Cloud Security – A Shared Responsibility

While cloud computing is now a common way to provision computing resources and outsource IT functions, security can be a (perceived) obstacle to adoption. Cloud security can be a shared responsibility, however, between the customer and provider. Read on to learn more about what to expect from a current or prospective provider, and what you can do yourself to stay secure.

 

 Cloud Security and Why it Matters

 

Cloud computing, although providing multiple benefits, also presents security concerns. With compute resources available through the Internet, the greater amount of data moving between networks and devices, data which can be lost or stolen. Cloud security is a combination of technology, processes and policies that can keep your applications and data safe, reliable and available. Who ensures this, your company or the provider?

 

Cloud Security a Shared Responsibility

 

The answer is, both. In general, the provider provides and maintains the infrastructure, and the company looks after the data and applications “in” the cloud. How much responsibility either party assumes depends on the type of platform used. For instance, for Infrastructure as a Service (IaaS), the provider furnishes just that – infrastructure–and your company needs to manage the security of its own data and applications.  Other platforms like PaaS and SaaS provide more oversight. Sometimes the CSP will also offer data storage and monitoring. Top providers may even offer security-by-design or layered security as well as network monitoring and identity access management. 

 

Your Company’s Role

 

In general, a provider that handles more of the functions also protects more. Beginning with Infrastructure as a Service (IaaS), you secure data, applications, and control over your virtual network. With Platform as a Service (PaaS) you still handle data and applications and user access. Software as a Service (SaaS) allows you to outsource applications while still maintaining oversight of user access. Your company may need to employ multi-factor authentication for access control and train workers in password procedures. 

 

Considerations When Seeking a Provider

 

When evaluating a cloud service provider, security is critical. Does your current or prospective provider offer network monitoring? One of the concerns about cloud is lack of visibility regarding who attempts to access your network; how does the provider address this? With more scrutiny of data handling and more stringent regulations, assuring that your provider follows the same regulations you do is vital. 

 

Cloud computing, even with its benefits, carries security risks. To learn more about developing your cloud security strategy, contact your trusted technology advisor today.

How Will Your Business Use Artificial Intelligence?

Artificial Intelligence seems to be the hot topic nowadays, in the business world and the world at large. Many of us use the technology, whether we know it or not. Visitors to a website see that chat window pop up, and it seems like a real person is on the other end. Because of AI, it is often a chatbot simulating personal interaction. With the rollout of Generative AI in the form of ChatGPT, previously unknown possibilities have arisen. Artificial Intelligence has the potential to boost business productivity but also carries risk. Read on to learn more about how to harness this technology for the benefit of your business while considering risks of its use.

 

ChatGPT Has Started a New Conversation

 

Recently, CompTIA published a blog post about how generative IT has created great potential to enhance everything we do, but also brings up serious questions. The article cites questions for business leaders to ask. One is, can you harness AI to improve your operations and offerings, and should you? What benefits does AI offer, and what risks? And what do customers want? As with all tech innovations, considering business goals first is key, and how the technology can be implemented to achieve these goals. One theme that stands out from the article: proceed, but with caution.

 

Benefits Come with Considerations

 

Some members of the CompTIA board of directors cite specific ways they’ve benefited from AI technology. For example, one is able to upload documents like contracts and let AI find any red flags ahead of time, reducing legal costs. Or an email scheduling app can remind a user of upcoming appointments, almost in the same way a human would. Perhaps AI could be used on a video call to summarize main points and come up with directions for what to do next. With AI, especially applications like ChatGPT, come different considerations.

 

Potential Risks of Generative AI 

 

According to Scott Barlow, one of the authors, “previous technologies helped organizations to grow faster and scale. AI will take that to the next level and enable everyone to be more productive.” He goes on to say that it comes with more risks than other applications. Errors, or “hallucinations” can happen, where the accuracy of the model deteriorates. One model’s ability to respond correctly to math questions dropped from 93% to 30%, according to Barlow. Aside from this, data may be biased, leading the algorithm to generate content that may unfairly exclude others. And how transparent is the model’s process of generating the result? Explainability is another issue–how did the large language model (LLM) used find the result it did. 

