Rules, Regulations, and Results

Rules and RegulationsFor Small and Midsize Enterprises (SMEs), the regulatory landscape remains in a perpetual state of flux with changes originating at the Federal, state, and local levels. While some rules and regulations can severely impact your business’ operations, and profitability, many create requirements that you can easily satisfy at a nominal cost.

Three regulations with upcoming deadlines or increased enforcement include:

HIPAA

HIPAA compliance is a requirement for any organization that works with personal health information of individuals — not just medical offices and insurance firms. If you are sharing employee information about benefits, insurance coverage, medical leaves, or other items that involve personal health information (PHI), you have an obligation to protect the PHI. Failure to do so can result in heavy fines and, in a few instances, criminal charges.

Historically, HIPAA compliance has focused on medical practices, insurance, and brokers. We are starting to see audits of non-medical companies, along with fines for those not in compliance. 

Fortunately, you can protect PHI by focusing on the individuals that are authorized or likely to handle sensitive employee information.  By focusing on HR, payroll, and key executive and leadership roles, you can deploy services like message-level email encryption.

What to do:

  • For as little as $5 or $6 per user per month, you can ensure that specific individuals protect PHI and sensitive information while preventing accidental disclosure
  • Contact us for information about encryption, DLP, and other HIPAA solutions.

ELD

Starting December 18, 2017, all interstate trucks in the US must use an Electronic Logging Device (ELD) to track operations and required reporting.  According to the US Department of Transportation (USDOT), fewer than 1/3 of interstate trucks have installed ELDs as of mid-November. Failure to comply can result in heavy fines, impounding of vehicles, and disruption of delivery schedules.

While enforcement is not expected to impact small and midsize trucking firms until late spring or summer of next year, your business can still be at risk.

Here are a few things to note:

  • If you have your own truck(s), they may be classified or registered as Interstate Trucks, even if you only deliver within your state.
  • If you use third parties for shipping, their failure to comply can disrupt your deliveries if trucks are stopped or impounded, or if drivers are pulled off the road.

What to do:

  • Check your own vehicles:
    • Determine if they are properly registered as Interstate Trucks, or if they should be registered as such
    • If you do not have ELDs yet, please contact us for low cost, self-install ELDs with logging software subscriptions
  • Check with your shipper(s):
    • Confirm their trucks, those of their subcontractors, and any owner/operators are properly registered and have ELDs
    • If not, have them contact us for help

GDPR

Effective May 25, 2018, the European Union (EU) General Data Protection Regulation (GDPR) takes effect. While GDPR covers data protection and privacy for citizens of EU member states, treaties allow enforcement in action against US companies operating within the US.

If you have any personal data for citizens of EU member states, you are responsible for GDPR compliance.

GDPR means more than encrypting sensitive data.  GDPR includes processes and procedures for governance, including:

  • A named Data Protection Officer (DPO) responsible for oversight, compliance, and response to individual inquiries. The DPO role can be full time or part time, internal or contracted.
  • You must report suspected breaches within 72 hours of becoming aware of the issue.
  • You need to deploy privacy by design — any new system or change in systems requires primary consideration of privacy and information security.
  • You must be able to demonstrate that you mitigate risk, even in the absence of a privacy breach.

Fortunately for most SME’s the appropriate policy changes and the risk-mitigation technologies need not be expensive of complicated.

What to do:

  • Discuss GDPR with your team, and your legal counsel, to determine your required compliance
  • Provide training, education, and “cultural support” for a data privacy mindset within your organization
  • Review systems storing or processing personal information for security and privacy compliance
  • Select and deploy relevant data loss prevention (risk mitigation) solutions for your environment

Need help? Contact us for more information.


 

What is a MCSP?

Cloud ForwardAs noted in our recent post, Moving Cloud Gets Real, many small and midsize businesses are approaching the tipping point between on-premise and cloud service. When (not if) you reach this point, how you manage and support your IT will change, and you will begin to wonder what a managed cloud service provider can do for you. In this case, the need to monitor and maintain equipment and infrastructure drops off while your need to monitor and manage services, apps, and data increases.

Enter the Managed Cloud Service Provider (MCSP)

A MCSP is a Managed Cloud Service Provider. Similar to a traditional managed service provider, or MSP, the MCSP provides you with end to end monitoring, management, and support for your IT ecosystem.

The big difference between a MSP and a Managed Cloud Service Provider:

  • MSPs focus on on-premise solutions
  • Your MCSP will provide your IT services using cloud infrastructure services, cloud-connected end user devices, and the infrastructure needed to connect the two

Because your MCSP covers you end to end, you still have coverage for your users’ computers, networks, file sharing, printing, and applications.

The MCSP Value Proposition

Historically, most MSPs charge monthly fees based on:

  • The number and type of services
  • The number of users
  • Number of devices
  • Number of vendors

MCSPs, in comparison, typically charge a single, inclusive, per-user fee covering cloud subscriptions and services and included devices. If part of the covered services, monthly fees for networking and other infrastructure may also apply.

The value proposition is greater given the Managed Cloud Service Provider per-user fee covers the user and the system — you do not have separate charges for servers and vendors. The chart, below, illustrates a sample comparison of the per-device versus per-user fees in which the monthly fees quoted were identical.

Traditional
MSP
Cumulus Global
MCSP
Device(s) Yes (Optional) Yes (Optional)
Operating System Yes Yes
Office 365 Subscription Yes Yes
Endpoint Protection Yes Yes
Support Yes Yes
Mobile Device Management Yes
Advanced Threat Protection Yes
Data Backup / Recovery (for Office 365) Yes
O365 PSTN Conferencing Yes
Message-Level Email Encryption Yes
Web Security Yes

In addition to the per-device fees in the chart, above, the Managed Cloud Service Provider options included monitoring and management fees for Active Directory and other on-premise servers that do not exist in the MCSP solution — further enhancing the value proposition.

