Tag Archive for Data

| October 30, 2012
Comments Off on Mix Tape – The Future of Big Data Storage

Mix Tape – The Future of Big Data Storage

Mix Tapes - The Future of Big Data StorageThe mix tape is about to make a comeback, in a big way according to New Scientist. From the updates posted by Facebook’s (FB) 1 billion users to the medical images shared by healthcare organization worldwide and the rise of high-definition video streaming, the need to store massive amounts of data is greater than ever. Hard drives have been the workhorse of large storage operations for decades. However, a new wave of ultra-dense tape drives is set to the replace the HDD. The new tape drives pack in information at much higher densities, while using less energy in the size of a 1980’s mix tape, according to the article.

Researchers at Fuji Film (4901) and IBM (IBM) have already built prototypes that can store 35 terabytes of data. The cartridge which measures 10 centimeters by 10 cm by 2 cm, can store  about 35 million books’ worth of information. This is achieved using magnetic tape coated with nanoparticles of barium ferrite. The coating stabilizes magnetic storage media by keeping moisture and oxidation (rust) from damaging the surface of storage tape.

But the real début for this technology, the author speculates will be with the Square Kilometre Array (SKA). The SKA will be the world’s largest radio telescope when it is completed in 2024. SKA will consist of thousands of antennas across the southern hemisphere. Once it’s up and running, the SKA is expected to pump out 1 petabyte (1 million gigabytes) of compressed data per day. If the SKA data archive was built using today’s 3-terabyte HDD’s, the telescope would fill an unmanageable 120,000 drives a year.

Data recovery100 terabytes on a cartridge

That annual archive growth would swamp an experiment that is expected to last decades, says IBM Fellow Evangelos Eleftheriou, who is part of a team working to build tapes for the SKA. The IBMer says that by the time the telescope comes online, they  expect to be able to store 100 terabytes. They plan to store that much data by shrinking the width of the recording tracks and using more accurate systems for positioning the read-write heads used to access them.

Using tapes should cut down drastically on energy use, too. A 2010 study by Clipper Group found that data centers with disc drive arrays use over 200 times more power than would a tape library of similar size. Disc drives in large arrays tend to stay powered-up, so their platters spin continuously, in case data is required, says Jon Hiles of Spectra Logic, a digital archiving firm in Boulder, CO. But tape drives only use power when they are being read or recorded on, he says.

The downside of tapes

The downside of tapes is that they are slower to access than hard discs. Tapes have to be fetched by a robotic mechanism, inserted in a reader and spooled to the right point. But the Linear Tape File System, expedites this process to make it comparable to disc drives, Eleftheriou told the blog. As storage needs skyrocket, hard drives won’t be able to keep up and keep power down, Eleftheriou says. Density improvements in hard drives are facing physical limits that mean they can only add more power-munching platters. “It’s time to take advantage of the low power and low-cost of tape,” he says.

rb-

It is unlikely even the largest firm will need the kind of capacity SKA’s IT staff will have to deal with every day. But it is likely that every organization that stores big data on-site will be looking for low-cost, high-capacity alternatives to disk. However I would not want to trust 35 TB (or more) of data to a cassette which can be easily destroyed. Do you think the 80’s mix tape cassettes  are the future of big data storage?

Do you think cassette tapes are the future of big data storage?

View Results

Loading ... Loading ...

Ralph Bach has been in IT long enough to know better and has blogged from his Bach Seat about IT, careers and anything else that catches his attention since 2005. You can follow him at LinkedInFacebook and Twitter. Email the Bach Seat here.

Category: Data protection | Tags: , , , , , , , , , ,
| July 19, 2012
Comments Off on Cyber Insurance

Cyber Insurance

Cyber InsuranceJohn Moccia with Innovation Guard wrote a good primer on what happens when a firm needs to buy cyber insurance in a thread at Internet Evolution. The author writes that loss control/security precautions are built into the process of acquiring cyber insurance. There are firms like NetDiligence that partner with insurers. Apparently, when you buy a cyber insurance policy, the coverage is contingent upon a successful security audit performed by NetDiligence (penetration testing, ethical hack, etc).

Cyber InsuranceThe article goes on to state that when a company outsources their technologies, such as with a co-hosting facility where their actual servers reside, the insurer will seek information on the Colo firm’s security protocols, protection, and redundancy. In the end, those companies with better procedures/protections in place will get better rates…..those with worse or no security will get higher rates – or not be afforded coverage at all.

