Skip to content

ESET Research discovers vulnerabilities in Lenovo laptops exposing users to risk of UEFI malware installation

  • Exploitation of these vulnerabilities would allow attackers to deploy and successfully execute UEFI malware such as LoJax and ESPecter.
  • UEFI threats can be extremely stealthy and dangerous.
  • Discovered vulnerabilities are: CVE-2021-3970, CVE-2021-3971, CVE-2021-3972.
  • ESET Research strongly advises all owners of Lenovo laptops to go through the list of affected devices and update their firmware.

BRATISLAVA — April 19, 2022 — ESET researchers have discovered and analyzed three vulnerabilities affecting various Lenovo laptop models. Exploitation of these vulnerabilities would allow attackers to deploy and successfully execute UEFI malware either in the form of SPI flash implants like LoJax or ESP implants like our latest discovery ESPecter. ESET reported all discovered vulnerabilities to Lenovo in October 2021. Altogether, the list of affected devices contains more than one hundred different laptop models with millions of users worldwide.

“UEFI threats can be extremely stealthy and dangerous. They are executed early in the boot process, before transferring control to the operating system, which means that they can bypass almost all security measures and mitigations higher in the stack that could prevent their operating system payloads from being executed,” says ESET researcher Martin Smolár, who discovered the vulnerabilities. “Our discovery of these UEFI so-called “secure” backdoors demonstrates that in some cases, deployment of the UEFI threats might not be as difficult as expected, and the larger amount of real-world UEFI threats discovered in the last years suggests that adversaries are aware of this,” he adds.

The first two of these vulnerabilities – CVE-2021-3970, CVE-2021-3971 – are perhaps more accurately called “secure” backdoors built into the UEFI firmware as that is literally the name given to the Lenovo UEFI drivers implementing one of them (CVE-2021-3971): SecureBackDoor and SecureBackDoorPeim. These built-in backdoors can be activated to disable SPI flash protections (BIOS Control Register bits and Protection Range registers) or the UEFI Secure Boot feature from a privileged user-mode process during operating system runtime.

In addition, while investigating the “secure” backdoors’ binaries, we discovered a third vulnerability: SMM memory corruption inside the SW SMI handler function (CVE-2021-3972). This vulnerability allows arbitrary read/write from/into SMRAM, which can lead to the execution of malicious code with SMM privileges and potentially lead to the deployment of an SPI flash implant.

The UEFI boot and runtime services provide the basic functions and data structures necessary for the drivers and applications to do their job, such as installing protocols, locating existing protocols, memory allocation, UEFI variable manipulation, etc. UEFI boot drivers and applications use protocols extensively.  UEFI variables are a special firmware storage mechanism used by UEFI modules to store various configuration data, including boot configuration.

SMM, on the other hand, is a highly privileged execution mode of x86 processors. Its code is written within the context of the system firmware and is usually used for various tasks including advanced power management, execution of OEM proprietary code, and secure firmware updates.

“All of the real-world UEFI threats discovered in the last years – LoJax, MosaicRegressor, MoonBounce, ESPecter, FinSpy – needed to bypass or disable the security mechanisms in some way in order to be deployed and executed,” explains Smolár. ESET Research strongly advises all owners of Lenovo laptops to go through the list of affected devices and update their firmware by following the manufacturer’s instruction.

For those using End Of Development Support devices affected by the UEFI SecureBootBackdoor (CVE-2021-3970), without any fixes available: one way to help you protect against unwanted modification of the UEFI Secure Boot state is to use a TPM-aware full-disk encryption solution capable of making disk data inaccessible if the UEFI Secure Boot configuration change.

For more technical information, check out the blogpost When “secure” isn’t secure at all: High-impact UEFI vulnerabilities discovered in Lenovo consumer laptops on WeLiveSecurity. Make sure to follow ESET Research on Twitter for the latest news from ESET Research.

About Version 2 Limited
Version 2 Digital is one of the most dynamic IT companies in Asia. The company distributes a wide range of IT products across various areas including cyber security, cloud, data protection, end points, infrastructures, system monitoring, storage, networking, business productivity and communication products.

Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, different vertical industries, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

About ESET
For 30 years, ESET® has been developing industry-leading IT security software and services for businesses and consumers worldwide. With solutions ranging from endpoint security to encryption and two-factor authentication, ESET’s high-performing, easy-to-use products give individuals and businesses the peace of mind to enjoy the full potential of their technology. ESET unobtrusively protects and monitors 24/7, updating defenses in real time to keep users safe and businesses running without interruption. Evolving threats require an evolving IT security company. Backed by R&D facilities worldwide, ESET became the first IT security company to earn 100 Virus Bulletin VB100 awards, identifying every single “in-the-wild” malware without interruption since 2003.

CyberLink Announces the Integration of Its FaceMe® Security Facial Recognition Software with AXIS Camera Station

The end-to-end integration brings FaceMe’s industry-leading facial recognition functionalities to AXIS camera and VMS setups, fusing live stream monitoring and group tagging in a seamless solution

TAIPEI, TAIWAN — April 15, 2022 — CyberLink Corp. (5203.TW), a pioneer of AI and facial recognition technologies, today announced an important update to its facial recognition security software, FaceMe® Security. FaceMe Security now integrates with AXIS Communications’ AXIS Camera Station VMS (video management software), creating a robust, unified platform that brings facial recognition to AXIS’s security and access control applications. With this solution, users can now layer person-of-interest detection, group tagging and management, and visitor summaries on top of existing IP surveillance configurations with AXIS cameras and VMS.

AXIS is a global market leader in intelligent security solutions, integrating network cameras, video recorders, workstations, and video management systems. AXIS Camera Station is an easy-to-use, efficient VMS platform offering video surveillance and access control applications. Its intuitive interface and extensive compatibility make it an excellent fit for FaceMe® Security, a value-added smart surveillance software solution powered by CyberLink’s highly-ranked and precise FaceMe® AI facial recognition engine.

The unified platform, combining FaceMe’s real-time facial recognition to the AXIS Camera Station interface, delivers a unique, efficient and powerful monitoring solution. One operator can visualize up to 36 camera feeds on one screen. They can then rely on the facial recognition console running on a second display to receive real-time alerts. These alerts are triggered when individuals associated to a managed group (e.g., VIP, blocklists, employees) appear in front of a connected camera located in an area or at a time potentially requiring a certain action to be taken.

“Smart video management software is becoming an essential component to security and access control systems,” said Dr. Jau Huang, CEO of CyberLink. “Adding the facial recognition capabilities of FaceMe to the AXIS Camera Station enables a powerful, highly automated security monitoring environment, running on one intuitive platform.”

For an introduction to the FaceMe®-AXIS integration’s new features, visit the FaceMe® Security website or watch the introduction video.

About Version 2 Limited
Version 2 Digital is one of the most dynamic IT companies in Asia. The company distributes a wide range of IT products across various areas including cyber security, cloud, data protection, end points, infrastructures, system monitoring, storage, networking, business productivity and communication products.

Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, different vertical industries, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

About CyberLink
Founded in 1996, CyberLink Corp. (5203.TW) is the world leader in multimedia software and AI facial recognition technology. CyberLink addresses the demands of consumer, commercial and education markets through a wide range of solutions, covering digital content creation, multimedia playback, video conferencing, live casting, mobile applications and AI facial recognition.  CyberLink has shipped several hundred million copies of its multimedia software and apps, including the award-winning PowerDirector, PhotoDirector, and PowerDVD.  With years of research in the fields of artificial intelligence and facial recognition, CyberLink has developed the FaceMe® Facial Recognition Engine. Powered by deep learning algorithms, FaceMe® delivers the reliable, high-precision, and real-time facial recognition that is critical to AIoT applications such as smart retail, smart security, and surveillance, smart city and smart home. For more information about CyberLink, please visit the official website at www.cyberlink.com

ESG Study Reveals Granular and Air-gapped Backup Are Key in Data Recovery After a Ransomware Attack

Nearly 90 percent of respondents admit that not all mission-critical data is protected from cyberattacks.

