This Report: https://www.quincemarketinsights.com/request-sample-61968?utm_source=PF/komal
A 360 degree outline of the competitive scenario of the Global Cloud Storage Market is presented by Quince Market Insights. It has a massive data allied to the recent product and technological developments in the markets.
It has a wide-ranging analysis of the impact of these advancements on the markets future growth, wide-ranging analysis of these extensions on the markets future growth. The research report studies the market in a detailed manner by explaining the key facets of the market that are foreseeable to have a countable stimulus on its developing extrapolations over the forecast period.
Major Companies:AWS, IBM, Microsoft, Google, Oracle, HPE, Dell EMC, VMware, Rackspace, Dropbox
Table of Contents:
Get ToC for the overview of the premium report @ https://www.quincemarketinsights.com/request-toc-61968?utm_source=PF/komal
Market Segmentation: By Type (Solutions and Services), By Deployment Model (Public Cloud, Private Cloud, Hybrid Cloud), By Organization Size (Large Enterprises, Small and Medium-Sized Enterprises), By Vertical (Banking, Financial Services, and Insurance (BFSI), Healthcare and life sciences, Telecommunications, IT and Information Technology-enabled Services (ITES), Energy and Utilities, Education, Government and public sector, Manufacturing, Consumer goods and retail, Media and entertainment, Others)
A detailed outline of the Global Cloud Storage Market includes a comprehensive analysis of different verticals of businesses. North America, Europe, Asia Pacific, Middle East & Africa, and South America have been considered for the studies on the basis of several terminologies.
This is anticipated to drive the Global Cloud Storage Market over the forecast period. This research report covers the market landscape and its progress prospects in the near future. After studying key companies, the report focuses on the new entrants contributing to the growth of the market. Most companies in the Global Cloud Storage Market are currently adopting new technological trends in the market.
Finally, the researchers throw light on different ways to discover the strengths, weaknesses, opportunities, and threats affecting the growth of the Global Cloud Storage Market. The feasibility of the new report is also measured in this research report.
Reasons for buying this report:
Make an Enquiry for purchasing this Report @ https://www.quincemarketinsights.com/enquiry-before-buying-61968?utm_source=PF/komal
ABOUT US:
QMI has the most comprehensive collection of market research products and services available on the web. We deliver reports from virtually all major publications and refresh our list regularly to provide you with immediate online access to the worlds most extensive and up-to-date archive of professional insights into global markets, companies, goods, and patterns.
Contact:
Quince Market Insights
Ajay D. (Knowledge Partner)
Office No- A109
Pune, Maharashtra 411028
Phone: APAC +91 706 672 4848 / US +1 208 405 2835 / UK +44 121 364 6144
Email: [emailprotected]
Web: https://www.quincemarketinsights.com
Originally posted here:
Cloud Storage Market Is expected to Witness Significant Growth between 2020 to 2028| Top Key Players- AWS, IBM, Microsoft, Google, Oracle, HPE - Owned
Software-defined storage: It’s a Thing Blocks and Files – Blocks and Files
The global software-defined storage market is expected to grow by $42.79 billion over the next four years, according to Technavio.
The UK market research firm forecasts the market will grow 27.45 per cent during 2020, despite the disruption of Covid-19 and its associated shutdowns. It believes that the market will have fully normalised by Q3 2021, or by Q1 2022 at the latest.
Technavio cites the adoption of hyperconverged platforms is cited by as one reason for the growth. With hyperconverged infrastructure (HCI), enterprises can avoid dependency on multiple storage, compute and networking systems because all three are combined into a virtualized platform. This delivers simplified management and also means that customers have a single vendor to call upon for support.
North America led the software-defined storage market in 2019, followed by APAC, Europe, South America, then the Middle East and Africa. Between now and 2024, North America will experience the highest incremental growth, owing to factors such as increasing demand from enterprises, and the adoption of advanced technologies, such as the expected uptake of 5G networks.
Cloud adoption is another driver for software-defined storage. As enterprises continue to invest in cloud services, this increases the demand for software-defined storage as it simplifies storage management, according to Technavio, and addresses data management challenges in cloud computing.
However, as a Blocks & Files noted last month, while IDC figures show that while demand for converged system is holding up, there is no clear sign of HCI sales eating into the sales of existing external storage platforms.