 

One of the big risks is security. For starters, even though AI has potential to spot threats, it could also enable even an amateur hacker to write malware into code and distribute it via a sophisticated phishing email, or simply find other ways to intrude into your company’s network. Companies will need to consider access controls, such as which LLMs they allow their workers to use. Additionally, this use needs to be protected by a firewall and must not access an organization’s intellectual property. Protecting customers’ personally identifiable information is also paramount. Artificial intelligence also has the potential to value efficiency over interacting with people, another thing to think about preventing. While people enjoy using AI in the form of ChatGPT and what it generates, they still need to interact with a human. Or they need to be given that choice. 

 

While AI’s capabilities and potential are exciting, we still need to proceed carefully and watch out for risks. For further guidance, contact your trusted technology advisor today. 

The Promises and Challenges of Generative Artificial Intelligence

Artificial Intelligence (AI) has been used in some form for several years. Typical applications of AI include advanced-analytics and machine learning algorithms used to perform numerical and optimization tasks like predictive modeling. Generative AI, in contrast, has matured quickly due to enormous financial investment. According to a recent article by McKinsey and Company, generative AI has the potential to change how people create and the very anatomy of work. Read on to learn more about the potential and challenges of this new form of artificial intelligence. 

 

The Potential of Generative Artificial Intelligence

What Generative AI is and Why it Matters

 

In the article, generative artificial intelligence is defined as AI that is typically built using foundation models and having capabilities that earlier artificial intelligence lacked. Generative AI can generate content, which earlier AI couldn’t do. A foundational model is based on deep learning, akin to the neural layers in the human brain. The foundational model uses (is trained) on vast amounts of unstructured and unlabeled data to perform tasks immediately, or that data can be refined to accomplish specific tasks. Generative AI has the potential to add value and increase revenue in businesses across all sectors; when applied across industries, the use cases for generative AI could deliver a total value of $2.6 to $4.4 trillion of economic benefits per year. 

 

Generative AI could change the anatomy of work altogether, eliminating certain mundane tasks that take up a good part of each workday. It was forecast that AI might automate 50% of tasks between 2035 and 2070; the estimate has since been adjusted to nearly a decade earlier than that. Call centers, sales, banking and other industries have the potential to use generative AI in imaginative ways to improve processes, cut costs and increase revenue. 

 

Use Cases for Generative AI in Various industries

 

Generative AI, with its power to speed processes and generate  content, will play a vital role in the knowledge economy–academia, banking, finance–as well as in business departments like marketing and sales. 

 

Some examples:

 

  • Sales and Marketing: gathering data for marketing campaigns, crafting personalized emails according to market segments and demographics; and generating sales leads. Improvement in SEO can help increase conversions and lower cost through optimization for “page titles, image tags and URLs” along with supporting specialists in creating content and distributing it to customers. 

 

  • Customer Service: Faster access to customer information; the ability to resolve customer service requests on first contact; ability to help more customers during the workday. The economic value could cover 30 to 45% of current function costs.

 

  • Software development: writing code, creating numerous architecture designs, and processing data. 

 

With Possibilities Come Risks

 

The uses of generative AI may only be limited to the imagination of the users. With this potential comes possible risks that businesses and society need to grapple with. Do generative AI models come up with accurate information, free of bias? What about explainability–is it clear how the model provides its results? There is also the risk of bad actors manipulating the tool to produce more frequent and more sophisticated attacks, even producing fake audio and video content (“deep fakes”). Other concerns have to do with the security and privacy of data, including that which identifies individuals. What challenges will actually emerge, remain to be seen.

 

While generative AI has tremendous capacity to transform, it disrupts at the same time. For more guidance on harnessing generative AI, contact your trusted technology advisor today.

Make Cloud Work for Your Business

Cloud computing, with its many “as a service” offerings, is an option for replacing outdated on-premise infrastructure with a flexible, pay-as-you-go, Internet-based form of computing. Read on to learn about saving costs and supporting business innovation with Cloud computing

 

Cloud Helps Convert Capital Expense to Operating Expense

 

Cloud has helped many businesses, especially small to medium-sized businesses, move their computing from possibly aging on-premise infrastructure to a cloud service provider’s (CSP) infrastructure. Thus, the CSP handles the operation and maintenance of servers, hardware and software. Small to medium-sized businesses can switch from capital expenses (including the depreciation of equipment) to a flexible subscription-based computing model that allows the company to scale provision up and down as needed. Organizations can respond easily to  demand fluctuations and use the cloud to  support business innovation. Companies are able to monitor their usage, learning the compute cost for each of customers and adjust usage as needed. 