Copenhagen, Denmark – April 19, 2022 – Granular and air-gapped backup are critical to data recovery, when, not if, a business falls victim to ransomware. Those are among the key takeaways from a new Enterprise Strategy Group (ESG) study, titled “The Long Road Ahead to Ransomware Preparedness”, which surveyed information technology (IT) and cybersecurity professionals working within organizations across North America and Western Europe.

According to the report’s findings, while ransomware attacks aren’t always made public, they are a common occurrence and represent both a significant and recurring source of business disruption. Among the more than 600 respondents, 79 percent experienced a ransomware attack within the last year, with 17 percent experiencing attacks weekly and 13 percent experiencing attacks daily. 

More than three-quarters (79 percent) of the survey’s respondents said they categorize ransomware preparedness as being within the top five on their list of overall business priorities,

“Organizations are building their own individual strategies and processes in response to a lack of industry reference architecture or a blueprint for ransomware protection,” Christophe Bertrand, Practice Director at ESG. “The results of this report serve as a critical step in understanding the most important components of data recovery after a ransomware attack, and it is our hope that organizations can use this as guidance as they work towards preparedness.”

“The Long Road Ahead to Ransomware Preparedness” includes responses from 620 IT and cybersecurity professionals tasked with protecting against ransomware attacks at midmarket and enterprise organizations in North America (the United States and Canada) and Western Europe (UK, France, and Germany).

The study, sponsored by Keepit, the world’s only vendor-neutral and independent cloud dedicated to Software-as-a-Service (SaaS) data protection based on a blockchain-verified solution, sought to identify proactive and reactive strategies employed by organizations to guard against the ransomware threat, analyze ransomware mitigation best practices and identify how organizations are prioritizing and planning to mitigate the ransomware threat in the coming 12 to 18 months.

Other Key Findings Include: 

  • 56 percent of respondents admitted to having paid a ransom to regain access to their data, applications, or systems but only 14 percent got all their data back following payment. 
  • Only 1 in 7 organizations report protecting more than 90 percent of their mission-critical applications from cyberattacks.  
  • 39 percent of successful ransomware attacks impact cloud data, and 40 percent impact storage systems.   

Additionally, some trends identified in the study include:  

  • Cloud and storage systems are the most common ransomware targets across the board. 
  • Granular data restores are widely preferred as a best practice over full rollback restores. 
  • Granular and air-gapped backup have emerged as best practices among industry leaders, with hybrid methodologies favored. 
  • Backup is the clear leader for cyber recovery strategy and can empower organizations to refuse to negotiate with ransomers. 

“Public cloud infrastructure has become a destination of choice for data backup, which means that cloud data is increasingly becoming a target for cybercriminals who really want to render businesses inoperable. Organizations are concerned that their backup copies could be corrupted by ransomware attacks and protecting backup copies is a key prevention tactic,” said Jakob Østergaard, CTO at Keepit.  “Our strategy is to build in security from the ground up with immutable, blockchain-verified technology, encryption, and air-gapping, and the ESG study clearly documents how.” 

As an alternative to ransom paying, the ESG study revealed that air-gapped backup and the ability to granularly restore data have emerged as best practices among industry leaders, with hybrid methodologies favored. In the context of backing up cloud data, this means allowing the backup or recovery copies to be physically and logically separated from the rest of the network.

Air-gapping is a time-tested solution that allows backup or recovery data copies to be housed separately from the rest of the network. It is becoming a “must-have” technology when it comes to keeping cloud data out of reach of cybercriminals.  The ESG report demonstrates that IT leaders will be looking for these capabilities in their current and future backup solutions, which must be hybrid to support on-premises, cloud-only, or a combination of deployment topologies.

Access the Report

About Version 2 Limited
Version 2 Digital is one of the most dynamic IT companies in Asia. The company distributes a wide range of IT products across various areas including cyber security, cloud, data protection, end points, infrastructures, system monitoring, storage, networking, business productivity and communication products.

Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, different vertical industries, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

About Keepit
At Keepit, we believe in a digital future where all software is delivered as a service. Keepit’s mission is to protect data in the cloud Keepit is a software company specializing in Cloud-to-Cloud data backup and recovery. Deriving from +20 year experience in building best-in-class data protection and hosting services, Keepit is pioneering the way to secure and protect cloud data at scale.

How to Protect Cloud Environments Against Cyberattacks?

Cloud computing makes it possible to access files and applications over the internet without them being on local computers. This concept became popular in 2008 but refers to the solutions envisioned in the 1960s.

Being currently widely used, especially due to remote work – which has intensified with the covid-19 pandemic, cloud environments bring several advantages to users but require specific security measures to avoid cybersecurity problems, such as unauthorized access to data and the action of malicious agents.

For this reason, we prepared an article to explore what should be done to protect cloud services from major risks. To facilitate your understanding, we divided our text into the following topics:

  • What is a Cloud Environment?
  • Why Have Companies Opted for Cloud Solutions?
  • Main Risks Faced by Cloud Environments
  • 14 Tips for Keeping Secure in Cloud Environments
  • Learn the History of Cloud Environments
  • About senhasegura
  • Conclusion

Enjoy your reading!

  • What is a Cloud Environment?

Cloud environments are the virtual space that can be shared between people who are physically distant through an infrastructure that enables the communication between devices and data centers across the globe. 

Because of its ability to store these files, the cloud environment allows one to reduce hardware costs while expanding access to memory and processing resources. Moreover, it ensures more dynamism and productivity in the daily life of organizations and can make their operations fully digital.

There are some existing deployment models, which we will explain below:

  • Private clouds: In this cloud deployment model, hosting occurs privately, through a company’s own resources, and without sharing with other organizations.

In practice, companies use tools to have exclusivity in the operation of server infrastructure, which generates benefits such as flexibility and security. On the other hand, it is a service that can have a high cost.

    • Public clouds: Public clouds are those that users share, such as Google Cloud Platform, Amazon Web Services (AWS), and Microsoft Azure, which are the services most used by companies around the world. Their main advantage is that they are services with more affordable prices or even free-to-use. However, they do not offer the same security, flexibility, and possibility of customization as is the case with private clouds. 
  • Hybrid clouds: In turn, hybrid clouds consist of the combination of public and private clouds to meet the demands of a company. With this, organizations must choose which data to direct to each available cloud environment. This integration allows taking advantage of both models. 
  • Multi-clouds: The multi-cloud environment depends on the performance of several cloud providers to be considered. This can be very useful for companies since it allows them to take advantage of what each service offers best and avoid downtime — since all services may fail at some point.

It also allows them to reduce latency, enabling companies to choose the clouds located near their customers to ensure a better experience.

When we talk about cloud environments, it is also important to think about service models, which are complementary. These are:

  • Infrastructure as a Service (IaaS)

The great purpose of IaaS is to design an on-demand, multi-tooled, and easy-to-use cloud environment. This cloud layer is often used to create operating systems, as well as machines and virtual memories, among others. 

  • Platform as a Service (PaaS)

PaaS is composed of hardware that is virtualized and offered by providers as a specialized service. It allows one to perform tests and analysis of data and develop operations, and they are very useful to developers who need to integrate tests and applications, in addition to inserting frameworks.

  • Software as a Service (SaaS)

SaaS is widely used by the end-user when they access emails or applications such as CRM and ERP. Therefore, it is considered an external layer of cloud environments

  • Why Have Companies Opted for Cloud Solutions?

Many organizations have already adopted cloud environments in their daily routine due to the numerous advantages this feature offers. Below, we explain some of its benefits.

  • Cloud Environments Enable Data Loss Reduction 

Several factors can cause data loss, including natural disasters, power outages, and infrastructure problems. However, with cloud environments, it is possible to easily recover this data even remotely.

