Posts

SaaSOps: Adapting the enterprise model for small and midsize businesses

SaaSOpsThe term “SaaSOps” was first coined by David Politis, founder of BetterCloud. SaaSOps, short for Software-as-a-Service Operations, is the suite of processes, skills, and responsibilities for managing the lifecycle of software delivered as a cloud service. Most small and midsize businesses use multiple SaaS applications.

By effectively and efficiently managing these applications, we reduce operating costs and security risks.

The 5 SaaSOps Processes

Adapting the enterprise model for small and midsize businesses (SMBs), SaaSOps encompasses the following five processes.

1. Adoption

SaaS Adoption begins with discovery.  Discovery includes both (1) Selecting SaaS applications your business needs or wants; and (2) Identifying the SaaS applications in use by your team. In today’s world of cloud services, individual employees are likely signing up to use SaaS applications that they want or think they need. These are often free, or low cost, consumer oriented services. Often referred to as “Shadow IT”, these apps sit outside your control and outside of your security protections.  Selecting which SaaS applications you will use, as a company, and which you will not, sets the stage for successful operations.

2. Optimization

Optimizing SaaS operations requires cross-application and in-application analysis.  By examining SaaS applications and services, and how they are used, you can identify and remove redundant features and data sets.  Streamlining applications and systems in-use lowers complexity, support requirements, and cost.  Within applications, license management is key to ensure you do not under- or over-license your services.  Beyond the cost implications, unused licenses pose a security risk.

3. Management

SaaS Management includes the lifecycles for both users and applications.  If done well, SaaS Management automates common tasks prone to administrative error.

User lifecycle events focus on properly managing on-boarding, off-boarding, and mid-lifecycle changes.  These events cover accounts, access, security, permissions, and integrations users need to perform their jobs across your SaaS applications and services.  User lifecycle management also includes group management.  The ability to automate group membership based on user attributes gives you the ability to manage uses based on roles and responsibilities.

Application management focuses on application configuration, ensuring accounts, access, security, and data management. Active configuration management creates a dependable service for users.

4. Security

This includes five key integrated security pillars:

  1. Discovery of sensitive data, including data subject to industry or legal regulations.
  2. Mitigation of oversharing of data, externally and within your organization.
  3. App monitoring and remediation, spanning availability, access, and performance.
  4. User behavior analytics, providing data to support operations, planning, and improvements.
  5. Least privilege access management, ensuring

5. Experience

SaaSOps changes — improves — your business’ overall experience with your cloud-based services. The impact is visible to your employees and your IT administration.

  • Automation simplifies tasks and reduces administrative, security, and other errors while improving your IT team’s ability to respond quickly to change and support requests.
  • Change management ensures decisions to alter services are known and documented and helps ensure you remain compliant with policies, industry standards, and regulations.
  • Managed Access and Rights reinforces company policies, maintains compliance, and enables employees to access the applications, services, and data needed for their jobs.

In Summary

As your use of cloud services grows, implementing SaaSOps solutions becomes an important management tool.  Beyond monitoring and managing costs, SaaSOps helps reduce management and administration errors, provides a better experience for IT teams and end users, and improves security. The incremental cost to deploy SaaSOps tools delivers savings while reducing risk.

Call To Action

Schedule time with one of our Cloud Advisors or contact us to discuss how best you can support your remote and hybrid workers. The conversation is free, without obligation, and at your convenience.

About the Author

Allen Falcon is the co-founder and CEO of Cumulus Global.  Allen co-founded Cumulus Global in 2006 to offer small businesses enterprise-grade email security and compliance using emerging cloud solutions. He has led the company’s growth into a managed cloud service provider with over 1,000 customers throughout North America. Starting his first business at age 12, Allen is a serial entrepreneur. He has launched strategic IT consulting, software, and service companies. An advocate for small and midsize businesses, Allen served on the board of the former Smaller Business Association of New England, local economic development committees, and industry advisory boards.

The High Cost of Low Adoption

Roughly 53% of the more than 33 million small and midsize businesses in the US rely on cloud services.  The vast majority use Microsoft 365 or Google Workspace for basic productivity tools: email, calendars, contacts, and files. The popularity is due, in part, to the ease of deployment.  You can quickly deploy either of the productivity suites and have your team on-board, running, and using basic features. Within Microsoft 365 and Google Workspace, however, our cloud adoption tends to be fairly low.

