Skip to Content

Blog

Cloudstar & Qualia Partner to Benefit Title Agents

The future of title production systems will be rooted firmly in the cloud.

Qualia’s best-in-class web-based software provides title agents with a feature packed, ultra secure title production system available from your web-browser.  When paired with Cloudstar’s top-of-the-line hardware solutions, and support, and defensive technologies, these two independent companies provided the 360 degree approach today’s agents need.  How can Cloudstar help you prepare for the future?

 

 

0 Continue Reading →

Behind The Data Center – Understanding Fiber Optics

We’re growing around here, and just like when any company grows, more space is needed. Unfortunately, sometimes that space isn’t exactly where you want it. Unlike other companies that just need office space, we need additional space to house our ever growing server farm.

Our servers are neatly organized into server cabinets, sometimes called “racks”. The picture below shows a monitor being connected to one of server cabinets at the Cloudstar data center in New Jersey. The Cabinets sit on top of a “raised floor” from which air conditioned air flows up, keeping the server equipment cool.  Entry to the server room is restricted to only those individuals who have a access badge, in combination with the correct finger print.  All access is logged, recorded, and archived along with video footage.  This works great when all of the cabinets are in a straight line, but what when they’re not?  What happens when you need to connect cabinets over long distances?  Enter fiber optics.

 

Under our Jacksonville, Florida data center expansion project, our server cabinets are located on the second floor data center; however we just purchased additional cabinets on the first floor. Let’s think again, how should we connect everything together?

Well, we could use common Ethernet cable, such as this:

That’s the same cable you probably use with your home router, or at the office to connect your computer to the network.  While Ethernet cable is an okay solution, it has several flaws. First, it’s made of copper wire which is subject to interference from the other technology we use every day. This includes interference from other wires, radio waves, electricity and other network wiring. This type of interference is called “cross talk” and any kind of interference isn’t a good thing. Second, while not to important in our application, there are distance limitations. Simply put, electrical signals weaken over the length of a long run of copper wire (officially known as attenuation).  The better way is to use fiber optic cable.

Fiber optic cable not only benefits us here in the data center world, but it can also benefit YOU, at home, at your office, or in your server room. The problem is, most business owners, don’t know much about fiber optic cable. Here are some basic, beginner level, tips for working with fiber, and selecting the right type of fiber for your particular application.

First off, fiber optic cable is fragile.  Be careful not to cause any sharp bends or the core can break leaving you sad and without a connection. Now that we know not to break our fiber, lets learn more about choosing the correct type for our needs.

SINGLE MODE VS MULTI MODE FIBER

Single Mode Fiber is typically used for long distance runs. It is most commonly used by Internet Service Providers and Telephone Companies because of its ability to span long distances. The equipment needed to work with single mode fiber is typically more expensive. This is because the center core of the fiber optic cable is small, and requires more light. In turn, a brighter, more powerful light source is required to use the cable.

Multi-Mode Fiber is commonly used for inter-office deployments and performs better in short distances. It has a larger inner core and can be lit by cheaper, less complex equipment than single mode fiber.

So enough theory, how do we use this stuff? How can we correctly identify the different types of fiber, and how do we connect it?

Single Mode Fiber looks like the picture below, it’s yellow.  This is a small piece of single mode fiber that I accidentally ordered which was convenient for the purpose of writing this article.

You’ll note the two white caps at the end of the blue connector. Those are removed before use and exist to keep dirt and dust away from the optical connector. Here at Cloudstar, we use Single Mode fiber for two purposes. First, our various Internet Service Providers deliver Internet Connectivity to us via Single Mode Fiber.  Single Mode Fiber Optic cable is provides excellent signal quality so connectivity into our data centers is the best it can be.  Additionally, we use Single Mode Fiber to connect the server cabinets from the second floor data center to the first floor data center (which incidentally, is what inspired me to write this article).

Here you can see the Single Mode Fiber existing the cable guard and entering the cabinet.  This particular cabinet is new, and currently has no equipment yet.

