Quadra

Connecting Technology and Business.

VM Security Vulnerabilities

While Hypervisors are considered better secured than general-purpose OSes, Virtualization does introduce a new & potentially devastating threat-matrix in an enterprise environment. Here are some of the virtualization specific threats & vulnerabilities that IT & security administrators should be aware of before deploying virtualization environments.

 

 
• VM Sprawl:
VM Sprawl refers to uncontrolled deployment of VMs in an Enterprise environment. It is a simple, short & quick process to deploy new VMs on existing VM severs hence if an Enterprise doesn’t have authorization policies around
a) VM Change Management;
b) a formal review process for VM security before deployment and/or
c) an authorized set of VM templates
then VM deployments can get out of control which is commonly known as “VM Sprawl”. VM Sprawl is one of the biggest problems in Enterprise deployments of Virtualization.
 
• Hyperjacking:
Hyperjacking is a term used for an attack which takes control over the Hypervisor that creates the virtual environment within a VM Host. Since Hypervisors run beneath the Host OS, if installed, a rogue hypervisor can take complete control of the virtualization server, all the guest VMs within the virtualized environment and possibly the Host OS as well. So far Hyperjacking vulnerabilities are mostly specific to Type-2 Hypervisors. However, Hyperjacking of the service console or Dom0 on Type-1 hypervisors is possible which in essence would allow the attacked unlimited access in the entire virtualization server. Regular security measures such as Endpoint firewalls, IDS/IPS, Anti-Virus etc are ineffective & defense-less against Hyperjacking since security solutions in VM or server are not even aware that the host machine has been compromised. Though largely theoretically at this point, it’s a critical threat to the security of every virtualized environment.
 
• VM Escape:
Normally virtual machines are encapsulated, isolated environments. The operating systems running inside the virtual machine shouldn’t know that they are virtualized, and there should be no way to break out of the virtual machine and alter the parent hypervisor. The process of breaking out and interacting with the hypervisor or VM Host is called a “VM escape”.
 
• Incorrect VM Isolation:
VM Isolation is a critical aspect of keeping virtualized environment safe. Just like with Physical machines and Physical firewalls, virtual machines should be restricted in communication from one-to-another. Incorrect VM Isolation can result in problems as simple as reduced virtualization performance (one VM constantly communicating to another reduces local resource usage for more important tasks) to denial-of-service and VM take-over.
 

 

 • Denial of Service:
Several types of denial of service exploits & vulnerabilities have been discovered in various types of hypervisors from different vendors. These potential DoS vulnerabilities range from traditional network based attacks or remote DoS to bring the Host or a specific Guest OS down; all the way to more exotic types of denial of service such as the ones which exploit hypervisor or virtualization tool & backdoor communications.

 

 
• VM Poaching (or Resource Hogging):
VM Poaching occurs when one VM Guest OS takes up more CPU or other resources allocated to it against the other Guest OS running in the same virtualized environment. A run-away VM can completely consume the hypervisor, thus starving rest of the VMs running within the hypervisor. VM poaching can occur with any of the hypervisor resources including memory, CPU, network and/or disk.
 
• Unsecured VM Migration: (VMotion)
When a VM is moved from one VMHost to another, the security policies & tools set up on the new VMHost need to be updated with moved VM so that same security policies for that VM can be enforced on the new VM Host as well. The dynamic natures of “VM Migration” could potentially open up security risks and exposure for not only the “migrated VM” but also for the new VMHost & other Guests running on that VM Host.
-      From a Whitepaper from RedCannon Security Inc.

Making Sense of Multi-Tenancy

Whether it’s an emerging biotech, a stable managed markets organization, or the world’s largest pharmaceutical company, every client needs an adaptable customer relationship management (CRM) system. Life sciences companies must be able to make changes to the system as often as necessary to keep up with market fluctuations, regulatory changes, territory realignments, and technology innovation. A simple field change that takes up to six months in a client/server environment, takes just a few minutes with an application “in the cloud.”
Cloud computing is a witty term used to describe the process of taking traditional software off the desktop and moving it to a server-based system that’s hosted centrally by a service provider. This service allows companies to make updates, alleviate glitches, and manage software from any location from one computer, rather than run around to every system and make changes locally.
While cloud computing might be the catchphrase of the moment, not all systems are created equal. A feature that should be considered when looking for a new software-as-a-service (SaaS) system is multi-tenancy, which is a chief characteristic of mature cloud computing application.
 