There are first and third-party implications to Cyber insurance according to Mr. Moccia.

The first party = your losses…such as the cost to notify the thousands or tens of thousands of people whose info has been compromised.

Third-Party = losses of others where they would seek restitution from you. A class action claim for failure to secure confidential data – defense costs, settlements, etc.

This whole area is still evolving. Some insurers offer just third-party, others offer both. They have different approaches to the way they offer the coverage’s, too. For example, while one insurer may offer you up to $250K for breach notification costs, another provides coverage for up to 2 million affected people with no specific dollar amount.

Coverage can be incorporated on some insurer’s policies to address the acts of “rogue” employees/insiders.

Read the fine printThe author points out that the insurance industry is a very old industry. It is also one that is slow to change its ways of doing business. Insurers package their policies the way they want to sell them, as opposed to the way people/businesses want to buy them. For example, the types of claims that we are discussing here are relevant and likely for any kind of company today. General Liability claims are very uncommon and unlikely (at least for vanilla office-based companies, like Tech businesses and professional service companies)…and traditional business interruption coverage doesn’t address these cyber issues. Yet, these coverage’s are part of the standard policy that all businesses carry. In order to get the total protection that a business needs, it has to buy several policies, usually from multiple insurers. The first progressive insurer that is willing to incorporate coverage for these modern exposures (even if they just dip their toe in the water… offer $10K or some other nominal amount!), as part of what is their standard commercial policy, will have a huge advantage on the rest of the market.

rb-

I am sure that many SMB organizations have holes in their coverage when it comes to their cyber insurance. I really doubt that they can pass the security audit. Many of the organizations I deal with have very low-security postures. Conversations about password policies, document retention, and user account life-cycle are a big deal, even when my counterpart has come from industry to industry to education.

Related articles

Ralph Bach has been in IT long enough to know better and has blogged from his Bach Seat about IT, careers, and anything else that catches his attention since 2005. You can follow him on LinkedInFacebook, and Twitter. Email the Bach Seat here.

Category: Uncategorized | Tags: , , , , , , , ,
| March 29, 2012
Comments Off on Social Media Biggest Risk in 2012

Social Media Biggest Risk in 2012

Social Media Biggest Risk in 2012The Security Labs over at Websense (WBSN) a provider of Web, data, and email content security have used the Websense ThreatSeeker Network (PDF) which provides real-time reputation analysis, behavioral analysis, and real data identification to announce (PDF) their picks for the top IT security threats for 2012. Social media is the #1 risk in 2012,.

1. Websense says that stealing, buying, trading credit card, and social security numbers is old news. They say that your social media identity may prove more valuable to cybercriminals than your credit cards.

LinkedIn connections for saleToday, your social identity may have greater value to the bad guys because Facebook (FB) has more than 800 million active users. More than half of FB users log on daily and they have an average of 130 friends. Trust is the basis of social networking, so if a bad guy compromises social media logins, the security firm says there is a good chance they can manipulate your friends. (Stacy Cowley at CNN Money has an excellent article on how this can work with LinkedIn (LNKD). Which leads to their second prediction.

2. According to Websense most 2012 advanced attacks’ primary attack vector will blend social media “friends,” mobile devices, and the cloud. In the past, advanced persistent threats (APTs) blended email and web attacks together. In 2012, the researchers believe advanced attacks could use emerging technologies like: social media, cloud platforms, and mobile. They warn that blended attacks will be the primary vector in most persistent and advanced attacks of 2012.

iPad malware3. The San Diego CA-based firm says to expect increases in exposed vulnerabilities for mobile devices in 2012. They predict more than 1,000 different variants of exploits, malicious applications, and botnets will attack smartphones or tablets. Websense security investigators predict that a new variant of malware for mobile devices will appear every day.

The Internet security firm stresses that application creators need to protectively sandbox their apps. Without sandbox technology malware will be able to get access to banking and social credentials as well as other data on the mobile device. This includes work documents and any cloud applications on that handy device. The firm believes that social engineering designed to specifically lure mobile users to infected apps and websites will increase. Websense predicts the number of mobile device users that will fall victim to social engineering scams will explode when attackers start to use mobile location-based services to design hyper-specific geolocation social engineering attempts.

SSL/TLS blindspot4. SSL/TLS will put net traffic into a corporate IT blind spot. Two items are increasing traffic over SSL/TLS secure tunnels for privacy and protection. First, the disruptive growth of mobile and tablet devices is moving packaged software to the cloud and distributing data to new locations.

