IRS puts Equifax contract on hold during security review

NEW YORK (Reuters) – The U.S. Internal Revenue Service has temporarily suspended a contract worth more than $ 7 million it recently awarded to Equifax Inc following a security issue with the beleaguered credit reporting agency’s website on Thursday.

Equifax, which disclosed last month that cyber criminals breached its systems between mid-May and late July and made off with sensitive data on 145.5 million people, said on Thursday it shut down one of its website pages after discovering that a third-party vendor was running malicious code on the page.

“The IRS notified us that they have issued a stop-work order under our Transaction Support for Identity Management contract,” an Equifax spokesperson said on Friday.

“We remain confident that we are the best party to perform the services required in this contract,” the spokesperson said. “We are engaging IRS officials to review the facts and clarify available options.”

The IRS is the first organization to say publicly that it is suspending a contract with Equifax since the credit reporting agency’s security problems came to light.

Atlanta-based Equifax said its systems were not compromised by the incident on Thursday, which involved bogus pop-up windows on the web page that could trick visitors into installing software that automatically displays advertising material.

Still, the IRS said it decided to temporarily suspended its short-term contract with Equifax for identity-proofing services.

“During this suspension, the IRS will continue its review of Equifax systems and security,” the agency said in a statement. There was no indication that any of the IRS data shared with Equifax under the contract had been compromised, it added.

The move means that the IRS will temporarily be unable to create new accounts for taxpayers using its Secure Access portal, which supports applications including online accounts and transcripts. Users who already had Secure Access accounts will not be affected, the IRS said.

IRS granted the $ 7.25 million contract to Equifax on Sept. 29, weeks after Equifax disclosed the massive data hack that drew scathing criticism from several lawmakers.

“From its initial announcement, the timing and nature of this IRS-Equifax contract raised some serious red flags … we are pleased to see the IRS suspend its contract with Equifax,” Republican Representatives Greg Walden and Robert Latta said in a joint statement on Friday.

“Our focus now remains on protecting consumers and getting answers for the 145 million Americans impacted by this massive breach,” they said.

Government contracts in areas such as healthcare, law enforcement, social services, and tax and revenue, are major sources of revenue for Equifax.

In 2016, government services made up 5 percent of Equifax’s overall $ 3.1 billion in revenue, accounting for 10 percent of its workforce solutions revenues, 3 percent of its U.S. information solutions revenues, and 7 percent of its international revenues, according to a regulatory financial filing.

Reporting by John McCrank in New York; additional reporting by Dustin Volz in Washington; Editing by Bill Rigby

Tech

iCloud security: How (and why) to enable two-factor authentication

Given that so many of the details of our digital lives are either with us (on our smartphones) or easily accessible (via the web), you should be doing everything you can to protect that information and data. On iPhones and iPads, data is largely kept in a vault, sealed behind strong encryption and (hopefully) a strong password. Even if the device is lost or stolen, chances are good that encryption will keep data safe. (That vault is secure enough to frustrate even the FBI.)

Although iOS devices are designed and built to be secure, data is also stored and accessible online. With security breaches occurring routinely, your data is vulnerable to anyone in the world with an internet connection and a halfway decent browser. If a breach occurs and thieves gain access to your email and password, they can easily reset any account linked to that email, change the password, and lock you out of your own data.

To read this article in full or to leave a comment, please click here

Computerworld Cloud Computing

IDG Contributor Network: Cloud security: Trends and strategy

Cloud computing can generate mixed feelings. Corporate leaders generally welcome technologies that produce efficiency, agility and speed. Cloud services deliver those benefits, yet many are concerned about security, even while being often uninformed about how widely the cloud is used within their own businesses.

Executives of large companies, for instance, tell us that they are holding back on the cloud because of security concerns. But when our professional services teams engage with them, we generate log files and find evidence of large numbers of cloud services the company’s employees are using every day.

It is easy to understand the disconnect. Consider a simple example: a director of HR, tasked with filling several critical positions as quickly and confidentially as possible, turns to a low-cost SaaS recruiting tool. Job descriptions, resumes, cover letters, job offers and other documents are shared and possibly uploaded to a third-party server. Soon enough, candidates arrive for interviews. Mission accomplished, thanks to an efficient cloud-based business tool, with the C-suite never needing to know all the details.

To read this article in full or to leave a comment, please click here

CIO Cloud Computing

The 2 cloud security myths that must die

There seem to be two groups of people out there when it comes to cloud security: There are those who believe that public clouds are systemically unsafe, and those who believe clouds are impenetrable.

They’re both wrong. Both of these myths are dangerous, and so they need to die.

Kill this myth: If my data is in a public cloud, it’s inherently unsafe

The thinking goes like this: Because I can’t see it or touch it, others can steal it.

