Security

Outsourcing your IT security: yes or no?

CloudSec_comp“Should we keep IT security in-house or is it better to outsource?” This has long been a thorny issue for organizations. Recently, it was one of the most important topics during a LeaseWeb Security Round Table with customers and I’d like to share some of the things I learned.

The discussion immediately took off following a statement from one of the participants, an end user: “In the Netherlands, the mantra is to focus on your core business. I dare to differ. I always learned that when operations are critical to your organization, you should keep them close. If security is critical to your company, why outsource it? If you outsource, you disconnect it from your company. What do you think about this?”

Read the rest of this entry »

Update on the new EU US Privacy Shield

AdServing_01_FlexibilityAfter my previous blog last month we were still looking out for any news about solutions for the Safe Harbor invalidation. Since the press release of the EU US Privacy Shield, announced by the European Commission on February 2, 2016, we have seen many press articles and numerous links. So here is our update and recap on the timing of the EU US Privacy Shield and alternative solutions offered by LeaseWeb.

Read the rest of this entry »

Are you compliant with the new Dutch Law on Data Breach Notifications?

EnterPrise_01_ComplianceOn January 1, 2016, the new Dutch Law on Data Breach Notifications came into effect. Organizations – both companies and government agencies – are now required to immediately report any serious data breach to the Dutch Data Protection Authority (Authoriteit Persoonsgegevens). And, if it is likely that the data breach will have an adverse effect on the privacy of those involved, those people have to be informed as well.

A data breach is defined as the act of accessing, deleting, modifying or releasing personal data, committed unintentionally by the organization. Not only releasing (e.g. leaking) personal data, but also the illegal processing of data, will be seen as a data breach. Examples of data breaches are a lost USB stick containing personal data, a stolen smartphone or malicious access to a database by a hacker.

Read the rest of this entry »

Stay safe: how to install the patch for Linux bug CVE-2016-0728

200px-Tux.svgA security bug affecting Linux versions 3.8 and higher was recently identified. Although this bug (CVE-2016-0728) was first introduced into the Linux Kernel in 2012, it was only discovered and made public a few days ago. When we learned of the bug’s existence, we immediately patched all internal LeaseWeb servers. We advise everyone to patch their servers as well.

The vulnerability in the Linux kernel could potentially be used by attackers in order to obtain higher privileges from a regular account. It uses a technique called “use-after-free” to control the way memory is freed on kernel objects which is then replaced with user supplied data, while keeping the privileges of that memory object.

Read the rest of this entry »

Roundtable recap: security starts and ends in the boardroom

CloudSec_compThe IT industry is slowly becoming a technically solid sector, but until now, it continues to be vulnerable as well. Security incidents are still widely reported in the press. It’s an important topic, and one there are many ways of looking at it. This is I why lead a round table session with nine LeaseWeb customers, where questions were answered about the new Dutch Law on Data Breach Notifications (Meldplicht Datalekken) and participants discussed how to organize a secure online company.

The participants were executives of companies which have IT as a core business, or companies that use IT for their online services. They were joined by LeaseWeb founders Laurens Rosenthal and Con Zwinkels, and Jort Kollerie, Enterprise Security Specialist at Dell Security. In addition, IT journalist and security specialist Brenno de Winter shared his experiences about the topic.
Read the rest of this entry »

LeaseWeb Application Security introduction

DDoS attacks and other forms of cybercrime are becoming more and more frequent. That’s why we recently launched a new service called LeaseWeb Application Security. Here’s a quick video-tour of the easy-to-use dashboard from which you can adjusts your security situations, monitor suspicious traffic, respond to threats and more.

LeaseWeb Application Security is further augmented by a 24/7 Security Operation Center that reacts to every incoming attack. With the help of the Security Operation Center, you can constantly analyze your vulnerability and mitigate threats with a high degree of customization. For real-time mitigation of spammers, data breaches and DDoS attacks, application security experts are available 24/7.

Want to learn more about how you can protect your data? Visit http://lsw.to/lyA

Tips from the LeaseWeb Abuse Prevention department

StartUps_02_ConsultationMany customers will come across the Abuse Prevention department, sooner or later. A compromised server or a fraudulent sign-up by a new customer are things that commonly happen.

Such events will most likely end up with you receiving an abuse notification which may range from a simple notification regarding a port scan to a notification that you have ended up on a blacklist. Either way, abuse issues need to be solved in a timely matter to not only avoid further disruption of your own services but also to avoid harming other people.

In other words, it is not only important for the Abuse Prevention team but also for you that abuse notifications are resolved quickly. Not responding to notifications is the worst thing you can do in this situation and could potentially result in a block or suspension of services.

We don’t want to scare you though. The Abuse Prevention team is here to help. Besides informing our customers of the received notifications for their account(s), we also assist them with issues such as ending up on a blacklist or being compromised in some way and we give general advice on how to improve abuse handling in general.

Read the rest of this entry »

LeaseWeb’s new Abuse Handler is now live

The various LeaseWeb services companies are always looking to improve the processes involved with handling abuse notifications and to increase user-friendliness.

Over the past few years, we have received valuable feedback on the abuse handling process from customers and third parties who submitted notifications. With that feedback in mind, we have developed a brand new system that will further streamline the abuse notification handling process. This system was launched on July 1st 2015 and the first responses are very positive.

Read the rest of this entry »

SuperMicro BMC Vulnerability reminds you to keep your servers secure

On Thursday 19 June, LeaseWeb learned of the new critical SuperMicro baseboard management controller (BMC) vulnerability that allows retrieving the remote login password via an internet scan on port 49152.

We continuously look out for security issues that may have an impact on our customers. An integral part of preventing or limiting the impact these issues might have, is to make sure as many people as possible know how to deal with them.

Read the rest of this entry »

OpenID/OAuth exploit a hype, not the new Heartbleed

In the last few weeks, the Heartbleed bug received the attention it needed. A serious security flaw was discovered in the often-used OpenSSL cryptographic library. This allowed attackers to steal information normally protected by the SSL/TLS encryption. See also our previous posting.

This Friday, another ‘flaw’ received a lot of attention; the OpenID and OAuth security flaw dubbed ‘Covert Redirect‘. Almost immediately, the media started naming this the second Heartbleed. However, is this really the case?

Read the rest of this entry »

LeaseWeb on Twitter

Don't miss out! SEE the Cloud is on November 16. Find out more and sign up at lsw.to/lkm @TOPdesk

test Twitter Media - Don't miss out! SEE the Cloud is on November 16. Find out more and sign up at https://t.co/Gbw15lDemJ @TOPdesk https://t.co/0gycLwViV6

"Azure Stack addresses the market for private cloud services with public cloud capabilities" @Microsoft Azure Stack lsw.to/lkq

test Twitter Media - "Azure Stack addresses the market for private cloud services with public cloud capabilities" @Microsoft Azure Stack https://t.co/zi57KQalNm https://t.co/u2fIVg6Ebd

One month to go until SiGMA17! Register now lsw.to/lkd

test Twitter Media - One month to go until SiGMA17! Register now https://t.co/AL3tDv5xwW https://t.co/H0ze13AkrS

Congratulations to our CTO, Svenja de Vos for being named one of the top 100 management talents in the Netherlands lsw.to/lkf

test Twitter Media - Congratulations to our CTO, Svenja de Vos for being named one of the top 100 management talents in the Netherlands https://t.co/jcyn2y8qaf https://t.co/MKy8h5UCMl