Trend Micro reveals that leaky ElasticSearch database exposed close to 7.5 million Adobe Creative cloud users’ records

A misconfigured cloud-based ElasticSearch database has exposed almost 7.5 million Adobe Creative Cloud user records that include email addresses, member IDs, information on installed Adobe products and subscription statuses, and whether or not they are Adobe employees.

The leaky database, which was reported to and secured by Adobe on October 19, was discovered by security researcher Bob Diachenko in partnership with Comparitech. According to Diachenko, the ElasticSearch database may have been left unsecured for about a week. Information on who was able to access this database is also unknown.

In October 2013, Adobe suffered a data breach that impacted at least 38 million users. 3 million encrypted customer credit cards and login credentials for an unknown number of users were exposed.

Adobe Creative Cloud is a subscription service that gives users access to a suite of Adobe products such as Photoshop, Lightroom, Illustrator, InDesign, Premiere Pro, Audition, After Effects, and many more. Adobe replaced its single-purchase, perpetual license model with the cloud subscription model in 2013.

Given that cloud services are offered by service providers that handle the hardware and back-end portions of the cloud, it’s easy to assume that they are also responsible for every aspect of security.

Cloud services allow organizations to focus on innovation rather than infrastructure, but it’s important to note that the different cloud service models come with a set of responsibilities for the user and the cloud service provider. This is what’s called the shared responsibility model of cloud security.

While cloud services offer convenience, it doesn’t necessarily mean that implementing a cloud workload is a “plug and play” affair. A company’s IT staff should take the time to learn all the settings and permissions of its cloud service and take advantage of any integrated security features. While this might take some time and effort on the part of the IT staff, it is necessary for securing the platform.

Businesses that are just starting to use the cloud for their operations might assume that default configurations are good enough to prevent their workloads from being compromised. However, default configurations often offer very basic or even nonexistent security. 

Organizations should thoroughly check their existing credentials and permissions to confirm that access to their workloads is limited to those who should have it. Setting up multi-factor authentication also provide an extra layer of security.

A common mistake organizations make when it comes to their cloud assets is assuming that a properly configured cloud will always remain so. With the number of users accessing the cloud, any change could expose stored assets. For example, an employee may be able to create a new folder that doesn't require security credentials. The organization may not notice misconfigured settings without proper auditing and monitoring.

The large number of users accessing the cloud can make it difficult to manage. Many cloud service providers offer logging tools that can help organizations see what is happening in the cloud. These tools can also alert IT staff of any unauthorized access or attack attempts.

Implementing strict user access minimizes the chance of exposed assets and compromised data. For example, human resource personnel should not have access to accounting data, nor should sales teams have access to IT logs. Businesses should consider network segmentation when configuring their cloud, as this minimizes the risks in case they become targets of attacks.

Businesses looking to maximize their cloud security can also look into solutions that can bolster the integrated security features offered by cloud service providers. The best security solutions are those that can offer a complete package of features that include threat detection, network intrusion prevention, and security management.

The Trend Micro Deep Security for Cloud solution can provide proactive detection and prevention of threats, while Hybrid Cloud Security offers optimal security for hybrid environments that incorporate physical, virtual, and cloud workloads. 

Businesses can also consider Trend Micro Deep Security as a Service, which is a dedicated protection system optimized for AWS, Azure, and VMware. It can help an organization’s IT department by securing servers without the need for any installations. It allows businesses to implement new upgrades without any downtime, and can instantly connect to the cloud and data center resources for proactive security measures.

Procurant acquires SureCheck to improve global food supply chain platform

Procurant, a Silicon Valley technology company transforming the global food supply chain, announced a definitive agreement to acquire the SureCheck mobile food safety solutions and monitoring business from ParTech Inc., a wholly owned subsidiary of PAR Technology.

Procurant offers companies in the food industry a cloud-based perishable food procurement system that enables trading partner collaboration, IoT and sensor data collection, mobile messaging and alerts, secure storage of critical documentation and the sharing of food safety data in public or private blockchains including the IBM Food Trust. 

Procurant is transforming the global food supply chain with technology to reduce waste, increase visibility, improve food safety and digitize business from production to consumption. The company was founded by industry veterans with decades of experience delivering solutions to growers, shippers, distributors, retailers and foodservice operators. Procurant is backed by GLP Properties (glprop.com) with US$66 billion of assets under management in real estate and private equity funds around the world.

The platform and its related applications help farmers, producers, shippers, distributors and retailers in their strategic planning as well as their day-to-day supply chain processes.