To read this article in full or to leave a comment, please click here

InfoWorld Cloud Computing

VeloCloud launches an SD-WAN security ecosystem

This column is available in a weekly newsletter called IT Best Practices.  Click here to subscribe.  

It’s a great time to be in the SD-WAN business. IDC estimates that worldwide SD-WAN revenues will exceed $ 6 billion in 2020, with a compound annual growth rate of more than 90% over the 2015-to-2020 forecast period. According to IHS, as of the end of 2016, 13% of North American enterprises already have the technology in production and 62% are in lab trials. By 2018, 82% are expected to be using SD-WAN.

Those are some pretty remarkable adoption rates for a technology that is still in its early days.

To read this article in full or to leave a comment, please click here

Network World Cloud

Juniper finds its head in the clouds; security is another story

In announcing its Q1 earnings yesterday Juniper company executives were delighted about the company’s returns on its cloud computing directions.

In the results conference call Juniper CEO Rami Rahim said cloud computing sales grew 25% year-over-year and noted that four of the company’s top 10 accounts were cloud-related. Specifically, the cloud vertical earned $ 331.6 million in the first quarter, over $ 264.8 million a year ago.

“As the industry evolves, cloud architectures are no longer the exclusive domain of the cloud providers. Customers across all verticals are developing strategies for moving to cloud service delivery models and this aligns with our strategy to power the cloud transformation,” Rahim said [Seeking Alpha has a full transcript of the call here]. “The cloud is a massive paradigm shift that is reshaping all industries, and I’m excited about the opportunity we have in front of us.”

To read this article in full or to leave a comment, please click here

Network World Cloud Computing

Taming the SaaS security wilderness

The security risk that I am most focused on right now is this: Shadow IT and the consumerization of IT have put too many employee work activities out of sight of the security department.

Employees at my company now use more than 90 cloud-based apps that I know of. Most of these are categorized as software as a service (SaaS). Many are corporate-sanctioned, meaning the business unit or IT went through a selection process to identify and procure an application, and my department was at least consulted. This list includes applications such as ADP for payroll, Salesforce, Workday, Oracle, WebEx, Google Docs, Microsoft Office 365 and SAP.

To read this article in full or to leave a comment, please click here

Computerworld Cloud Computing

IT pros agree: Security is better in the cloud

About 42 percent of IT decision-makers and security managers say they are running security applications in the cloud, according to a survey of about 300 IT security pros from Schneider Electric. Almost half of those surveyed said they are likely or extremely likely to move their security operations to the cloud in a few years.

In the survey, 57 percent of respondents believe the cloud is secure. The cloud has the most confidence in on-demand security, and that confidence is highest among IT professionals (78 percent). I’ve stated before that cloud security is better than on-premises security, but it’s nice to see external evidence backing that up. 

To read this article in full or to leave a comment, please click here

InfoWorld Cloud Computing

IT pros agree: Security is better in the cloud

About 42 percent of IT decision-makers and security managers say they are running security applications in the cloud, according to a survey of about 300 IT security pros from Schneider Electric. Almost half of those surveyed said they are likely or extremely likely to move their security operations to the cloud in a few years.

In the survey, 57 percent of respondents believe the cloud is secure. The cloud has the most confidence in on-demand security, and that confidence is highest among IT professionals (78 percent). I’ve stated before that cloud security is better than on-premises security, but it’s nice to see external evidence backing that up. 

To read this article in full or to leave a comment, please click here

InfoWorld Cloud Computing

The barrier to cloud security isn’t the technology

You want solid cloud security, so you work to find the best approach and technology. But that won’t get the job done.

The truth is that competent cloud security technology is available, and most IT organizations’ cloud teams are good at finding and using it. But cloud IT doesn’t exist in a vacuum, so having the right approach and technology alone won’t secure your cloud operations.

To achieve solid cloud security, departments across IT need to come together, both those that focus on legacy and those that focus on cloud computing.

To read this article in full or to leave a comment, please click here

InfoWorld Cloud Computing

N.C. wind farm goes live despite legislators’ claims it’s a national security threat

The first utility-scale wind farm in North Carolina is now fully operational even though the state’s top politicians wanted President Donald Trump to nix the $ 400 million project because they said it’s a national security threat.

Avangrid Renewables today announced the wind farm, sporting 104 turbines that are 50-stories tall, is now generating 670 megawatt hours (MWh), enough electricity for 61,000 homes. The wind farm is located in the northern part of the state and was built out across farm lands.

North Carolina Wind farm Avangrid Renewables

One of 106 wind turbines under construction as part a 670MWh farm that will power Amazon’s Virginia data centers.

To read this article in full or to leave a comment, please click here

Computerworld Cloud Computing