Microsoft or Google Calling? Call Your Trusted Advisors

/in

Ringing PhoneYou work with an IT service provider that learns your business, priorities, and IT needs. They work to address your needs and priorities within your budget and in alignment with your business goals and objectives. When economic conditions shift, the vendors with whom your IT service provider partners – Google, Microsoft, and others – get nervous and begin calling you directly, bypassing your trusted advisors.

Since February, we have seen and received reports that our customers, and those of other Microsoft partners, are receiving unsolicited calls, emails, and calendar invites from “Microsoft” about their accounts, licensing, and renewals. These unsolicited contacts are NOT Microsoft “solutions consultants” or “international suppliers” as they might claim. They are Microsoft telemarketing contractors tasked with convincing you to upgrade and expand your Microsoft licensing.

Why is This a Problem?

The contractors doing the outreach do not know your business, nor do they know the extent of your relationship with us, or your Microsoft partner.

  • Their suggestions are often incorrect.
    • They are not aware of how you are using your Microsoft 365 services and the needs of your business.
    • They are not aware of other services you are using, such as backup/recovery and third party security services.
    • Many of their recommendations will duplicate services and costs.
  • The communications and tactics are often aggressive.
    • They may state that they have reviewed or audited your account and you need to upgrade. They may also claim that you need to do an audit, giving you the impression that you are out of compliance.
    • They may attempt to refer you to specific vendors for assessments and services. These often duplicate services you already have or that can be provided more cost-effectively by us or your current Microsoft partner.
  • Customers and Microsoft partners report that the calls and meetings are often just high-pressure sales pitches to buy more seats – a waste of time.

What To Do

If you receive a call or email that you suspect is from a Microsoft “Solutions Consultant” or “International Suppliers”, verify that this is the case. Ask if they are a Microsoft employee or contractor and where they are based. Note that their email address will start with a “v-”, indicating they are a vendor – even though the domain remains “microsoft.com”.

If you do not want to engage, let them know as much and instruct them to contact Cumulus Global, or your partner. We, or your partner, will be happy to screen the call and advise you if the offer is worth considering.

Do you want to engage? Insist that Cumulus Global, or your Microsoft partner, is invited and participates in the meeting. We can provide context to the “consultant” and guidance to you.

Microsoft is not the only vendor that may bypass your IT service provider and contact you directly. It is always best to loop-in your IT service provider.

Your Next Step

At Cumulus Global, our priority is ensuring that you have productive, secure, and affordably managed cloud services. We work to ensure that you do not overspend on services and to focus your IT dollars on the capabilities and services you need.

If your needs or priorities change, let us know or schedule a meeting with a Cloud Advisor. We will help you adapt while keeping your IT services secure and cost-effective.

About the Author

Bill Seybolt bio pictureBill is a Senior Cloud Advisor responsible for helping small and midsize organizations with cloud forward solutions that meet their business needs, priorities, and budgets. Bill works with executives, leaders, and team members to understand workflows, identify strategic goals and tactical requirements, and design solutions and implementation phases. Having helped over 200 organizations successfully adopt cloud solutions, his expertise and working style ensure a comfortable experience effective change management.

The 3 Most Common Cloud Admin Oversights

/in

Cloud AdminIf you use Google Workspace or Microsoft 365, managing your services requires time and effort. Failing to do so can lead to wasted money and security risks. Here are the three most common cloud admin oversights we encounter.

1 – Data and Account Retention Policies

Every business has some degree of employee turnover. Whether you are hiring replacements, reducing staff, or growing, having data and account retention policies will guide how you handle user accounts and data when an employee leaves. Without such policies, we tend to keep accounts active “in case we need some of their files or emails,” long after the need has passed. 

Data and account retention policies can be both effective and simple. Here are some key elements for simple data and account retention policies: 

  • Determine how long you need to keep an employee’s data accessible for legal or regulatory reasons. The length will depend on your business and the user’s job function.

Outside of legal and regulatory requirements, think about:

  • When should you transfer emails, files, or other content to another person.
  • How long to keep an account active in the system.
  • How long to keep an archive or the user’s account in the system.
  • How long to keep a copy of the user’s data in your backup/recovery system.
  • If you choose to export the data, how long to keep the export.
  • When to delete the account after it becomes inactive, allowing you to reuse the license.

Since archive and backup/recovery solutions allow you to restore data to a different user, they offer a more cost-effective option than keeping an account active and licensed. They also help meet your legal retention requirements without the expense of an active user license.

2 – License Management

Sometimes we overlook simple actions that can save us time and money. Both Microsoft and Google allow you to add users at any time during your annual contract term. These additions become part of your contracted commitment, which you cannot reduce until renewal.

