Tuesday, May 24, 2011

LOYALTY

IF …

YOU WORK FOR A MAN,
IN HEAVEN’S NAME, WORK FOR HIM;
SPEAK WELL OF HIM AND
STAND BY THE INSTITUITION HE REPRESENTS

REMEMBER …

AN OUNCE OF LOYALTY
IS WORTH A POUND OF CLEVERNESS

IF …

YOU MUST GROWL, CONDEMN AND
ETERNALLY FIND FAULT,
RESIGN YOUR POSITION
AND WHEN YOU ARE ON THE OUTSIDE,
DAMN TO YOUR HEART’S CONTENT

BUT …
AS LONG AS YOU ARE A PART OF THE INSTITUITION,
DO NOT CONDEMN IT
IF YOU DO,
THE FIRST HIGH WIND THAT COMES
ALONG WILL BLOW YOU AWAY,
- Elbert Hubbard

Wednesday, May 18, 2011

BizCloud Overview of Top 10 Security Threats of Cloud Computing

From BizCloud Computing Security Watch: Cloud computing is the next big thing in technology arena and it has the potential to grow immensely thorough continuous innovations which we are still unaware of. It provides tremendous opportunities in reducing the costs as well as helping businesses to concentrate on their core business goals, relying on a third party provider to manage its computing resources.

Even though the potential that cloud computing provides is flourishing the business, there are still mixed feelings among customers about implementing the Cloud, mainly due to the underlying security threats & risks. These cloud security issues if not properly addressed can impact the business in a significant way.

Cloud Security Alliance and Gartner published several research reports addressing cloud computing security issues. There are numerous risks that can hamper the integrity of a Cloud Infrastructure, but here we will focus on those that emerged as the Top 10 Security Threats and Risks of the cloud.

1. Abusive use of Cloud Computing Resources:

Cloud computing technologies can be used as a platform for launching attacks, hosting Spam/Malware, software exploits publishing and for many other unethical purposes. Cloud computing service platforms, especially PaaS with its enhanced service portfolio and the independence, allows anyone to propagate their malicious intent. IaaS based perforations are also picking up pace with PaaS. Cloud computing service providers normally provide literally anyone with a valid credit card to avail their services, thus opening wide horizon of users to facilitate from their platform; malicious hackers & crackers cannot be filtered easily from that large pool of users.

2. Privileged Access & Malicious Insiders:

Cloud computing provides flexibility by outsourcing the services, but it also brings inherent risks of malicious insiders and abusive use of login access by an unauthorized person. The customer’s security controls remain outside the cloud security mechanism and customer has no control over the service provider’s internal security control. This brings substantial risk where any infiltration of such sort can deliver organization a great deal of loss in terms of financial, productive and /or brand image depreciation.

3. Insecure API’s:

Cloud computing vendors provide APIs for customers to interact and avail services and often the customers using these APIs are offering much more services based on them to facilitate their own customer base. Cloud APIs with weak authentication and access control can jeopardize the confidentiality, integrity and availability of the pertaining customer. As the services are spread over vast domain of users, any vulnerability in the API can be exploited for malicious intents.

4. Shared Technology and Data Segregation:

Public cloud infrastructure components are typically not designed for compartmentalization and are prone to vulnerabilities than can be exploited. There might be scenarios where an attacker tries to gain unauthorized access or excessively use the resources which can affect the performance of other user residing in the same infrastructure. One of the prevailing cloud security issues is the lack of encrypting schemes which can dent the integrity of the data stored and absence of proper controls can make the data totally unusable.

5. Identity or Service Theft:

Account or service credentials if stolen can jeopardize the confidentiality, integrity and availability of the entire services linked with that account. It’s just like giving the keys of all cloud resources to the attacker. Furthermore cloud computing service theft can be used for array of attacks which take illegal benefit of the user’s cloud infrastructure as their launching platform.

6. Data Loss:

Cloud computing architecture provides greater challenges in controlling and mitigating risks due to its unique framework and operational attributes. Data in the cloud is prone to so many threats, such as deletion of record, loss of encryption key and weak encryption, resulting in corruption of data. Any organization no matter how big or small relies heavily on data, and any puncture, trespassing by an unauthorized person can have devastating impact on business.