Thus, it is not necessary to interrupt your company’s activities for a long period, which could impact revenue.

  • Working with Cloud Resources Promotes More Security

Cloud environments have features that provide more security to data, such as encryption, which can make it difficult for malicious agents to operate, as it prevents unauthorized users from viewing documents.

  • Business Expansion Can Be Facilitated by This Solution

A company may need more space to run systems and store data as it expands. Cloud environments enable this expansion without the need to invest in many resources. 

  • It Is Possible to Reduce Costs with Cloud Environments

By using cloud environments, your company can reduce the number of costs, including the remuneration of professionals who make up a robust technology support team. In addition, it is possible to eliminate expenses with licenses and software and hardware updates.

  • Cloud Environments Provide More Agility to Work

With files stored in the cloud, their sharing is more dynamic, which provides agility to operations. Moreover, it ensures flexibility: your employees can access the data even if they are working remotely or traveling. 

  • IT Teams Have More Time to Devote to the Company’s Core Business

Several services are provided by cloud providers, exempting internal IT teams from worrying about these activities. As a result, they have more time to devote to the technology strategies associated with the organization’s core business. 

  • Technology Upgrades Become Easier and Less Costly 

Approximately every three years, it is necessary to upgrade the storage systems and migrate the data. This process is time-consuming and can be quite costly for those who do not use cloud environments. 

However, with data stored in the cloud, this upgrade becomes easier and has a more affordable cost. Simply add new nodes to the system, which reduces downtime. 

  • Main Risks Faced by Cloud Environments

Cloud environments must have the necessary support to provide security to the end-user. This is because this infrastructure is not immune to risks. The following are some challenges for those who deal with cloud resources:

  • With the covid-19 pandemic, many companies started using cloud services in most of their activities due to the significant number of professionals who started working remotely.

Therefore, the tendency is for support services to be overwhelmed, as traffic on the networks that connect these professionals to cloud resources increases.

Therefore, it is necessary to rely on a cloud provider capable of managing this load increase and offering uninterrupted service to the customer. 

  • When supporting cloud environments, providers should consider online events instead of face-to-face meetings, which have also increased with the covid-19 pandemic. It is possible, for example, to partner with telecommunications providers, increasing cloud support for these services.
  • It is also necessary that cloud providers are efficient enough to compensate for the cuts made throughout the pandemic with IT services.
  • Another important challenge is to understand how cloud services are used by organizations to establish policies that ensure their protection while providing ease of use and flexibility.
  • It is essential to keep in mind that cloud services and local area networks present different demands when it comes to security. In the case of cloud environments, the risks are more complex. Therefore, assessing these risks is part of the best security practices.
  • Working with cloud solutions makes operations more dynamic and faster, but IT departments must have visibility into the activities performed using the cloud to protect the interactions that occur in that environment.
  • One of the most common problems of companies using the cloud environment is incorrect configuration, which generates security vulnerability. These mistakes or important settings being ignored can be discovered by malicious users, causing financial losses and numerous other inconveniences. 
  • These attacks include Cryptojacking, which involves unauthorized operations with cryptocurrencies; E-skimming, which allows attackers to have access to data from visitors of the company’s website, damaging their reputation; and unauthorized access, which can result in theft of data for various purposes, such as selling it to other cybercriminals.
  • It is important to take the opportunity to design cloud code when addressing your requirements, protecting each relevant area in order to avoid the risks we have mentioned.
  • It is also critical to inspect network traffic and ensure security through virtual patching to combat vulnerabilities.

  • 14 Tips for Keeping Secure in Cloud Environments

Here are some tips to ensure cybersecurity in cloud environments:

  • Adopt the Hybrid Cloud Model

One of the possibilities for those who do not want to migrate all the data from the organization to the cloud environments is to opt for the hybrid cloud model, widely used by IT managers. 

This makes it possible to strategically direct some files to internal servers and others to the contracted cloud service, benefiting from the availability of the cloud while storing sensitive data locally.