We should look past the basics.  Both Google Workspace and Microsoft 365 offer a deep range of capabilities.  As small and midsize business owners and leaders, we should assess how well we are using these tools.  Better cloud adoption improves productivity, communication, and security. Higher cloud adoption within Google Workspace and Microsoft 365 also saves you money.

Improve Productivity

Studies show that typical users only leverage 10-15% of their Microsoft 365 or Google Workspace suites. With low cloud adoption, our teams fall into usage patterns that mimic prior systems rather than taking advantage of new capabilities.  Examples of habits that hurt productivity include:

  • Inefficient meetings
  • Poor inbox and email management
  • Searching for information
  • Limiting “collaboration” to attachments and file shares

Education and support enables your team to overcome these common productivity killers. Motivating your team to learn and use the 85-90% untapped potential helps them become more capable and effective in their roles.

Remove Duplicate Application Costs

Improving cloud adoption of Microsoft 365 and Google Workspace eliminates your need to pay for many other applications and services.

  • Microsoft OneDrive and Google Drive for Desktop remove the need for Dropbox, Box, file servers, and local network storage.
  • Google Meets and Microsoft Teams replace Zoom, WebEx, GoTo Meeting, Adobe Connect, and paid audio conferencing services.
  • Microsoft Yammer and Google Chat preempt the need for Slack, Jive, Facebook for Work, and other social messaging apps.
  • Features in Microsoft Outlook and Google Calendar eliminate the need for third party scheduling tools like Scheduly.
  • Google Voice and Microsoft Teams offer low cost VoIP telephony services than many other providers.

With fewer applications and services, you pay less in subscription fees and reduce support costs. Your team has fewer logins and fewer applications to learn. You spend less time managing integration and updates.

Reduce Your Security Risk

Improving cloud adoption is more than using additional features.  Successful cloud adoption includes learning how to best use the features you need.  With your data in the cloud, you rely on users making good decisions to avoid compromising security or data protections.  We often see teams where employees fall into these security traps:

  • Sharing files inappropriately
  • Emailing sensitive information
  • Incorrectly granting permissions internally or with external parties
  • Bypassing permission and security by storing files locally or in other systems

Matching appropriate security settings and protections with proper training, your team will make better data decisions. Understanding how to work efficiently within security guidelines eliminates the need, and motivation, to work-around protections.

Maximize Your Investment

Your Microsoft 365 or Google subscription may be one of your larger IT budget line items. Why leave that value untapped?  In both environments, we frequently observe under utilization of applications, features, and resources.  Some of the commonly underutilized capabilities include:

  • OneDrive for Business and Google Drive for Desktop
  • Microsoft Teams and Google Meets
  • SharePoint Online and Google Shared Drives and Sites
  • Security features and functions.

Ensure your team knows how to fully utilize the capabilities you have.  Doing so prevents them from using “shadow IT” — using other apps and services without your knowledge.

Create a Culture of Self-Learning

When your team adopts a culture of self-learning, they will optimize their use of the IT services you provide.  Your job: provide the leadership and resources your team needs in place to train and continue to develop their skills.

The results:

  • More productive individuals and teams
  • Fewer IT systems and services that lower costs
  • Improved security and data management
  • Better returns on your IT investments and spending

Your Call To Action

Schedule time with one of our Cloud Advisors or contact us to discuss ways to upskill your team, reduce IT redundancy, and streamline your IT budget. The conversation is free, without obligation, and at your convenience.

About the Author

Bill SeyboltBill is a Senior Cloud Advisor responsible for helping small and midsize organizations with cloud forward solutions that meet their business needs, priorities, and budgets. Bill works with executives, leaders, and team members to understand workflows, identify strategic goals and tactical requirements, and design solutions and implementation phases. Having helped over 200 organizations successfully adopt cloud solutions, his expertise and working style ensure a comfortable experience effective change management. 

The State and Future of Remote Work

As noted in a recent article published by American City Business Journals, the state and future of remote work are still up for debate.  Remote work and hybrid work arrangements continue to face resistance. Our reduced need for office space still impacts city centers and commercial real estate markets.  And yet, employees still want remote and hybrid work arrangements. The desire to have work-from-home options is strong enough that many employees will take pay cuts in exchange for the flexibility.