 

“Everything as a Service”  Can Help Streamline Costs

 

Infrastructure as a Service (IaaS),  Platform as a Service (PaaS) and Software as a Service(SaaS) are three primary cloud service offerings, and the range of new ones has grown over the years.  “As a Service” offerings have grown, and are expected to continue growing, over the next few years. In 2022, Gartner predicted that IT spending would exceed $1.3 trillion, and expand to $1.8 trillion by 2025. Everything as a Service (XaaS) brings together multiple offerings into one package, and investment in XaaS is slated to be the top category. In addition to the most common offerings listed above, XaaS can include Database as a Service (DBaaS), Disaster Recovery as a Service (DRaaS) and many others. 

 

Considerations for Cloud Adoption

 

When considering XaaS or any other cloud offering, a business needs to consider the business case for its use. What are the company’s goals, short- and long-term? What new products or services do they hope to roll out, and how will the cloud help? For example, a company might want to strengthen its disaster recovery plan, and invest in Disaster Recovery as a Service. What the offerings have in common is the flexibility and scalability of cloud, the ability to purchase more (or fewer) computing resources according to business needs. With this flexibility comes the need for a strong internet connection and network. Businesses subject to data-privacy and security regulations will need to ensure that their prospective provider follows the same regulations.

 

Cloud computing holds great potential to simplify infrastructure and convert capital expense to easily-managed operating expense. For more guidance on migrating workloads to the cloud and maximizing its benefits, contact your trusted technology advisor today. 

Disaster-Proof Your Business with a Business Continuity/Disaster Recovery Plan

As recent events like severe storms demonstrate, disasters will occur. But they needn’t sideline your business. Read more to find out about developing a plan to mitigate the effects of disasters on your company’s data and network. 

 

The Cost of Failing to Plan

 

The cost of downtime is $5,600 per minute! Multiply that out, and you could be paying hundreds of thousands or even millions for lost revenue, lost wages (or overtime when systems come back online), or fines for regulatory non-compliance. Even if unplanned downtime is just an hour, the cost is steep. The revenue you lose because your customers can’t purchase items on your website, and even missed deadlines for projects, can hurt your bottom line and your reputation with customers. Data breaches from cyberattacks can reduce your customers’ trust as well, and possibly result in fines for regulatory non-compliance. By not having a plan, you may waste valuable time because you don’t know what to do first. 

 

Developing a Business Continuity/Disaster Recovery Plan

 

A business continuity/disaster recovery plan is vital in protecting your company. The disaster recovery aspect deals with how your business will bounce back from a natural or manmade disaster.  How do you develop your plan? A good first step is assessing the current state of your network as well as the risks your company faces. Do your systems have any holes where malware can enter or places where data might become bottlenecked? Do you have redundancy/failover so that if one part of your network is down, another part can pick up the traffic? What about equipment you have on-premise–is it protected from overheating, a common cause of equipment failure? And what about cyber defense? Is your data backed up and safeguarded in the event of loss or intrusion? Finally, consider whether your employees are adequately trained and able to recognize (and stop) a potential phishing attempt. A robust plan will have provisions for infrastructure, systems, processes and personnel.

 

Keep Your Plan in Shape

 

Once you have a plan and implement it, testing will show how well it works. Staging mock events will show how workers act in the event of a cyberattack, and will show what they know (or don’t). Testing your plan will show what areas are strong and which need fixing. How quickly, for example, can data be retrieved from backup? Making detailed note of what goes well will help refine your plan and prepare you in case of an emergency.

 

Disasters come, but need not harm your business; having a plan is key. For guidance, contact your trusted technology advisor today. 

Business Benefits and Risks of Using Artificial Intelligence

Artificial Intelligence (AI) and its applications have the potential to radically improve business processes. Like all technologies, it comes with risks, too. Read on to learn more how small to medium-size businesses can leverage AI while mitigating the potential risks of this growing technology. 