With the addition of SureCheck’s suite of mobile food safety and task management applications and devices, Procurant now offers customers a uniquely comprehensive, operations-focused end-to-end food supply chain solution. The SureCheck suite is now part of a continuum of solutions that leverage a single, global platform designed for the unique requirements of the food industry.

All Procurant solutions benefit from the strengths of a shared infrastructure that includes scalability at consumer performance levels, from the user interface to business logic to storage; mobile as an integral part of the platform, with a focus on managing by exception; and blockchain options that route data to both public and private distributed ledgers.

“The combination of SureCheck’s leading mobile food safety and task management products with Procurant’s food supply chain platform creates a solution unmatched in this industry,” said Eric Peters, CEO of Procurant. “With food safety and visibility across the supply chain becoming ever more critical, Procurant’s innovative approach will help our customers move beyond simple homegrown systems of the past for better visibility, control and trust from farms to consumers.”

MOL Group strengthens alliance with MobileIron to drive business efficiency and growth for on-demand scalability, security, availability

MobileIron announced that it has extended its long-term relationship with MOL Group (MOL), an integrated, multinational oil and gas company headquartered in Budapest, Hungary. MOL Group will transition from MobileIron Core to MobileIron Cloud to get the benefits of full-service unified endpoint management (UEM) in the cloud.

By moving to MobileIron Cloud, MOL Group will benefit from on-demand scalability and enhanced ROI. MOL Group will be able to instantly scale its UEM deployment as business needs change, eliminate long hardware procurement planning cycles and costs, and get automatic updates and access to new features as soon as they become available. 

MOL Group will also be able to minimize hardware costs by eliminating the need to maintain on-prem hardware, reduce data center hardware footprint to virtually zero, and reallocate IT resources from hardware maintenance to more strategic tasks.

S&T Consulting Hungary Ltd., an authorized MobileIron partner, will continue to deliver MobileIron’s products to MOL Group and integrate them within existing corporate systems.

MOL Group is an integrated, international oil and gas company, headquartered in Budapest, Hungary. It is active in over 40 countries with a dynamic international workforce of 26,000 people and a track record of more than 100 years in the industry. MOL’s exploration and production activities are supported by more than 75 years’ experience in the hydrocarbon field. At the moment, there are production activities in 8 countries and exploration assets in 13 countries. 

MOL Group operates four refineries and two petrochemical plants under integrated supply chain management in Hungary, Slovakia and Croatia, and owns a network of 2,000 service stations across 10 countries in Central & South Eastern Europe.

“Over the past few years, MobileIron’s zero trust platform has dramatically improved our mobile productivity,” said Peter Varga, Group CTO/CISO at MOL Group. “Employees can quickly and securely access the resources they need every day, while IT has improved visibility and control across the mobile fleet. We’re confident that MobileIron’s platform will continue to help us meet our mobile security goals, particularly as we migrate to cloud-based infrastructures and services.”

“It’s been exciting to help MOL Group successfully optimize their workflows on secure mobile devices,” said Simon Biddiscombe, CEO, MobileIron. “We look forward to continuing to help MOL Group meet their mobile security needs and migrate to the cloud, without sacrificing productivity. We’re committed to delivering a secure work experience, and helping our customers drive business efficiency and growth.”

SnapLogic extends alliance with Databricks to boost data lake reliability; analyze big data workloads in the cloud

SnapLogic has expanded its partnership with Databricks with new support for Delta Lake, the open source storage layer created by Databricks that brings reliability to traditional data lakes. 

Together, the joint solution helps customers accelerate the integration, transformation, and processing of big data workloads into Delta Lake, increasing data quality and accelerating the time to value of advanced analytics and machine learning initiatives.

Delta Lake provides ACID transactions, scalable metadata handling, and unifies streaming and batch data processing. Delta Lake runs on top of existing data lake and is fully compatible with Apache Spark APIs. Delta Lake on Databricks allows users to configure Delta Lake based on their workload patterns and provides optimized layouts and indexes for fast interactive queries.

Delta Lake sits on top of Apache Spark. The format and the compute layer helps to simplify building big data pipelines and increase the overall efficiency of the pipelines.

Organizations are increasingly investing in data lakes to gain actionable insights into their growing data assets. However, the high volume and complexity of data often results in data quality, reliability and performance issues. 

Together, SnapLogic and Databricks are removing these roadblocks by providing a low-code, visual paradigm for data engineers to create and process data pipelines that leverage the full power of Delta Lake — including features like ACID transactions, scalable metadata handling, schema enforcement, and batch and streaming support.