Too often, when a new employee or contractor joins the team, we immediately add a license and set them up to work. By not checking for available licenses or user accounts that can be deleted, we miss opportunities to reuse existing licenses. Consequently, we end up paying more without any added benefit.

If you have data and account retention policies, you can safely determine if and when to remove a former employee’s account. This allows you to reuse licenses and avoid incremental costs.

While the process may take a few minutes, it is simple and effective in saving money. We have seen businesses with seasonal employee turnover accumulate 25% to 50% more licenses than they actually need.

3 – On-Boarding / Off-Boarding

Small and midsize businesses may not see the need for formal on/off-boarding processes. However, not having them in place can lead to wasted time and potential security risks. Simple, efficient checklists can save you time, effort, and money

On-Boarding

The key to efficient on-boarding is knowing which applications, tools, and data the new employee should be able to access and use.

Create a simple checklist of applications, tools, and file shares. When on-boarding a new employee, determine what access is needed and check off each item as it is provided. This ensures new staff members only gain access to the resources they need.

Creating standard checklists for specific departments and jobs ensures consistent access and permissions across teams.

As a best practice, create security groups for departments and/or job functions to which you assign permissions are access rights. When on-boarding, adding new employees to the appropriate groups streamlines the process and saves time.

Off-Boarding

One of the most common mistakes made during employee departures is leaving accounts active with continued access to systems and data. This poses a security risk and can create confusion for remaining staff.

Having data and account retention policies helps ensure that past employee accounts, also known as “ghost accounts,” are removed from your systems. Creating off-boarding checklists helps ensure that application and data access gets transferred, as appropriate, to other users. Using security groups further simplifies the off-boarding process.

Your Next Step

With time-saving best practice, cloud admin services, Cumulus Global co-manages and remotely administers your IT services to save you time and money, improve productivity, enhance security, and protect your business.

Contact us about our Managed Cloud Services or schedule a no-obligation meeting with a Cloud Advisor today.

Contact us or schedule a no-obligation meeting with a Cloud Advisor today.

About the Author

Allen Falcon is the co-founder and CEO of Cumulus Global.  Allen co-founded Cumulus Global in 2006 to offer small businesses enterprise-grade email security and compliance using emerging cloud solutions. He has led the company’s growth into a managed cloud service provider with over 1,000 customers throughout North America. Starting his first business at age 12, Allen is a serial entrepreneur. He has launched strategic IT consulting, software, and service companies. An advocate for small and midsize businesses, Allen served on the board of the former Smaller Business Association of New England, local economic development committees, and industry advisory boards.

US Cybersecurity Policy Shift Increases Risk of Successful Cyber Attacks

/in

Data Protection & SecurityThe current United States administration continues to issue and execute dramatic changes in US policies and programs. For businesses, tariffs and their potential impact on the economy and various business sectors gets most of the media attention. Getting less attention, US Cybersecurity Policy changes will have an immediate and potentially devastating impact on many businesses and individuals.  

Multiple reputable news and information sources are reporting that on March 2nd, the current administration ordered the Cybersecurity and Infrastructure Security Agency (CISA) to cease tracking and reporting on Russian threats. This is a tectonic shift in policy as Russia is generally understood to be the largest nation-state sponsor of cyber attacks. This change in focus for CISA will dramatically reduce the availability, reliability, and timeliness of cybersecurity threat intelligence. 

Here is what you need to know, what to expect, and what to do.

What to Know

Here are three things to know about cyber threats, CISA, and nation-state cyber attacks.

1Threat Intelligence

Threat intelligence is the invisible backbone of your cybersecurity protections. As the name implies, threat intelligence is the collection of sharing of information about cybersecurity risks, threats, methods, actors, sources, and sponsors. It also encompasses knowledge of how to prevent, block, and stop attacks; fix hardware and software to close exploits.

Every legitimate cybersecurity product or service relies on threat intelligence to build, maintain, and improve their product or service. Larger and better-funded cybersecurity companies conduct their own research and share their findings.

2CISA: Cybersecurity & Infrastructure Security Agency

CISA is the US federal government agency responsible for collecting, evaluating, and sharing threat intelligence across government and private sectors. The agency also partners with core infrastructure companies, such as Internet Service Providers, to actively prevent, block, and respond to potential and active cyber attacks.

3Nation-State Cyber Attacks

Industry experts estimate that over 40% of cyber attacks originate from, or are sponsored by, hostile nation-states. The Microsoft Digital Defense Report Report 2024 notes that in 2024, 58% of nation-state attacks originated in Russia. These attacks account for up to 25% of all cyber attacks globally.

What to Expect

Expect more cyber attacks and greater challenged to your cyber security profile.

1More Cyber Attacks

Expect an increase in cyber attacks and, more importantly, successful cyber attacks.