Some of the Data

Work from Home Research noted that paid full days worked out of office was about 27%, year to date, in 2023.  This represents a very slight decrease from recent months.

In February 2023:

  • 60% of employees worked full-time in the office
  • 28% of employees worked in a hybrid arrangement
  • 12% of employees worked remotely full time

40% of employees continue to work some or all of their time outside the office.

A recent study by Robert Half found:

  • 28% of job postings were advertised as remote
  • 32% of employees who work in the office at least one (1) day per week would take an average 18%  pay cut to work remotely full time

Data from the Federal Reserve indicates that:

  • From 2020 to 2021, during the surge in remote work, productivity jumped from 108.57 per hour to 115.3 per hour
  • In 2022, productivity dropped slightly as more employees returned to the office

Using the Data

Remote and hybrid work arrangements will likely continue as companies and employees work to find the right balance for the company and employees.  As small business leaders, we understand that remote work is an attractive feature of job postings, and 1/3 of employees would take a pay cut or change jobs to work remotely.

We need to manage our remote and hybrid work arrangements in ways that employees see as flexible and accommodating. 

In-person interactions with colleagues can improve morale and enhance company culture. It makes sense that we want most employees in the office, interacting face-to-face, at least some of the time.

Employees see most hybrid work arrangements as designed to meet the needs of the company, not employees.  Employees see incentives, such as free meals and other “perks”, as gimmicks to attract employees to the office without addressing employees’ needs.  We need to present hybrid work arrangements honestly in terms of company needs and priorities and those of the employees. If we provide a real balance of needs and priorities, employees will feel respected and heard. They will be more accepting of change.

The Role of Technology

We have no doubts about the power of technology to empower your employees to do their best work — in office or remotely.  Many small businesses scrambled to support remote work at the onset of the pandemic.  These solutions were often rushed and, as such, less efficient or effective than needed.  Too many of us, however, have not stepped back to assess, revise, and improve our IT support for remote and hybrid work.

We need support and technologies in place to ensure the long-term viability of remote and hybrid work.

Employees, when working remotely, want and need the same resources and abilities as when they are working in the office.  They want the same user experience regardless of where or how they work.  At the same time, we need to ensure our systems and data remain secure and protected.

When assessing your IT services, make sure you have the SPARC you need:

  • Security
  • Performance
  • Availability
  • Reliability
  • Cost

Leveraging cloud services, you can provide secure access to your systems and data, with a consistent user experience, at a reasonable cost.

Calls To Action

1. Read our recent eBook, Cloud Strategies for Small and Midsize Businesses. In this eBook, we: Set the stage by looking at how small and midsize businesses acquire and use technology and IT services; Explore the challenges we face moving into the cloud; and Map out four strategies for enhancing your use and expansion of cloud services.

2. Schedule time with one of our Cloud Advisors or contact us to discuss how best you can support your remote and hybrid workers. The conversation is free, without obligation, and at your convenience.

About the Author

Allen Falcon is the co-founder and CEO of Cumulus Global.  Allen co-founded Cumulus Global in 2006 to offer small businesses enterprise-grade email security and compliance using emerging cloud solutions. He has led the company’s growth into a managed cloud service provider with over 1,000 customers throughout North America. Starting his first business at age 12, Allen is a serial entrepreneur. He has launched strategic IT consulting, software, and service companies. An advocate for small and midsize businesses, Allen served on the board of the former Smaller Business Association of New England, local economic development committees, and industry advisory boards.

Cloud Computing Trends, Challenges & Provider Insights in 2023

Cloud Computing Trends

Earlier this month, CRN published a story covering Flexera’s 2023 State of the Cloud Report.  Flexera provides software and systems to manage enterprise private and public clouds.  The report on cloud computing trends originates with an annual survey of 750 technology leaders across sectors, geographies, and size of the business.  While the report classifies small and midsize businesses as those with under 1,000 employees, we still find the results interesting and relevant.

As small businesses, our concerns are spending, security, compliance, and managing cloud services. The cloud model hits our income statements and balance sheets differently than historical IT services. The need to protect our businesses, and our customers, has never been greater. And, we find it difficult to understand if we are spending efficiently and effectively.

We take a look at the top 3 cloud challenges, discuss managing clouds, and explore cloud waste.  Understanding these issues, you will better understand how to create better cloud solutions. You will also be better able to set expectations from those providing cloud solutions and related services.