“Databricks and SnapLogic are committed to delivering product innovations that help organizations reduce the time, effort, and skills needed to manage their big data initiatives so they can quickly turn their data into meaningful insights that drive the business forward,” said Craig Stewart, chief technology officer, SnapLogic. “By teaming up with Databricks, we aim to remove the key technical barriers to data lake and big data management so our customers can accelerate their analytics and machine learning initiatives and focus on delivering real business value.”

Rackspace chooses Armor to deliver improved security for hybrid cloud environments

Rackspace announced that it has selected Armor, provider of cloud security-as-a-service solutions, to deliver security for hybrid cloud environments to customers worldwide. Armor’s next-generation cloud security platform, Armor Anywhere, will be integrated into Rackspace’s comprehensive portfolio of security services for all major private and hyperscale public clouds, creating complete hybrid cloud security solution on the market.

The Armor Anywhere service uses an agent installed across on-premise, cloud, or hybrid environments. The Armor Anywhere agent uses ideal security capabilities to secure the environment. 

Once installed, the Armor Anywhere agent defends the environment at the host level, monitoring inbound and outbound traffic, gathering logs, monitoring changes to critical les, and providing customers with patch status and updates. The Armor Anywhere agent is lightweight and can be deployed in under 2 minutes.

Security results from the Armor Anywhere agent provide valuable data to Armor’s SOC, where experts manage and secure systems and workloads—monitoring both inbound and outbound traffic at the host—and identify malicious threats in real-time to enable quick response and containment before larger issues occur.

Armor Anywhere is made up of multiple detection tools which are deployed into a customer’s IT environment via a lightweight software component. The platform collects, correlates and analyzes millions of events and logs from various network and cloud native tools to produce enriched, correlated event data, which is ready for triage and action from Rackspace’s security experts.

Rackspace offers a comprehensive portfolio of security and compliance services for all major private and hyperscale public clouds – including 24x7x365 proactive threat detection and response services from Rackspace’s global Security Operations Center (SOC), with locations in San Antonio and London. 

Rackspace integrates with all of the hyperscale cloud control planes to offer customers hybrid cloud security capabilities, including, but not limited to, host and network protection, threat intelligence and security analytics, log management, vulnerability scanning, and compliance assistance services.

“To handle threats effectively, enterprises need a platform that consolidates threat intelligence, security analytics, alerts and response,” said Vikas Gurugunti, EVP and GM, Rackspace Solutions and Services. “Rackspace’s security services, coupled with the powerful detection and analysis capabilities of Armor Anywhere, will give our customers a high-quality security solution focused on hybrid cloud security outcomes. This new collaboration ensures that we accelerate the value of the cloud and deliver Fanatical Experience during every phase of our customers’ digital transformation.” 

“Armor is honored to be working with Rackspace,” said Armor CEO Mark Woodward. “Rackspace goes beyond simply helping organizations manage their IT infrastructure and migration to the cloud. They are a proven leader in helping customers securely transform their entire organization across every phase of their digital journey. Armor’s market-leading cloud security solutions have successfully helped to protect organizations’ sensitive data for 10 years. By working together, I am confident that Rackspace will have the most comprehensive, secure and business-enabling managed cloud security services in the market.”

The integration of Armor’s technology and capabilities into Rackspace’s security service offerings will be made available to customers in 2020. 

Uplevel delivers SD-WAN to small business; gives high-quality VoIP, reliable Internet and 75 percent savings

Uplevel Systems now offers software-defined Wide Area Network or "SD-WAN" capabilities optimized for small to medium businesses (SMBs). SD-WAN traditionally involves replacing costly telecom services with cost-effective Internet connections between sites. 

Smaller companies find SD-WAN cost-prohibitive because most offerings include advanced features and other "bells and whistles" they must pay for but do not need. In practice, the prospective cost savings also may be compromised by poorly performing Internet connections or call quality between sites.

The Uplevel solution optimizes SD-WAN for small business in four critical ways, including ensuring call quality for voice over Internet Protocol (VoIP). Phone systems are still the lifeblood of many small businesses and voice call quality is highly sensitive to delays of mere tenths of a second. 

Uplevel's integrated managed service platform includes built-in VoIP quality of service (QoS) mechanisms that ensure voice calls always receive priority over data and other "best effort" transactions and also eliminate packet loss that can lead to poor call quality. 

Uplevel delivers a targeted and reliable small business SD-WAN solution that removes both cost and complexity to deliver the features and benefits SMBs need. Uplevel eliminates traditional upfront costs of approximately $1,000 per site and reduces ongoing costs by 75 percent or more versus traditional solutions. 

Along with adding failover and load balancing optimizing quality and reliability, the Uplevel solution reduces upfront equipment costs by up to $3,000 per site. Users can log in safely using secure virtual private network (VPN) services and cloud-based management allows MSPs to manage multiple sites in real time from anywhere on the device of their choice. 