 

More and More Businesses Use Artificial Intelligence

 

Use of artificial intelligence is growing, and is only expected to increase. According to a report cited by a CompTIA article, the market for AI is expected to grow by 38.1% each year until 2030–from 2022’s market of $119.7 billion. Tech and financial services are the industry sectors using it most, with telecommunications at 5%. Customer satisfaction for companies using artificial intelligence is expected to grow by 25%. What makes AI such a draw, especially for small to medium-sized businesses?

 

Benefits of Artificial Intelligence

 

Artificial intelligence can be used for business processes like automated chat, or to analyze great amounts of data in a way more time- and labor-saving than humans can. For smaller companies, having automated processes can free up a smaller staff from performing mundane tasks.  Businesses can use AI to get customer feedback to change course in product/service offerings if needed. Automation by AI can even help with cybersecurity by detecting patterns and even anomalies in the sea of data generated by businesses–perhaps stopping a cyberattack in its tracks. Artificial intelligence can also be taught to shut down affected systems and isolate the threat. In terms of saving costs, businesses can allow automated chat to handle simple and quick customer service queries, allowing workers to focus on more complex issues. Moreover, your business may be seen as proactive and responsive, giving it a competitive edge.

 

Possible Risks of Using Artificial Intelligence

 

The benefits are apparent, but so are the risks. A substantial percentage (62%) of McKinsey 

Respondents named cybersecurity as the biggest risk. Systems using AI can be hacked and data stolen or manipulated, because of the autonomy of these systems. Use of AI to analyze data can expose that data to loss or theft. Other concerns are whether the decisions AI makes are trustworthy as far as accuracy (explainability–how did the machine arrive at the result it did?) and that the results are as free of bias as possible. Compliance is another risk–does the system handle data in the way that complies with industry regulations. Artificial intelligence, even with its abundant promise, still needs to have a strong framework of policies and procedures for maintaining security and privacy.

 

Artificial intelligence can provide many benefits to small and medium-sized businesses, as well as bring up questions about safety and privacy. For further information, contact your trusted technology advisor today. 

Using Workers and Technology to Fight Phishing Attacks

Now that Generative AI (e.g. ChatGPT) is here, phishing attacks may increase both in number and sophistication. How do businesses protect themselves? Awareness is a good first step, but gathering data using a security information and event management system (SIEM) is even better. Read on to learn how SIEM along with education and awareness training can reinforce your company’s efforts to prevent phishing attacks and resulting malware.

 

What is SIEM?

 

Security information and event management (SIEM) combines two separate systems to not only gather information but develop rules to help analysts understand what occurs in your company’s network. Security information management involves the gathering, monitoring and analysis of security-related information across different computer logs–including email applications. 

 

Security event management is involved in helping respond to incidents. SIEM brings the two functions together – the strong log-keeping functions of SIM with the response capabilities of SEM. The information is put together in a standard format, then aggregated and analyzed, helping IT professionals prioritize their threat response. Since SIEM can be outsourced to managed service providers (MSPs), it is possible for small to medium-sized businesses to afford it and not have to hire extra staff.

 

SIEM and Phishing Attacks

 

The security operations center of an average organization can receive tens of thousands of threats, and some can receive ten times more. What’s a small or medium-sized business to do? How do they know they are victims of a ransomware attack until the damage is already done? Security information and event management has the capacity to gather and analyze information about user authentication attempts, separating normal logins from malicious attempts. When unusual login activity is detected, an event is created when it happens.  The SIEM software can then lock out the suspicious user while doing the investigation. While SIEM can show IT teams what’s happening throughout the network, everyone still needs to be aware of phishing emails and what they look like, and trained to act.

 

Train Your Workers, Too

 

Humans are thought of as  the weak spot in protecting against cyber attacks, including phishing emails. But what if, combined with SIEM, they are a strong defense against malware and other dangerous network intrusions? Whether phishing attempts using ChatGPT as the hook will become so sophisticated as to hide normal clues to phishing emails is not yet known. Clues like spelling errors and poor grammar are signs that the email is not from a legitimate sender. Educating workers to look for more information without clicking on malicious links and attachments, can help them identify a phishing email.

 

Technological tools like SIEM can combine with staff training to provide a strong defense against hazards from phishing emails. For further assistance, contact your trusted technology advisor today.