Second, many of the largest, most commonly used websites, like Google (GOOG) Search, Facebook, and Twitter have switched their sites to default to HTTPS sessions. This may seem like a positive since it encrypts the communications between the computer and destination. But as more traffic moves through encrypted tunnels, Websense correctly says that many traditional enterprise security defenses (like firewalls, IDS/IDP, network AV, and passive monitoring) will be left looking for a threat needle in a haystack, since they cannot inspect the encoded traffic. These blind spots offer a big doorway for cybercriminals to walk through. (We have started to battle this as we move from a POC system from McAfee another vendor to a modem content filter to be nameless but was just bought and we haven’t solved it yet, the NoSSLSearch for GOOG still needs some work)

Network security5. For years, security defenses have focused on keeping cybercrime and malware out (Also called M&M security, hard on the outside, soft and chewy on the inside). The Websense Security Lab team says that there’s been much less attention on watching outbound traffic for data theft and evasive command and control communications. The researchers say hacking and malware are related to most data theft; they estimate that more than 50 percent of data loss incidents happen over the web. This is aggravated by delayed DLP deployments as vendors use traditional overly excessive processes like data discovery (designed to over-sell professional services?).

In 2012, organizations will have to stop data theft at corporate gateways that detect custom encryption, geolocations for web destinations, and command and control communications.  The security firm predicts organizations on the leading edge will add outbound inspection and will focus on adapting prevention technologies to be more about containment, severing communications, and data loss mitigation after an initial infection.

Black-Hat-SEO_full6. The London Olympics, U.S. presidential elections and Mayan calendar apocalyptic predictions will lead to broad attacks by criminals. SEO poisoning has become an everyday occurrence. The Websense Security Labs still sees highly popular search terms deliver a quarter of the first page of results as poisoned.

The researchers expect that as the search engines have become savvier on removing poisoned results, criminals will port the same techniques to new platforms in 2012. They will continue to take advantage of today’s 24-hour, up-to-the-minute news cycle, only now they will infect users where they are less suspicious: Twitter feeds, Facebook posts/emails, LinkedIn updates, YouTube video comments, and forum conversations. Websense recommends extreme caution with searches, wall posts, forum discussions, and tweets dealing with the topics listed above, as well as any celebrity death or other surprising news from the U.S. presidential campaign.

Scareware7. Scareware tactics and the use of rogue anti-virus, will stage a comeback. With easy to acquire malicious tool kits, designed to cause massive exploitation and compromise of websites, rogue application crimeware will reemerge Websense says. Except, instead of seeing “You have been infected” pages, they expect three areas will emerge as growing scareware subcategories in 2012: a growth in fake registry clean-up, fake speed improvement software, and fake back-up software mimicking popular personal cloud backup systems. Also, expect that the use of polymorphic code and IP lookup will continue to be built into each of these tactics to bypass blacklisting and hashing detection by security vendors. (Rival IT Security firm GFI Software proves Websense’s point by reporting a “new wave of fake antivirus applications (or rogue AV)” since the start of the year and are “a popular tactic among cybercriminals.”)

Related articles

 

Ralph Bach has been in IT long enough to know better and has blogged from his Bach Seat about IT, careers, and anything else that catches his attention since 2005. You can follow him on LinkedInFacebook, and Twitter. Email the Bach Seat here.

Category: Uncategorized | Tags: , , , , , , , , , , , , , , , , , ,
| November 17, 2011
One comment

Georgia Tech Predicts Cyber Threats For 2012

Georgia Tech Predicts Cyber Threats For 2012The Georgia Tech Emerging Cyber Threats Report for 2012 predicts that 2012 will feature new and increasingly sophisticated means to capture and exploit user data. “Our adversaries, whether motivated by monetary gain, political/social ideology or otherwise are becoming increasingly sophisticated and better funded,” said Bo Rotoloni, director of the Georgia Tech Research Institute‘s (GTRI) Cyber Technology and Information Security Laboratory (CTISL).

Search PoisoningWe can no longer assume our data is safe sitting behind perimeter-protected networks. Attacks penetrate our systems through ubiquitous protocols, mobile devices, and social engineering, circumventing the network perimeter.

Threats according to Georgia Tech

Search Poisoning – Attackers will increasingly use SEO techniques to optimize malicious links among search results so that users are more likely to click on a URL because it ranks highly on Google (GOOG) or other search engines.

