Dirty Disks and Cloud Security

I expect to see more cloud security articles in the near future, and this one really does a good job highlighting exactly some of the things that end users need worry about.

Most IaaS cloud vendors rely on best practices and security baked into their software to provide the security to their end clients, but with certain internally used bits of source, like was the case with VPS.NET and Rackspace, the potential for security errors creep up.

Case in point, the issue here was with regards to reusing hard disk space after it was relinquished by a customer. In the IaaS world, resources are reused once they are terminated by a user. This reuse includes hard disk space for storage of files – the data that was previously stored on the drive by an old customer is deleted before being presented as blank space to another customer.

However, as these researchers found, a method for thoroughly destroying the data was not completely employed, and bits and pieces of file data were preserved between customer use. This means that any data potentially stored on disk could have been leaked to another customer, if the other customer had known where to look.

This is very bad, but not surprising. Low level details like this are easy to overlook, and until someone finds them out and points it out to a provider, they may be blissfully unaware of its existence.

This isn’t a unique problem to these two vendors. Folks like Amazon, who have a pretty good history of security, are just as vulnerable. Perhaps not on this specific issue, but others. In fact, one of the biggest vulnerabilities is the ever changing code behind the scenes that the end user is not aware of. Amazon in particular is constantly adding new features, releasing new internal versions of their Cloud software and deploying it strategically – all out of view of the end user. However, due to the constant changing state of the code, new vectors for exploitation are always a possibility. Even security holes that didn’t exist a few days ago could potentially open up as a result of a misstep by an Amazon engineer.

The bottom line is cloud security must be taken very seriously. While there is a certain level of trust that must be accepted, going the extra mile with internal security practices to ensure that data can’t be leaked is a prudent decision for any organization utilizing the cloud.

_______

Data Cave is a privately owned and operated Tier IV data center located in Columbus, Indiana convenient to Indianapolis, Louisville and Cincinnati. Please contact us for more information at 866-514-2283.

Thoughts on open source and bitTorrent

You know what’s awesome? Open source software. The transparency (you can see and edit almost anything to your liking), the camaraderie (projects like GitHub encourage social coding and group activity), and the power of it are what propels the internet today. Even operating systems like Ubuntu are open source and giving closed source operating systems a run for their money.

You know what else is awesome? BitTorrent. Specifically, its file type called a torrent. Yes, they have gotten an extremely bad rap for piracy issues, as you know. However, just because a tool is used for evil, doesn’t make it evil. Torrents are one of the most brilliant internet-centric inventions of the last two decades. It has made large file downloading nearly painless.

From Wikipedia:

Torrents work by dividing the target file into small information chunks, found on an unlimited number of different hosts. Through this method, torrents are able to download large files quickly. When a client (the recipient of a target file) has initiated a torrent download, the chunks of target file that are needed can be found easily, based on the data from the torrent itself. Once all the chunks are downloaded the client can assemble them into a usable form.

I’m currently attending IUPUI in Indianapolis. We get a TON of expensive software for free, so I shouldn’t complain about things, but I will anyway. IUPUI gives us this large-sized software and then breaks the software into 500MB chunks which are very inconvenient to download. Part of the beauty of BitTorrent’s system is that you are getting very small chunks of data from a lot of people that have what you need. This allows you to pause and resume at any time, and most times, without a hitch. But what does Data Cave use torrents for?

We are open source enthusiasts as you know. We use Ubuntu servers fairly heavily. So when a new distribution comes out, we like to give back to the community and allow uploads of the latest Ubuntu/Kubuntu operating systems.

We let the uploads run with Transmission, an open source BitTorrent client, and generally keep them going for quite awhile after the initial distro launch. This makes us feel warm and fuzzy. Our employees also have their hands in other open source projects. For a taste, here is Caleb’s github page as well as David’s page. They contain both professional and personal projects. We’ll talk more about the professional ones later.

What open source software do you love? We want your feedback! Let us know in the comments.

_______

Data Cave is a privately owned and operated Tier IV data center located in Columbus, Indiana convenient to Indianapolis, Louisville and Cincinnati. Please contact us for more information at 866-514-2283.

Whitepaper: Understanding HIPAA and HITECH Compliance

Many healthcare entities and their business associates are entering a brave new world of HIPAA and HITECH regulations for using and storing protected health data. In addition to making sure protected patient information is secure, behind firewalls, encrypted and easily accessible when healthcare organizations and their associates need it, additional monitoring and random audit reporting to meet HIPAA regulations also are kicking in during 2012.