With CISA no longer tracking Russian-sourced cyber attacks, expect Russia, Russian-sponsored, and Russian organized crime to increase the frequency, intensity, and scope of the cyber attacks. Knowing that CISA is no longer watching signals a huge opportunity to attack US government entities, businesses, and non-profits with fear of early detection or responsiveness.

2More Successful Attacks

Without fast and accurate threat intelligence, cybersecurity systems and services will take longer to identify threats and attacks.Their response to zero-day (new, immediate) and other cyberattacks will take longer.

Unprotected and under-protected systems will be more vulnerable to successful attacks as the frequency and scope of cyber attacks increase.

3More Challenging Recovery

In addition to sharing information to help block and stop cyber attacks, CISA shares information on how to repair and recover. Without this information, obtaining decrypt keys and other help to undo the damage will be more difficult and will take more time.

What to Do

Use our Security CPR model to guide your next steps:

Communicate and Educate:

Inform your team to expect an increase in cyber attacks and ask for additional vigilance. Have security awareness training in place to reinforce the message and to occasionally test if your team can recognize phishing and other email-based cyber attacks.

Protect and Prevent:

More than 80% of cyber attacks originate, directly or indirectly, by email. Make sure you have next-generation email threat protection services in place. Beyond header validation and basic sandboxing, your solution now should analyze character sets and fonts, images, QR codes, graymail, and email delivery patterns.

Microsoft estimates that more than 90% of cyber attacks on small and midsize businesses can be stopped with multi-factor authentication (MFA). If you do not have MFA in place for critical systems (preferably ALL systems), do so now.

Restore and Recover:

As the risk of successful attacks increases, ensure that you have the ability to restore damaged and lost data and systems. Verify that you can recover – return to operations – quickly, even as you continue to restore systems and data.  Continuity solutions for critical systems and software will save you time and money.

Your Next Steps

Assess your immediate needs and take appropriate action. Our Cloud Advisors can help you assess your cybersecurity needs and priorities, and can offer budget-friendly, effective solutions.

Contact us or schedule a no-obligation meeting with a Cloud Advisor today.

About the Author

Allen Falcon is the co-founder and CEO of Cumulus Global.  Allen co-founded Cumulus Global in 2006 to offer small businesses enterprise-grade email security and compliance using emerging cloud solutions. He has led the company’s growth into a managed cloud service provider with over 1,000 customers throughout North America. Starting his first business at age 12, Allen is a serial entrepreneur. He has launched strategic IT consulting, software, and service companies. An advocate for small and midsize businesses, Allen served on the board of the former Smaller Business Association of New England, local economic development committees, and industry advisory boards.

Cumulus Global Receives CRN® MSP 500 Recognition for 2025

/in ,

Company Celebrates 6th Year of Recognition as an Industry Leader

2025 CRN MSP 500 Westborough, MA, March 3, 2025 – Cumulus Global proudly shares that CRN®, a brand of The Channel Company®, has named Cumulus Global to its Managed Service Provider (MSP) 500 list in the Pioneer 250 category for 2025. CRN’s annual MSP 500 list is a comprehensive guide to the leading MSPs in North America. These companies deliver essential managed services that enhance business efficiency, simplify IT, and optimize return on technology investments for their customers. Cumulus Global’s return to the list recognizes the company’s innovative approach to serving small and midsize businesses, local governments, and K12 schools.

“We are again honored to be included by CRN as a Pioneer on the 2025 MSP 500 List,” stated Cumulus Global CEO Allen Falcon. “Our team deserves the credit for their commitment to ensuring small and midsize organizations can operate securely, productively, and affordably with our innovative managed cloud services.”

Small and midsize businesses want to do more than survive. They want to thrive and grow. By delivering managed security and managed cloud services, Cumulus Global delivers affordable, flexible, and scalable services that adapt to customers’ evolving needs and priorities. Including on the 2025 CRN MSP 500 list recognizes Cumulus Global’s unique approach to ensuring technologies and services support customers’ business objectives and priorities.

“The solution providers on our 2025 MSP 500 list deliver innovative managed services portfolios that enable clients of every size to be more agile and optimize their IT budgets as they grow their business,” said Jennifer Follett, VP of U.S. Content and executive Editor CRN, at The Channel Company. “These are the companies that anticipate client tech needs and develop groundbreaking services and solutions that let customers focus on their core business so they can accelerate success.” 

As the economy, markets, and changing political landscape impact business conditions, generative AI and other advancing technologies create unique opportunities to leverage IT services. How businesses apply these technologies will impact their operations, growth, and bottom line going forward.

“Small and midsize organizations use the cloud differently than midmarket and enterprise companies,” noted Falcon. “We understand how to leverage cloud-first strategies and apply cloud-based solutions to the strategic, operating, and budgetary needs of our customers.”

The MSP 500 list is featured in the February 2025 issue of CRN and online at www.crn.com/msp500.

