floppy discWhen I was in college, the data storage and transfer medium of choice was the lowly 3.5″ floppy disk. Holding a whopping 1.44MB, I ferried many a research paper, HTML file and other files from the PC in my dorm room to the various labs across campus. Lose that disc – lose everything.

When I was working in the new media center at Duquesne University as a junior, we had lots of new fancy equipment including these new inventions like a CD burner that needed a caddy and these new drives that used expensive media called Zip Disks that could hold an unheard-of 100MB. Nevermind that whole click of death thing, this was amazing. I got a drive at home so I can take home game demos and Nine Inch Nails videos (no HD or Youtube in the late 90’s.)

At HighEdWeb 2005 in Rochester, I won a door prize of a 256MB flash drive. It was smaller than a ZIP disc and could hold so much more stuff. Photoshop files, photos, music. It was an exciting new world. I had more portable storage in my hand than was in the computer I had in college.

I’ve gone through countless flash drives over the years, ranging from 2GB to 32GB and I’m writing this on a Macbook Pro with a 128GB SSD drive. Other than a fan, there are no moving parts in this laptop. It’s amazing.

I’ve quickly filled up that SSD drive with videos, music and InDesign files, so this week I purchased a 64GB MicroSD card and a Nifty Drive so I could have some semi-permanent storage for some of the larger files I don’t access too often.

As I was installing this little piece of plastic into a similarly small piece of aluminum and then putting that combination in this unimaginably thin laptop and magically getting a ton more storage on my laptop, I thought about how far we’ve come-how far technology has come-when it comes to storage, size and portability. Cliché? Maybe a little, but think about it – it would take almost 655 ZIP discs to equal the storage I now have on a MicroSD card that weighs 1/3oz?

hewtSD

But what’s the future of removable storage? Will we need it in the future? I use Dropbox to share files and collaborate, Google Docs for writing and spreadsheets, and Amazon to back up and serve content for this website. I love the cloud, but the recent Gmail outage only goes to show you can’t control it. And let’s not get started on all the conversations going on now with security and privacy.

For now, both me and my MacBook Pro are happy with our new fancy, little MicroSD card. Somewhere a zip disk is crying.

Google One Logo

Google is morphing it’s long-standing Google Drive program into a new offering called Google One.

I’ve written for years about cloud storage. It’s been very interesting to watch as prices fall and storage allowances increase.

According to TechCrunch and Fast Company, Google is relaunching its Google Drive product as the new Google One. This new program will continue to offers its 100GB of storage for $2 plan they currently offer, but will add a 200GB plan for $3. The 1TB plan, which sells for $10 per month, will increase to 2TB.

FastCompany wonders if Google One and this new storage offering is the first part of a larger offering.  They say:

This sounds like the start of a broader Google subscription plan that bundles many services together, in a way that might compete with Amazon Prime.

I use Gmail, Google Calendar, Maps, and several of their APIs, and I could be interested in a larger subscription plan. As an iPhone user (and Spotify subscriber), I’m not part of the Android ecosystem so if there are mobile components to this plan, that would mean less to me. One nice part of this new plan, TechCrunch says, is the storage can be shared with family members.

So when can you take advantage of these new plans? That’s not exactly clear. From TechCrunch:

Over the course of the next few months, Google will upgrade all existing storage plans to Google One accounts starting in the U.S., with a global rollout after that. Google also tells me that it will roll out a new Android app to help users manage their plans (not their files).

Speaking of being an iPhone user, I am slightly encouraged to see Apple not falling too far behind in these storage wars. I am happy to pay a dollar a month to backup all the iOS devices in my home. I’m not letting them off the hook though, they have a long way to go to catch up with some of the other players.

Provider2GB5GB10GB15GB20GB50GB100GB200GB1TB2TB
Google DriveFREE$1.99$2.99$9.99$9.99
DropboxFREE$9.99
Apple iCloudFREE$0.99$2.99$9.99
Box.netFREE$10
Microsoft SkyDriveFREE$1.99$6.99*
SugarSync$7.49$55.00

Editors Note: I’ve been writing a lot about application and web security quite a bit lately, and that’s on purpose. There’s never been more attacks on our personal and private information.  These attacks are comging from not only lone hackers but also from state-supported groups and intelligence agencies. This guest post gives a good overview of what’s been going on and a little on the tactics we can take to combat these activities. This isn’t an exhaustive treatise on how to secure your applications. It’s more an intro course on the topic. It’s a springboard for you to dive into this vast and quickly-evolving world.


