Tag Archives: Cloud Security

Cloud Security – A Shared Responsibility

While cloud computing is now a common way to provision computing resources and outsource IT functions, security can be a (perceived) obstacle to adoption. Cloud security can be a shared responsibility, however, between the customer and provider. Read on to learn more about what to expect from a current or prospective provider, and what you can do yourself to stay secure.

 

 Cloud Security and Why it Matters

 

Cloud computing, although providing multiple benefits, also presents security concerns. With compute resources available through the Internet, the greater amount of data moving between networks and devices, data which can be lost or stolen. Cloud security is a combination of technology, processes and policies that can keep your applications and data safe, reliable and available. Who ensures this, your company or the provider?

 

Cloud Security a Shared Responsibility

 

The answer is, both. In general, the provider provides and maintains the infrastructure, and the company looks after the data and applications “in” the cloud. How much responsibility either party assumes depends on the type of platform used. For instance, for Infrastructure as a Service (IaaS), the provider furnishes just that – infrastructure–and your company needs to manage the security of its own data and applications.  Other platforms like PaaS and SaaS provide more oversight. Sometimes the CSP will also offer data storage and monitoring. Top providers may even offer security-by-design or layered security as well as network monitoring and identity access management. 

 

Your Company’s Role

 

In general, a provider that handles more of the functions also protects more. Beginning with Infrastructure as a Service (IaaS), you secure data, applications, and control over your virtual network. With Platform as a Service (PaaS) you still handle data and applications and user access. Software as a Service (SaaS) allows you to outsource applications while still maintaining oversight of user access. Your company may need to employ multi-factor authentication for access control and train workers in password procedures. 

 

Considerations When Seeking a Provider

 

When evaluating a cloud service provider, security is critical. Does your current or prospective provider offer network monitoring? One of the concerns about cloud is lack of visibility regarding who attempts to access your network; how does the provider address this? With more scrutiny of data handling and more stringent regulations, assuring that your provider follows the same regulations you do is vital. 

 

Cloud computing, even with its benefits, carries security risks. To learn more about developing your cloud security strategy, contact your trusted technology advisor today.

Data Security in the Cloud

Cloud computing is used by many businesses, including small to medium-sized companies. Reasons for moving to the cloud include the desire for someone else to operate and maintain infrastructure, and to use a pay-as-you-go subscription model. In spite of the draw of cloud computing, companies need to consider what data they want in the cloud, and how that data will be managed and protected. Read on to learn more about what to consider when looking for a cloud provider

 

Cloud Computing Offers Benefits and Raises Questions

 

Cloud computing is often a good way to reduce infrastructure costs by accessing computing resources remotely over the Internet. Thus, a company can leave the infrastructure and its maintenance to a provider, and pay according to resources used. Depending on the service levels, some responsibility for data management may fall on your business. This provides flexibility for you and shares the responsibility with you. 

 

According to a CompTIA guide for cloud security, recent data incidents have drawn attention especially to how a CSP handles data. But amazingly, not that many companies—small to medium-sized businesses among them—do a “deep dive” in researching a provider.  Commonly, company executives worry most about system outages and data breaches, which are concerns. However, with the amount of data generated by businesses, there are also the issues of data integrity, regulatory compliance, and disaster recovery. 

 

Considerations for Cloud Security

 

A key consideration for cloud security starts with the understanding of your service level agreement (SLA). For example, you may want to keep an archive of your email for compliance reasons; if so, ensure that is included in your SLA.  Additionally, you may want to ensure that your critical confidential and personally identifying information like bank account numbers, names and addresses and Social Security numbers are kept safe to avoid fines and loss of reputation; this may be done through encryption of the data. Some responsibility may rest on your shoulders; how long should you keep data, and how will it be disposed of?  

 

Your data is too critical not to be protected. For more guidance about what to discuss with a prospective provider, contact your trusted technology advisor today.

Work Anywhere Securely with the Cloud

With remote work a fixture in our economy, technology has risen to meet the challenge. From virtual desktops to unified communications, it is easy to work anywhere.  Read on to learn how technology based in the Cloud can keep your business robust in 2021 and beyond.

 

Stay Connected with Unified Communications

Unified Communications as a Service (UcaaS) provides phone, chat, text, email, web conferencing and more as an integrated solution available in the Cloud. Voice over IP (VoIP) and other Cloud technologies remove the dependency of on-premise hardware and the need for expensive phone and conferencing equipment. This lets you route calls efficiently to communicate in real time all over the world. 

