FAST’s Chief Executive John Lovelock explained the inspiration behind the CIF. With the increasing reach of the cloud industry and the involvement of global corporations as well as independent firms, the need for a code of conduct and clear service definitions is seen as clear justification for the CIF. Lovelock believes that this will allow businesses seeking cloud computing services to assess their potential industry partners against uniform criteria and certification. Lovelock also stated that the aim of a code of conduct would be to improve cloud computing standards across the board, with benefits for all parties involved.

The list of CIF members is yet to be released and is the subject of much debate. The reputation of FAST suggests that many of the larger cloud computing providers will be central to the CIF’s operation. However, consultation with the industry as a whole is expected to be a core concern of the CIF and the requirements of current and future clients will need to be addressed in order to ensure its success.

CIF chairman Andy Burton emphasised the importance of co-operation and coexistence with the industry. The CIF would have to act in accordance with these ideals and avoid becoming a dictatorial centralised body. Burton also focused on the need for the development of an identifiable image for cloud computing. This would allow customers and clients to instantly relate to a seal of approval. He cited the example of the padlock symbol, which almost universally represents a secure connection when internet users are shopping online.

The sustainability of the cloud computing industry will rely on customer confidence and a focus on security. Any move towards market visibility and industry cohesion will almost certainly be of considerable value for all parties.

Cloud computing code of conduct under development is a post from our Online Backup blog. Contact us today for business continuity consulting.

Phishing sites have also seen a shift in focus. UK customers have been targeted by fake sites claiming to offer tax rebates from HM Revenue and Customs. Tax-based phishing was up by 70% in October according to the report and on October 13th, HMRC phishing emails accounted for 81% of all UK spam. Other phishing efforts were largely centred around pharmaceutical-based products and software.

The Symantec-owned MessageLabs published statistics showing that in excess of 3000 new sites were being created by spammers every day, with some 500 million daily spam emails sent by various botnets. October also saw an increase in the number of emails with attached malware stored in a ZIP file, rather than a link to a site containing the malware. This practice had become less common in recent months, but appears to be on the rise once more.

MessageLabs’ Paul Wood explained the key findings of the report, outlining the ever changing methods of spammers and phishing sites, which are now targeting webmail services and social networking sites. It is the prolific use of email addresses as a means of authentication on a variety of sites such as eBay and Facebook that makes these such desirable targets for attackers. Mr Wood also explained that the increase in spam and phishing around the holiday season has as much to do with criminal competition as with increased online spending.

Online security provider McAfee Inc. has also recently released its quarterly report. This highlighted the problems caused by new peer to peer file sharing sites promoting the spread of malware. This has been exacerbated by the closure of The Pirate Bay, a popular file sharing site, leaving a gap in the market for phony sites which seduce those looking for pirated material.

Increased vigilance and care in the run-up to Christmas is clearly going to be important in remaining safe online.

Hackers and spammers preparing for holiday season warns MessageLabs is a post from our Online Backup blog. Contact us today for business continuity consulting.

At first, users were faced with a statement indicating that there was a high likelihood that all of their personal data – which was stored using a cloud computing system – had been destroyed. Users who still had the information stored locally were encouraged to restore their data to the repaired servers.

In an open letter to Sidekick owners, Microsoft’s Corporate Vice President Roz Ho stated that after extensive rebuilding and repairs to the damaged systems, Microsoft has been able to completely restore all of the lost data. Outside observers have responded with scepticism, questioning the motives of Microsoft’s actions in the face of widespread criticism.

It was a Microsoft-owned company, Danger, that provided the platform for the Sidekick data storage, but Microsoft has been swift to distance itself from the events that lead to the data loss. It has indicated that the cause of the loss was Danger’s use of a non-Microsoft platform which was independent of Microsoft’s own cloud computing technologies.

Critics see this as Microsoft taking the opportunity to claim credit for restoring the data whilst denying responsibility for the loss itself. Since Danger was bought by Microsoft over a year before the Sidekick scandal, commentators have expressed surprise that Danger was not encouraged to integrate Microsoft technologies into its backup systems.

Mainstream news providers have widely publicised Microsoft’s version of events, although there is little doubt in the minds of some that Microsoft’s disowning of Danger’s platform at the first sign of trouble does not bode well for other Microsoft-owned enterprises. Some would argue that towing the company line in the future may mean granting Microsoft plausible deniability in the face of large scale data loss or similar catastrophe.

Microsoft claims to have recovered Sidekick data is a post from our Online Backup blog. Contact us today for business continuity consulting.

Mr Benn was allegedly unaware of the loss until October 28th when whistle-blowers leaked the story to the press. Mr Benn also said that since the loss had occurred, 35 of the data tapes had been recovered. This still leaves 3 tapes and the CD unaccounted for.

The personal information stored on the tapes relates to the banking details and other sensitive data of farmers registered with DEFRA. The loss could put at risk the livelihoods of hundreds of agricultural workers. However, Mr Benn reassured farmers in a statement on Friday that there was very little likelihood of the data being accessed by outside parties.