Application Security — Cutting Edge Or Critical Failure?

How secure are your applications? While you might be confident about apps designed in-house, what about third-party software for desktops or mobile apps made using open-source code? Are current application security methods doing enough to meet the threat of cutting-edge cybercriminals, or are companies facing critical failure?

Continuing Compromise

At the beginning of March, information-sharing site WikiLeaks published what could be the largest release of CIA documents on record, if the 7818 pages and 943 attachments actually belong to the spy agency.

Non-denial denials aside, however — according to spokesman Don Boyd, “We do not comment on the authenticity or content of purported intelligence documents.” The released data contains a number of application attacks that could presumably net access to almost any device around the world. For example, some files contained instructions for compromising computer applications such as Skype, commercial antivirus programs and even PDF files. Applications such as “Wrecking Crew,” meanwhile, could crash targeted computers while others claim the ability to breach both Apple and Android smartphones, in turn bypassing the encryption offered by tools like WhatsApp, Signal or Telegram. It doesn’t stop there, though. A program code-named “Weeping Angel” — which the documents claim was developed in partnership with British intelligence — supposedly used Samsung smart televisions to listen in on conversations even when the device appears to be turned off.

There’s also another level of concern here: An authentic leak means that even CIA servers and storage solutions aren’t of reach for interested hackers. If the vaunted spy agency is at risk, what’s the downstream consequence for the average application or device?

Emerging Threats

While the WikiLeaks story may be top of mind given its high-profile target and potentially dangerous app attacks, it’s not exactly an outlier: Applications across multiple industries and government agencies are now under threat.

Consider the rise of connected-vehicle applications. Recent research suggests that Android-based connected car apps could be easily hacked if attackers gain access to rooted phones or convince users to download malicious files. Once in control of the car app, cybercriminals could leverage the tool to gain physical access without setting off the alarm. Seven of nine car apps tested were vulnerable. Research firm Kaspersky noted that the problem didn’t stem from code flaws but a simple lack of defense. According to security researcher Victor Chebyshev, these apps are “controlling very valuable things for the user, but they’re not thinking about security mechanisms.”

North of the border, meanwhile, the Canada Revenue Agency (CRA) was forced to temporarily shutter its online services and mobile applications after a vulnerability was discovered in Apache Struts 2, an open-source software tool that is widely used by government and private sector agencies alike. While there’s no evidence of lost or stolen data, it’s a sobering reminder that even popular (and presumably well-tested) applications can put companies at risk.

The Speed of Security

As noted by Dark Reading, the recent CIA breaches, vulnerable industry apps and open-source issues make the case for app security as “pre-industrial,” since it lacks the ability to handle attacks at scale, focuses mainly on vertical threats, and includes a “vast landscape of tools and point solutions.” Plus, without effective standardization and specification, these tools are ad hoc at best and may not successfully address the accelerating speed of security threats.

Top Tactics

The first step in shifting app security from critical failure to cutting edge? Identifying key threat vectors. For example, both DoS and DDoS attacks are on the rise, with 53 percent of security pros saying these threats are among their top concerns. In addition, 60 percent of apps are vulnerable to SQL injection, allowing hackers to gain access and take control. More than 50 percent of web applications still allow cross-site scripting (XSS) attacks. Companies aren’t doing themselves any favors when it comes to design and testing, with stock permissions and APIs opening the app door to hackers even as timid testing of apps assumes that internal code offers superior protection.

Bottom line? Apps are vulnerable and software security isn’t keeping pace. Pushing app protection into the present demands a hard look at current targets and a better understanding of top application threats.

For more information on application security threats and how to handle them, review the accompanying slideshow from Column Information Security.

Author bio: Nori De Jesus is Global Director of Marketing at Column Information Security. De Jesus brings more than 20 years of experience as an advent marketer and business strategist working with software manufacturers and launching proprietary software solutions into the market. With expertise in BPM and case management B2B marketing, she focuses on innovation and making a difference by maintaining agility as the technology climate continues to shift. De Jesus is an evangelist in educating buyers through their technology-purchasing journey via content and research.