7. Forensic Support:

In cloud computing, it’s very difficult to get forensic evidence in case of a breach or incident because your data might be spread across many different hosts & data centers and possibly reside in a multi-tenant environment. Usually the applications deployed on cloud computing service models are designed without data integrity and security in mind hence being left with vulnerabilities & security issues. Contractual support by the provider for investigation on when and where the incident occurred is a must have clause in the Service Level Agreement otherwise a business can be exposed to serious threats.

8. Geographical Location of Data and its Recovery:

There is a big question mark when it comes to geographical location of data in the cloud computing environment. The data can be stored on many severs, in different locations, possibly different cities, even different country or continent. In case of a disaster, systems with no Disaster Recovery Plan and no Business Continuity Plan to ensure that business runs smoothly again are most vulnerable to failure. There might also be legal or government regulations involved in recovering data if the data is hosted in a different country. This can get tricky if there has been a breach or a criminal act associated with that specific data.

9. Regulatory Compliance in Cloud Computing:

Cloud computing services have certain benefits for an end user. But what about the internal control, compliance, internal security procedures and patch updating of all applications? Lack of adherence to regulatory compliance is a serious risk considering that provider is the custodian of your data. In case of an incident, providers who are not complying with regulatory standards and not providing the auditing and logging of data, leave the customer with high risk profile and it’s a cloud computing security issue worth considering.

10. Stability of the Cloud Provider:

Perhaps this is not a security risk but it’s a very threatening risk if the provider is not financially stable enough to sustain the operations as per the goals of the customer. A cloud computing provider if swallowed up by a merger can ring bells for the confidentiality, integrity and availability of data. Absence of a Recovery Plan resulting by a disaster or a complete shutdown can affect the operations of the customer until it’s recovered. Any cloud computing provider with meager financial stability, lack of back-up infrastructure and no long terms plans to complement the needs of the customer is a definite risk for any mission critical deployment.

Source : http://bizcloudnetwork.com/2011/bizcloud-overview-of-top-10-security-threats-of-cloud-computing/
------------------------------------------------------------------------------

Monday, May 9, 2011

IEV Groups fuel growth by upgrading to Sage Accpac Project ERP for the entire group of companies.

Petaling Jaya, Malaysia – 03 May, 2011: In line with their expansion IEV Group of companies has entered into a ERP implementation engagement with Careware Systems Sdn Bhd the leading Sage Accpac Business partner in Malaysia,

The implementation will cover the entire groups of companies staring from its Head office in Kuala Lumpur and rolling out to other region simultaneously.

IEV group of companies are upgrading from their previous ERP system as it was unable to cater for their unique project requirement in the Oil and Gas industries. According a spokesman Careware was selected as she has established itself as a leading supplier of business solution for the project & engineering based industry based on Sage Accpac Project ERP suites with many successful implementations and references. Careware offer the project based companies a complete and integrated business solution that manages the entire lifecycle of contracts, projects, assets and services.

The major Sage Accpac modules that will be implemented are Financial Management, Project & Cost Management, Materials Management, Assets Management, Sales Distribution Management, Purchasing Management and Sage Accpac Intelligence & Analytics.

With the implementation of Sage Accpac Project ERP, IEV group will significantly realize benefits by improving efficiencies in processes such as “procure for project” and “cost overrun monitoring” which are critical for bringing transparency and efficiency into its business. Significant benefits are also expected through integration of business processes, standardized systems, processes and controls. Being a highly diversified Group, they embarked on this project in order to have a seamless integration across all companies and points of presence for financial consolidation, better control and standardization.
--------------------------------------------------------------------------
About IEV Group
IEV Group is one of Asia leading engineering solutions provider to the petroleum and marine industries. The company is presently servicing customers throughout North America, North Sea, West Africa, Middle East and Far East. Its subsidiary IEV Gas is one of Asia’s leading providers of integrated subsea engineering solutions to the oil and gas industries. She is also a leading provider of mobile gas (CNG & LNG) infrastructure in the South East Asia region.

About CareWare SystemsThrough its partnership with Sage, CareWare Systems helps small and mid-size companies in Malaysia reach productivity levels at the top of their respective industries. CareWare represents a variety of business management software including Sage Accpac ERP, SageCRM, and MISys Manufacturing Software. For companies interested in growth, profitability and superior software support, CareWare is the Sage business partner for you. For more information, please visit our website: http://www.careware.com.my/.
------------------------------------------------