The data itself is encrypted and thought by DEFRA officials to be unreadable by anyone other than sanctioned members of Rural Payments Agency (RPA) staff. According to Mr Benn, the low threat level explains why he was only recently alerted as to the loss.

Mr Herbert countered the assurances by calling for an investigation into the data loss. This would aim to establish publicly who discovered the loss, when DEFRA officials were informed and why Mr Benn was apparently left in the dark for so long. Tim Farron of the Liberal Democrats went even further than Mr Herbert, using the opportunity to attack the government for a perceived lack of competence in the handling of personal data across all of its departments.

National Farmers’ Union President Peter Kendal spoke out for the affected group. Rather than criticising the government directly, he echoed Mr Herbert in calling for an explanation. Understandably Mr Kendal also called for an assurance from DEFRA and the RPA that the remaining tapes would be recovered in the near future.

The lack of a dialogue between department officials, their ministerial representatives, the Commons and the affected group of farmers has, once again, highlighted the need for robust data management and security practises, whether in government or indeed in the private sector.

DEFRA admits to data loss but denies cover-up is a post from our Online Backup blog. Contact us today for business continuity consulting.

Chris Rogers, a reporter for the popular current affairs program, found that he was able to obtain medical records for around £4 each. Rogers was offered the chance to pick up in excess of 10,000 records if he was willing to make the trip to India. It was also made clear that these records originated from private organisations and not from the NHS.

A senior manager of the NOA’s offshore arm defended offshore data storage, asserting that location had little to do with the security of private data. Mark Kobayashi Hillary suggested that outdated security at a small number of offshore locations was the primary risk factor and that any such loss should be regarded as a data crime rather than an inherent issue with outsourcing.

Hillary went on to explain that the companies approved by the NOA worked in paperless environments and did not allow external access to email in order to avoid any chance of data theft or loss. He also reassured UK clients that the NOA would only deal with established, reputable offshore companies in order to guarantee the integrity of personal data.

Hillary was, however, forced to admit that while the issues exposed in the report were not solely related to outsourcing data storage to offshore providers, some offshore facilities were still suffering from archaic security, making it relatively easy for cybercriminals to steal from them.

Ultimately the revelations should lead to increased security and stability in the industry. The NOA followed up Hillary’s statements by suggesting that the outsourcing industry should require its offshore partners to reveal their country of origin and the specifics of their operating procedures. It was also suggested that increased transparency in the operation of offshore data processors would help to reduce the risk and occurrence of data theft.

National Outsourcing Association defends industry in medical records scandal is a post from our Online Backup blog. Contact us today for business continuity consulting.

The first two techniques both involve the conversion of public data into private data; primarily by direct means and also through cumulative data strategies. This involves extrapolating private data from existing public data through combining various pieces of personal information. This can be used to find out credit card numbers, amongst other things.

The last of the trio of techniques is frequently used by the media in building stories from limited information. By collating data from various sources it can be possible to analyse and construct a larger picture. Thomson used the example of multiple executives from the same company seeking recommendations simultaneously. This would suggest that they were jumping ship to avoid disaster at a particular firm, rather than simply looking for a career change. This shows how publicly available data can be used to form a picture of a private individual’s situation if publicised carelessly.

Thompson identified one final weakness relating to online password systems operated by many sites. The ability to reset the password of an account with minimal information, often only the email address of the user, by using the ‘forgotten password’ function, is ripe for exploitation. Former Republican vice-presidential nominee Sarah Palin was subjected to an attack of precisely this nature during last year’s campaign.

Thompson did not offer solutions to all of the issues he raised. Rather, his intention was to raise awareness of the wider issue of personal data protection. One suggestion that anyone can follow in assessing their own vulnerability is to spend some time Googling their own name. Thompson believes that many will be dismayed as to the level of information that can be identified in this way, much of which could prove useful to a potential identity thief.

Consumers still failing to protect their own personal data is a post from our Online Backup blog. Contact us today for business continuity consulting.

As such, Windows 7 has a significant amount of ground to cover in order to be seen as a secure and stable platform for business. Whilst Windows 7 offers significant security improvements over XP, including rigidly defined user and admin accounts, it is an amelioration rather than a revolution when compared to Vista’s security architecture.

The User Account Control, which in Vista would mollycoddle and irritate users with persistent alerts and warnings, can be significantly toned down in Windows 7. Applocker replaces the Software Restrictions Policies of the past in order to control desktop-based program access. Bitlocker and Bitlocker To Go have had their encryption interfaces simplified to make them easier to use. There is also a Data Recovery Agent built into Windows 7 which should make backing up and restoring data less onerous. However, since a large scale data loss has yet to take place, the mettle of DRA has yet to be tested.

