Saturday, January 3, 2015

Corporate America, you've been hacked

Sony Cyberattack, First a Nuisance, Swiftly Grew Into a Firestorm. More than 100 terabytes of internal files and films had been stolen, internal data centers had been wiped clean, and 75 percent of the servers had been destroyed. The F.B.I. found that the hackers had used digital techniques to steal the credentials and passwords from a systems administrator who had maximum access to Sony’s computer systems. Once in control of the gateways, theft of the information was relatively easy.

As we bear witness to the destructive cyberattacks on Sony Pictures, it becomes clear that nobody is safe, we are entering an entirely new era of “cyber-vandalism”.  Those who do not implement cloud data protection will be the next ripe targets. Those who do not change their approach to cloud data protection will lose. The Sony hack has taught us so much. It’s taught us to send corporate email as if everyone is reading those emails. It’s taught us that people in Hollywood are just as mean as people in any other industry, with equally fragile reputation.   Bottom line: This hack is estimated to cost Sony $100 million after all is said and done, and jeopardizes executive careers.

Trust No One…Encrypt Everything

Cloud-First, Mobile-First era requires businesses to adopt the discipline of Trust No One, Encrypt Everything! The Sony hack could have been mitigated if these stolen files had been uniquely encrypted, with only the authorized users (internal/external) in the shared list (embedded in the document header) able to decrypt the files; and, most importantly, if the decryption could only be carried out from an authorized computer or mobile device.

Assume you’re Always under Attack

Enterprise IT is heavily relying on security features provided by cloud vendors but most of the SaaS vendors do not make security a first priority, and so they fail to provide sufficient data governance, data privacy, data sovereignty, and built-in compliance. CIOs and CISOs have realized that maintaining enterprise-grade security in cloud application usage is a shared responsibility, as traditional infrastructure security technologies that are based on the idea of perimeter defense have become obsolete. The perimeter is dead; mobile devices wounded it and the cloud finished it off. Applications today are mobile, so security must be built to move with them.

Ohanae develops security tools to facilitate secure document collaboration using enterprise social platforms, and file sync and share tools that are based on the core assumption that it is impossible to tell good from bad. Our security models focus on eliminating attack vectors, and move away from the never-ending battle of separating “good” from “bad”.

Secure Document Collaboration for Salesforce Users

Ohanae offers near boundless innovations for these new approaches by securing your files in Salesforce cloud, along with your Salesforce credentials. Unlike anyone else, Ohanae takes this two-prong approach to fully secure your data through zero knowledge encryption resulting in:
  • Easy to use secure file sharing via Chatter and Communities, Salesforce Files guest link, Skype, iMessage, email attachment, and USB flash drive.
  • Assurance that sensitive files in the Salesforce Files are encrypted and only you have the encryption key.
  • Access to unique complex passwords without the need to remember them.
  • Full-fledged logging in compliance with government regulations. Ohanae monitors your private and shared files uploaded/synced to the Salesforce cloud.

How it Works?

In cases of document sharing, files are encrypted using unique encryption keys which are associated with specific recipients. This allows other Salesforce users to receive encrypted files from you without their knowing any of your critical security data, while maintaining the same level of data security.

For private files in Salesforce Files, Ohanae transparently encrypts files using a highly secure key that is generated on each use and not stored on the device or in the cloud. This encryption prevents access to documents by unauthorized users who might compromise your cloud storage account.

Finally, the password management function ensures that your Salesforce credentials are unique. These unique, highly secure passwords are dynamically created and then erased locally from your desktop or mobile devices. They are never stored on either the device or in the cloud.

Pricing and Supported Platforms

Now available for download, Ohanae is free for single device use. Multi-device business use (up to 8 devices) costs $2 per user/month. Enterprise use costs $3 per user/month with a centralized management capability from an intuitive web interface. Ohanae supports Android, iOS, Windows Phone, Windows Store App, Windows Desktop and Macintosh, Chrome, Safari, Internet Explorer, and Firefox.