Mobile Web based AttacksMobile Web-based Attacks – Expect increased attacks aimed specifically against mobile Web browsers as the tension between usability and security, along with device constraints (including small screen size), make it difficult to solve mobile Web browser security flaws.

Stolen Cyber Data Use for Marketing – The market for stolen cyber data will continue to evolve as botnets capture private user information shared by social media platforms and sell it directly to legitimate business channels such as lead generation and marketing.

botnetsWe continue to witness cyber attacks of unprecedented sophistication and reach, demonstrating that malicious actors have the ability to compromise and control millions of computers that belong to governments, private enterprises, and ordinary citizens,” said Mustaque Ahamad, director of Georgia Tech Information Security Center (GTISC).

Related articles

 

Ralph Bach has been in IT long enough to know better and has blogged from his Bach Seat about IT, careers, and anything else that catches his attention since 2005. You can follow him on LinkedInFacebook, and Twitter. Email the Bach Seat here.

Georgia Tech Predicts Cyber Threats For 2012
Category: Uncategorized | Tags: , , , , , , , ,
| June 15, 2011
Comments Off on Investigating Internet Liability Insurance

Investigating Internet Liability Insurance

Investigating Internet Liability InsuranceEnterprises now face the question of determining the right kinds of cyber insurance to buy in addition to the other traditional insurance that covers the risk of doing business. Internet Evolution asks, “What would you pay to be insured against data loss or theft“? While cyber insurance of all kinds has been around for a while, more firms than ever are seriously considering it, as data breaches, Web fraud, and security breaches continue to make headlines.

chubb_logoTracey Vispoli, global financial fidelity manager for Chubb, told Internet Evolution, “Although I would still characterize business interest in cyber insurance as emerging, we saw a 40 percent growth in firms securing some form of Internet liability insurance in 2009.” Chubb provides Internet liability and other insurance coverage for businesses worldwide. “I’ve been talking with several insurance companies now about entering the cyber-insurance area,” says Paul Sop, CTO for computer security and consulting firm Prolexic Technologies Inc.

For insurers like Chubb, the Internet provides an opportunity to develop new products to meet emerging business needs. For potential business clients, Internet insurance plugs gaps in coverage that current business insurance policies don’t address. The article says the gaps include:

  • Website-related losses,
  • Website copyright infringements,
  • Cyber-attacks and
  • Unauthorized online access to customer information.

We encourage companies to think not only about their Web-based assets but also about their entire technology base when they consider insurance,” Ms. Vispoli told Internet Evolution. This includes not only cyber-attacks that directly target the Website from the Internet but also breaches of confidential corporate data such as customer and employee records. Ms. Vispoli explained that at least 45 states require a company whose data is compromised to send out official notifications to all those affected.

Someone from the outside can hack into your employee or customer information, and then there’s the financial pressure of not only fixing the breach and taking action, but also of notifying potentially hundreds of thousands of individuals whose information has been compromised.

The article says that the cost of notification alone can be worth insuring, but there are other costs as well. As recently as five years ago, companies were not required to send out notices nor did they spend the amount of money that it takes today to bring in a forensics team to analyze a cyber breach and find the hack.

The cost of Internet liability and other e-commerce-related insurance varies, depending on the risk factors a given organization presents. Internet Evolution says one of the variables is the amount of online sales it books each year. Common types of cyber-insurance that are available today include:

  • Technology professional liability,
  • Media errors and omissions,
  • Telecommunications professional liability and
  • Computer information and data security liability.

We are seeing an aggressive trend in businesses subscribing to cyber-insurance, especially in industry sectors like healthcare, financial services, retail, services companies like hotel chains and media,” Ms. Vispoli said in the article. “Depending on the size of the organization, we might be contacted for coverage information by a Chief Security Officer, or possibly by a CFO or CIO.” All of them see growing exposures from e-theft, e-fraud, compromise of critical data, loss of goodwill, e-threats, and vandalism, denial of service, copyright infringement, and regulatory compliance issues.

What do you think?

Does your organization have cyber insurance?

Related articles

Ralph Bach has been in IT long enough to know better and has blogged from his Bach Seat about IT, careers, and anything else that catches his attention since 2005. You can follow him on LinkedInFacebook, and Twitter. Email the Bach Seat here.

Category: Uncategorized | Tags: , , , , , , ,
« Older Entries   Recent Entries »