About Cumulus Global

Managed Cloud Services for Small and Midsize Businesses, Governments, and Schools

Cumulus Global (www.cumulusglobal.com) is an industry-leading managed cloud service provider with a mission to deliver solutions with tangible value.

  • What We Do: We translate your business goals and objectives into solutions and services.
  • How We Do It: We start with your business needs and priorities. Planning and migration includes guidance to help your team adopt and utilize new services. Your team benefits from our co-managed delivery of managed cloud services, ongoing support, and client success services. We help you adapt as your business changes and grows.
  • What We Offer: Managed cloud services featuring Google, Microsoft, and more than three dozen providers.

For more information, schedule a no-obligation introductory meeting with a Cloud Advisor.

About The Channel Company

The Channel Company (TCC) is the global leader in channel growth for the world’s top technology brands. We accelerate success across strategic channels for tech vendors, solution providers, and end users with premier media brands, integrated marketing and event services, strategic consulting, and exclusive market and audience insights. TCC is a portfolio company of investment funds managed by EagleTree Capital, a New York City-based private equity firm. For more information, visit thechannelco.com.

Follow The Channel Company: Twitter, LinkedIn, and Facebook.

The Channel Company Contact:

  • Kristin DaSilva
  • The Channel Company
  • kdasilva@thechannelcompany.com 

Debunking Cyber Insurance Myths

/in

Cyber Insurance Risk Assessment

Your business faces an ever-increasing array of cyber threats. Beyond protections, cyber insurance is an essential component of a robust risk management strategy. Therefore, understanding cyber insurance realities is necessary for you to make sound security and business decisions. In this post, we focus on debunking common cyber insurance myths.

1MYTH: Cyber Insurance Policies Offer the Same Level of Protection

In reality, policies vary significantly with respect to coverages and services. Opting for bundled policies generally results in coverage gaps, as most general liability policies treat cyber coverage as an add-on.These gaps leave your businesses vulnerable to liabilities and losses.

Standalone cyber insurance policies, provided by financially strong carriers, offer comprehensive protection tailored to the specific needs of your business. They address unique risks associated with cyber threats given your industry, business size, and other risk factors. Standalone policies also often include coverage of forensics, temporary resources, and other recovery needs. Dedicated coverage helps you respond more effectively to a cyber incident.

2MYTH: Your IT Security Measures Dictate Your Premiums.

While robust security practices can positively impact premiums, broader industry trends and company-specific factors play a more significant role in determining pricing.

Industry-wide loss ratios have a substantial impact on insurance costs. Peer group averages impact premiums as well. Insurers assess the risk profile of businesses within sectors. As insurers issue more policies and analyze claims, insurers refine actuarial, incorporating additional factors and risks.

3MYTH: Cyber Insurance Policies do Not Pay Out

Many businesses hesitate to buy standalone cyber insurance policies out of fear that their policy will not pay out in the event of a claim. Reputable cyber insurers with strong financials rarely deny claims with a valid cause..

Inaccurate, or fraudulent, applications are the most frequent reasons for claim denials or reductions. 

Your application must accurately reflect your cyber insurance risk profile. The information you provide on your cyber insurance application should reflect a thorough review process. Cybersecurity tools offer verification of your security profile.

4MYTH: Cyber Insurance is All You Need

Many businesses, including yours, may need additional layers of protection for specific cyber risks. These additional coverages may not be available within a traditional cyberinsurance policy.

Cyber warranties offer additional layers of protection by covering these specific elements of cyber risk. Combining cyber warranties with cyber insurance creates a more comprehensive safety net. This approach bolsters your overall security strategy and ensures appropriate coverage.

5MYTH: Robust Cybersecurity Measures Eliminate the Need for Cyber Insurance

Investing in strong cybersecurity defenses provides crucial protection for your business. No security profile or system, however, will stop every cyber attack, data breach, or data loss incident. Cyber threats continually evolve. Even the most secure systems fall victim to sophisticated attacks.

Cyber insurance serves as your financial safety net. Beyond covering direct financial losses, better policies help you recover from incidents that slip through the cracks of your security measures. These resources include forensics, data recovery, customer relations, legal expenses, and more. Cyber insurance protects you financially if and when a cyber attack gets past your defenses.

6MYTH: Obtaining Cyber Insurance is Complicated and Time-Consuming

The thought of obtaining cyber insurance deters many businesses from seeking the coverage they need. Horror stories of complex applications, surveys, and audits create anxiety and fear of the process. 

Unfortunately, this myth can come true. Businesses that apply through general insurance agents and fail to leverage knowledgeable IT resources often run into issues during the underwriting process.

Cumulus Global partners with cyber insurance specialists that offer streamlined application processes and non-committal quotes. Our partners work with more than two dozen carriers, ensuring you have options to choose the policies that meet your business needs and budget. Non-biased policy reviews help you understand your coverages and make informed decisions.