Top 3 Cloud Computing Challenges

For 2023, SMB respondents identify the top three cloud computing challenges as:

  • Managing Cloud Spend (80%),
  • Security (73%), and
  • Compliance (71%).

These concerns make sense. The spending model for managed cloud services, based on subscriptions or usage, is an operating expense.  Most smaller companies are used to making capital expenditures and paying for service contracts and managed services.  Additionally, many of the IT firms working with small businesses will replicate on-premise networks and servers in a public cloud service. They may lack the expertise and tools to actively manage costs.

Concerns about security and compliance reflect the increasing need and demands of protecting sensitive business and personal information.  We face the same increased regulations and expanding industry standards as larger enterprises. But we do not have the in-house resources or the same access to experts. We place our trust on local or regional IT service firms.

Latest Trends and Developments in Cloud Computing

Undefined Cloud Management

Following closely behind the top 3 cloud challenges, governance (67%) and subscription management (61%) indicate that small businesses are not sure how to best manage their cloud services.  As cloud infrastructure matures, the number of options expand.  To make simple decisions, such as whether to subscribe monthly or make an annual commitment at a lower per unit price, we need to understand the operating cost models.  We need standard operating procedures, such as on/off-boarding and access controls, in place.

Cloud is still new. We need our IT service firms and managed service providers to guide, if not lead, our cloud management efforts. Co-management is a viable strategy, provided it includes policies and procedures as well as products and services.

Cloud Waste

On average, the survey results show that businesses spent 18% more than budgeted on public cloud services last year.  The greatest contributor to the overspend appears to be Cloud Waste.

Cloud waste is spending on cloud services that go unutilized or are under-utilized.  Reducing cloud waste can be as simple as

  • Shutting down unused resources after hours
  • Selecting lower cost regions / data centers
  • Periodically right-sizing systems and resources

Policies that scale resources in real-time based on usage will increase efficiency, but require expertise and planning during the solution design process, monitoring, and refinement over time.

How to Pick a Cloud Computing Provider

Traditional managed service providers, or MSPs, are experts in buying, monitoring, and managing things. They focus on network components, servers, systems software, and end user devices.  To get the most value from our cloud services, we need partners that understand service and cost management.

Managed cloud service providers, or MCSPs, understand how the “as-a-Service” model is different. Security, compliance, and cost management only work when they are built into the requirements, design, and management of your cloud services.

Before picking your cloud provider, ask about their management and co-management models. Understand if they actively work to monitor and manage security, compliance, and costs. Ask them to explain how.

Call To Action

Get a copy of our recent eBook, Cloud Strategies for Small and Midsize Businesses. In this eBook, we: set the stage by looking at how small and midsize businesses acquire and use technology and IT services; explore the challenges we face moving into the cloud; and map out four strategies for enhancing your use and expansion of cloud services.

To discuss how your business can better utilize a broader range of cloud services, please contact us or schedule time with one of our Cloud Advisors at your convenience.

About the Author

Allen Falcon is the co-founder and CEO of Cumulus Global.  Allen co-founded Cumulus Global in 2006 to offer small businesses enterprise-grade email security and compliance using emerging cloud solutions. He has led the company’s growth into a managed cloud service provider with over 1,000 customers throughout North America. Starting his first business at age 12, Allen is a serial entrepreneur. He has launched strategic IT consulting, software, and service companies. An advocate for small and midsize businesses, Allen served on the board of the former Smaller Business Association of New England, local economic development committees, and industry advisory boards.

Different Types of Email Security Features

Different Types Of Email Security Solutions Can Help Protect your Business

When launched Cumulus Global 15 years ago to provide small and midsize businesses (SMBs) with email security and security solutions. As early adopters, we saw how managed cloud services and solutions made enterprise grade solutions affordable and effective for small businesses.  While much as changed over the past decade and a half, we still face email-based threats.

Email Attacks are Easy

According to Verizon’s 2021 Data Breach Report, email remains one of the most common vectors for attacks. And, phishing attacks are at the top of the list. Email phishing attacks remain prevalent because they are relatively easy. Cyber attackers are able to say one step ahead of our defenses, in large part to the rise in social engineering. With more of our personal information available through social media, attackers can use psychological tactics and personalized messaging to target specific individuals (spear phishing) and business leaders (whaling). In doing so, they garner sensitive information and gain access to systems and data.

