Johannesburg, 17 December 2019 – Office 365 is a prime target for cyber criminals – and it’s not difficult to understand why when Microsoft announced this year that it has more than 180m active commercial users every month.Continue reading
In a private experiment at Worcester Polytechnic Institute, Amazon Web Services (AWS) got mud on their faces when a group of academics were able to sneak a peek at encryption keys temporarily stored in CPU cache. And in other news, HP has withdrawn from the public Cloud arena citing reasons of cloud-investment prudence. Oracle, on the other hand, are jumping in with both feet citing reasons of making loads and loads of money.
Wait, what? Encryption keys were stolen how?
Yes, a few well-intentioned professors were able to leverage an RSA encryption library vulnerability to scan the cache of the CPU on a machine hosting several VMs. After sifting through the heaps of information contained in said cache, they managed to glean the RSA encryption keys used by the adjacent VMs. Fortunately, their report reveals that this technique could be used on other multi-tenant cloud environments – unfortunately AWS were the lab mice this time around. The vulnerability has since been patched.
This illustrates how cloud security can be taken for granted. In an article by Network World, Yehuda Lindell, chief scientist and co-founder of security firm Dyadic, was quoted saying, “Although a difficult attack to carry out, this further highlights the fact that secret keys are vulnerable, wherever they may be. They are even more vulnerable in cloud and virtualised environments where you have less direct control. This specific attack may be prevented by appropriate patching… However, the type of attack is almost impossible to completely prevent.”
Since your backup solution is already a line of defence against data loss, you’ll need to ensure it cannot be easily compromised. So how does one attempt to “completely” prevent these types of attacks, especially concerning cloud-based backup?
So you see, your backup encryption keys might not be as safe as you thought. With all the other cloud-security considerations and mitigations to be aware of, if you can take these precautions, it will be one less thing to worry about in keeping your backup data safe from attack.
Johannesburg, 24 October 2019 – Redstor, the company disrupting the world of data management, will demonstrate at the Gartner IT Symposium/Xpo™ in Barcelona how a pioneering technology developed in South Africa slashes the cost of Office 365 protection.Continue reading
Whether it’s Rassie Erasmus, Steve Hansen, Warren Gatland or Eddie Jones devising a Rugby World Cup masterplan or an IT boss striving to provide his multi-million-pound organisation with a competitive edge, many of their decisions will be informed by data analysis.Continue reading