The next question we need to answer is “how does that fiber optic cable connect into the network”? Most of us understand how our typical copper Cat 5 Ethernet cables connect…. they simply “plug in” to a router or switch.  For that to happen with fiber, we need a interface.  That interface is called an SFP or (Small Form Factor Plug-gable Transceiver).  Of course, they make two types of SFPs, one for Single Mode Fiber, and one for Multi-Mode Fiber.  They look identical.  Below is a picture of a Multi-Mode Fiber SFP. Notice how the fiber optic cable plugs into the SFP.

MULTI-MODE FIBER

Next up is Muli-Mode Fiber.  This is actually a great tool to have for both us in the Cloudstar Data Centers, and for you as well.  At Cloudstar, we run “two of everything” for redundancy. In the following example, we will show how we can connect two network switches together for redundancy, and do so using Multi-Mode Fiber.

First, we can identify Multi-Mode Fiber by its orange color as we see below.

Again, you’ll notice the two white caps at the end of each connector.  Next we will connect each end to an SFP by removing the white caps, and inserting the end of the fiber into the SFP until it clicks.  Below, you’ll see the Multi-Mode Fiber with the SFPs on each end.

And finally, we insert the Multi-Mode Fiber into a switch that supports both Ethernet and SFP connections thus connecting both switches.

ADVANCED TIP: For additional redundancy, we will later add TWO fiber cross connects, and aggregate the links from within the control panel of this switch.  In this particular setup (2nd link not shown), we have two redundant switches, with redundant link aggregated multi-mode fiber links.  This is a great way of adding redundancy to your server room as well.

In summary, there are many real world applications where fiber connectivity can be very useful. Knowing which fiber type to use, which SFP, and which model switching hardware, is necessary to a successful deployment.  In many cases, a single run of fiber, with a switch on each end, can save you from having to pull hundreds of copper runs across a building or campus. When stacking switches, fiber up-links are by far superior than copper.

Or course, this is just the beginning.  At Cloudstar, we also use fiber (blue multi-mode fiber cable) for connecting storage devices to servers, and utilize all fiber switches such as Brocade switches, to deploy 100% fiber only environments.

The example shown above is an all fiber optic switch, and will out perform any of its copper friends.

In closing, I realize that this can be an advanced topic; however, it’s not one that’s typically talked about. The goal here was to keep things as simple as possible while highlighting some of the basics. If nothing else, I’ll leave you with this:

  1. Fiber optic cable will deliver you the fastest, cleanest connections.
  2. Fiber is more reliable than copper
  3. Fiber is more future proof than copper
  4. Fiber doesn’t need to be expensive; it can save you money
  5. A basic understanding is required for a successful deployment

 

 

 

 

 

0 Continue Reading →

An Open Letter to Title Agents

As I was driving into the office yesterday, I pulled into the local gas station to fill up and grab a coffee. Sure it’s “gas station coffee” but when you’re in a hurry, you take whatever you can get. As society transitions from cash to credit cards, it makes you wonder just how little cash a gas station has on hand. As I opened the door, fumbling to hold the hot coffee in one hand while putting away the credit card with the other, I could hear the sound of a low rumbling diesel. Upon looking up from my caffeinated goodness, I couldn’t help but notice this beastly dual axle armored truck which had just stormed into the parking lot. With it, there were two armed men wearing bullet proof vests; one sitting behind the wheel keeping a watchful eye while the other went inside, gun in holster, to retrieve the gas station’s money. I wondered to myself as I drove away, just how much money justifies sending in a team of armed men? It turns out, some gas stations have less than $10,000.00 in cash per pickup. $10,000.00 in cash for all that security. Wow.

Somewhere, at that very same time, Stacy and her family just moved into town and are in the process of purchasing a new home. She can’t wait to close because she’s staying at her in-law’s house with her husband and 2 children- to say it’s cramped is an understatement! By all accounts they’re an American success story. Stacey is a nurse, and her husband David is a dentist. Their two children are in the 3rd and 5th grades and look forward to playing soccer in the spacious back yard of a new suburban home. Having received the proceeds from the sale of their prior home, and with pre-approval letter in hand, they just made an offer on the home of their dreams. Everything is going perfect for them. Little do they know, something is about to go horribly wrong.

Luckily, their lender has taken all of the necessary steps to protect their non-public personal information. After all, they have to. With so much on the line, so much to lose, and the CFPB breathing down their neck, their lender is a model for data security and best practices and their staff are well trained. The lender has all the correct policies and procedures, the latest encryption software, encrypted email, and the best money can buy in the areas of IT, firewalls, and security.

