See the Best Single Sign On (SSO) Solutions For Small Business and Even Better Alternatives

In today’s fast-paced digital landscape, small businesses face numerous challenges when it comes to managing user access to various applications and systems. A single sign on for small business is unlike the traditional methods of authentication, such as separate usernames and passwords for each platform, can be cumbersome, time-consuming, and prone to security risks. That’s where Single Sign-On (SSO) solutions for small businesses comes in.

Single Sign-On is a powerful authentication solution that enables small businesses to simplify and centralize user access across multiple applications, platforms, and services. With SSO, employees and stakeholders can log in once using a single set of credentials and gain seamless access to all authorized resources.

This technology not only enhances convenience and productivity but also strengthens security measures by reducing the risks associated with weak passwords, password reuse, and unauthorized access. By implementing SSO, small businesses can effectively mitigate the complexities of managing multiple logins and bolster their overall operational efficiency.

As you move your small or midsize enterprise into the cloud, you will face new challenges around identity management.  Historically, identity management was an operational issue that managed user logins to desktops and local area networks. As you move to the cloud, the network is no longer local. Your network includes the suite of applications and services run and hosted by others. Identity management is now a security issue that should control access to your cloud applications, data, and services as well as your computers and mobile devices.

Single Sign On for Small Business

Even with the proliferation of usernames and passwords, most small businesses are not investing in Single Sign On (SSO).  With many applications using federated or 0Auth login services from platforms like Google Apps or Office 365, SMBs expect users to adapt and manage their identities. The result is a mix of usernames, passwords, and connections without a clear system of record and no centralized management. And while Single Sign On can help eliminate this mess, most SMBs struggle to justify the value.  In addition, single sign on solutions for small businesses lack the ability to manage access to devices, WiFi services, and other resources.

With SSO in place, you still need to manage and maintain a directory service. Directory services, such as Microsoft’s Active Directory and the many LDAP solutions are, in theory, capable of managing more than on-premise systems. Actually integrating directory services, however, is complex, costly, and requires regular maintenance.

Directory-as-a-Service and Identity Management

Directory-as-a-Service® (DaaS) is a modern identity platform that centrally manages user connections to this new world of cloud and SaaS-based infrastructure.

Compared to a single sign on for small businesses, it acts as a virtual directory, enabling businesses to securely manage user accounts, permissions, and policies across diverse applications, systems, and even remote environments.

Identity Management, on the other hand, refers to the processes, technologies, and policies that govern the lifecycle of user identities within an organization. It encompasses activities such as user provisioning, authentication, access control, and user lifecycle management. By implementing Identity Management practices and leveraging DaaS, businesses can streamline user administration, improve security, and enhance operational efficiency.

Features of a cloud-based directory service include:

  • Mac, Windows, and Linux devices are all treated as first-class citizens
  • Tight integration with Office 365 and Google cloud Apps, centralizing control over the productivity platform and enabling single sign-on capabilities for end users
  • Single Sign On integration with other cloud applications and services
  • Improved WiFi security that connects the authentication request to the directory service
  • Multi-factor authentication at the system level
  • Hosted LDAP capabilities can eliminate the need to have an on-prem LDAP server

In short, Directory-as-a-Service covers what contemporary organizations need in a modern identity management platform.


Learn more about Directory-as-a-Service and JumpCloud (our preferred DaaS solution), or contact us for a free, no obligation Cloud Advisor Session.


 

Google Cloud and G Suite

G SuiteNew Names, Same Great Solutions

At this point, every Google For Work customer has likely received an email from Google with the big announcement:

Google for Work is now Google Cloud

Google Apps is now G Suite

Why the change?

Google’s has greatly expanded the range of cloud-based business services over the past few years, and the ways in which businesses are using Google’s cloud portfolio continues to change and evolve. Google Cloud better reflects how all of Google’s business cloud services are part of a single, integrated ecosystem. Changing Google Apps to G Suite, better represents the range of services that lets you communicate, store, collaborate, and manage your business. G Suite has grown beyond “Gmail and tools for business”.

What does it mean?