ChatGPT, Generative Artificial Intelligence and the Future

Any technology brings benefits as well as possible challenges, and Generative AI (e.g. ChatGPT) is no exception. ChatGPT is a type of artificial intelligence language model (“GPT” stands for generative pre-trained transformer) that carries potential for business uses. Whatever challenges this prevents in terms of cybersecurity will become apparent. No matter what the technology, safeguards will still revolve around people, processes and technology. Read on to learn more about ChatGPT, its potential uses, and the challenges it may bring.

 

What ChatGPT is, and Why it Matters

 

ChatGPT, a product from Open AI, is a Large Language Model (LLM) built on datasets from the Internet and pre-trained to give responses to questions, generate content, and make user interfaces more personal and interactive. Predictive text is already prevalent in email applications, wherein the application tries to guess the next few words or next sentence. All the user has to do is click the tab button to accept or continue typing to override the suggestion. Similarly, the artificial intelligence powering ChatGPT can help generate text by prompting the writer with suggestions based on Internet data. Organizations can save time and improve customer service, content creation, research and even automate customer service analytics. Generative artificial intelligence is the enabling technology for ChatGPT, and uses are probably limited only to the human imagination. Artificial intelligence puts together information from the Internet, but it’s up to the user to judge the content’s usefulness and accuracy. 

 

Early Adoption of ChatGPT Progresses Quickly

 

While not yet audited for bias and accuracy, ChatGPT has still become popular, and will probably become even more so, with so many quickly adopting it. Technological innovations like the telephone and electricity took decades to reach ubiquity, nearly eighty years in the case of the telephone. Electricity, first introduced at the Chicago World’s Fair in 1893, was thought marvelous–it too had its risks, including fires from improper wiring. According to a CompTIA article, the 1893 fire had the effect of starting a national certification for electricians based on agreed-to standards. And standards for use of ChatGPT have yet to be formulated. 


Even with its quick adoption, use of large language models like ChatGPT produces questions. 

For one, how does the use of ChatGPT help business objectives? Use cases can include improving the personalization of user interfaces, content generation, or automating customer service analytics. Another question has to do with where the data comes from, and how it’s changed. Businesses also need to consider where data comes from, and put into place governance which managers communicate to their reports–educating them about when AI can and should be used. Moreover, like any technology, ChatGPT can be exploited by bad actors who use AI to develop more sophisticated phishing schemes and even to spoof legitimate websites. 

 

Security Risks of AI and its Applications

 

Phishing and Malware

 

Any new technology can potentially be hijacked by bad actors seeking to steal data. The greater field of results offered by large language models like ChatGPT may enable even amateur hackers more data to work with. They can then introduce malicious code and formulate malware, offered up to unwitting email recipients via “phishing”–pretending to be a legitimate entity and hence stealing email login credentials and other sensitive data. AI-generated malware can in turn invade a company’s entire network. Phishing schemes also have the potential to become more sophisticated since, thanks to AI’s availability in multiple languages, professional-looking emails can be produced that can fool readers who might already know traits of phishing messages like typos and spelling errors. 

 

Production of Fake Websites

 

In a similar vein, content could be produced to generate fake websites designed to harvest personally identifying information. Logos and text could very closely imitate genuine websites that fool visitors into thinking they’re on a business website–maybe your website. Many bad actors are taking advantage of the topic by setting up sites to collect Personally Identifiable Information (PII) from unsuspecting visitors by using ChatGPT, Generative AI and LLM topics as the hook,

 

Data Security at Risk

 

Aside from malware, phishing and fake websites, large language models can put data at risk. What about the servers storing data used by AI? How safe are they? How accurate are the results? And how private is the data? Trained data used by the AI supporting ChatGPT is massive, and is not subject to permissions for use and upload. It is also unknown if conversational data is encrypted, so this data may not be private, either. Infact, uploading information to ChatGPT places it in the public domain. While much is yet unknown, current safeguards (people, processes and technology are still needed to manage risks.

 

Staying Secure When Using ChatGPT

 

On the business side, companies need to keep a pulse on the development of ChatGPT, developing new policies and updating older ones. What will the business use ChatGPT for, and when? Where does the data come from, and how will it be used? Companies need to take a holistic approach to security, setting ground rules for use of ChatGPT and educating everyone in the company on those rules. 

 

On the end-user side, individuals need to be vigilant about what data they supply to ChatGPT and to its source, the Internet. They still need to know the signs of a phishing email, perhaps treating any unsolicited email as a possible phishing attempt. 