Their title company is also top notch. They’ve taken the Best Practices very seriously. Sure they don’t have the big lender budget, but they’ve trained their staff to be very security conscious. They encrypt their email, lock their computers when not in use, employ a clean desk policy, passed several underwriter and third party audits and received a fancy attestation certificate. All-in-all the title company and the lender all work very hard to protect the consumer’s privacy, identity, and non-public personal information. They also know to be VERY careful about phishing scams, wire fraud, and social engineering.

Stacey and David have been receiving multiple encrypted emails with regards to the transaction. These emails contain status updates, an occasional request for information, and wiring information. But not to worry, both the lender, title company, and surprisingly the real estate agent, are all following proper cyber security procedures. It is important to note that the chain of security up until this point is very strong. Unfortunately, the title company sent an email, off into the unknown- the buyer’s computer. The title company had NO knowledge of the state or condition of the buyers computer. In this case, the buyers computer was running Windows 2000. It was 12 years old. It had no anti-virus software, and it had roughly 82 active viruses and malware on it. It was also actively being monitored by what we will call “bad guys” or, more accurately, cyber-criminals.

The lender, real estate agent, and the title company had no way of knowing, controlling, or otherwise affecting or improving the level of security on the buyer’s computer, yet they all chose to email (even through secure email) the buyer. Once this happened the chain of security was broken. What happened after was very sad for Stacy and David. The “bad guys”, having all of the necessary information concerning the transaction, were very easily able to trick Stacey and David into wiring the money to another account by calling them from a telephone number made to appear as if it originated from the Title Company.

Stacey and David lost all of their money and their dream of purchasing the new home. The money was never recovered, and to this day the family is forced to remain living with their in-laws.

What can we learn from this?

a) The chain of security is only as strong as its weakest link. The buyers computer was the weakest link.

b) Banks, Lenders, and Title Companies are regulated and must have security in place. John and Jane Doe’s home computers are subject to no such regulation.

c) Why would a Title Company ever even think of sending something that exists within their controlled, audited, and protected environment, out to a buyer’s computer when they have absolutely no knowledge that the buyer has any form of security? *

*and guess who the buyer will blame when the money is stolen?

What is the answer?

Computers are tools, and there are times when they shouldn’t be used. If it can ruin someone’s life, if it can bankrupt someone, it shouldn’t used. Be a leader, don’t just educate your buyers, people may not remember. WRITE DOWN wiring instructions on a card and physically hand it to them – then follow up. There’s a saying “somethings are better left unspoken”. There’s another saying “somethings are better left off a computer”. It’s your company, it’s your reputation, it’s your liability, and it’s your decision.

Finally, I’d like to close with this one question. If a gas station feels it necessary to send an armored truck, with bullet proof glass, and two gun toting men, for what usually amounts to a small amount of cash, why would anyone send wiring instructions to a random buyers computer with the push of a button?

Isn’t it time that we re-think how we ask our customers to transfer what is almost always their life savings?

0 Continue Reading →

The Title Agents’ Cyber Security Reality Check

Coming to terms with our new reality.

As the owner of multiple companies that store, process, and host critical data for regulated industries, there isn’t a day that goes by that I’m not asked about cyber security. I’m asked “What are you doing to address today’s emerging threats?” “How are protecting your customer’s data?”, is another frequent question. There is no doubt cyber security is a concern that must be taken seriously.

The most recent cyber security headline is the data breach over at Equifax, one of the nation’s “Big Three” credit reporting agencies. The breach is so severe, it has impacted nearly a third of all American’s by exposing their credit card data, social security numbers, addresses, and other information that places almost anyone using a credit card at direct risk of identity theft. The Federal Trade Commission writes more here.

Equifax is in good company because they are not the only ones to have consumer data stolen from them. In July 2014, JP Morgan Chase, the largest bank in the United States was the victim of a hack that compromised the data of more than half of U.S households. The data included names, addresses, contact information and user ID’s and passwords according to information filed with the Securities and Exchange Commission.

Anthem Health, the nation’s second largest health insurer suffered a data breach in February 2015 wherein the hack exposed the names, addresses, Social Security numbers, dates of birth and employment histories of over 78.8 million current and former customers.