Related Information

Cyber Security Requirements for Cyber Insurance (eBook)

5 Questions for Lower SMB Cyber Insurance Premiums (Coffee & Clouds)

Security CPR (Cloud Burst)

Security CPR Managed Security Services (Service Overview)

Your Next Step 

Avoid falling prey to cyber insurance myths. Contact us and let us introduce you to our cyber insurance partners.

We can provide you with a Cyber Insurance Risk Assessment and help you assess your cybersecurity profile.

About the Author

Bill Seybolt bio pictureBill is a Senior Cloud Advisor responsible for helping small and midsize organizations with cloud forward solutions that meet their business needs, priorities, and budgets. Bill works with executives, leaders, and team members to understand workflows, identify strategic goals and tactical requirements, and design solutions and implementation phases. Having helped over 200 organizations successfully adopt cloud solutions, his expertise and working style ensure a comfortable experience effective change management.

Email Cybersecurity Risks: 3 Things to Know

/in

Email Cybersecurity Risks

As we have shared in the past, cyber attacks constantly change and evolve. We face new attack vectors, or methods, and old methods reappear. Email remains the most common starting place for cyber attacks. These attacks may be direct, or they may be the first step of a larger attack.

Over the last few months, we have seen an increase in new and reappearing email-based cyber attacks. Here are three types of attacks that you may be unaware of, but should protect against.

1 Email Burst Attack.

As the name implies, an Email Burst Attack begins when the attackers send a burst of legitimate-looking, identical emails. To the victim, the attack appears to be a technical issue, as they may receive anywhere from 10 to more than 100 emails within 20 to 90 seconds. The attack continues with a phone call or email impersonating an IT employee or a vendor. The victim is asked to “reset” a password or download software to “fix the problem,” giving the attackers access to credentials and/or the computer.

Email Burst Attacks are difficult to detect and can result in significant breaches and loss.

2 An Old-School Cyber Attack Returns

An email-based cyber attack that uses Google Groups is back after several years in the shadows.  In this attack, the cyber attacker creates a Google Group, directly adds members, and sends emails to the group members. These emails range from basic spam to sophisticated phishing attacks.

The emails look legitimate because the email is from the Google Groups service, a trusted sender. As such, a Google Group attack is difficult to identify and defend against.

3 Visual Risks On The Rise 

Email-based cyber attacks often use images and “calls to actions” that appear to be from a trusted source or brand. 

Attackers will use images of, or from, legitimate websites to mimic the look and feel of stores, banks, and other trusted businesses. To detect these attacks, you need to compare the image and branding with the email header and meta data. This type of scanning is beyond the ability of most email threat protection services.

QR Codes pose a similar risk. In order to validate that a QR Code is safe, you need to scan the image and test the underlying URL. Because QR Codes are not a “link click”, most email scanners cannot validate they are safe.

Protecting Yourself

The newest generation of email threat protection services include the abilities to detect and mitigate these attacks. These services include:

  • Detecting and blocking email burst attacks
  • Letting administrators and users manage graymail, so that Google Group and similar attacks can be identified and blocked
  • Scanning emails using AI-empowered computer vision to verify branding and safely test QR codes.

Cumulus Global offers email threat protection services with these capabilities within our Managed Cloud Services and as a stand-alone service offering.  

Your Next Step

Get more information and assess your email threat protection services, or schedule a no-obligation meeting with one of our Cloud Advisors.

About the Author

Chris CaldwellChristopher Caldwell is the COO and a co-founder of Cumulus Global.  Chris is a successful Information Services executive with 40 years experience in information services operations, application development, management, and leadership. As COO, Chris overseas our Service Team, providing expert consulting, cloud migration, education, and support services.

Your 2025 IT Checklist – The Next 3 Items

/in

IT Checklist

The Next 3 Items on Your 2025 IT Checklist

As we move into 2025, our businesses face a new set of challenges. Political and economic changes, rapidly emerging technologies, and increasing security threats will all demand our attention.  Where we focus, and the decisions we make, will impact our businesses, customers, and employees. Is your 2025 IT Checklist ready to help?

Your information technology services remain critical to your business operations. Pragmatic, thoughtful planning and decisions now, will empower your team and enable your business to address the coming challenges – and opportunities.  Here are the next three of six key areas to explore as you build your IT goals and objectives, and your 2025 IT checklist.

4 Enhance Security Measures and Compliance

Evolving threats and regulatory requirements keep cybersecurity a top priority for businesses. Beyond protection and prevention, focus on resilience. Ensure your business can maintain operations during and after a crisis.