 

Work Securely with DeskTop as a Service

Adopting Desktop as a Service (DaaS) means you can work anywhere, get customer information instantly and securely from home or all over the world. With Windows Virtual Desktop (WVD) or Virtual Desktop Infrastructure (VDI), your access is more secure because all systems and applications are managed virtually with a defined level of security that can be centrally managed from a remote location. Since the data is in the Cloud, it doesn’t reside on individual devices, thereby increasing security. Individual users still need to practice effective password management as well as best practices in security policy. With Desktop as a Service (DaaS), the Cloud provider manages and operates the infrastructure, including security. 

 

Work Anywhere with Software as a Service

Software as a Service (SaaS), also based in the Cloud, supports a wide variety of applications, including business applications like CRM, accounting, human resources and more. With the ability to access your applications anywhere from any device (including desktop, laptop, tablet or mobile) you always have information and applications at your fingertips whether you are at home or abroad.

 

Benefits of the Cloud

What all these technologies have in common is the Cloud; expandable computing power available as service. Cloud computing makes it possible to access applications and data with just an Internet connection. The infrastructure resides with the Cloud service provider instead of on-premises, converting a capital expense to an operating expense and saving money. Cloud’s flexibility and scalability allows a company to provision more or less computing resources, according to demand. Private and public Cloud environments are available for differing business needs.   

 

Technologies used in on-site and remote work will continue to be in high demand. To learn how you can take advantage of the benefits of the Cloud and its applications, contact us today.

Technology Trends

Building a Solid Security Foundation in the Cloud

With more and more businesses putting their data in the Cloud, most agree the benefits of doing so outweigh the risks. However, there are still risks to consider, both before and after selecting a Cloud Service Provider. Read on to find out about these as well as to learn how to manage security in the Cloud.      

Making Your Business Cloud-Ready

According to a Computing Technology Industry Association (CompTIA) report, “Assessing the Cloud Security Landscape,” 85% of business and IT professionals are confident in their Cloud Service Provider. Cloud computing is certain to grow even more in coming years. What cloud security concerns are top of mind for business owners and IT professionals? What do they need to consider before migrating to the Cloud?

Three of the key concerns business owners have are about business downtime and disaster recovery, loss or exposure of data when it migrates to the cloud, and the safety of data, through encryption, when the data is in motion and at rest. Other concerns include the physical location of data centers and shared technology concerns in multi-tenant environment. In spite of these concerns, only 3 in 10 business owners do a comprehensive evaluation, according to CompTIA.

Questions to Ask Your Cloud Service Provider

Before selecting a Cloud Service Provider, ask yourself and the potential provider some important questions. First, should all of your data be in the cloud? If you are responsible for compliance with regulatory standards, or if your data is proprietary or competitive, the cloud might not be the right place for the more sensitive information. Be sure to have a solid IT infrastructure to handle the data that needs to be more closely guarded. Another factor related to regulatory compliance is the physical location of the provider’s data center. Where does it reside and how does that affect compliance to regulatory standards? Also ask about the provider’s encryption policies and their business interruption and disaster recovery plans. All of these considerations are key to staying secure in the cloud.

Keeping Your Business Secure

Once you have decided to use the cloud, you still need to take the responsibility to keep your data safe. Ensure that your network is in compliance; it is only as secure as its weakest point. Make sure to have the most current operating system patches as well as up-to-date anti-virus and anti-malware definitions. Also, establish a policy for establishing and maintaining passwords. Educate your employees in choosing strong passwords—a combination of upper-case and lower-case letters, numbers and special characters can make passwords “unhackable.” Emphasize that employees should change their passwords regularly, and that they have a stake in protecting their own and your company’s data.

Has your company reviewed how you want to handle security, reliability, compliance, and legal issues related to your cloud service? If not, consider contacting a cloud computing professional to review your cloud security policies today.

Considering Cloud Security

Cloud ComputingAccording to a recent research report “Assessing the Cloud Security Landscape” by the Computing Technology Industry Association (CompTIA), 85% of business owners and IT professionals participating in a survey responded that they are Confident in their Cloud Service Provider. No wonder research firm IDC predicts the market for public and private cloud security to more than double over the next few years. What Cloud Security Concerns are top of mind with business owners, and what can you do to reduce your risk? Read more to find out…

Cloud Security Concerns

According to the CompTIA research, the biggest security concerns are: system downtime and business interruptions; exposure or loss of data during file transfers to the cloud; and concerns over encryption of data (either transactional or at rest). Rounding out the top five concerns from the research are physical security of cloud service provider data centers, and shared technology vulnerabilities in a multi-tenant environment. Many of the risks related to these issues can be avoided with appropriate technologies, and by adhering to industry compliance regulations.