Of course, the list goes on and on. Target, Home Depot, the U.S Office of Personnel Management, Yahoo, and eBay to name a few more.

REALITY CHECK

Now let’s be honest with ourselves, these are BIG brands with BIG budgets and TOP talent. Can you spend your way to safety and security? No. Can you ever be 100% secure? No. So what can you do? You can set your expectations in alignment with reality.

ASKING FOR THE BLUEPRINTS WHEN CONDUCTING DUE DILLIGENCE

Let’s take a step back to the beginning of this article. I am the owner of multiple technology companies that store, process, and host valuable data for regulated industries. At times I’m requested to provide some very interesting things. “I need a copy of your firewall rules, your network diagrams, your internal infrastructure layout, and your internal procedures.” I’m being requested, in short, to provide a written manual that could be used to usurp my security. My answer to this is a resounding NO.

Let’s put it another way. What would happen if you walked into your bank and demanded from the branch manager, “I need to see the diagrams of your bank vault. I need to know what it’s made of. I want to see the plans to your air conditioning ducts, and I need to know the name of your alarm company.” They would probably think that you’re planning to rob the bank. Oh, and a bank would NEVER provide you with any of that information; ever.

To summarize, as someone who is in the business of security networks, don’t ask me for diagrams of my network, and paperwork as to it’s inner workings…it won’t happen.

MANAGING PAPER VS MANAGING RISK

Another place good decision making can go off the rails is an over obsession with paperwork. Paperwork does not keep you secure. All it does is create jobs for the paperwork people, and then makes another set of paperwork people go away when you “show them the paperwork”.

You best believe that companies such as JP Morgan Chase, Equifax and all of the other high profile companies had every SOC1, SOC2, SSAE, ISO27001 and PCI-DSS audit and attestation paper.

Ask yourself, what good did it do them? Exactly.

MANAGING RISK WHEN CHOOSING VENDORS

When was the last time you opened a credit card and demanded that the credit card company complete a “vendor survey” before opening the account? Did you check that the credit card company reports only to credit bureaus that cannot be hacked? Of course not, because there was no way to know. Your decision was made based on the knowledge that you were dealing with a known, reputable company and that is how you should continue to make decisions.

KNOWLEDGE IS POWER

Data breaches are only the tip of the iceberg. There’s wire fraud, malware, viruses, phishing, and more. Yet, it seems that the large majority of title agents really don’t know what they don’t know. Why?

Benjamin Franklin said “Tell me and I forget, teach me and I may remember, involve me and I learn.”

Just how much involvement is there in educating the land title community? Underwriters take an agency representative whose job is supposed to be understanding title insurance, declares them a cyber security expert, then sends them out into the field to teach with some hot tips. Land title associations hold the same boring seminars droning on about wire fraud horror stories and then pepper in some lectures about clean desk policy. Zzzzzzzzz.

Where’s the teach and involve? If I show you how to use Russian software to write a phishing email, maybe you’ll learn something.

COMING TO TERMS

Our reality is here to stay. Understanding how to work within our reality is what makes us successful. Wishing our reality was not so, is ignorance. The golden takeaway is that there is no true security, only varying degrees of risk. Education and conversation is the best way to truly understand the risk landscape we face while preparing ourselves to be ever vigilant.

JOIN THE DISCUSSION

Would you like to add to the conversation? Click the image below to like our article on Linked-In or join the discussion.

0 Continue Reading →

Is Your Disaster Recovery Plan Leaving You Stranded?

We hear about them all the time, Disaster Recovery plans. We’re told we need them, those with whom we conduct business may ask to review them. Certain regulatory compliance frameworks require them, as do best practice guidelines.

Some companies throw together some quick guidelines as to “what they will do” in the event of a disaster, while others toil for hours trying to get every detail and contingency correct. Many even contract with outside consultants to obtain the perfect plan realizing the future of their business may depend on it.

If you’re like most, you may not have actually thought too much as to the impact of the word, “DISASTER”. You may think a disaster to you would mean a minor inconvenience, a momentary power outage, a snow storm, or a localized flood. In some cases, they those situations would in fact call for the implementation of your disaster recovery plan, or your business continuity plan, so as to keep the wheels of your company spinning and avoid disruption.

