MaleFranceMember since 15 Mar 14Last online 4 years ago

  • rizeltuas

    Dyman & Associates Risk Managements Projects: For cloud providers, fraud detection is integral part

    4 years agoReply

    Cloud providers have attracted enterprise customers with the promise of rapid elasticity, on-demand provisioning, high availability and a pennies-per-hour pricing model. But there's just one problem: These very qualities have enticed criminals to adopt cloud services as well.

    When a scam artist is looking to set up a phishing scheme to gain access to victims' bank accounts, the built-in redundancy, scalability and automation capabilities of cloud servers are extremely appealing. And when all it takes to procure cloud services is a working credit card -- without ever needing to deal with a live salesperson -- the cloud becomes an even more viable base from which criminals can commit fraud.

    "All of the advantages of the cloud for enterprises are the advantages for the bad guys," said Jeff Spivey, international vice president of ISACA, a founding member of the Cloud Security Alliance (CSA) and president of Security Risk Management Inc., a Charlotte, N.C., and information security consultancy. "It's that anonymity and scale that's attractive to the fraudsters."

    Without proper cloud-based fraud detection and prevention practices in place, cloud providers can become unwitting hosts for cybercriminals. It's a threat that can expose providers to legal liabilities, profit loss and blacklisting. What's more, any cloud provider can become a target.

    "While cloud has been a phenomenal enabler for legitimate businesses, it's also been a phenomenal -- and I mean phenomenal -- enabler for fraud and fraudulent activity," said John Rowell, senior vice president of research and development as well as global service operations at Dimension Data, a South African cloud and managed services provider. "Fraud is a huge deal on the business side."

    How does cloud-based fraud occur?

    Across the broader market, discussions about cloud security have focused primarily on the customer side of the equation. Even as cloud providers continue to devote the resources necessary to ensure that customer data is secure, they can't overlook the fact that some of their own customers could be a threat.

    Fraud manifests in the cloud in several ways, according to experts. Typically, fraudsters use a stolen credit card to procure virtual machine (VM) instances or platform services on which they build their operations -- among them phishing schemes, money-transfer scams, identity theft and malware.

    "[You] can go get a fraudulent credit card, a good one -- it'll be working, but it'll be stolen -- for less than a dollar," Rowell said. "So, think about how the cloud enables [criminals]. All they have to do is sign up online and they can have a server in five minutes for less than a buck, and it's a throwaway identity."
    In a joint investigation in 2012, researchers from McAfee Labs and Guardian Analytics uncovered a massive, cloud-based banking fraud operation that attempted to bilk an estimated $78 million from account holders in Europe, Latin America and the United States. The investigation, dubbed "Operation High Roller" because of the criminals' focus on high-balance accounts, found the scheme's success hinged on the resource availability and automation in the cloud, as opposed to a single host computer.

    "With no human participation required, each attack moves quickly and scales neatly," investigators wrote in a report.

    In some cases, criminals skip the stolen credit cards altogether and instead crack into a legitimate customer's account, hijacking the VMs to use for their own fraudulent activities. Cyber criminals are also looking to Infrastructure as a Service to provide vast amounts of on-demand processing power to launch distributed-denial-of-service attacks, according to Raj Samani, vice president and chief technology officer of McAfee Inc.'s EMEA operations.

    Read More:
  • rizeltuas

    New Oracle Software Tackles Mobile Security Head On, Dyman & Associates Risk Management Projects

    4 years agoReply

    Mobility. It’s not a new trend, but it’s a growing one. Indeed, the workforce is becoming increasingly mobile and that mobility is driving security concerns that software giants like Oracle are trying to solve.

    Oracle sees a critical need for solutions that help enterprises control access to business data and also protect that data on mobile devices. Advanced security controls for personal and corporate devices, are needed, without complicating the user experience.

    To meet these needs, the enterprise-software maker is launching the Oracle Mobile Security Suite, which lets users securely access enterprise data from their own devices, while at the same time protecting that information by isolating corporate and personal data.

    Oracle Says Its Solution Is Different

    "By extending security and access capabilities to mobile devices, organizations can protect corporate resources on employee devices without compromising the user experience," explained Amit Jasuja, Oracle's senior VP of Java and Identity Management.

    Jasuja said Oracle's security solution brings the firm's Identity Management platform to mobile devices, so organizations can address the bring-your-own-device (BYOD) challenge logically.

    Along with Oracle’s existing Identity and Access solutions, the new suite offers an integrated platform that organizations can use to manage access to all applications from all devices -- including laptops, desktops, and mobile devices.

    Oracle insists its approach is different from the approaches taken by other mobile device management (MDM) solutions because those others focus on the devices themselves. That strategy can create separate security silos requiring companies to spend more money on expensive products to integrate with their identity solutions.

    Instead, Oracle said its Mobile Security Suite focuses on the apps and the users, allowing IT to more efficiently and securely administer and manage access.

    An End-to-End Solution

    The company said its Mobile Security Suite provides a secure workspace so organizations can separate corporate and personal apps. That means enterprises can protect their apps and data as well as enforce their security policies without interfering with users' personal information.

    The workspace also offers security controls, enabling companies to enforce single sign-on, per-app network tunneling, and encryption for stored data, and integration with Microsoft Active Directory for shared-drive access.

    As for mobility security controls, the software are able to limit access or restrict functionality based on location. The solution also lets companies control their application policies, including limiting copy/paste/print to prevent data loss.

    Additionally, if employees are terminated or otherwise leave their jobs, organizations can remotely wipe corporate data and apps from their mobile devices.

    The Oracle Mobile Security Suite also includes an e-mail client, secure browser, file manager, white pages app, document editor, and a mobile app catalog that can serve as an app store.

    Read More:
Loading ...