  • Benchmark your security profile against recognized frameworks, like CIS or NIST, as well as industry standards and regulatory requirements. 
  • Conduct regular security assessments and penetration tests to identify vulnerabilities, scope risks, and prioritize solutions 
  • Implement a phased approach to security improvements; start with high-impact, low-cost changes. 
  • Educate employees on security protocols. Emphasize their role in maintaining a secure environment. 
  • Update your security profile, risks, and priorities over time with periodic assessments and penetration testing.

5 Streamlining IT Infrastructure for Efficiency 

As your IT environment becomes more complex, inefficiencies and costs will escalate. Simplify your IT systems and services to reduce redundancies and enhance productivity.

  • Identify and eliminate duplicate services to reduce license, admin, and support costs.
  • Focus on removing apps and tools that duplicate capabilities in your Google Workspace or Microsoft 365 services.
  • Identify and eliminate shadow IT services to lower costs and prevent data loss.
  • Address mismatched systems that may hinder productivity. Lack of integration between cloud and local applications, for example, requires extra time and effort to store, share, and secure files and information.

6 Prepare for the Future: Trends and Innovations

Stay ahead of technology trends to ensure your business remains competitive. 

  • Keep an eye on innovations in areas like cloud computing, artificial intelligence (AI), communications, and cybersecurity.
  • Invest some time to regularly assess how these trends might benefit your business – strategically or tactically.  
  • Invest in employee education and training so they can adapt quickly to technology and business changes. 
  • Prioritize building a flexible IT infrastructure and services that will adapt and incorporate future innovations. Ensure your business remains resilient and agile in an ever-evolving digital landscape.
  • Foster a forward-thinking culture. Anticipate challenges and capitalize on new or different opportunities.

Next Steps

For help with any part of your 2025 IT checklist, or to tap into our expert guidance, book a complementary  intro  call with our Cloud Advisors.  Ask for an IT Assessment Referral Code and request your IT assessment

About the Author

Allen Falcon is the co-founder and CEO of Cumulus Global.  Allen co-founded Cumulus Global in 2006 to offer small businesses enterprise-grade email security and compliance using emerging cloud solutions. He has led the company’s growth into a managed cloud service provider with over 1,000 customers throughout North America. Starting his first business at age 12, Allen is a serial entrepreneur. He has launched strategic IT consulting, software, and service companies. An advocate for small and midsize businesses, Allen served on the board of the former Smaller Business Association of New England, local economic development committees, and industry advisory boards.

The First 3 Items on Your 2025 IT Checklist

/in

IT ChecklistAs we move into 2025, our businesses face a new set of challenges. Political and economic changes, rapidly emerging technologies, and increasing security threats will all demand our attention.  Where we focus, and the decisions we make, will impact our businesses, customers, and employees. Is your 2025 IT Checklist ready to help?

Your information technology services remain critical to your business operations. Pragmatic, thoughtful planning and decisions now, will empower your team and enable your business to address the coming challenges – and opportunities.  Here are the first three of six key areas to explore as you build your IT goals and objectives, and your 2025 IT checklist.

1 Navigate the Windows 10 End of Life Transition

As we approach 2025, one of the most pressing IT challenges for businesses is the transition away from 

Windows 10 reaches end of life on October 14, 2025. Microsoft will no longer provide updates, support, or free security patches. Now is the time to prepare. The move to Windows 11 will impact your IT planning, budget, and operations.

  • Inventory all devices running Windows 10, including laptops, desktops, and any embedded systems in manufacturing or distribution equipment.
  • Evaluate each device for Windows 11 compatibility and identify machines that require replacement.
  • Determine if compatible machines can/should be upgraded or replaced to ensure performance.
  • Subscribe to the Extended Security Update program for systems that cannot or will not be replaced in time.

As you assess your needs and plan replacements and upgrades, be mindful of potential supply chain issues. Expect the current political and economic climate, and increased demand for new devices, to impact pricing and availability.

2 Maximize Your Productivity Suite Utilization

Your productivity suite – Microsoft 365 or Google Workspace – is the backbone of your business operation. And yet, studies show that over 65% of small businesses leverage less than 40% of their productivity suite’s features. 

Unlocking the full potential of these tools can drive efficiency and collaboration.

  • Encourage a culture of continuous learning and sharing within your organization. Share shortcuts, tips, and best-practices.
  • Help your team explore, utilize, and gain comfort with new features.
  • Identify and share ways new features can streamline existing workflows and tasks.
  • Set expectations for team members to learn and use their systems more efficiently and effectively, and to adapt to updated workflows.

3 Integrate AI Effectively into Your Business Operations

Artificial Intelligence (AI) is becoming a cornerstone of modern business operations. Beyond the hype and hyperbole, AI can benefit your business when part of realistic, practical use cases.

In 2025, prioritize practical AI applications while safeguarding data security and managing costs.