Business Email Compromise

Business Email Compromise (BEC) attacks impersonate your email domains or emails for specific users. In most instances, BEC attacks look and feel like legitimate emails from your business. Combined with social engineering tactics and personalize information, they are hard to spot and often successful.  Cyber security attacks can be “internal” that target your employees, or “external” that use your business to defraud your customers and associates.

Email and Domain Impersonation

Preventing email and domain impersonation attacks bypass account level security, including multi-factor authentication. To prevent these attacks, recipients should only accept email that can be authenticated as coming from your domain.

Different Types of Email Security Protection: Good, Better, Best

Currently, you have three levels of email domain security that can protect your business and your identity: Good, Better, and Best.

Good: SPF Sender Policy Framework

SPF verifies emails sent from valid IP addresses, either from your domain or authorized senders. While most small businesses have an SPF record configured, errors cause individual emails, or emails from marketing and CRM systems, to be flagged as spam by the recipient. Cyber attackers can spoof email addresses to give the appearance of a validated sender.

Better: DKIM DomainKeys Identified Mail

DKIM verifies that have been digitally signed by the sending domain, or by services sending email on behalf of the domain. Proper configuration is technical and involves cryptographic key management; errors can lead to fake messages with valid DKIM signatures. Cyber attackers can remove the DKIM signature using sophisticated relay attacks.

Best: DMARC Domain-based Message Authentication, Reporting,
and Conformance

DMARC authenticates email origin by aligning identifiers from SPF and DKIM, and instructs recipients to deliver, quarantine, or reject failed emails by policy. DKIM helps improve email deliverability. Is the best protection against email and domain impersonation attacks, whether they target your employees, vendors, or customers. Reporting enables you to see email sources and manage your policies.

Protect Your Business With Our Email Security Services

While you set up SPF and DKIM with DNS record entries, DMARC is best implemented as a service. Doing so provides you access to settings, reports, and analysis tools. For most small and midsize businesses, the level of protection DMARC provides is worth the minimal cost.

You can learn more with our eBook: Email Security: Good, Better, Best.

To discuss your email security configuration, make an appointment with one of our Cloud Advisors, send us an email, or fill out our contact form.

Dark Web Security Risks and Dangers

Dark Web Risks: Threats to Be Aware of, and How to Protect Yourself and Your Business

We offer a monitoring service for dark web risks.  In August, we received alerts for more than 40% of the companies we monitor about dark web risks and danger.

Threats from information mining and third party breaches continue to pose a risk.  The level of risk varies based on the source, scope, and nature of the breach. Learn about the dark web threats to be aware of, and learn what strategies you can implement to protect yourself, as well as your business.

Direct and Indirect Security Threats from the Dark Web

Third party breaches from the dark web pose direct and indirect security threats. A direct threat, as the name implies, represented a compromised identity with direct access to your system.  Indirect threats are breaches with information that enables more advanced attacks against your systems and user identities.

Direct threats, while less common, represent a breach of usernames and passwords for your system.  The source of direct threats may not be your systems. Hackers with access to valid email addresses and similar passwords will try permutations and patterns to gain access.  While they may then use the compromised credentials themselves, they may also put them up for sale or lease on the Dark Web.

Indirect Threats take many forms, and are a big risk on the dark web.  Identities with similar passwords are sold to hackers that will use them to gain access.  Personal identifying information is valuable to hackers looking to create effective spoofing and phishing attacks.  Repetitive breaches identify targets more easily compromised and/or more likely to respond to a phishing attack with personal information.

Dark Web Dangers and Threat Sources

Sources for Dark Web security threats vary.  Most common is a third party breach, for example the LinkedIn breach in 2018.  Given that many people use their work email address as an identity for LinkedIn, along with identical or similar passwords, the breach gave hackers a means to test access to core businesses services.  Simple testing of leaked passwords, permutations, and common patterns provides access to core businesses systems, including accounts on Microsoft, Google cloud, Salesforce, and others.

Growing in frequency, hackers grab personally identifying information matched to known email addresses.  While first and last names may not appear to create much risk, cyber criminals can use PII to create sophisticated spoofing and phishing attacks.  Your zip code, home address, job title, role in your company, and who you work with and for can all be used to create more effective attacks.  When matched to data from social media accounts — where you shop, foods you like, answers to “survey” questions that mirror security prompts — criminals can refine their attacks and sell your data for more on the dark web. This is why data protection services are highly recommended in todays environment.