Here is the original post:
Software-defined storage: It's a Thing Blocks and Files - Blocks and Files
Microsoft takes legal action against COVID-19-related cybercrime – Microsoft on the Issues – Microsoft
Today, the U.S. District Court for the Eastern District of Virginia unsealed documents detailing Microsofts work to disrupt cybercriminals that were taking advantage of the COVID-19 pandemic in an attempt to defraud customers in 62 countries around the world. Our civil case has resulted in a court order allowing Microsoft to seize control of key domains in the criminals infrastructure so that it can no longer be used to execute cyberattacks.
Microsofts Digital Crimes Unit (DCU) first observed these criminals in December 2019, when they deployed a sophisticated, new phishing scheme designed to compromise Microsoft customer accounts. The criminals attempted to gain access to customer email, contact lists, sensitive documents and other valuable information. Based on patterns discovered at that time, Microsoft utilized technical means to block the criminals activity and disable the malicious application used in the attack. Recently, Microsoft observed renewed attempts by the same criminals, this time using COVID-19-related lures in the phishing emails to target victims.
This malicious activity is yet another form of business email compromise (BEC) attack, which has increased in complexity, sophistication and frequency in recent years. According to the FBIs 2019 Internet Crime Report, the most-costly complaints received by their Internet Crime Complaint Center (IC3) involved BEC crimes, with losses of over $1.7 billion, representing nearly half of all financial losses due to cybercrime. While most of the publics attention in recent years has justifiably focused on the malign acts of nation state actors, the increasing economic harm caused by cybercriminals must also be considered and confronted by the public and private sectors. For our part, Microsoft and our Digital Crimes Unit will continue to investigate and disrupt cybercriminals and will seek to work with law enforcement agencies around the world, whenever possible, to stop these crimes.
These cybercriminals designed the phishing emails to look like they originated from an employer or other trusted source and frequently targeted business leaders across a variety of industries, attempting to compromise accounts, steal information and redirect wire transfers. When the group first began carrying out this scheme, the phishing emails contained deceptive messages associated with generic business activities. For example, the malicious link in the email was titled with business terms such as Q4 Report Dec19, as seen below.
With these recent efforts, however, the phishing emails instead contained messages regarding COVID-19 as a means to exploit pandemic-related financial concerns and induce targeted victims to click on malicious links. For example, using terms such as COVID-19 Bonus, as seen here.
Once victims clicked on the deceptive links, they were ultimately prompted to grant access permissions to a malicious web application (web app). Web apps are familiar-looking as they are widely used in organizations to drive productivity, create efficiencies and increase security in a distributed network. Unknown to the victim, these malicious web apps were controlled by the criminals, who, with fraudulently obtained permission, could access the victims Microsoft Office 365 account. This scheme enabled unauthorized access without explicitly requiring the victims to directly give up their login credentials at a fake website or similar interface, as they would in a more traditional phishing campaign.
After clicking through the consent prompt for the malicious web app (pictured below), the victim unwittingly granted criminals permission to access and control the victims Office 365 account contents, including email, contacts, notes and material stored in the victims OneDrive for Business cloud storage space and corporate SharePoint document management and storage system.
Microsoft takes many measures to monitor and block malicious web apps based on telemetry indicating atypical behavior and has continued to enhance our protections based on this activity. In cases where criminals suddenly and massively scale their activity and move quickly to adapt their techniques to evade Microsofts built-in defensive mechanisms, additional measures such as the legal action filed in this case are necessary. This unique civil case against COVID-19-themed BEC attacks has allowed us to proactively disable key domains that are part of the criminals malicious infrastructure, which is a critical step in protecting our customers.
As weve observed, cybercriminals have been adapting their lures to take advantage of current events, using COVID-19-related themes to deceive victims. While the lures may have changed, the underlying threats remain, evolve and grow, and its more important than ever to remain vigilant against cyberattacks.
To further protect yourself against phishing campaigns, including BEC, we recommend, first, that you enable two-factor authentication on all business and personal email accounts. Second, learnhow to spot phishing schemesand protect yourself from them. Third,enable security alertsabout links and files from suspicious websites and carefullycheck your email forwardingrules for any suspicious activity. Businesses can learn how to recognize and remediate these types of attacks and also take these steps to increase the security of their organizations.
Tags: business, COVID-19, cyberattacks, cybercrime, Digital Crimes Unit, Office 365, phishing