  • Refine your data governance policies to protect sensitive information. 
  • Identify and prioritize use cases for AI, such as automating repetitive tasks or enhancing customer service. 
  • Explore AI capabilities in your existing systems before investing in new solutions. 
  • Provide thorough training to ensure employees understand AI tools and their role in streamlining workflows.

Next Steps

For help with any part of your 2025 IT checklist, or to tap into our expert guidance, book a complementary  intro  call with our Cloud Advisors.  Ask for an IT Assessment Referral Code and request your IT assessment

About the Author

Allen Falcon is the co-founder and CEO of Cumulus Global.  Allen co-founded Cumulus Global in 2006 to offer small businesses enterprise-grade email security and compliance using emerging cloud solutions. He has led the company’s growth into a managed cloud service provider with over 1,000 customers throughout North America. Starting his first business at age 12, Allen is a serial entrepreneur. He has launched strategic IT consulting, software, and service companies. An advocate for small and midsize businesses, Allen served on the board of the former Smaller Business Association of New England, local economic development committees, and industry advisory boards.

Picking the Right Google Workspace Subscription for Your Business

/in

Google Premier PartnerTo meet widely varying customer needs, Google offers five core subscription options spread over two tiers. For larger organizations with frontline and deskless information workers, Google offers additional, specialized license options. If you are looking at a Google Workspace subscription for the first time, considering an upgrade, or looking for Gemini AI features, you’ll want to choose the subscription and licensing that meets your needs without overpaying.

Subscription Tiers

Business Tier

Businesses with fewer than 300 employees typically select one of the Business Tier subscriptions– Workspace Starter, Standard, and Plus. These subscriptions limit the number of users and focus on the features and security most appropriate for smaller organizations.

Enterprise Tier

Larger businesses, as well as those requiring more advanced capabilities and security, often opt for the Enterprise Tier subscriptions– Standard and Plus. The Enterprise Tier also includes specialized license versions for frontline workers and knowledge workers with other email services.

Selection Criteria

When selecting a subscription, most businesses focus on a few key capabilities, such as:

  • Storage capacity and shared drives
  • Vault archiving/e-discovery
  • Google Meet features
  • Select security capabilities

With AI now integrated into all Google Workspace subscriptions, you should take time to understand the Gemini features included in each plan. A deeper review of security features can also help guide your selection.

Here is a deeper look at key selection criteria.

Storage

Since September 2024, all Google Workspace subscriptions use pooled storage.

Vault, the compliant archive/e-discovery service, covers Gmail, Drive, Groups, Chat, and Calendar, is available for all Enterprise Tier subscriptions and Business Plus.

The amount of storage, allocated per user and pooled, is as follows:

Business Tier

  • Starter = 30 GB
  • Standard = 2 TB
  • Plus = 5 TB

Enterprise Tier

  • Essentials = 1 TB
  • Standard = 5 TB
  • Plus = 5 TB

Meet

Google Meet is a robust meeting and collaboration system that generally negates the need for third party solutions.

Google Meet with Business Standard and Plus

Meet Features in Business Standard and Plus Subscriptions

All Google Workspace licenses include a core set of features:

  • External participants
  • Secure meetings
  • Screen sharing
  • Mobile app
  • Dial-in (US & international)
  • Digital whiteboard
  • Hand raising
  • Reaction

At the Business Tier, Meet features scale up  as noted in the table.

The Enterprise Tier includes live streaming and additional security features with all licensees.

Participant limits increment as follows:

  • Essentials: 250
  • Standard: 500
  • Plus: 1000

Gemini AI in Google Workspace

The following matrix summarizes the Gemini AI features in each of the core Google Workspace subscriptions.

Google Workspace Gemini AI Features

Security

Google Workspace provides a comprehensive set of security features and tools. With too many settings and options to list here, we published a Google Workspace Security Feature Matrix as an eBook. 

Review security features against your regulatory, industry, and business requirements.

Selection Process

When evaluating Google Workspace subscriptions, it’s essential to assess the details. Part of your selection process should include determining whether selecting a higher subscription tier or upgrading is more cost-effective than integrating third-party tools to provide the functionality you need.

For example, while Google Workspace’s Standard Data Protection includes email sandboxing, the feature does not offer the same capabilities– such as QR code analysis– as many third-party email threat protection services. 

In many cases, upgrading your Google Workspace subscription provides the needed capabilities at a lower cost than using a third-party tool. This is often true for Google Meet compared to third-party web meeting tools like Zoom.

For other capabilities, however, a third-party integrated solution may still be required.

Your Next Steps

For help assessing your needs and options, please contact us or schedule a brief intro call with a Cloud Advisor.

About the Author

Bill Seybolt bio pictureBill is a Senior Cloud Advisor responsible for helping small and midsize organizations with cloud forward solutions that meet their business needs, priorities, and budgets. Bill works with executives, leaders, and team members to understand workflows, identify strategic goals and tactical requirements, and design solutions and implementation phases. Having helped over 200 organizations successfully adopt cloud solutions, his expertise and working style ensure a comfortable experience effective change management.