Protecting Yourself and Your Business from the Dark Web

More than 70% of people use the same or similar passwords across systems, which is a huge dark web danger. When employees use work email addresses for other services, the nature of their passwords creates risks when any of these third party systems experiences a breach. Compromised third-party passwords reduce the effort required for cyber criminals to compromise other accounts. LinkedIn, Egnyte, Dropbox and other reputable services have all experienced breaches over the past few years.

An additional risk from third-party systems is the risk of personally identifying information, or PII.  With a valid email address and leaked or breach PII, cyber attackers have access to information that allows them to personalize phishing emails and other attacks.

Monitoring the Dark Web for these third party breaches, and responding appropriately, helps protect your employees and your business.

 

Productivity Suite Assessment Helps Small Businesses Choose or Improve their Cloud

May 25, 2021 – Westborough, MA – Cumulus Global is pleased to announce the launch of its new Productivity Suite Assessment, a consulting service that helps small and midsize businesses (SMBs) determine which productivity suite best meets their needs and how to fully utilize the suite to improve productivity and support business goals. Whether considering, or currently using Microsoft 365 or Google Workspace, the productivity suite is the foundation for IT services. The right match is about more than the marketing hype and basic features. The right match integrates with how you work and other systems to support business goals, needs, priorities, and budget.

“For businesses not yet in the cloud, we guide them to the best fit and solution,” stated Allen Falcon, CEO of Cumulus Global. “For those only using some of the Microsoft and Google suite services, we help them fully adopt, utilize, and leverage capabilities.”

The Productivity Suite Assessment gives businesses:

  • A comprehensive review of current technology platforms and how well they are serving the business
  • Expert analysis of challenges, gaps, and opportunities to improve productivity and efficiencies
  • Recommendations: “what” technologies are a best fit and “how” to leverage them for greatest impact and value
  • Savings on implementation of recommendations.

“We help businesses decide if Microsoft 365 or Google Workspace best aligns with their operations and technologies. More impactfully, we identify under-utilized capabilities and guide adoption,” noted Falcon. “Using these recommendations, businesses improve processes, empower employees and teams, reduce costs, and enable growth.”

The Productivity Suite Assessment follows Cumulus Global’s best-practice methods.  The three phase project includes: detailed discovery, thorough analysis; and recommendations with guidance on implementation and adoption.  Cumulus Global partners with both Microsoft and Google, providing objective analysis and recommendations. Founded in 2006, Cumulus Global has 15 years experience delivery cloud solutions to small and midsize businesses.

Cumulus Global takes AIM with Manufacturers

www.aimnet.orgApril 27 2021 – Westborough, MA – Cumulus Global is pleased to announce its Corporate Membership in the Associated Industries of Massachusetts (AIM). Through its membership, Cumulus Global will better understand the issues and challenges facing manufacturers. As a member, Cumulus Global will help support manufacturing as a key component of a diverse, healthy economy.

“By joining AIM, we gain access to information and ideas,” stated Allen Falcon, CEO. “A better understanding of the business issues — challenges and opportunities — facing manufactures is key. This knowledge improves our ability to design, deploy, and manage technology solutions that deliver tangible business results.”

Manufacturers, like most businesses, are adopting cloud computing as a mainstream component of their technology infrastructure.  CIO magazine reports that over 90% of all businesses use some form of cloud computing.  According to IDG’s 2020 Cloud Computing Survey, investment in cloud computing jumped 59% from 2018 to 2020.

Smart strategies, investments, and management are critical.  Cumulus Global helps small and mid-size manufacturers leverage secure, public cloud services to maximize results and value. Done properly, cloud solutions help manufactures adapt and compete in our rapidly changing economy.

“A diversified, healthy economy depends on a healthy, diverse manufacturing sector,” noted Falcon. “Our AIM membership supports advocacy for public policies that enable manufacturers to adapt and thrive. This as essential for our community and our nation.”

Cumulus Global believes that manufacturing will continue to play a critical role in our local, regional, and national economies. The company shares AIM’s commitment to innovation and sound economic policy.

About Associated Industries of Massachusetts

AIM (www.aimnet.org) is a forward-looking organization of dedicated, focused, and experienced business leaders. The association works to support public policy and provide services that enable jobs creation and economic opportunity. AIM focuses on public policy advocacy, employer services delivery, business community development, and best practice guidance for, and on behalf, of its members.