Your Google Cloud services, including G Suite, do not change. You will continue to use the same email, file, and collaboration services you know and love. You still have the features, security, accessibility, and ease-of-use you expect.

We will spend the next several days updating our website and marketing materials and remembering to use the new names.

What does the future hold?

Looking forward, we encourage you to explore more ways to take advantage of G Suite‘s capabilities and to watch for new applications, features, and functions. Google’s commitment to expanding the platform and ecosystem is greater than ever. If you want to explore new use cases or to further your digital transformation, please contact us for a free Cloud Advisor consulting session.


 

 

Cloud Computing Still Needs a Grand Strategy

In a recent post on Forbes, columnist Joe McKendrick discusses a Cisco-sponsored IDC survey results showing a lack of coordinated cloud strategies among large enterprises.  Nearly half, or 47%, describe their cloud strategies as “opportunistic” or “ad hoc”. The 14% or respondents claiming managed, optimized cloud strategies, report substantial and tangible business benefits. These successes come from how applications are built and deployed, a strategy that does not always work for small and midsize businesses (SMBs).

SMB Cloud is Different

Cloud StrategyWhereas most enterprise cloud strategies focus on building new line of business applications and rebuilding existing systems for the cloud, most small and midsize businesses are not building or customizing their own applications. When SMBs do use custom applications, they typically rely on outside firms for development and support. When SMBs move to the cloud, they normally start with “infrastructure” services like email and file services. Existing business applications are often replaced by SaaS (Software-as-a-Service) cloud solutions — either from the current vendor or as a replacement.

SMB Cloud Forward Strategy

Without a strategy, you can end up struggle to get all of the pieces of your IT in the cloud connected to each other and/or your on-premise systems. For you, as an SMB decision maker, a sound strategy will:

  • Identify your business goals and objectives
  • Use these goals and objectives to define and prioritize your near-term and long-term technology needs
  • Create an architecture that defines the pieces — platforms, applications, and data — and how the pieces fit together
  • Drive your decision to go Google Apps, Microsoft Office 365, and/or another cloud platform or ecosystem

Creating your cloud strategy requires some thought and effort, but need not be a lengthy or overwhelming task. Starting with your business priorities and answering a few key questions gets you most of the way there. Once in place, your Cloud Strategy will guide your product selections as well as the order and timing of your deployments.


Interested in creating or updating your Cloud Strategy? Contact us for a Cloud Advisor session — for free and without obligation, or complete our Productivity Cloud Questionnaire for a free assessment and recommendation report.


 

Overconfidence in Disaster Recovery: Common and Costly

support-liferingAs reported in CloudTech, a recent study in the UK of 250 businesses finds that 95% experienced outages or data loss in the past year, with 87% needing to go to failover systems.

There is a mismatch between expectation and reality when it comes to disaster recovery.

Of the 87% that executed a failover, 82% were confident it would go well, but 55% encountered problems. And while 69% stated outages lasting minutes would be “highly disruptive” or “catastrophic”, only 27% were able to recover all systems immediately following an outage. With 37% of respondents indicating they do not regularly test their DR capabilities, many organizations have no basis for expecting a smooth failover.

Outage Sources

While we often focus on the “big disaster” that could interrupt our businesses, 53% of the outages were to mundane system failures and 52% were due to human error (more than one response was possible). Cyber attacks and environmental issues caused 32% and 20% of the outages, respectively.

Three Things We Can Learn

  1. Comprehensive disaster recovery and business continuity costs money. Running infrastructure and systems in the cloud and/or using cloud-based DR and Business Continuity solutions can help mitigate these costs.  You will, however, need to assess potential downtime and time to recover, the impact of downtime, and the cost to create the right balance for your organization.
  2. Testing your DR/Business Continuity solutions should be easy and cost-effective. Plan on testing at least twice per year.
  3. Your DR/Business continuity solution should help reinforce your overall data protection and business operations. Shifting from a “recovery”-centric strategy to one of resilience can lower costs and minimize the risks and impacts of unplanned outages.

If you want to improve your business’ resilience and lower your IT costs, contact us for a free Cloud Advisor session.


