Most recent

Are You Securing Cloud Storage Wrong?

No cloud implementation – in any business unit at any company – is perfect. That’s a given. IT administrators, directors, and CIOs have always been forced to make compromises between convenience, cost, and security. 

Read More
03 Apr 2018

How Your Employees Can Securely Share Files via Secure Cloud Access

Everyone values efficiency and simplicity, which is why thousands of technology startups and established companies have been “disrupting” the old way of doing business with new solutions for long-standing challenges. 

Read More
18 Jan 2018

How Will You Protect Data on Hybrid Cloud Storage?

You are probably using a hybrid cloud. Even for the smallest companies, the litmus test is pretty simple: do you keep some data on a shared drive that's exclusive to your company, and other data on an online cloud storage platform like Dropbox? If so, then congratulations, you're a hybrid cloud user.

Read More
26 Jul 2017

Exploring the Unknown: How Cloud Access is like the World Exploration of the 1800s


“History doesn’t repeat itself,” the great old orator and writer Mark Twain once said, “But it does rhyme.” 

Although everything that is happening is always inherently new, some older eras of civilization can tell us a lot about ourselves, and even give us insights into where to go next.

Read More
13 Jun 2017

How to Battle Cyber Attacks in the Cloud

If you are a DropBox customer, you are probably racing to change your login password. None of us want to be one of the 68 Million DropBox accounts that were leaked, right?

Read More
01 Sep 2016

Why Your MSSP Should Offer a Secure Cloud Storage Solution?

Many MSSPs (managed security service providers)  currently offer their clients the ability to outsource their firewall, DDoS protection, intrusion detection, and more. Instead of grappling with the expense and effort of building a SOC, hiring trained security personnel, and provisioning the expensive tools needed to define and protect the enterprise perimeter, customers can offload that responsibility to an outside provider.
Read More
29 Aug 2016

How to Secure Cloud Storage

When you move to cloud storage, does governance carry over? How do you make sure that your employees won’t use it to compromise critical data? We've witnessed the challenges when it comes to secure cloud storage as Box, Dropbox, and OneDrive have all been either used or misused to accomplish data breaches. 

So, how do you move to the future of storage and communication while still keeping security intact?

Read More
19 May 2016

Safe-T interviews Andrew Hay, DataGravity CISO

There are a lot of talented people in our industry. We thought it would be a good idea to interview them for our blog and find out their thoughts and opinions on key industry issues.

Our first interview is with Andrew Hay, CISO of DataGravity. With over 15 years of data security experience in various roles inside organizations as well as advising them, Andrew is responsible for the development and delivery of DataGravity's comprehensive data security strategy. Prior to DataGravity, Andrew was the director of research at OpenDNS (acquired by Cisco) and the director of applied security research and chief evangelist at CloudPassage. He also previously served as a senior security analyst for 451 Research’s enterprise security practice (ESP). Andrew draws on his data security expertise to share commentary and thought leadership about the industry, having published a series of playbooks, guides and articles in trade publications. His thought leadership and security expertise have been recognized by the SANS Institute, IT Knowledge Exchange, CEOWorld, as well as other organizations.

1. What percentage of attacks do you think are targeting the theft of data?

That's a very difficult question to answer as there are so many variables influencing the value of the data and the lack of security controls protecting the data.

2. How do you see the use of cloud storage in regards to threats of insiders leaking data?

Cloud storage is the new USB drive (which is the new floppy disk) with regards to the ability for an insider to surreptitiously transfer sensitive data outside of their organization. As all of the popular cloud storage platforms utilize SSL, there is very little inspections capabilities available at the network level - though one might argue that if the data is already in flight, you've already lost the ability to prevent it from leaving. 

3. Everybody is talking about APTs, do you think we are neglecting the basic network based attacks like port scanning as an attack vector?

Port scanning is often a probing precursor to a potential attack as a way to see how soft the target is. Port scanning should be treated as an early warning indicator but not as a definitive sign of an active attack. 

4. Today we are seeing hackers use open ports in the firewalls as a means to access the internal network, but still every one opens ports. How do see us battling this and reducing the attack surface?

That is a battle that has been around since the dawn of networks. I believe that we should follow a zero-trust model and only allow communications through our firewall that we know serve a business purpose. This would dramatically reduce our attackable surface area.

5. Do you see a growth in the deployment of secure data exchange solution as a mean of battling data theft?

Not sure.

6. How are firms dealing with the increase in use of mobile devices as they relate to data exchange and security?
Most are turning a blind eye to new devices (from mobile to IoT) and hoping that existing tools are robust enough to mitigate any issues that may arise.
Read More
22 Mar 2016