11 September, 2012

Data Security in the Cloud: Who's Responsible & How Does It Happen?


Does your company use a cloud service to store sensitive or confidential data? If so, where does the responsibility lie for keeping that data secure? These are a couple of the questions addressed in a new study released by Thales e-Security. The study, titled "Encryption in the Cloud," also focused on data encryption with cloud solutions and where such encryption is applied.
One of the big surprises in the survey data comes from how many companies are using the cloud for sensitive or confidential data: nearly half, 49 percent, of respondents do so currently, and another third said their companies likely would do so within the next two years. With that amount of sensitive corporate data going to the cloud, data security must be a primary concern -- or so you might think.
Another section of the survey, which was conducted by the Ponemon Institute, looked at where companies felt the responsibility fell for keeping safe that data they were sending to the cloud. Here, 44 percent of respondents said they felt the primary responsibility for data security was with the cloud provider, while only 30 percent thought primary responsibility was with the data owner (i.e., the company that's sending sensitive data to the cloud). Another 24 percent thought there should be a shared responsibility.
 
I would have thought that businesses that had strong concerns for the security of their data would have answered more towards keeping responsibility for themselves, or possibly sharing responsibility -- after all, regardless of where the data is, your company is still the one on the hook if your customers' data gets loose. When you couple that possibility with another finding from the research -- namely, that 63 percent of respondents said they had no idea what security measures cloud providers used to secure the sensitive data entrusted to them -- it begins to look like companies are simply taking an easy solution by sending data to the cloud and washing their hands of responsibility. They're hoping the hammer of data loss won't fall on them.
Richard Moulds, vice president of product management and strategy for Thales e-Security, had another possibility in mind. "It may be the case that the companies that are sending data to the cloud today are the ones that are encrypting it themselves and keeping hold of the keys," he said, "and therefore have a pretty high security posture and feel pretty good about it because they know that they are in control." Key management is, uh, key, according to Moulds, when using encryption: Make sure you're not storing the key with the encrypted data.
"Encryption is a very definitive approach to security," Moulds said. "It's either encrypted or it's not, it's black or white. It's a very binary type of security. I think that's why regulators like it -- it's the reason it's mandated in policies like PCI DSS. Mandating the use of a firewall is a bit wishy-washy because you can have a good or bad firewall. You don't see the use of firewalls or intrusion detection as factors in data breach disclosure law." Of course, when considering a cloud solution, data encryption can be applied at different points: on the customer side before transmission; during transmission; or in the cloud itself.
 
Regardless of which method (or methods) you choose, Moulds believes it's important for the enterprise to maintain control of the encryption keys. "I can imagine a world where data is shared with the cloud in encrypted form and is selectively decrypted by the enterprise giving out keys on demand to cloud providers or applications in the cloud -- then they can do something with that data. So the data is still, as it lies, protected. It's protected by default, and it's selectively unprotected just to the point of use," Moulds said.
The level of control Moulds envisions is not, perhaps, borne out by the survey data of what businesses are currently doing -- but then, he did say he was imagining. Encryption is clearly useful for protecting data, but James D. Brown, CTO for StillSecure, believes that taking a layered approach to security is best, whether in the cloud or on the local network. Brown also said he felt the job of managing data security should be in the hands of security experts.
"Security really needs to be a 24 by 7 operation," Brown said. "It's not something where you set up a product and leave it sitting in a closet somewhere and check it once in a while. If you do that, chances are you're going to be attacked and compromised and you'll be looking at that information after the fact. It really needs to be monitored 24 by 7, and it needs to be monitored by experts, and it needs to be deployed by experts."

As more companies move important chunks of their business processes and corresponding data to cloud providers, questions about cloud security can only increase. If you're interested in more findings from "Encryption in the Cloud," be sure to download the complete report. And if you're interested in a little extra chilling factor, consider this: This study addresses the data organizations knowingly transfer to cloud sites; it doesn't consider the corporate data your employees might be sending to personal data sharing sites, and the related risks associated with such behavior. That, of course, is a topic for another day.
Ref: http://www.windowsitpro.com
 
 

What Windows PowerShell cmdlet adds a VHD to a virtual machine in Windows Server 2012


The correct PowerShell cmdlet to use to add a virtual hard disk (VHD) to an existing virtual machine (VM) in Windows Server 2012 is the Add-VMHardDiskDrive cmdlet. Here's an example showing its use on IDE:
Add-VMHardDiskDrive -VMName -ControllerType IDE -ControllerNumber 0 –Path "" -ComputerName
To read more on the Windows Server 2012: http://www.windowsitpro.com/windows-server-2012 

10 September, 2012

Excel 2010: Insert / Data menus greyed out, can’t click on PivotCharts / PivotTables

Now group mode is very useful when you are editing several worksheets at once, all changes you make to one worksheet are made to all others in the group as well, but certain functions, such as all “Data” tools are disabled.
I was playing around with Excel spreadsheets and wanted to perform some filtering but for some weird reason all items in the quick access toolbar under “Data” was not available to me.
Resolution:
Here is the article which resolves my issue:

Unable to See "+" and "-" Group/Ungroup in Certain Excel Worksheets

When I select and Group multiple rows, I cannot see the "-" (collapse) or the "+" (expand) signs on the left of the spreadsheet.  This happens for both Rows and Column groups.  This happens for only certain Tabs (Worksheets) within the Workbook.
OR I have grouped some columns, but now I can't see the button on the top of the grouped ones. I tried to group/ungroup again and, as there were some hidden rows, I tried to unhide them all and it is still not working.
OR how do you group and ungroup rows or columns in new Excel?
Resolution:
Show or hide outlined data

1. If you don't see the outline symbols 1,2,3, +, and -, click the Microsoft Office Button, click Excel Options, click the Advanced category, and then under the Display for this worksheet section, select the worksheet, and select the Show outline symbols if an outline is applied check box.
2. Do one or more of the following:
Show or hide the detail data for a group
  • To display the detail data within a group, click the + for the group.
  • To hide the detail data for a group, click the - for the group.
Expand or collapse the entire outline to a particular level
  • In the 1,2,3 outline symbols, click the number of the level that you want. Detail data at lower levels is then hidden.
For example, if an outline has four levels, you can hide the fourth level while displaying the rest of the levels by clicking 3.
Show or hide all of the outlined detail data
  • To show all detail data, click the lowest level in the 1,2,3 outline symbols. For example, if there are three levels, click 3.
  • To hide all detail data, click1.

Office File Validation detected a problem while trying to open this file. Opening it may be dangerous

When you open Microsoft Office 97-2003 binary file (such as .doc) the file is compared to a binary schema. If the file fails this validation, you are notified that the document could be considered to be compromised. In Office 2003 and in the 2007 Office system, you are prompted about the file status and can decide to cancel opening the file or to continue to open the file.
Office File Validation detected a problem while trying to open this file. Opening it may be dangerous.
Resolution:
Resolution is very simple and Million thanks to Microsoft’s Office Product team for publishing this fix: http://support.microsoft.com/kb/2501584

This fix is available for:
Disable Edit in Protected View: Excel 2010, PowerPoint 2010, Word 2010.

Enable Edit in Protected View: Excel 2010, PowerPoint 2010, Word 2010.

For Office 2003 and 2007 Office system

Disable the opening of documents
Excel 2003 and 2007, Word 2003 and 2007, PowerPoint 2003 and 2007

Enable the editing of documents
Excel 2003 and 2007, Word 2003 and 2007, PowerPoint 2003 and 2007