Next Steps to Understand How a Managed Cloud Service Provider Can Help Your Business

Your next step is to understand when MCSP services are right for your business. Contact us for a complementary Cloud Advisor session; let’s discuss the opportunities and options to see what managed cloud services might be right for your business.

Buy, Lease, DaaS, or BYOD?: Which Option is Right for Your Business

Leasing vs Buying Business EquipmentAs we noted in our last blog post, Moving Cloud Gets Real, small and midsize businesses like yours are reaching the tipping point where cloud solutions outweigh those running on-site. When this happens, you need to decide if/when you move your remaining on-premise systems to cloud infrastructure. As you do, you face the question about what to do with your end user devices, and more specifically, if leasing vs buying business equipment makes more sense.

Leasing vs Buying Business Equipment

Not Just a Desktop Computer Anymore

End user devices are no longer limited to the desktop/laptop purchased by the company. Most of your employees are regularly using personal smartphones, tablets, and other devices to conduct business — your business.

Four Options for Devices

When deciding on leasing vs buying business equipment and what devices your team will use, you have four options:

2. Buy

Purchase devices and provide them to employees, creating a company asset. Buy also includes finance leasing with the “$1 buyout” that gives you ownership of the device at the end of the lease.

2. Lease

Use a lease to pay for only the fair market value of the devices, returning and refreshing them with new models at the end of the lease.

3. BYOD

Allow users to buy and use the device they choose.  They own the device, but use it for work, exclusively or non-exclusively.

4. Device-as-a-Service (DaaS)

Device-as-a-Service, or DaaS, is similar to a lease in that you pay monthly per device. DaaS differs from a lease in that you can, within guidelines, adjust the number of devices up or down, swap out devices for newer models, and replace damaged devices without penalties during the term of the contract. Many DaaS services include malware protection, support, and other services in the monthly fee.

Unless you are buying your staff all of the devices, they use, you already have some mix of “buy” and “bring your own device” (“BYOD”). For many businesses past the cloud tipping point, DaaS and BYOD become the best solutions. DaaS and BYOD let you equip your team with the tools that empower their productivity while maintaining cost controls.

Regardless of Weather You’re Buying or Leasing Business Equipment, You Own the Data

Whether you own your users’ devices or not, you own the data and are responsible for security and privacy.  You need to ensure you have policies and systems in place to secure, manage, and protect your company’s data. This means installing mobile device management and data protection and security tools on devices used for business, even if they are owned by an employee. Failure to do so leaves your exposed to data loss and breaches, and the civil and criminal penalties that can result.

Fortunately, policies need to be complex or difficult to enact. Providing data protection to mobile devices (smartphones, tablets, and — yes — laptops) has benefits for your employees as well. The key is to ensure that your policies and the support technologies are aligned.

Reach Out for a Consultation About Leasing vs Buying Business Equipment

Now is the time to discuss your device strategy and how you are, or will, protect user devices and the company data on those devices. Contact us for a free Cloud Advisor session to discuss options, opportunities, and managed cloud services.


 

Moving Cloud Gets Real

SMB Cloud Tipping PointCloud Computing is reaching a tipping point for small and midsize enterprises (SMEs) as the number and value of cloud-based applications and systems surpasses those running on site. Beyond email, SMBs use Software-as-a-Service solutions for customer relationship management, operations, finance, customer service, and vendor/supply chain management. SMBs want better integration between SaaS solutions and custom-built solutions to further enhance operations, marketing, sales, and the bottom line. Over the next few years, bots, machine learning/AI, and business intelligence will become the norm for SMBs as well as larger enterprises.

SMBs are moving core systems, infrastructure, and services to the cloud.

If all you have left on premise are your Active Directory services, some of your file and print servers/services, and a few business applications, moving your remaining IT services to the cloud makes sense. You can provide the same applications, data, and services without maintaining the physical infrastructure while enabling better integration of systems, processes, and information.

3 Strategies

You have three basic strategies to choose from when moving apps and systems to the cloud:

  • Beautify
    • Also referred to as “lift and load”, this strategy works best when you have (1) a custom-built application; (2) a customized system that cannot migrate to the vendor’s SaaS offering; and/or (3) a solution you do not want to further modify or rebuild as a cloud app.
    • In this scenario, we create cloud-based networks and servers to host and run your existing systems “as-is” with remote, secure access.
    • This option is an effective interim step to a more complete cloud solution.
  • Buy
    • In this scenario, you “buy” a SaaS solution from your current software vendor or move from your existing system to a new SaaS solution.
    • Your ability to “buy” depends on the capabilities of the SaaS solution(s) versus your current system usage and needs. For example, many businesses find that the SaaS version of Quickbooks lacks features and reports that they need an use.
  • Build
    • As the name implies, build means you are replacing an app or system with a new, cloud-based solution.
    • With the current evolution in bots, machine learning, artificial intelligence, and tools, many of your existing processes can be automated by cloud-native services with little or no traditional programming.
    • No-code and low-code solutions are the wave of the future.

Next Steps

Which strategy, or combination of strategies, is best for your business depends on several factors, starting with business goals, objectives, and priorities. Current capabilities, needed features/functions, competitive positioning, internal culture, cost, and value all come into play. When you properly plan and execute your cloud migration, you should see tangible and intangible benefits.


Contact us to discuss the possibilities and opportunities for your business.