Questions to Ask About Cloud Security

To help you sleep at night, there are a number of questions you can ask your Cloud Service Provider to better understand security considerations. You may want to know where your data resides. Understanding data residency could help you navigate standards related to regulatory compliance or specific country requirements on data residency. Consider asking your Cloud Service Provider about their encryption policies, business continuity and disaster recovery plans, and their data integrity and retention policies.

Is the Cloud Right for All of My Data?

Data that is strictly regulated by industry compliance, or that is highly sensitive or competitive, may not be right for Cloud Computing. This makes the case for having a solid internal IT infrastructure in addition to investment in Cloud Computing technology.

As Cloud Computing matures, so will the technologies designed to protect against threats. To stay on top of these issues and trends, reach out to your technology advisor to understand the impact of Cloud Security concerns for your business.

 

Getting the Most from Cloud Computing

Advantages of Moving to CloudCloud Computing adoption continues to outpace the growth rate of total IT spending. According to research firm Gartner, the market for public cloud services will continue expanding, with year-over-year revenue growth of 17.3%. Compare this to Gartner Growth expectation of total IT Growth of 1.4% and you can see how the market for Cloud Computing is maturing. Cloud Service Providers offer a wide range of solutions. According to CompTIA Trends in Cloud Computing, Cost reduction is the primary driver for VoIP, cited by 67% of companies with a VoIP implementation. Integration with other applications was cited as the second biggest driver by 36% of VoIP adopters. Here are a few tips to help realize the benefits of savings and integration of popular Cloud Services.

 

Manage Rogue IT


Rogue IT is a term for technology deployed without the aid of a technology advisor. Cloud Computing empowers Line of Business (LOB) owners to rapidly deploy Software as a Service (SaaS) applications and to minimize the involvement of a technology advisor. Financial management, HR management, Call Center and Help Desk services are common SaaS application purchase decisions made by LOB owners.

More often than not, LOB owners involve a technology advisor in the purchase decision for final approval and consultation. Cloud integration, security concerns, and the need to centralize technologies are common reasons to include a technology advisor. Without the input from a trusted advisor, the costs of Cloud adoption can increase, and the creation of silos from lack of integration can result.

Navigate Cloud Security Concerns

Due to the nebulous nature of Cloud Computing, Cloud Security can be a challenge to manage and is only as strong as its weakest link. By proactively managing their technologies and workflows, companies can avoid security issues including lack of regulatory compliance, malware infection and denial of service attacks. Seeking the support of a trusted technology advisor provides an unbiased perspective for performing due diligence on suppliers and partners so your business can use the Cloud with confidence.

Ensure that your Cloud Service Providers monitor their systems for malware and utilize firewalls and encryption. These actions protect your assets in the Cloud and ensure that Unified Communications, Web Hosting and other customer-facing applications run smoothly.

Manage Internal Change from Digital Transformation

Cost savings and integration resulting from Cloud Adoption will have a positive impact on internal operations. Building new policies, or updating existing policies and procedures, allows your employees to take full advantage of Cloud Computing Adoption. Also consider reviewing how you monitor performance for your network, applications and Cloud Services. Keeping things performing will contribute to the overall productivity and savings realized from Cloud Computing.

Cloud Computing adoption drives change at many levels in today’s business world. With the help of a technology advisor you can get the most from your Cloud Computing investment. Don’t hesitate to reach out to your technology advisor to lift your business to the Cloud.

Migrating to the Cloud with Confidence

Cloud ComputingMore and more companies are migrating to Cloud Computing to gain competitive advantage and reduce capital expense. According to CompTIA’s 9th annual Security Trends study, companies reported over 80% net usage of Cloud Computing. Over 59% reported moderate or heavy usage. What’s more, the survey found that 68% reported confidence in Cloud providers’ ability to provide a Secure Cloud Environment. An additional 17% responded they were very confident in the security of their Cloud environment. Let’s explore what drives confidence in the Cloud.

How to Assess Cloud Provider Security

There are many variables to consider when evaluating security of a Cloud Provider. According to the study, many companies evaluate their Cloud provider based on encryption–when moving data to the Cloud, it should be encrypted at rest and in transit. In addition, companies should consider the disaster recovery plans of their Cloud Provider. Some Cloud Providers adopt industry standards including SAS 70 to provide consistent, compliant cloud security. Industry standards are often used to evaluate a Cloud Provider. Identity and access management are also criteria for evaluating a Cloud Provider. Many companies also consider geographical location(s) of the Cloud Provider’s data center.  