 

Although Open AI takes security and privacy seriously, hazards may still exist. Like any tool, ChatGPT needs to be used carefully, in line with business goals. For more assistance, contact your trusted technology advisor today. 

Enhance Customer Experience with Communications and Collaboration

Like rock and roll, remote work is here to stay. Customers have numerous ways to reach your business, but not until the advent of communications and collaboration software have these methods been integrated. Read on to learn more about this way of connecting multiple touchpoints.

 

The Benefits of Communications and Collaboration

 

Anyone who has used Zoom phone and videoconferencing or Microsoft Teams over the past few years has learned how easy collaboration and communication is between coworkers and customers. Such integration can help workers collaborate online and on video along with sharing files and customer information, anytime and anywhere. What’s more, customers can choose how they communicate with you, switching easily from one channel to another. On the customer-facing side, providing customers with their favorite way of communicating gives them a positive experience with your company. Integrating communications and collaboration applications, more than having them available separately, allows a customer to stay connected from voice mail, to phone, to video, without missing a beat. This positive Customer Experience (CX) can help you not just please customers  but stand out from the competition. Using Customer Relationship Management (CRM) software can expedite calls, allowing workers to serve customers more quickly.

 

Justifying the Investment in Customer Experience

 

While such flexible and fluid communication sounds ideal, your company still has a budget. How, then, can you justify the omnichannel investment? According to a trends article by CompTIA, a third of channel firms report they will seek workers with experience in communications and collaboration (including social media) approaches to customer communications. An earlier article reports that companies using an integrated approach can achieve as much as 90% customer retention. Customer experience, improved by communications and collaboration, could be even more important than the actual product or service offered. Imagine being able to complete three calls using integrated channels, versus the one completed when using non-integrated methods.

 

Using communications and collaboration programs to integrate communications with customers and remote workers can help your business get more done more quickly and efficiently. For more information, contact your trusted technology advisor today.

Protecting Your Data Using Cloud Backup

As shown by recent wild weather, one never knows when a natural disaster – or for that matter, a man-made one – might strike. How can you prepare your business to stay running and have access to data in case of such an event? Read on to learn more about using cloud backup to safeguard critical data.

 

Importance of Data Backup

 

Backing up your data is obviously necessary, but where to put it? Keep it on premises and risk having it inaccessible if a disaster disrupts your business? What if your business is closed for weeks or even months? One rule, the 3-2-1 rule, advises having copies of your data in multiple locations. Loss of critical data can result in interruptions to business operations, loss of trust of customers and other stakeholders, and even penalties for failing to comply with data protection regulations. What if one of the locations for data backup and storage is the cloud, with your data managed by a cloud service provider?

 

Benefits of Cloud Backup to Protect Data

 

Simply put, cloud backup is making copies of your data to store in the cloud, with the cloud provider supervising its security and integrity. Your business will have access to data in case of a minor or even major disaster, whether a power outage of a couple hours or a longer disruption. Your IT team can send copies of your data to the CSP for storage and backup, allowing workers to access it anywhere. With the CSP furnishing the infrastructure, as well as providing monitoring and reporting services, data remains safe from loss or compromise. Data storage and backup are scalable according to demand, with no need for multiple software licenses. Security and compliance are also enabled, with encryption in transit and at rest.

 

Test Your Network’s Readiness for Cloud Backup

 

Even with its benefits, cloud backup needs careful consideration. First, can your network handle the added demand from cloud backup? Assessing your network’s strength by running a Network Assessment to stress your network in a controlled environment; this will determine your backup window. Second, will the backup schedule for database and file management mesh well with network performance? Network monitoring can spot any irregularities that might interfere with your data’s accessibility when you need it most. 

 

Prioritize Security and Compliance

 

When working with a prospective cloud service provider, ensuring their commitment to securely storing your data to protect it from loss or compromise is crucial. Do they have end-to-end encryption to ensure all your data stays secure and private? Do they follow the data compliance regulations that your company must follow? As for your own network, are there any holes that need patching, and is your protection against malware current? All are questions to consider when adopting cloud backup.

 

Cloud backup has the potential to keep data safe and accessible. For further assistance, contact your trusted technology advisor today.