Cyber Protection Solutions for SMBs

Data protection iconAs our businesses become even more reliant on technology and cloud services, the frequency and sophistication of cyber attacks continue to accelerate. Your Cyber Protection 

Cyber Protection Needs

We need our businesses — and our people — to be aware, protected, and able to recover.

At Cumulus Global, our CPR model maps the necessary components of cyber security into three areas.

  • Communicate & Educate
    • Ensure you team understands the risk, educate them so they can avoid falling prey, create a culture of security and data privacy.
  • Protect & Prevent
    • Leverage advanced and “next gen” technologies to prevent attacks and to protect your networks, systems, data, and people from attacks.
  • Recover & Respond
    • No system is perfect; make sure you can recover your data and systems, return to normal operations, and respond to the technical, legal, and communication challenges.

Successful Cyber Protection relies on your policies and procedures, technologies, and people working in sync. Across more than a dozen focus areas, you need to balance the level or protection you need with the costs and with the risks of not doing enough. You need to balance external requirements, such as government and industry regulations, with internal priorities.

Your Cyber Protection Solution

To design and implement an affordable, integrated, and effective cyber protection solution for your business, start with a Cyber Protection Assessment (CPA).  A CPA will assess your needs, within the context of your business, and preferred solutions across 15 areas of focus:

  • Written Information Security Plan
  • Patches and Updates
  • Email Encryption
  • Data Destruction
  • Background Checks
  • Written Information Response Plan
  • Antivirus and Intrusion Detection
  • Email and Web Security
  • Account and Identity Management
  • Employee Training
  • Firewalls
  • Backup / Continuity / Disaster Recovery
  • File Encryption
  • Network Access Security
  • Responsible Parties

Using the results of the Cyber Protection Assessment, you can plan and implement your levels of protection in each area to create the balance that is best for your business.

Next Steps and Resources

Your best next step is to contact us and discuss your cyber protection status and needs with one of our Cloud Advisors. Consider using our Cyber Protection Assessment to understand your needs, current protections, gaps, and priorities.

Related Resources:

Where to Look for IT Savings

Almost all of our businesses are feeling the impact of COVID-19.  Revenues and cash flows are down and some costs are rising. We are all looking to cut expenses. Information technology and services can be a good place to find savings.

Most businesses can find savings in their IT services. Here are some places to look.

Unused Accounts

It is a common practice to hold onto the accounts for past employees or projects with the expectation that we may want or need to access the information at some point in the future. Often, these accounts incur costs as they remain billable within your systems. Here are some methods that you can use to clean up old accounts in Microsoft 365 and G Suite without losing data:

  • Transfer ownership of files and other data to other employees before removing an account.
  • Transfer ownership of files and other information to a designated archive account that will hold historical information for multiple past employees
  • Use a backup service to snapshot the account(s) and verify you can restore the data. Most cloud backup services let you restore to an alternate user and the licenses are significantly less than the Microsoft 365 or G Suite account.
  • Export data from past employee accounts into searchable format as an archive
Redundant Services

We see businesses sign up for new services, or keep existing services, even when they already have similar capabilities.  A lack of awareness and training can lead to redundant IT services. In most cases, even with feature differences taken into consideration, these redundant services are not needed — or are only needed by a few specific people.

If you are running Microsoft 365, you can use …

  • Teams for
    • Video conferencing instead of paying for Zoom, Webex, or GoToMeeting
    • Audio conferencing instead of paying for a third party service
    • social communication and teamwork, instead of paying for Slack
  • Teams Live to stream/broadcast events to large private groups or the public
  • OneDrive, SharePoint, and/or Teams for sharing files with others, instead of paying for DropBox
  • SharePoint for secure internal and secure external portals
  • Planner for project and task management instead of Trello and other third party applications
  • Bookings for appointment setting instead of paid services like ScheduleOnce and Calendly
  • Shared Inboxes and Groups for simple service desk / call center functions

If you are running G Suite, you can use …

  • Google Meet for video conferencing instead of paying for Zoom, Webex, or GoToMeeting
  • Google Meet audio conferencing instead of paying for a third party service
  • Chat for social communication and teamwork, instead of paying for Slack
  • YouTube Studio to stream/broadcast events to large private groups or the public
  • My Drive and Shared Drives for sharing files with others, instead of paying for DropBox
  • Sites for secure internal and secure external portals
  • Shared Inboxes and Groups for simple service desk / call center functions
Shadow IT

