Posts

Cloud Backup: Small Businesses Hesitate at their Own Peril

Cloud Backup
According to a recent survey of IT service firms conducted by The 2112 Group, small and mid-size businesses (SMBs with up to 250 employees) do not respond to most marketing efforts.  The lack of interest appears to be due to underlying concerns about data security, bandwidth, availability, and recurring costs.

Not surprisingly, SMBs become interested in cloud backup after a data loss or downtime. Having experienced disruption or loss, SMBs better understand the cost of a failed recovery compared with the cost of adequate protection.

Businesses that move to cloud backup sited their primary motivations as:

  • Improved data protection and business continuity (34%)
  • Better overall IT reliability (20%)
  • Reduced IT costs (16%)

The challenge for us, as a cloud solutions provider, is to meet our customers’ objectives while addressing issues of security, bandwidth, availability, and cost.

The challenge for SMBs, as our customer or prospective customer, is to recognize the value of cloud-based backup before a crisis.  And, understand that by offering a range of solutions, we can ensure data integrity while keeping costs in-line.

 

Cloud File Sync & Sharing: Risks and Solutions (Part 2)

Secure Cloud This blog post is the second in a series on the data risks and solutions available for file sync and sharing services.

Your employees are using file sharing services. Ignoring reality or denying its existence will not change the fact that today’s tech users want to easily share files, and that they will circumvent IT if needed.

Understand the Technology.  Many organizations are using file sync services to share and backup files.  A poor understanding of how file sync services, however, can result in data corruption and loss.

Sync Basics. Most sync services keep a copy of your files on your local machine and in cloud storage, with synchronization happening for files saved in specific directories on your local machine.  In other words, you open and work on files locally.  When you save them in a sync folder (or folder tree), the file will be synchronized with the version in the cloud.  Files may also be used and saved using more traditional upload and download techniques. If you share a file with another person, they will download, or sync, a copy of the file to their local desktop.  This means that if you both are editing a document at the same time, you are both working locally on different copies of the file.  While some sync services offer basic file locking, most will allow the conflict to occur.  Data may be easily lost as each person syncs and overwrites the changes of the other. Better sync services offer multiple level or permissions, allowing you to restrict access to view versus edit.  Some services will also prevent downloading and printing.

Sync versus Backup. File sync is NOT backup.  If you overwrite or delete a file, those changes are synced to the server and to other users.  While some sync services offer version control with a limited ability to retrieve prior versions, most sync services quickly propagate errors and deletions. As such, sync is not a reliable technology for data restores.

When to Sync? Sync and sharing services can be part of a robust business continuity strategy. With near-real time updates, a local or remote service outage does not mean loss of access to files, or loss of operating data. Sync and sharing services are also useful for sharing files with outside parties, provided your users understand the limitations of the service. If you allow the use of sync and share services, however, make sure your team is using a company-owned and managed account and a business grade service.  We will discuss why this is so critical in our next installment.

Previous Post in the Series

Web Weary? Malware May Be the Reason

 

This blog post is the third in a series on Data Protection issues and practical solutions.

Mag_GlassBy some estimates, as many as 60% of search results are tainted with malware, attracting users to infected sites and putting your systems and data at risk.  While not every infection poses a threat, the industry consensus remains that web-resident malware is on the rise.

The problem is large enough that Google Chrome users now receive warning screens, letting users know when legitimate sites have been compromised.  Google has also launched a service to help hacked web sites recover, and regain users’ trust.

While web site owners struggle to keep web sites free of malware, visitors remain vulnerable.

Fortunately, businesses can protect themselves.

Web monitoring and filtering services offer protection from malicious code embedded in web sites and allow businesses to track web activity across their networks.  Advanced web filtering services also help business manage the use of web-based applications and can monitor other web activity.

Incorporating web monitoring and filtering into your computing environment adds an additional layer of data protection.  In addition to protection from malware, web monitoring and filtering gives businesses additional control over web usage and provides a mechanism for enforcing policies and procedures.  And, for most businesses, the value of this protection should outweigh the additional cost.

 

 

Viral Spread of Cloud Creates New Challenges


This blog post is the second in a series on Data Protection issues and practical solutions.

Data Protection SeriesAs discussed in a recent TechRepublic Blog Post, cloud computing vendors are enabling the spread of on-demand software outside the control of the IT Department.

It is easy to see how it happens.  Somebody signs up for a service in order to complete a task that they cannot (or do not know the can) do with their current system.  They share the solution with co-workers, and, before you can say monthly recurring fee, the company must decide if this new tool is a de facto standard and should be included in the formal IT ecosystem.

Aside: On the one hand, shame on the users for not asking first.  On the other hand, shame on IT for not understanding the users’ needs and providing solutions with either current or new technologies.

The challenge becomes managing these services and making sure they are secure.  Beyond deciding who, why, and when services may be used, these services may create real security risks.

In the Google Apps environment, users can install any one of hundreds of third-party applications, many of which request and require access to user data.  While most applications only request and use the access they need, many request permissions that can inadvertently expose critical data such as sensitive documents and contact information.

Solutions

To mitigate these risks, it is important for the IT team to review and evaluate all new applications and companies should have policies through which they can enforce this rule.  In return, the IT team must be held accountable for responsiveness.