The Uplevel solution enables two SD-WAN mechanisms for improving and maintaining reliability: "Failover" whereby companies purchase a second Internet connection to provide backup, and "load balancing" in which two primary Internet connections remain in use at all times with traffic distributed to achieve the desired bandwidth at the lowest possible cost.

Morpheus Data links hybrid cloud and container gap with VMware automation and AWS cloud native services

Building on momentum from its recent v4.0 software release for Kubernetes, Morpheus Data released another major set of new features – this time focused on helping VMware customers simplify hybrid cloud automation and avoid the lock-in from hypervisor focused approaches.

VMware users who want to quickly realize the benefits of multi-cloud automation can now simplify automation while leveraging existing tools with Morpheus integration with vRealize Orchestrator workflows and VMware NSX enhancements.

It also takes advantage of VMware on AWS without limiting automation options via Morpheus support for VMC on AWS in addition to dozens of other clouds; and quickly modernize legacy apps and enable new innovation with secure access to hundreds of AWS services directly from the Morpheus catalog.

VMware has long been a key technology in the datacenter, but many still struggle to turn it into the elastic and on-demand private cloud that it could be; this challenge is contributing to growth in public clouds like AWS. A need to better manage both on-prem platforms and public clouds is evident in a recent 451 Research survey where 62 percent of enterprises identified hybrid cloud as their go-forward strategic IT approach.

Morpheus v4.1 eliminates the need to choose between these options by now adding VMware Cloud on AWS to the dozens of clouds already supported. All existing features supported for vCenter on-premises are instantly available for customers who want to add VMware on AWS. Clouds in Morpheus can be scoped and exposed to specific tenants, groups, and user roles to enable governance and hybrid application lifecycle management.

AWS currently holds approximately 33 percent of the public cloud market and is on an annual run rate of over $30 billion. Much of the growth beyond basic compute and storage as a service comes from access to hundreds of cloud-native application services including analytics, blockchain, database, machine learning, and IoT.

With Morpheus v4.1, Ops teams can use Morpheus for secure role-based access and policy enforcement while still giving developers access to cloud-native application services from AWS. Leveraging Morpheus integration with AWS CloudFormation, applications like Elasticsearch, DynamoDB, ElastiCache, and hundreds more can be added to the Morpheus service catalog and blueprinting engine or accessed via API and CLI.

ConvergeOne updates managed services lineup with Digital Infrastructure Manage Offering powered by OnGuard

ConvergeOne announced Thursday that it has expanded its managed services portfolio with the launch of its Digital Infrastructure Manage offering powered by OnGuard. 

With ConvergeOne's Digital Infrastructure Manage offering, customers receive purpose-built Managed Services that deliver proactive fault identification, isolation and avoidance, enabling ideal operational experience for their enterprise networking and data center infrastructures. 

ConvergeOne Manage combines ITIL-based best practices delivered by highly skilled engineers using ConvergeOne's custom developed OnGuard 7 management platform with intelligent threat detection and advisory services from Alert Logic, providing the most proactive and complete enterprise networking and data center offering in the market. 

The Digital Infrastructure Manage offering utilizes ConvergeOne's custom developed management and AIOps platform, OnGuard. For years, OnGuard has been the trusted tool to deliver ConvergeOne Managed Services in voice, unified communications, contact center and video environments, with thousands of unique devices across hundreds of customers this year itself. 

ConvergeOne's new OnGuard 7 update provides a standardized platform of tools, services, and automation that extends to customers' enterprise networks and data centers.

ConvergeOne's Digital Infrastructure Manage offering and OnGuard managed services platform have been designed to address the rapidly evolving IT landscape, which features public, private, and hybrid clouds; software-defined environments; higher demands on networks; and increased network and data security monitoring requirements. 

While IT administrators often struggle to keep up with these changes, outsourcing to third party service providers or purchasing new service management tools tend to be expensive and complicated to implement and maintain. ConvergeOne's offerings are unique, enabling customers to maintain their infrastructures at peak performance and availability in a cost-effective, adaptable and transparent manner.

Earlier this month,  ConvergeOne announced that it has extended its Unified Communications as a Service (UCaaS) solution into the mid-market segment with the launch of its ConvergeOne Cloud Experience (C1CX) Mid Market offering.

C1CX provides a secure, scalable, and comprehensive collaboration experience that changes the way people communicate, share content, and manage projects—all with the goal of getting more done with less. C1CX Mid Market for UCaaS consists of two Powered by Solutions - Powered by Avaya and Powered by Cisco. 

ConvergeOne also partners with RingCentral.