 

Study Confirms: Education Faces Highest Risk of Ransomware

As reported in EducationDIVE and Information Week, a recent study of 20,000 organizations by security firm BitSight found educational institutions suffered ransomware attacks at rates 2 to 10 times higher than other sectors of our economy. 10% of educational institutions have been attacked, compared with 6% of government entities, 3.5% of healthcare organizations, and 1.5% of financial institutions.

Ransomware by Sector (Source: BitSight)

Ransomware by Sector (Source: BitSight)

With the rate of ransomware attacks continuing to rise, schools and districts need to enhance their protections. Beyond traditional endpoint protection, user education and communication, web filtering, protection for advanced persistent threats (APTs), and tools/processes for recovery need to be in place.


Our Business Guide to Ransomware eBook provides valuable information covering the types of threats, protections, and recovery systems you should consider.


 

 

Rethinking Risks and Responses

Malware, Ransomware, Natural Disasters and More Keep Hitting SMBs Hard

Never have we had a greater ability to work together to get things done than we do right now. As our cloud and hybrid environments expand, the ease-of-use encourages us to share ideas and information and to collaborate in new and exciting ways.

Never have we been under attack from so many directions. Changing weather patterns and aging infrastructure leave businesses without power for days instead of hours. Fading employee loyalty means more chances for information to walk out the door. The same features that let us easily share information also let us accidentally share information we shouldn’t. Malware and viruses have evolved from a nuisance to potentially existential threats with the increase in ransomware and advanced persistent threats.

Our Businesses, Employees, and Customers Need and Expect Protection

With the risks and impacts on the rise, we as small and midsize business owners and technologists should rethink how we both prepare and respond. Since the dawn of business computing, large enterprises have built expensive solutions to ensure that their businesses keep running “no matter what”.  Now that we are in the cloud, and solutions are incredibly affordable, we need to adopt the same approach.

Business continuity is no longer just being able to keep your business running after a disaster.

Business continuity means that you are able to prevent business disruptions and distractions, regardless of the cause. Business continuity means …

  • You actively work to minimize the chance of a ransomware attack, and that you can respond and recover quickly should it happen.
  • You have systems and procedures in place to prevent data loss and privacy breaches, and that you can detect and mitigate issues quickly and effectively.
  • You and your team are no longer tethered to the hardware, Internet access, and electricity in your offices.

For SMBs, now is the time to consider the tangible and intangible costs of business interruptions of all types and to see the value in solutions to prevent and recovery. Understand the value proposition of that goes beyond dollars and cents to include the customer relationship impact and the toll that business disruption has on your team.

Food for Thought:

iOS 10 is Budget Risk for Schools

ipad2On September 13, 2016, Apple will release iOS 10 and will stop providing updates for iOS 9.  While iOS 10 is reported have some great new features, the real story for schools — particularly those with iPad programs — is the impact on existing devices and budgets. ZDnet remotes that as many as 40% of existing iPads will become obsolete — a statistic that will certainly push many schools to consider accelerating new iPad purchases and/or move to other devices.

With the release of iOS 10, the following devices will no longer receive iOS updates:

  • iPad 2
  • iPad 3rd Gen
  • iPad Mini
  • iPhone 4s
  • iPod Touch 5th Gen

Schools committed to using iPad 2s, and iPad 3s through the 2016-2017 school year now face the prospect of increased security risks and loss of application support.

Apple is shortening the lifecycle of its devices.  Sold from March 2011 through March 2014, schools may find their devices becoming obsolete in less than their planned 3 year lifecycle.  Looking forward, this trend will impact lifecycle planning and budgets for schools with iPad classroom and 1:1 programs.

Ransomware is Front Page News (Again)

Over the past several weeks, we have been aggressively communicating with our customers and others about the sharp rise in ransomware hitting small and midsize enterprises.  We have blogged about the need for preparation against attacks and for recovery just in case, as well as the full cost of ransomware attacks. While some organizations are taking action, others still see the threat as a low risk.