The stakes are high for complying with federal regulations. Any sort of breach in releasing health information can cost a company dearly in lost good will with customers, severe backlash from the public and monetary fines, up to $1.5 million in some instances.

HIPAA security compliance is often more complicated than expected. That’s why we at Data Cave have developed a new whitepaper to help you understand both HIPAA and HITECH Acts, the safeguards needed to protect health data, and why you should consider using a HIPAA compliant data center, like Data Cave, to meet these regulations.

For more information contact us or call 866-514-2283.

KVM and Ubuntu

At Data Cave, like most companies, we have internal servers for email, monitoring, web serving, and like such as. Like a lot of companies today, we have virtualized all of these services on a few physical servers. While we experimented with various means of virtualization with Gentoo, we settled on the use of KVM (Kernel Based Virtual Machine) on Ubuntu for our needs. For some time now, Ubuntu has officially included KVM and various supporting utilities in the distribution. For instance, the “Virtual Machine Manager” is a nice front end to one’s KVM-based VMs. It uses SSH to connect, allows you to see how much CPU load the VM is generating, and gives you access to the VM’s console with a double click.

Virtual Machine Manager

We use run-of-the-mill Dell servers for hosting these VM’s, and you can see from the screenshot above that even the most-heavily used host is still barely being exercised. For the additional complexity of the setup, we get very real cost savings on the number of boxes we need, while providing us even more flexibility to segregate all major computing services onto their own partition, allowing us to work on them independently.

To provide the disk space for these VM’s, we use Coraid disk enclosures. They use the ATA-over-ethernet (AoE) protocol to create a SAN. Comparing bang-for-buck, this approach cannot be touched. Our experience has proven Coraid’s promises of cost-effectiveness to be true. A comparable, similarly-sized iSCSI configuration, from one of the big names in the industry, started at five times the cost of our Coraid units.

For larger installations, Ubuntu is adding OpenStack cloud software in their forthcoming 12.04 LTS release, but for smaller implementations, KVM-based virtualization is still a terrific way to reduce the costs of hosting your company’s infrastructure. And, unlike other, proprietary solutions, you won’t have to spend the money you saved on the hardware buying the software! And, of course, Data Cave provides a clean, secure, purpose-built place — with fully redundant power, cooling, and connectivity — to put servers for exactly this sort of thing.

_______

Data Cave is a privately owned and operated Tier IV data center located in Columbus, Indiana convenient to Indianapolis, Louisville and Cincinnati. Please contact us for more information at 866-514-2283.

Meet Brittany Lutke – New Addition to the Data Cave Team

Hello! My name is Brittany Lutke and I am the newest member of the Data Cave team. I joined Data Cave in February, 2012. I focus on business development and client satisfaction. I am excited and eager for this opportunity. For the past 5+ years I have been on the front lines in the advertising and marketing field, primarily in TV with a brief stint in radio. During that time I partnered with local Louisville companies like John Kenyon Eye Institute, Steepleton, and Churchill Downs all the way to large organizations like Meijer, LG&E, Insight Pharmaceuticals, and Frisch’s Big Boy. I developed new business and maintained relationships with a number of clients during that time. I planned advertising for events and sales, planned annual schedules and focused on getting the most impact for my client’s dollar. I also created promotions and helped in developing TV and radio commercials.

I live and primarily work in Louisville, Kentucky. However, I serve clients across the region and U.S. If you haven’t already, come visit Data Cave and I’ll take you on a tour! You really need to see this place and meet the incredible people who are behind it.

Random things about me: I ride a Harley Davidson Street Glide. I have two dogs, Lola, a Boxer, and Harley, a Blue Nose Pit Bull. I love being outdoors. I spend a lot of time on the water in the summer, primarily on Lake Cumberland. I like, okay love, bourbon. I moved from Michigan to Kentucky in 2006. I am married to my high school sweetheart. My husband and I met when we were paired together as stunt partners on a water ski show team. I was a collegiate swimmer for Grand Valley State University and, I’m not sure how, but I still hold some records.  I started doing Crossfit last fall in attempt to get back in shape. I feel I have an eclectic taste in music. I enjoy Lou Rawls, Otis Redding, Al Green, AC/DC, Alice in Chains, Disturbed, Aaron Lewis, Eric Church, Beyonce, Muse, Kid Rock, Jack Johnson, Foster the People…

As Business Development Manager, I am here to help you throughout the process of utilizing our data center by making sure your experience is as smooth as possible, and adapting our services to change or grow with your business; while staying competitive on many levels.

You can reach me at 502-552-7362 or brittany@thedatacave.com. I would love to hear from you.

Best regards,

Brittany