I hate it when corporate security is correct!

My laptop runs slow due to encryption.  I can’t use public file sharing sites like dropbox, google drive, etc.  Only some of the mobile functionality is enabled on my smartphone and it is not evenly distributed by operating system such Blackberry, iOS, and Android (due to security).  I don’t even know what we do with Windows Mobile OS?  All of this overhead, oversight, and security is cramping my style and agility and they are correct!

“When everyone is out to get you, paranoia is only good thinking. – Dr. Johnny Fever – WKRP in Cincinnati.

Corporate Security was correct in their thinking.  It looks like there are not just individual criminals and some less than ethical corporations out to get our corporate secrets, but the Chinese Government is actively working to steal them.  I found the NY Times article below unnerving.

I fully understand why governments feel they have the right to protect themselves from other governments.  And I’m willing to acknowledge that technology is part of warfare, but it appears China has bonded its defense strategy to its corporate strategy.  To me, a line has been crossed.  If you want to read the full Mandiant Security report, it is available, but I don’ think you sleep any better at night.  (http://intelreport.mandiant.com/).

Chinese Army Unit Is Seen as Tied to Hacking Against U.S.

On the outskirts of Shanghai, in a run-down neighborhood dominated by a 12-story white office tower, sits a People’s Liberation Army base for China’s growing corps of cyberwarriors.

:

Mandiant’s report does not name the victims, who usually insist on anonymity. A 2009 attack on Coca-Cola coincided with the beverage giant’s failed attempt to acquire the China Huiyuan Juice Group for $2.4 billion, according to people with knowledge of the results of the company’s investigation.

As Coca-Cola executives were negotiating what would have been the largest foreign purchase of a Chinese company, Comment Crew [Chinese Army Hacker Unit] was busy rummaging through their computers in an apparent effort to learn more about Coca-Cola’s negotiation strategy.

http://www.nytimes.com/2013/02/19/technology/chinas-army-is-seen-as-tied-to-hacking-against-us.html?pagewanted=all&_r=0

It appears to me, that if you are going to approach cloud for your corporate assets, you better be very sure that your cloud provider is as focused or even more focused on security measures as your own company.

Losses due to hacking have big dollars associated with them. According to HotForSecurity site, recent reports showed hackers earned $12.5 billion in 2011.  The top 5 incidents that were known are below.  I’m sure many others went unreported.

  1. $171 million – Sony
  2. $2.7 million – Citigroup ($4B in total losses)
  3. $2 million – Stratfor
  4. $2 million – AT&T
  5. $1 million – Fidelity Investments, Scottrade, E*Trade, Charles Schwab

http://www.hotforsecurity.com/blog/top-5-corporate-losses-due-to-hacking-1820.html

I can’t say what other cloud providers do or don’t do.  I can say that IBM, we always take security very seriously and push it down to the seemingly innocuous layers not just in the cloud data centers, but throughout the company.  And yes, that even means my laptop, iPhone, iPad, etc.  Keep in mind, it only takes one nasty e-mail or one invaded file from shared site to start the rift in your corporate security.

Yes, I still believe the future is cloud – IaaS, PaaS, and SaaS.  We just need to make sure we do it responsibly.  Later, I’ll discuss what we are doing at high level with our two public cloud solutions – SmartCloud Enterprise and SmartCloud Enterprise+ – to make them secure for enterprise computing including SAP.

About these ads

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s