  • Manage Credentials in the Environment

It is essential to have an IT professional capable of managing credentials and monitoring access to sensitive data, both in the on-premises data center and in the cloud. After all, having full control of the environment is what guarantees security in these two contexts. 

  • Invest in Encryption

When hiring a cloud service provider, make sure encryption is included, with verification protocols, coding rules, and algorithm strength.

You can also leverage cloud security with an extra layer of encryption and techniques associated with multifactor authentication (MFA). 

Some cloud providers provide encryption services, as well as traditional and third-party cloud software companies. 

  • Identify Sensitive Data and Understand How It Is Being Accessed

It is only possible to maintain the security of sensitive data in the cloud by identifying it and understanding how it is accessed. Therefore, it is of paramount importance to assess the protection of applications and folders in cloud environments, classifying data and understanding the context of user access to avoid risks.

So, invest in user behavior analysis (UBA) to monitor abnormalities and reduce data loss.

  • Understand What the Shared Responsibility Model Is

In a private data center, all security issues are the responsibility of the company. But when it comes to a public cloud, the responsibility is shared between the customer and the provider. However, according to Gartner, 99% of data leaks occurring in cloud environments are the responsibility of the customer.

So, each party must understand its role in this context, avoiding communication failures that put security at risk. 

  • Train Your Employees

The protection of cloud environments depends both on the tools used by IT professionals and on the awareness of all company employees about security practices.

After all, most of the vulnerabilities of IT solutions are associated with human actions, such as failures and misuse, and, in the case of cloud services, it is no different. 

Therefore, create a security culture and rely on IT professionals to disseminate it, with clear guidelines on who can access cloud environments, how this can be done, and what data to store. 

In addition to training the team as a whole, it is essential to invest in the constant training of the IT team. This is because new threats appear every day, and it is necessary to anticipate them.

  • Invest in IDPS

Intrusion detection and prevention systems (IDPS) are among the security features in today’s most efficient cloud environments. Its role is to monitor, analyze, and respond to network traffic in both on-premises and public cloud environments. 

If they encounter risks associated with signatures and protocols, these solutions alert about the abnormalities and promote the blocking of these threats, providing time for administrators to solve the problem. 

These features are important for real-time alerts and 24-hour monitoring. Without them, evaluating network traffic for signals that indicate a sophisticated attack may become unfeasible. 

  • Monitor The Use of Unauthorized Applications

The use of unauthorized applications to access the organization’s systems, a practice known as Shadow IT, also poses a risk to security in cloud environments. 

Moreover, remote work and the use of smartphones favor this type of interaction, which should be monitored by the IT department. 

  • Ensure the Security of Your Endpoints

With the use of cloud services, it is necessary to strengthen endpoint security. Therefore, analyze your strategies and ensure the protections used deal with current threats. 

Your endpoint defense plan should include: intrusion detection, firewalls, antimalware, and access control. But keep in mind that the use of automation features such as endpoint detection and response (EDR) tools and endpoint protection (EPP) platforms can be very helpful.

These solutions bring together continuous monitoring and automated response with traditional features, meeting security criteria such as internal threat prevention, endpoint encryption,  patch management, and VPNs

  • Count on Efficient and Reliable Providers

It is much easier to ensure the security of cloud services when you have efficient and reliable cloud providers. 

Therefore, research the reliability of these services and invest in a company that provides support to prevent crises and is able to act immediately when they occur. 

That’s because these systems are not immune to failure. However, with planning and adjustments, it is possible to have security in cloud services. 

  • Be Up-to-Date with Compliance Criteria

Companies that have access to their customers’ personal information, such as health organizations, need to comply with strict privacy and data security policies, including the LGPD.

Depending on your location or where this data is stored, additional criteria may be added. 

So, organizations must review their compliance criteria and hire a service provider capable of meeting their demands in this regard. 

  • Count on External Help

Nowadays, many companies offer services that have the function of enhancing security in the cloud. Therefore, if the internal security team has no expertise in this matter or if security features are not suitable for cloud environments, you should consider relying on the support of an external team. 