What about the real disasters that have been taking place throughout the country? The one’s that are more than a minor inconvenience. The ones that could potentially wipe out your company, or cause your vendors or customers to take a second guess as to your preparedness after the dust settles?

  • 976 tornados in the US in the year 2016
  • Hurricane Matthew, 49 fatalities, 2016
  • Louisiana Flooding, 13 fatalities, 2016
  • West Virginia Flooding, 23 fatalities, 2016
  • Mid-Atlantic, Northeast Blizzard 55 fatalities, 2016

The list goes on. California wildfires, mudslides, storms, etc.

Many will think, if disasters of this magnitude strike, I’ll be more worried about myself and my family than anything else. Local and regional business will stop all together. That may be correct. You’d also be correct if you’re thinking that the odds are in your favor that you will not have power, and that cellular phone service will either be interupted, degraded, or eventually cease once the generators that power the cell sites stop working.

At some point you will need to activate your companies Disaster Recovery Plan – or – Business Continuity Plan. You may even want to contact a family member, son, daughter, elderly parent, emergency worker, or out of state relative.

What good is all of this planning, if you cannot activate your plan? There you are, the chips are down. Perhaps flooding, fire, no heat, it’s dark, no phone service, and there’s no way to activate that plan you spent countless hours and dollars working on, and you cannot even contact your family. What’s the one thing you wish you had most, other than 3 wishes and a genie in a bottle? A satellite phone.

Satellite phones, are able make and receive phone calls to any other phone. They can also send and receive text messages. You have the ability to call land lines, cell phones, and other satellite phones. You’ll have peace of mind that loved ones are okay and can contact key managers within your organization shortly after the disaster to plan your next steps, provide help, and assess the state of your business.

This is why key first respondents, FEMA, the national guard, and some military assets utilize satellite phones during disasters and national emergencies. The good news is, you can too, and should.

At our company, all key managers, have a satellite phone. The phone is just slightly larger than a cell phone and has global coverage meaning it will work anywhere from the top of the North Pole, to the bottom of the South Pole. The phone is outfitted in a carrying case with an extra battery and a small solar charging panel as well. Because we have offices throughout the country, should we experience a regionalized disaster, we can communicate back to an office outside of the affected area, and coordinate a response.

Not all satellite phones are created equal. A good setup will make cell phone quality calls, and will have “always on” availability. While some service plans require expensive long term contact, others allow for month-to-month contracts with pricing less than a typical cell phone. With that in mind, the solution is an extremely cost conscious insurance policy against what could happen during a serious emergency.

If your organization would like to know more about emergency satellite communications, or would like to purchase a satellite phone and calling plan, please contact us at [email protected]

 

0 Continue Reading →

Obama & Trump Agree – Cloud First

The date was May 11th 2017, and Deputy Press Secretary Sarah Huckabee took to the podium in the White House briefing room to address a gallery stacked with members of the press. Before she started in earnest, she introduced Homeland Security Adviser Tom Bossert to explain President Trump’s new executive order on Cyber-Security.

Before we get into partisan politics it might be useful to quickly review just how ubiquitous financially cyber-crime has actually become. Nichole Hong from the Wall Street Journal reported that the street gang the Crips is engaging in check fraud as found in a 32 page indictment. Meanwhile, famous rapper “Willie D” from the Geto Boys was recently sentenced to 366 days in Federal prison for wire fraud. No matter where you turn, from white collar criminals, to street gangs, to famous recording artists, everyone is getting in on the cyber-crime action.

With regards to President Trump’s executive order, Homeland Security Adviser Bossert addressed the audience explaining the details of America’s latest attempt to fight cyber-crime stating “Our first priority is to protect federal networks”. “We have to move to the cloud and protect ourselves” added Bossert explaining that shared services and centralization of IT assets offer the best level of managed IT security.

Of course, being that I watched this presser on YouTube, there were numerous partisan comments left by those that disagree with Mr. Trump’s policies. “The Cloud isn’t secure” exclaimed one social media commentator. And, of course, what followed were more politically charged comments, slurs, name calling, and other things that you’d expect to see on the wall of a public restroom.

But what if we finally had an issue where President Trump, and President Obama where in full agreement?