Making Sense of Multi-tenancy
 
Multi-tenancy is the architectural model that allows pharmaceutical SaaS CRM vendors—vendors with products “in the cloud”— to serve multiple customers from a single, shared instance of the application. In other words, only one version of an application is deployed to all customers who share a single, common infrastructure and code base that is centrally maintained. No one customer has access to another’s data, and each can configure their own version of the application to meet their specific needs.

 

Multi-tenant architectures provide a boundary between the platform and the applications that run on it, makingit possible to create applications with logic that’s independent of the data they control. Instead of hard-coding data tables and page layouts, administrators define attributes and behaviors as metadata that functions as the application’s logical blueprint. Individual deployments of those applications occupy virtual partitions rather than separate physical stacks of hardware and software.
These partitions store the metadata that defines each life sciences company’s business rules, fields used, custom objects, and interfaces to other systems. In addition to an application’s metadata, these virtual partitions also store custom code, ensuring that any potential problems with that code will not affect other customers, and preventing bad code associated with one object from affecting any other aspects of an individual customer’s application.

 

In addition, the model must be totally scalable—both up and down—as a result of employee changes, transaction growth, new product launches, mergers and acquisitions, or any number of business events that can dramatically alter business needs. CRM solutions from traditional on-premise vendors are expensive to scale because of the complexity and cost of scaling each layer of hardware and software stacks, which often require messy system replacements and data migrations.
 
Centralized Upkeep
 
Life sciences organizations benefit from both hardware and software performance improvements with a true multitenant cloud computing solution. When it comes to hardware, the provider sets up a server and network using the pooled resources of all its sales revenues that would not be financially feasible for any one individual customer to purchase on its own. It’s simply an economy of scale.
Investing in first class hardware results in more scalable, reliable, and secure performance than any other alternative. This is true no matter how large or small the client is—from 10 to 10,000 users, each customer still uses the same hardware.

 

The same is true with software. With multi-tenant SaaS, all customers are running on the same version or same set ofcode, which means that all of the users are working on the very latest release of the software 100 percent of the time—as opposed to locally installed programs where there may be 20 different versions of an application in use and 20 different sets of code to maintain without a single customer on the latest release. For each version of the software, the vendor provides the team to maintain it, investigate bugs, make and deploy patches, and more.
 
No Hardware, No Problem
 
Gartner estimates that two thirds of IT time and budgets is spent on maintaining infrastructure and dealing with updates. Multi-tenant SaaS lowers these costs because there is no hardware to buy or install, and there is no on-site software to maintain or update.

 

In addition to hardware, software, and maintenance savings, cloud computing CRM systems are much faster and therefore less expensive to implement. With multi-tenant SaaS, product design and configuration happens in parallel. That means project team members can log in and start working on day one.
 
The Maturation of a Technology
 
In his book, The Big Switch, Nicholas Carr describes how one hundred years ago, companies stopped generating their own power with “dynamos” and instead plugged into a growing national power grid of electricity. Looking back today, the benefits are obvious: dramatically lower cost, greatly reduced maintenance, and ubiquitous distribution. It also made the process of upgrading much easier as changes made to the common grid were immediately available to the benefit of all users. But most importantly it unleashed the full potential of the industrial revolution to companies of all shapes and sizes.
The life sciences industry is in the midst of a similar revolution today. Cloud computing has become the modern-day version of electrical power— the grid, replaced by the cloud. But only with true, multi-tenant SaaS can companies feel the full effects of this innovation.

 

Pharmaceutical Executive, Online – An Advanstar publication

Sumifs and Countifs in Excel

​Let us assume that you have a range of numbers in an Excel worksheet. You want to sum all numbers in the range that fall under a certain condition. You also want to know how many such numbers are there in that range that satisfy the condition. Here is how you can do this:

Go to the cell where you want the sum of the numbers that fall under the condition

Enter the formula =sumif(range, condition). For example, if you want sum of all numbers that are less than 500 in the range B2 to H17, enter =sumif(B2:H17, "<500").

Go to the cell where you want to display the number of cells that contain numbers that fall under your condition

Enter the formulaEnter the formula =countif(range, condition). For example, if you want count of all numbers that are less than 500 in the range B2 to H17, enter =countif(B2:H17, "<500").