Google Workspace: Gemini AI Features and Pricing Changes

/in ,

Updated January 22, 2025, at 2:00 pm et: See the easier to read chart and text that is in bold italics.

Google Premier PartnerOn January 15, 2025, Google announced a major shift for Google Workspace. Going forward, all Google Workspace licenses will include Gemini AI features and functions. Specific capabilities will vary by license type.  

While customers will no longer need to pay as much as $30 per user per month for these capabilities, the cost for most Google Workspace subscriptions will increase by about 17%. This increase affects all subscriptions, even those opting not to use the newly embedded Gemini AI features.

For new customers purchasing directly from Google, the price increase took effect immediately.

For existing customers, Cumulus Global customers, and those working with other Google partners, the price increase takes effect on March 17, 2025.

  • If you have a Flexible Plan subscription, you will see the increase as of March 17, 2025.
  • If you have an Annual Plan subscription, or a multi-year agreement, you will see the increase at their next subscription renewal. You will not be charged for the additional Gemini AI functionality until this renewal (see below).

Product Update Highlights:

The product highlights, and caveats are as follows:

  • The Gemini App (gemini.google.com) remains
  • Gemini for Google Workspace is replaced by the embedded features based on your subscription.
  • All versions of Google Workspace will now include Gemini AI features. 
  • Google is deploying the Gemini AI features to existing customers in phases between January and March, 2026
    • The Gemini AI features will be enabled, by default, for all users
    • Enterprise Tier subscriptions can manage and disable Gemini AI features
    • Business Tier subscriptions must request access to Gemini AI admin controls

Pricing and AI Features Matrix

The following table summarizes the price increases and Gemini AI features for both the Google Workspace Business and Enterprise tiers with Annual Plan Pricing. Flexible Plan prices increase similarly, reflecting a 20% upcharge.

Google Workspace: New Pricing and Gemini AI Features

Note that your pricing for Archived Users, Vault, Pooled Storage, Voice, and other products will not change at this time.

Billing Changes

Google has indicated that it will cease billing for Gemini for Google Workspace licenses as of the end of January 2025.

As these services are billed in arrears, expect to see Gemini for Google Workspaces included on February 2025 invoices that cover January 2025.

If you have an existing single or multi-year agreement that includes Google Workspace and Gemini for Google Workspace, expect the Gemini for Google Workspace line item to be removed once service for January 2025 has been invoiced. If you prepaid for the year, you may be eligible for a credit or a refund.

We will update this blog post, and communicate with affected customers as we are able to confirm how these issues will be resolved.

Managing Gemini AI within Google Workspace

Admins with appropriate permissions can manage Gemini AI features. Users have limited ability to control AI options.

Admins

Admins have the following options to control AI settings:

  • Manage access to Gemini features in Workspace services (Enterprise editions only at this time)
  • Turn access to the Gemini app (gemini.google.com) on or off. (Note: this has no effect on other AI features in Google Workspace services.)
  • Turn NotebookLM on or off as an additional service.
  • Turn access to Google Vids on or off.
  • Control whether users can let Google AI take notes in meetings.
  • You can turn Google Workspace smart features on or off.
Users

Users can control the following AI options:

  • Smart features in Google products

Cumulus Global clients should contact our Service Team for assistance. If you are self-service with Google direct, or have licensing through another Google partner, schedule a call with one of our Cloud Advisors.

Time Sensitive Opportunities

If you have considered upgrading your Google Workspace subscription to a higher tier, we recommend doing so before March 15, 2025. 

  • We can upgrade your service with a one-year commitment. You still get the newly embedded Gemini AI features while locking in the current subscription price. We can also explore incentives for multi-year commitments.

If you are on a Flexible Plan, consider moving to an Annual Plan. 

  • While the Flexible Plan allows your monthly cost to directly reflect the number of active accounts, the vast majority of small businesses save money with an Annual Plan. 
  • Most businesses do not see the number of account removals needed to overcome the 20% surcharge on top of the price increase. 
  • Please schedule time with a Cloud Advisor to calculate which plan is best for you and your business. 
About the Author

Allen Falcon is the co-founder and CEO of Cumulus Global.  Allen co-founded Cumulus Global in 2006 to offer small businesses enterprise-grade email security and compliance using emerging cloud solutions. He has led the company’s growth into a managed cloud service provider with over 1,000 customers throughout North America. Starting his first business at age 12, Allen is a serial entrepreneur. He has launched strategic IT consulting, software, and service companies. An advocate for small and midsize businesses, Allen served on the board of the former Smaller Business Association of New England, local economic development committees, and industry advisory boards.