What if the Cloud First approach was initiated by President Obama? Well, it was actually….under the Obama Administration’s 25 point plan to reform information technology. This plan mandated that each federal agency CIO identify and move at least 3 services to the cloud. On December 9th 2010, then Federal CIO Vivek Kundra spoke about cloud first policy portion of the plan noting it is an important aspect of government reform and citing its ability to cut costs by 50%.

Marjorie Censer from The Washington Times reported on December 5th 2005:

“The Obama administration has said that cloud computing will allow more people to share a common infrastructure, cutting technology and support costs.”

Bringing us back to 2017, it appears that now President Donald Trump’s executive order is a reiteration of previous policy in addition to calling for additional strengthening of Federal systems and networks; something we can all rally behind.

What can we learn from this?

Both President’s Obama and Trump are obviously very different people, yet they’re both for a Cloud First policy. The reasons are:

  • Centralized Security
  • Ease of Management
  • Standardization, and Adherence to a Unified Framework
  • Cost Reduction
  • Modernizing Our Nation’s Technology

With this all said, I think we should all take a long hard look at how we think about our own technology. If two Presidents, from two drastically different ideologies can agree on one thing, in a polarized nation… fighting… torn…. and divided against itself, then perhaps the Cloud can be the one thing that unifies us all and brings us together in healing.

Nah – that sounds absolutely ridiculous. I’m not sure even the Cloud can do that. As far as the U.S Government is concerned, it is now a mandate. It may soon be a mandate in your world as well. If not, it might be a good time to consider making the move if you haven’t already.

0 Continue Reading →

Doing This Will Help Stop Fraud

Aoccdrnig to a rscheearch at Cmabrigde Uinervtisy, it deosn’t mttaer in waht oredr the ltteers in a wrod are, the olny iprmoetnt tihng is taht the frist and lsat ltteer be at the rghit pclae. The rset can be a toatl mses and you can sitll raed it wouthit porbelm. Tihs is bcuseae the huamn mnid deos not raed ervey lteter by istlef, but the wrod as a wlohe.

I’m sure we’ve all seen the above example before. The idea is very simple. As we all go about our day, our eyes glance over the text before us and we see what we want to see. Cyber Criminals and would be wire transfer thieves know this as well. As you’ll soon learn, they take advantage of this all too often.

One of the most common tricks that criminals use is to purchase a domain name very similar to yours, but with a letter or two changed. Then, they can start emailing your customers, employees, or contacts back and forth without always being noticed. Here’s one of the most common examples:

[email protected] does business using the ABCtitle.com domain. Meanwhile the wire transfer thief purchased the domain name ABCtit1e.com for $9.99 and he is off and running. The difference? Rather than spelling the word title with the letter “L”, the thief replaces the letter “L” with the number “1” (one). The word title also contains the letter “I” in title. The letter “I” also is easily substituted with the number 1. Depending on your domain name, there are many opportunities for deception.

Here is an example substituting the letter “L” with the number “One”. Look closely: 1l1l1l1l1l

Do you think that your customers could spot the difference? Remember what the opening paragraph of this article says.

HOW CAN YOU PROTECT YOURSELF?

Stay ahead of the criminals. If your domain is ABCtitle.com, invest the $9.99 and purchase ABCt1tle.com and ABCtit1e.com. If YOU own them, the thieves cannot purchase them. Maybe your name is SuperMegaOneTitle? Then you’ll want to purchase SuperMega0NeTitle.com, replacing the letter “O” with a “zero”. As you can imagine, there are many ways criminals purchase bogus domain names. Adding additional letters is another one, such as: ABCtittle.com. In this example, there is an extra letter “t” in title.

In closing, it’s not always possible to stop all fraud, or purchase every imaginable combination of your domain. BUT, with a little forethought and creativity, you can take the first step. You can make it harder for the bad guys to impersonal your business.

ONE LAST THING.

On a personal level, we have seen these tricks used in action many times. As a service provider, we have criminals email us quite often pretending to be our customers using the very tricks mentioned above. It is worth noting that it’s not just the bad guy trying to pose as you in order to write your customers. Criminals often pretend to be other industry vendors, partners, or employees, in an attempt to send viruses, malware or to obtain sensitive information.

Stay safe.

0 Continue Reading →