  • Run Penetration Testing and Audits 

Do you want to know if the procedures your company has are enough to protect its data in cloud environments? So, run penetration tests, regardless of whether you rely on the support of an external cybersecurity company or an internal team. 

Another essential measure is security audits, which allow analyzing the performance and resources of cloud service providers to know if security procedures are being followed. 

  • Enable Security Logs 

Enable security logs for your cloud services. This has helped system administrators track who makes changes to cloud environments, which is virtually unfeasible to do manually. 

If a malicious agent is able to access and make changes, the logs will show their actions so that they are corrected and avoided in the future. 

This record also allows the detection of users who have more access than necessary to perform their activities, favoring the adoption of the principle of least privilege. 

  • Learn the History of Cloud Environments

In the 1960s, computer scientist John McCarthy, known for creating the expression “Artificial Intelligence,” stated that it would be more useful to use computing in two ways: through time-sharing and utility computing.

Time-sharing refers to the sharing of a computer, with more than one person using it, in order to reduce costs and expand tasks. Utility Computing is characterized by the payment of the internet that was used, similarly to the charges for electricity.

In 1962, Joseph Carl Robnett Licklider created the Arpanet network, which enabled global data sharing, originating cloud computing.

Currently, the cloud is part of the routine of individuals and legal entities, as it makes it possible to edit files, watch online series, store documents, send emails, among other capabilities.

But there are different types of cloud, such as public, private, and hybrid, covered in this article.

  • About senhasegura

senhasegura guarantees the digital sovereignty of organizations. This is because it acts by avoiding traceability of actions and loss of information on devices, networks, servers, databases, and cloud environments.

Our services are also useful to bring our customers into compliance with audit criteria and strict standards such as PCI DSS, Sarbanes-Oxley, ISO 27001, and HIPAA.

  • Conclusion

By reading this article, you saw that:

  • Cloud environments are virtual spaces where files are shared between people who are physically distant through a server that enables the communication between data centers and devices.
  • There are different types of clouds, such as private, public, and hybrid clouds.
  • Cloud environments also refer to service models: Infrastructure as a Service (IaaS), Platform as a Service (PaaS), Software as a Service (SaaS).
  • Cloud solutions ensure several advantages for businesses, such as reducing file losses, more security and lower costs with IT teams, as well as scalability for the business.
  • Users of cloud environments need adequate support to ensure the security of data stored in the cloud, which increases more and more with remote work.
  • Working with cloud solutions ensures more dynamism for operations, but it is essential that IT departments have visibility of the activities performed in this environment to ensure security.
  • When a company uses a public cloud, the security responsibility is shared between the organization and the provider, so each one must understand their role to ensure data protection. 
  • It is essential to train employees to access cloud environments without creating risks for organizations.
  • Similarly, IT teams must undergo frequent training to anticipate new threats that constantly arise.
  • It will often be necessary to rely on the external help of trusted vendors and conduct audits that enable an analysis to know if cloud service providers are performing the necessary security procedures.
  • We also covered the history of the cloud, which began in the 1960s.

If our article on cloud environments was helpful to you, share it with others who might be interested in the subject. 

ALSO READ IN SENHASEGURA’S BLOG

What Are the Main Cybersecurity Vulnerabilities in Industry 4.0

SSH Keys: Learn More About the Importance of Secure Control

Invest in Disaster Recovery Strategies and Avoid Damages to Your Company

About Version 2 Limited
Version 2 Digital is one of the most dynamic IT companies in Asia. The company distributes a wide range of IT products across various areas including cyber security, cloud, data protection, end points, infrastructures, system monitoring, storage, networking, business productivity and communication products.

Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, different vertical industries, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

About Segura®
Segura® strive to ensure the sovereignty of companies over actions and privileged information. To this end, we work against data theft through traceability of administrator actions on networks, servers, databases and a multitude of devices. In addition, we pursue compliance with auditing requirements and the most demanding standards, including PCI DSS, Sarbanes-Oxley, ISO 27001 and HIPAA.