This weekend, the Wall Street Journal emphasized the critical nature of the threat with a front page article reinforcing the severity and scope of the problem. The article reiterates the rapid growth of Ransomware, the increasing ransoms, and the ease by which computers become infected.

To help organizations better understand the risks, strategies for prevention, and preparation for recovery “just in case”, we recently published our Business Guide to Ransomware.  Written for the non-techie, it is a must read for any small or midsize enterprise with an Internet connection.


Want help with your Ransomware strategy, contact us for a free consultation.


 

Pokemon Go is a Security Game?

No Pokemon Go
While the news coverage has trailed off, the Pokemon Go phenomenon continues as kids and adults continue to play, and the game expands to new locations.

Also in the news, but with less coverage, was the security hole that gave the companies behind Pokemon Go completely unfettered access to users’ Google Apps and Gmail accounts.  This access was not just to read your contacts so you can “share”, Pokemon Go had full read/write access to all user data.

In a short but sobering report, our friends at CloudLock assess and quantify the risk posed by Pokemon Go. Click here to access the report; it serves as a great example of the risks posed by 3rd party apps.


Contact us if you want to learn more about protecting Google Apps from 3rd party app risks.

 

The Cost of Ransomware

The cyber criminals behind ransomware see their efforts as a volume business.  Charge too much, and victims will not pay. Targeting businesses and organizations in wealthier countries and in cities where people and businesses are most likely able to pay, the typical ransom is often about $500.  More recently, we have heard of ransoms between 1 and 2 bitcoin (about US$600 to US$1300).

The Ransom Payment is Only Part of the Cost

The cost of ransomware can vary significantly depending on several factors, including the size and type of the targeted organization, the extent of the attack, the data that is compromised, and the specific ransom demands. It is challenging to determine a typical cost as each incident is unique. However, the costs associated with a ransomware attack can include:

  1. Ransom Payment: The primary cost is often the ransom amount demanded by the attackers, which can range from a few hundred to millions of dollars.
  2. Recovery and Remediation: Organizations affected by ransomware must invest in forensic investigation, data recovery, system restoration, and strengthening their security infrastructure. These costs can include IT services, incident response teams, and cybersecurity consultants.
  3. Downtime and Productivity Loss: Ransomware attacks can result in significant disruption to business operations, leading to lost productivity, missed opportunities, and potential reputational damage.
  4. Legal and Regulatory Consequences: Organizations may incur legal fees and potential fines if the attack involves compromised customer data or violates data protection regulations.
  5. Reputational Damage: Ransomware attacks can erode customer trust and damage a company’s reputation, potentially leading to long-term financial consequences.

Every victim loses productivity from the start of the attack until it is fully resolved. Whether or not you pay, you still need to conduct a full sweep of all of your systems to ensure the ransomware has been removed. Otherwise, you risk reinfection.

Organization Who Pay the Ransomware Cost

For organizations respond and pay the ransom, they still suffer the time and cost of decrypting and validating files, a process that can consume days or weeks of IT resources. If you choose not to pay, you have the cost of recovering data from before the attacks and re-creating lost information across all of your servers, systems, and applications. We recently spoke with a company that lost less than 6 months of data. After three months, they are still working to recreate lost files and transactions as they have no way of knowing if they have missed any.

A ransomware attack can cost tens of thousands of dollars to clean up. Attacks may also damage valuable customer and vendor relationships and result in higher bookkeeping, accounting, and legal fees.

The Cost to Prevent a Ransomware Attack

The costs associated with cyber protection and prevention and the ability to recover quickly (should an attack breach your defenses) is relatively minor. The value of prevention and preparation is well worth the cost.

Organizations should invest in proactive cybersecurity measures to mitigate the risk and potential cost associated with ransomware attacks.

Learn more

You can protect your business against ransomware attacks. In our new eBook, a Business Guide to Ransomware, you will learn how malware spreads, the different types of ransomware proliferating today, and what you can do to avoid or recover from an attack. Hiding your head in the sand does not work, because today’s ransom seekers play dirty. Make sure your organization is prepared.


For a 1:1 consultation and assessment of your risk, contact us today.