Consider your Compliance Requirements

Many industries have specific requirements regarding handling data. For example, PCI provides guidelines for how companies handle credit card information. Healthcare, Financial Services and Governments (or companies doing business with Government) also have compliance requirements for handling data. Understanding your requirements is key to ensuring you migrate to the Cloud with confidence. Some data may require implementation of a private cloud environment. Also, a Private Cloud has additional security benefits, being a Cloud environment dedicated to a specific company.

Use the Cloud Responsibly

One of the many benefits of Cloud Computing is ease of deployment. Many Software as a Service (SaaS) applications make it easy for a department within a company to migrate to the Cloud without technical assistance. This technology adoption is known as “Rogue IT.” Having a better understanding of Cloud Security and risk helps your business leaders make smart decisions when it comes to migrating to the Cloud.

If you are migrating to the Cloud or have concerns over your Cloud Security, contact your technology advisor to find out how to migrate to the Cloud with Confidence.

Cyber Threats You Should Protect Against

Cyber SecurityDefending against Cyber threats is no easy task. Understanding the risks and designing a defense strategy are important steps in protecting yourself from Malicious actors and Cybercriminals. Staying current on Operating System and Application Patches, Restricting Network Access, and maintaining antivirus and malware protection are known ways to protect your network. Employee awareness and education on how to identify threats, and the importance of adhering to policies, also bolster your defense against cyber attack. If you’re not convinced, review the following Cyber threats you need to protect against.

 

How Malicious Software (Malware) Works

Malware is self-propagating software designed to infiltrate your network. This software can come in the form of a worm that will infect your network via your router via your Internet Protocol (IP) address. If it doesn’t find a hole in your network it may automatically update to scan for the next sequential IP Address, infiltrating and corrupting networks as it goes along. Avoid Malware by proactively scanning your network and keeping your network in compliance.

 

Why Phishing Could Put You Out of Business

Every year, millions of SPAM emails are sent to unwary recipients with the hope of collecting private and personal information including, account/password, privacy data and other information that can be exploited for profit. What’s more, Phishing is a popular way for Cybercriminals to distribute Ransomware, a form of malware that holds your systems hostage in exchange for payment. In the event of a data breach, your company may need to disclose the impact to customers and other stakeholders. In addition to ransom and legal fees, your company’s reputation may be on the line. Email protection and web content filtering are ways to protect against phishing schemes. It is also important to train your employees in how to identify and avoid these types of attacks.

 

Distributed Denial of Service Attack (DDoS)

Think of a Distributed Denial of Service Attack (DDoS) as a flood of system-generated traffic attacking your business infrastructure, designed to take you offline from the Internet. Hackers may try and extort your business or use DDoS in retaliation. Many Cloud Providers have excellent resilience and redundancy to defend against DDoS. If you rely on your own infrastructure, be sure to monitor for unusual activity and have a plan for failover in the event of a DDoS attack on your business.

 

Cyber attack threatens businesses large and small. Planning and network protection, combined with training, are your keys to defending against unintended data loss and business interruption due to Cyberthreats. Contact your Network Security specialist to find out what you can do to prevent a Cyber attack on your business.

Technology Trends for 2017

Technology Outlook 2017It’s that time of year when many businesses are setting goals and budgets for next year. This is a good time to reflect on the impact technology can have on your business. While Cloud Computing adoption remains strong, companies will increase migration from Public to Private Cloud and even migrate back “on premise.” Cloud adoption, digital transformation and streaming media will increase the demand for bulletproof networking. New technologies including SD-WAN will hit mainstream in 2017 to improve network performance in support of business requirements. Cyber threats will continue to keep business owners up at night with increased intrusions from ransomware and unplanned downtime from DDoS attacks. Here are a few takeaways to consider for your 2017 plan.

More Choices for Cloud Computing

In a recent study by the Computing Technology Industry Association’s (CompTIA), 43% of those using Public Cloud are expected to migrate to another Public Cloud Provider. For example, companies using Hosted Exchange may find themselves adopting Office 365 or Google for Work to keep current on the latest version of these communications and collaborations applications. The CompTIA “Trends in Cloud Computing” research also revealed 21% of Cloud usage will move from Public Cloud to Private Clouds. This scenario is driven by the need for compliance with industry regulations, including HIPAA regulations for health care and SOX compliance for Financial Services, among other business requirements.