 This is one of the ways of using the sumif and countif functions

Record Audio and Video in OneNote

Note: Before making an audio or video recording, be certain to let those present know that they will be recorded. Also note that your computer must have an installed microphone to record audio (or the audio track in a video recording) and an installed video camera to record video.

 

How to record audio or video:
  1. Click the location on the page where you want to place the audio or video recording object—for example, beside a paragraph or photo that you are commenting on.
  2. On the Insert tab, in the Recording group, click Record Audio or Record Video.
    The Audio & Video Playback tab opens, and your recording begins automatically. Notice that an audio or video object appears, with a time stamp, at the insertion point.
  3. When you are finished recording, on the Audio & Video Playback tab, click Stop.
    Screen snip of the Audio & Video Playback tab in OneNote
How to play back your recording in context:
  1. Rest your mouse pointer on any note that you took during the recording.
    A playback icon Image of the Playback Icon appears to the left of the paragraph.
  2. Click the icon to play back what was being recorded at the time you took the selected note.

Gartner's prediction on Cloud email and Collaboration Services

​By the end of 2014, penetration of cloud email and collaboration services (CECS) will stand at 10 percent and will have passed the "tipping point" with broad-scale adoption under way, according to Gartner, Inc.

Although Gartner believes that the time is right for some enterprises — particularly smaller ones and those in industries with long underserved populations such as retail, hospitality and manufacturing — to move at least some users to CECS during the next two years, analysts warned that readiness varies by service provider and urged caution.

 

"Ultimately, we expect CECS to become the dominant provisioning model for the next generation of communication and collaboration technologies used in enterprises," said Tom Austin, vice president and Gartner fellow. "However, it is not dominant today, it will not be the only model, and it will take a decade or more for the transition to play out. Right now, the list of reasons to move to CECS is long, as is the list of reasons to avoid it."
 
Consequently, Gartner is lowering its short-term projected adoption rate for CECS. Analysts predict that most enterprises will not begin the move to CECS until 2014 when growth in the market will take off, before leveling off in 2020 as it exceeds 55 percent.
 
Gartner has pushed out the point at which it believes that 10 percent of the enterprise market will use cloud-based or software-as-a-service (SaaS) email from year-end 2012 to year-end 2014. Analysts said organizations are moving more slowly than anticipated for three primary reasons.
 
"The first is asset inertia. Organizations seek to extract maximum value from their investments in email and switching early can be like trading in a 2-year-old, low-mileage automobile. Secondly, senior IT managers are much more focused on strategic initiatives that help them to grow or transform their enterprise's business and moving to cloud-based or SaaS email services is generally viewed as a cost-saving move rather than a strategic initiative. Finally, the practical realities of the vendors' CECS offerings, when examined up close, are sometimes less compelling than the glossy stories they tell," Mr. Austin said.
 
While most enterprises that have adopted CECS appear to have moved everyone to CECS, closer investigation reveals that they often retain small, dedicated, on-premises systems to maintain greater control over the content created and consumed by C-level executives — whose communications are almost always subject to legal and regulatory scrutiny at semi-regular intervals.
 
"There are several reasons why enterprises might not want to be ahead of the curve on CECS, not least the perception that early adopters pay a premium in terms of acquisition cost, and that by waiting the organization can avoid paying an 'early adopter premium,'" said Mr. Austin. "However, cloud-based collaboration services appear to be forward priced and, while we do expect the cost of CECS to follow a cost-learning curve, the motive for much of the investment in CECS appears to be cost reduction. Thus, if CECS otherwise makes sense for an enterprise, it would be far better off proceeding now, while requiring that the CECS supplier guarantees to continue to reduce prices as prices in general fall in the market."

Password Protect Your Documents

Passwords provide the first line of defense against unauthorized access to your computer, and a good password is often underestimated. Weak passwords provide attackers with easy access to your computer and network. Strong passwords are considerably harder to crack, even with the latest password-cracking software.

A strong password:
  • Is at least eight characters long.
  • Does not contain your user name, real name, or company name.
  • Does not contain a complete dictionary word.
  • Is significantly different from previous passwords. Passwords that change just slightly—such as Password1, Password2, Password3—are not strong.
  • Contains characters from each of the following groups:
    • Uppercase and/or lowercase letters.
    • Numbers
    • Symbols (!,@,#,$,%, etc.)