Microsoft has been keen to emphasise the continuing downward spiral in vulnerabilities exhibited in their operating systems since SP2 was released for XP. Thanks to the Security Development Lifecycle (SDL) Microsoft claims to have demonstrably reduced vulnerabilities and has quickly patched issues as they occurred. With Windows 7, Microsoft hopes to further enhance its reputation for security.

However, Dunn and others remain sceptical about the downward trend in vulnerabilities. Vista was never really tested because of the relatively insubstantial number of businesses that bought into the platform. Windows 7, with its assured popularity, will become a far more significant target for hackers. With so much new code to scrutinise, the security of Windows 7 will undoubtedly be sorely tested over the coming months.

Windows 7 set to improve security is a post from our Online Backup blog. Contact us today for business continuity consulting.

Guardian Jobs spokesman Charles Arthur expanded on the specifics later in the day. He and his colleagues were keen to emphasise that the breach was instigated purposefully and was not caused by an incidental failure in their security systems.

The attack appears to have been fairly limited, with a relatively small group of Guardian Jobs users receiving emails to advise them that their data may have been accessed. In most cases the only salient information stored on the site is a user’s CV, email address and a covering letter for prospective employers. Whilst this information is generally considered to be benign, Arthur urged those affected to contact the Credit Industry Fraud Avoidance System (CIFAS). By doing so, any fraudulent use of a user’s name or address can be quickly identified.

The separate US site, guardianjobs.com, remains unaffected. This is because it is operated independently by third parties and in no small part because the user information is stored on separate databases to those used by the UK site. The UK operator, Madgex, has already instigated enhanced security measures in order to block any future hack using the same method as the recent breach.

Based on the limited information that has been made available to date, it appears that Guardian Jobs is keen to spread the word that although the attack was serious in its nature, it has not exposed every user of their online employment service by any means. Over the next few days, a technology director working for the site claims that they will be able to determine the total number of users affected. This process will also involve purging any automatic, false and duplicate emails from their systems.

To outside observers the target of the hack is an enigma in itself. Since the Guardian Jobs website should not hold financial data relating to users and because the number of affected users appears to be limited, the true nature and intent of the hack may never come to light.

Personal data at risk as Guardian jobs website is hacked is a post from our Online Backup blog. Contact us today for business continuity consulting.

Of the IT professionals questioned, 28% already worked for an organisation which had switched to a virtualised IT platform. A further 67% of those yet to make the leap were preparing for virtualisation over the coming year.

When asked why virtualisation was riding high on the list of priorities, the vast majority of those questioned cited the amelioration of the available disaster recovery choices afforded by a virtualised environment. Storage Area Networks (SANs) were also seen as integral to the development of virtualised infrastructures, with 30% already utilising SANs within their organisations.

One of the Storage Expo’s keynote speakers echoed many other industry experts in his analysis of the significance of virtualisation. John Abbot of The 451 Group spoke before the expo began, citing the benefits of the separation of workload and hardware that a virtualised environment facilitates.

Abbot continued by highlighting the cost benefits of virtualisation which go hand in hand with the flexibility of a virtualised platform. Without the need for hardware costs, upgrades or redundancy contingencies, virtualisation can have a positive financial impact.

Abbot did, however, point out that for businesses new to the concept of virtualisation, the preparation and planning for the switchover could be seen as an insurmountable obstacle. That said, with such a large proportion of the professionals questioned in the report before the expo ready to make the switch, it seems that the positive aspects of virtualisation far outweigh the associated learning curve. It is the potential for automated backup, disaster recovery and business continuity which many believe will signal the explosive growth in virtualisation.

Virtualisation is top of agenda for disaster recovery is a post from our Online Backup blog. Contact us today for business continuity consulting.

Andrew Storms, Director of security operations for nCircle Network Security, was quick to comment once the updates were announced. In a typically cryptic fashion Microsoft offered very few details about the updates before the release date and so security experts were forced to speculate about the content of such a gargantuan release.

Storms suggested before the release that the most desirable update would address the vulnerability of Server Message Block Version 2 (SMBv2). Shortly after this print sharing protocol was unveiled in early September, malicious code exploiting a weakness in SMBv2 was produced. Thankfully SMBv2 is just one of the many flaws that have been patched in the extensive updates. Since its release, various sources have highlighted other critical inclusions, such as the improvements in the security of Internet Explorer 8 when running on the new Microsoft operating system.

The updates should be considered critical by both consumers and businesses running Windows platforms and servers. Several of the updates address vulnerabilities in common applications such as Windows Media Player and the Microsoft .NET Framework which could otherwise allow remote code execution. Storms spoke of the level of care and diligence needed when dealing with the new updates. The sheer volume of the data contained within the security updates requires careful scrutiny. However, with not all of the updates classed as critical, there should be some leeway for phased implementation.

As Windows continues to be an ever popular target for digital attacks, such updates will doubtless continue to appear. Windows 7 is one of the most important releases from Microsoft in many years and as such all eyes will be on its ability to cope with security threats.

Microsoft releases largest ever updates is a post from our Online Backup blog. Contact us today for business continuity consulting.