Layered Tech Blog - Compliant Hosting & Cloud Insights

Holiday Security – Manage Your Risks

Published on November 20, 2012 in Security. Closed
Posted by Jeff Reich

Welcome to the holiday season! Along with the holiday cheer, parties, presents and spending come some risks of which we should all be aware. Situational Awareness is a phrase that some might not recognize. Situational Awareness entails being aware of your surroundings and environment and adapting your behaviors to address the risks being presented.

One special area of interest is web sites. Some web sites will present offers that seem too good to be true. If you cannot confirm that you are visiting a web site that you know and trust, be very wary of entering any identifying information about yourself, especially items such as account numbers, social security numbers and credit card numbers.

Another problem that is related to web site scams is unsolicited email messages. My simple recommendation for this is that any email message that you receive and was not the result of a request on your part, asking for information or prompting you to click a link should be deleted.

In both of these cases, should any situation persist, at a minimum, you can report the offending web site or message to abuse@domain.com where domain.com is the end segments of the sender’s email address or of the web site in question. Should you believe that a crime has been committed, contact law enforcement. At Layered Tech, we manage inbound abuse complaints for most of the domains hosted by use and we take complaints very seriously.

One bit of data that the bad guys would like to get is your Credit Card information. I have already talked about being cautious on web sites and with email. The same cautionary tales apply to unrequested telephone solicitors. One of your better defenses against credit card fraud is to examine your charges often. I make it a point to examine all of my credit card charges at least five times per week. As soon as I see a charge that is suspicious, I notify the credit card company. Most are very willing to work with you on fraud issues.

If you do not have a Smartphone or Tablet, you may be receiving one this holiday season. Between apps that allow you to shop, bank and engage on social media, your device contains a treasure trove of data. Regardless of when you get your device, I recommend taking the following measures:

Lock it – Most devices have either a swipe pattern or PIN or password capability. Activate this feature as soon as you have your device. A longer password is better than a four-digit PIN and a complex swipe is better than a simple one.
Backup your data – Whether through your synchronization software or other means, do this often.
Hang on to your device – If they don’t have it, they can’t use it.
Determine how to find it – Using Find My iPhone, Where’s My Droid, Plan B, Lookout or similar apps will allow you locate, message and even wipe your device clean of data, should you lose it. Of course your data is still backed up if you followed the second step.
Report missing devices – Your carrier and local police department may be able to take steps to locate or prevent reuse of your device.

Knowing that you are aware of your surroundings and the value of your data allow you to be a happy and safe holiday consumer. Here’s to a great start to the holiday season this year!

Image Credit: 401(K) 2012

About the Author: As Chief Risk Officer at Layered Tech, Jeff Reich (@LayeredTechCRO, +Jeff Reich) drives the company’s security and compliance services and guides risk mitigation efforts for clients. With more than 30 years of experience, Reich is a well-known risk management and security expert in the industry. He holds CRISC, CISSP and CHS-III certifications and is an ISSA Distinguished Fellow.

FISMA Compliant Business Solutions for Federal Government

Published on November 15, 2012 in FISMA Compliance. Closed
Posted by Carody Lavender

When is a cloud business solution right for your agency?

An interview with Suzie Adams, Federal Chief Technology Advisor for Microsoft

This week, Microsoft Dynamics announced the availability of new cloud-based business solutions built specifically for federal government agencies. These solutions are delivered through a FISMA-compliant, federal-only infrastructure environment hosted by Microsoft partner Layered Tech. The solutions provide agencies with a private and secured cloud hosting environment built specifically to deploy mission critical solutions, enabling federal agencies to collaborate, manage data, improve processes, and access actionable business intelligence, while taking advantage of the flexibility, security, performance and cost savings of a cloud delivery model.

The FutureFed blog team had the opportunity to catch up with Susie Adams, Microsoft’s Federal Chief Technology Advisor, to help give some perspective to this announcement and answer a few questions on cloud offerings for federal agencies.

READ THE FULL BLOG HERE.

Update on Layered Tech’s Acquisition of NEW WORLD APPS

Published on November 13, 2012 in FISMA Compliance. 1 Comment
Posted by John Streeten

We are now 90 days into the merger of Layered Tech and NEW WORLD APPS, so we thought it would be helpful to send out an update from the front lines: How is the integration going?

In short, the integration is going great! Through a lot of hard work from both the Layered Tech and the legacy NEW WORLD APPS teams, we are proud to say both sides remain very excited about the combination, and morale is very high. NEW WORLD APPS is being run as a separate division of Layered Technologies targeting U.S. federal government customers. Our focus on security and compliance has been galvanized even further and these added capabilities have catapulted Layered Tech to a higher level.

FedRAMP Status – NEW WORLD APPS has established a strong leadership position in the FedRAMP certification process. FedRAMP is the newest U.S. federal government security compliance guideline for Cloud solutions. NEW WORLD APPS is positioned well to be among the early Cloud Service Providers being considered to go through the FedRAMP certification process.