Digital Transformation Will Emerge as Competitive Advantage for Business of All Sizes

Businesses will adopt new strategies for reaching new customers and servicing existing customers in 2017. These new strategies will fuel the need for digital transformation. Reaching new buyers through digital channels, along with automating customer service, order or fulfillment, and linking supply chains, will drive this digital transformation in support of new business strategies. Cloud Contact Center, Customer Relationship Management (CRM), Marketing Automation, eCommerce, and other customer-facing technologies will emerge as transformation enablers. Other technologies helping with administrative functions (including workforce recruitment and development) will help companies maintain competitive advantage and manage their growth.

Resolve to Bulletproof Your Network in 2017

In 2017 Business Networks will become a strategic advantage. Access to Cloud infrastructure, connecting remote offices, reliance on VoIP, Cloud Call Center and video streaming will all drive demand for high-performance networking. Technologies allowing wide area networking optimization, known as Software Defined Networks or SD-WAN, will become mainstream technology in 2017. Through simplified management and reliance on business class Internet, network performance is expected to increase while related costs are expected to decrease.

Security will Continue to Keep Business Owners Up at Night

The Gartner Group predicts demand for Security related to the Internet of Things (IoT) will be driven by 11 billion connected devices. Similar to adoption of mobile devices in the workplace, connecting “things” will create the need for additional security and proactive management. Additionally, Cyber Threats from malware and phishing schemes will continue, as will additional threats and downtime from Ransomware and DDoS attacks in 2017. Keeping your network running will be more complex and more important for the foreseeable future.

As you adjust your strategy to accommodate the rapidly changing business environment, consider how technology can influence your outcome in 2017. If you feel you need help with your 2017 technology plan, contact your technology advisor today.

Considering Cloud? Tips to Ease Migration to the Cloud

Cloud ComputingAccording to IDC, the combined public/private Cloud security market will more than double over the next few years. Cloud adoption is changing the way enterprises use applications. Increased adoption of hosted email, Unified Communications (UC), and Voice over IP (VoIP) may increase bandwidth and change the way employees access the Internet.

Many companies are moving away from routing network traffic to a centralized data center for the Remote Office/Branch Office (ROBO) locations, in favor of increasing traffic directly to the Internet and bypassing the data center altogether. With all of these changes, the traditional Wide area network (WAN) relying on carrier MPLS (multiprotocol label switching) network capacity may prove costly and inefficient to keep up with today’s demands.

Here are some tips to consider to ease your migration to the Cloud:

Where to Begin Your Migration to the Cloud

If you haven’t already begun your migration, consider starting with Email, File Sharing and collaboration. These popular Cloud Services offer enhanced or new functionality to your business with immediate productivity benefits. Voice and Call center services can offer savings with reduced operation costs. There are also many benefits from Cloud Backup and disaster recovery services. In some cases, these services may be available with turnkey bundles supporting a range of applications. Many companies also benefit by migrating other enterprise applications including CRM, ERP, and other mission-critical applications to the Cloud.

Network considerations include device consolidation, multi-path optimization, and network performance monitoring for better awareness and control. Taking these steps can save you money, and avoid costly delays from loss of employee productivity due to insufficient network bandwidth reliability and availability.

Revisit the WAN Architecture

The Enterprise Strategy Group (ESG) recently surveyed senior IT professionals about their biggest networking challenges in supporting their remote office/branch office (ROBO) location.Top responses included slow file transfer speed (36%) and cost of WAN bandwidth (32%). Additionally, 30% reported “Too Much Data to Move” as a top challenge, as reported by ESG.

Simplify network deployments with modern approaches including SD-WAN. By using business- class Internet from a range of carriers, you can save money and also provide increased reliability with policy-based failover to ensure your priority information services run without interruption.

Navigate Cloud Security Concerns

CompTIA’s 9th Annual Information Security Trends study identified system downtime/business interruptions, exposure or loss of data during file transfers to the Cloud, and concerns over encryption of data (either transactional or at rest), as top Cloud security concerns of IT professionals. To avoid these issues when migrating to the Cloud, consider encryption policies and Business continuity and disaster recovery plans available from your Cloud Service Provider.

Migrating to the Cloud will bring your business a range of productivity and cost savings benefits. With careful planning and diligence, you can avoid the hassles and pitfalls of employee downtime and unnecessary expense. Contact your trusted technology advisor to ease your migration to the Cloud today.