Chances are, if you scan your environment, your company charges, and expense reports, you will find employees using one-off or personal IT services that you have not approved or authorized.  In addition to costing you money, these services remove data from your systems and expose you to the risks of data loss and liability. In many cases, employees turn to “Shadow IT” services because they perceive these services as more convenient or easier to use than company resources.  Here are ways to reign in Shadow IT:

  • Actively look for employees using Shadow IT services.  Scan your environment, credit card fees, and expense reports. You can also use tools like Blissfully to find and quantify these services.
  • Find out why employees are using the services.  Is it a missing capability or are they unfamiliar with how use the capabilities of company systems?
  • Educate and train employees, rather than discipline
  • If shadow IT is filling a need, find a way to provide the capability within company systems if possible
Move to Scalable Services

While it may sound counter-intuitive, now may be a good time to migrate some IT services to solutions that will scale better as you company continues to adjust to changing markets and business conditions.  Moving from in-office, co-located, or hosted file servers to cloud file services, for example, replaces fixed assets and operating costs with services that can scale up and down with staffing levels and/or business volume.  Moving to scalable services may be even more appropriate if you are facing hardware or system end of life, or if doing so will simply and improve access to applications and files for those working from home.

Be Careful with Your Cuts

It may be tempting to cut services you feel that you rarely use.  Be careful, however, that you do not make short term savings decisions that will cost you much more later. See our companion post to learn more.


For help evaluating your IT environment for efficiency, please contact us to schedule a free Cloud Advisor session, or take a look at our Recovery Road Map Assessment.


 

Webcasts

Choose the Right Managed Cloud Services

(10/17/2023) – Business leaders like you understand the need for effective, secure, and affordable IT services. Hiring or contracting for services has likely been unaffordable. Managed Cloud Services, when properly matched to your business, provide the capabilities, security, and services you need at affordable rates. Hear from experts about defining needs and selecting the right services, technologies, and partners.

Deep Dive: Lift-and-Shift and DaaS

(07/18/2023) – As SMBs, we still have on-premise file and application servers that require upgrades, security, backup, monitoring, management, and support. Evaluating your on-premise IT, and moving what you can to the cloud, increases the business value of your IT spending and investments.

Five Things Your IT Provider Should be Telling You

(06/20/2023) – We tend to wait for our IT service providers to raise warning flags, and the periodic review with our IT provider can feel like a subtle sales call. Reacting to IT problems is not enough, and adding more IT services may not be the answer.

The High Cost of Low Adoption

(05/23/2023) – Beyond core features in Google Workspace and Microsoft 365, cloud adoption tends to be fairly low. Better cloud adoption improves productivity, communication, and security. And, it can save you money.

Cloud Cover: Strategies for Small Businesses

(04/18/2023) – As small businesses, we can do more with the cloud then Microsoft 365 and Google Workspace. But if we want to take advantage of the benefits of managed cloud services, we need better cloud strategies.

Cyber Security: 3 Questions and Shared Responsibility

(03/21/2023) – The cloud’s Shared Responsibility Model places most of the security and data protection burden on you. Our webcast explores 3 key questions and the shared responsibility model to help you plan, deploy, and manage effective, and cost-effective, security..

Hybrid IT for SMBs

(02/21/2023) – A sound Hybrid IT strategy creates better collaboration, cost efficiencies, security, and resiliency. Review your hybrid business strategy and supporting IT services. Address your business, technology, security, and cost challenges.

Security CPR

(01/24/2022) – Cybersecurity requires policies, procedures, supporting technologies, and a culture of awareness. This webcast is a deep dive into our Security CPR model for preventing and surviving cyber attacks.

2022 Wrap Up

(01/03/2022) – Hopefully our plans for the new year are nearly complete and we will jump into January ready to execute and succeed. It is a great time of year to review and look forward to the new year. Let’s close out the year with new ideas and information.

Lower the Price of Productivity

(11/15/2022) – Our IT solutions serve a purpose: to help us operate our businesses as efficiently and effectively as possible. Are you paying for duplicate IT services? Reviewing and streamlining IT services supports productivity at a lower price.