Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

HBGary's Hoglund identifies lessons in anonymous hack

Robert Lemos | March 17, 2011
Companies need to make sure that they are protecting their cloud assets, not just their networks, the beleaguered CTO of HBGary says.

What other suggestions do you have for companies?Set an e-mail retention policy and don't store your entire e-mail archive in the cloud. You can store it locally somewhere in the corporate environment, so you can still access it for doing your daily work, looking up data as well as for e-discovery purposes, but it shouldn't be stored in an accessible location out in the cloud.

Second, enable two-factor authentication. Anything that requires a log-in should be enabled for two-factor authentication. If I had enabled two-factor authentication for Google apps that I had HBGary subscribed to, then these hackers from Anonymous would not have been able to log in.

It was a newly available option, but we hadn't enabled it. The cost of two-factor authentication is significantly lower today than it has been in the past. It doesn't cost much, so anybody using the cloud should enable two factor, it it's an option. If they have any services on the road, such as sales people or technical people, they should have two-factor authentication.

Another thing they should do is configure IP restriction on any administration of the site. So, you should only have one administrator account and it should be IP restricted to a single location. And then if you have a compromise, you don't have to worry about someone getting access to the administrative parts of the cloud services.

 

Previous Page  1  2 

Sign up for CIO Asia eNewsletters.