Sales Synergy in Action – Last week, a major federal agency awarded a new contract to NEW WORLD APPS to host a complex FISMA-compliant solution. This contract resulted from an existing long-term customer of Layered Tech’s that is now penetrating the federal government market, and that needed experienced FISMA-compliant Cloud expertise. A win for the customer, a win for Layered Tech, and a big win for the government which can now deploy an excellent solution in a FISMA-compliant SaaS model instead of deploying their application on-premises!

Microsoft Partnership – NEW WORLD APPS has been partnered with Microsoft for over a decade, providing managed hosting and Cloud services for public sector customers on Microsoft’s many technology platforms. NEW WORLD APPS plays a critical role for the Microsoft Public Sector team, and is Microsoft’s ISV Cloud Incubation Center for public sector. Lots of great things are happening between Microsoft and NEW WORLD APPS, with many exciting new announcements in the works. Stay tuned!

About the Author: As President of Layered Tech’s U.S. Federal Division, John Streeten leads Layered Tech’s Ashburn, VA-based sales and engineering teams targeting U.S. federal government customers. As co-founder of NEW WORLD APPS, John has a background in both finance and marketing and has worked in the hosting and cloud industry for over 15 years.

5 Questions to Ask Your Cloud Service Provider

Published on November 7, 2012 in Cloud Computing. Closed
Posted by Kevin Van Mondfrans

Quite often, cloud service providers neglect to make security and compliance of their cloud environments their responsibility. Many service providers leave it to the client to manage their own security. This is not ideal. The client cannot control all elements of the environment and is at a disadvantage. It is startling to me, that 69% of cloud service providers do not believe that security is their responsibility, and even more, do not offer easy to implement security controls as a service according to the Ponemon Institute in 2011.

Why should you care?

Cost of a data breach is $214/record. This adds up when multiplied by thousands of records.
Cost of non-compliance is 2.65 times higher than the cost of compliance.
In 2011, 22.9 million records were exposed as a result of hacking, and 81% of those records included social security numbers.¹

Given that a data breach can be costly or even devastating to a business we believe there are 5 questions you need to ask your service provider. I walk through these questions in my video blog.

Compliance in the Cloud: 5 Questions to Ask Your Service Provider

[1] 2011 Breach List, Identity Theft Resource Center

Photo credit: Primus Pares

About the Author: As Vice President of Product Management at Layered Tech, Kevin Van Mondfrans (@VANMONDFRANS | +Kevin Van Mondfrans) is responsible for driving the Layered Tech portfolio of infrastructure as a service (IaaS) and managed service offerings. With more than 20 years of experience product development and marketing, Kevin has been delivering innovative computing, storage, cloud and service offering with companies such as HP, Dell, and Savvis.

How Much is Your Data Worth?

Published on November 1, 2012 in Security. Closed
Posted by Jeff Reich

Everyone knows that a lot of information about each of us is floating around various segments of the internet. The prevalence of online shopping, social media and portable computing has made us comfortable with this and in many ways that is a good thing for commerce, society and individuals. Many of us feel very confident in the controls that exist to protect data about us and in most cases that confidence is well founded.

October is Cyber Security Awareness Month and this is a great time to address this topic. Unfortunately, as a result of conditions, attacks and social engineering, components of our information slip out of the control of those that we trust. When this happens, those with motives less honorable than those of most of us will choose to take advantage of the situation.

This is when the value question comes into play.

What would you do if you were told that your information was being held and could be disclosed to others or, in some cases, withheld from your use unless a demand is met?
What can you do about this?

First of all, try to do all you can to limit the amount of data that you share with others. You do not always have to give everything requested to everyone requesting. Another technique that could help limit your exposure is being less than truthful when you do not have to be completely honest. Now, I am not suggesting that any of us lie, outright, but consider when and how data is used.

When you sign up for a service of some sort and you are asked for your “security questions” think about using answers that won’t allow someone to gather more information about you than is absolutely necessary. For example, many of you identify your city of birth in a public place like Facebook. With that information, that is rather available, someone could easily guess the answer to at least one of your security questions on another site. For that reason, rather than always entering your actual city of birth, consider mixing up your answers (of course, the more complex you make this, the more you need to track).

If you enter your city of birth as the North Pole, no confirmation will occur and as long as you remember that you used “North Pole” for that site, the chances of someone being able guess your answer will be greatly reduced. This is just one example and will be best used if you add your own creativity to it.

On the downside of captured data, recognize that at some point, some of your data will be taken hostage or withheld. Work on your plan to respond to that. Demand that your merchants and providers demonstrate that they meet or exceed industry standards and are protecting your data. In that vein, remember to not volunteer information unnecessarily. One example in that area is that most healthcare providers ask for your social security number when you start as a patient. I always decline to supply that and I have never lost the opportunity to use a healthcare provider that I wanted to use.

I believe that it pays to play close attention to your credit reports and related activity. The sooner that you notice anomalous activity, easier it will be for you to prevent further damage and repair what has happened.

Go have fun on the internet and let’s be safe and aware out there!

Image Credit: garethjmsaunders