In addition, it is wise to monitor your environment for new software.  For you in-house systems, free tools like Spiceworks, will update you with scheduled scans of all systems.

Within your Google Apps ecosystem, Cloudlock App Firewall, provides you with the ability to both monitor and manage which applications are running in your environment.  The App Firewall reports the level of data exposure by application and reports applications added by user and well as by application.  You can mark applications as approved, blocked or not trusted.  You can revoke permissions, effectively disabling applications as well.    The system also provides guidance, letting you know how other companies have rated applications.

Conclusion

While users will continue to look for apps, the IT team can and should be ahead of the curve.  Additional tools, however, can help monitor and manage applications, which will mitigate risk, enforce company policies, and meet regulatory requirements for data protection.

 

For more information about Cloudlock App Firewall, please contact us.

Cloud Solutions Drive Rapid Growth for Cumulus Global

BusSuccess.med

Cumulus Global today announced revenue growth exceeding 300% for 2012 as the company’s cloud solutions business continues to expand. Sales for 2012 surpassed $3.3 million dollars compared to $972,000 in 2011. Net income before taxes jumped over 400%, to more than $200,000 for 2012. This growth reflects increasing demand from Cumulus Global’s core small and mid-size business markets, as well as the company’s expansion into new market segments.

“In the last 18 months, we have helped more than 120 school districts migrate to Google Apps for Education, deploy Chromebooks for Education, and protect their networks and in-house data,” noted Allen Falcon, CEO and co-founder. “We see increasing opportunity in the educational market.”

The company also sees increasing demand from local, municipal, and county governments and agencies throughout New England and nationally. Falcon expects revenues from Google Apps for Government and related services to “more than triple over the next twelve to eighteen months.” Falcon attributes this growth to the migration, education, and support services offered, including the company’s participation in the FCC E-Rate program for schools and libraries.

Serving the needs of small and mid-size businesses, those with 1 to 1000 employees, remains a core market for Cumulus Global. According to Falcon, “Our core SMB market grew by more than 30% last year and we see that rate of growth accelerating.” Falcon attributes this growth to the company’s focus on solutions rather than technology.

“We do not sell hype or technology,” stated Falcon. “We work with our customers to identify if and how cloud solutions can improve efficiency, expand services, drive revenue, and lower costs. We bundle products and services that overcome challenges and enable growth.” Partnering with more than a dozen ISVs and solution providers, Cumulus Global can meet customers’ regulatory compliance, security, data management, and IT administration needs.

For companies, non-profits, government agencies, and schools interested in learning more, Cumulus Global conducts regular webcasts and Q&A sessions.

 

Data Loss and Recovery Are Still a Growing Concern

 

With all of the industry focus on data loss and disaster recovery, you may be surprised at the state of affairs.

  • 53% of businesses experienced data loss within the past 12 months; up from 31% in the prior year (EVault 2012 Survey)
    • 24% of IT Managers admit to not telling their CIOs that some data is not backed up, including data on mobile devices
    • 38% of IT managers worry about the security and effectiveness of their backup solutions
  • 58% of downtime and data loss was caused by storage problems or failures (Continuity Risk Benchmark)
  • 86% of companies experienced unplanned downtime last year (Acronis Disaster Recovery Index Survey)
  • 60% of companies identify human error as the most common cause of downtime and data loss (Acronis Disaster Recovery Index Survey)

What does this mean?

Whether  running systems in-house or in the cloud, businesses MUST understand the risks to their data and system, and have reasonable protections and responses in place.  Solutions that focus on addressing hardware and software errors may not protect you from user mistakes and missteps.

False Sense of Security in the Cloud

When moving to the cloud, businesses must remember that while good cloud infrastructures provide protection from hardware/software type failures, your data is still susceptible to user error.  Backup/recovery services offer protection for cloud-based data that rivals services available for in-house solutions.

Want More Info?

Please contact us if you would like to discuss your needs and available options.

 

Cloud Security Focus Shifts to Data Protection


This blog post is the first in a series on Data Protection issues and practical solutions.

When companies began moving to cloud computing solution, a great deal of time and anxiety was spent on security.  For most considering the move, the questions were basic: Will my vendor access my data?  Will my vendor prevent unauthorized access to my data? How secure is my connection to my data? With the maturing of security standards (SSAE-16, ISO 27001, FISMA, and others), these fundamental questions are less of a concern to most businesses.  Top tier providers not only create secure infrastructures, but build commitments to customer data security and integrity into their contracts, Terms of Service, and Service Level Agreements, or SLAs. That said, security in the cloud requires thought and planning.  In addition to basic access concerns, organizations need to be as vigilant with cloud-based data as they are with in-house data when it comes to data integrity, exposure, and loss prevention.  Holistically, the focus should be “Data Protection”. As we look at Data Protection in this blog series, we will focus on the areas of greatest risk to your data:

  • User Identity and Account Security
  • User Actions — accidental and malicious
  • Data Leaks /Permission Errors
  • Mal-ware
  • Rogue Applications

For each of these issues, we will look at how the risks change (or not) when data is in a public cloud service, as well as practical solutions for mitigating the risks.

Guest Post: Two Customer Reactions to a Data Breach

Originally posted by Bob Siegel, CEO of The Privacy Ref, this article looks at how a company’s response to a data breach can do as much damage as the breach itself.

TD Bank has notified their customers of a data breach through the  loss of a backup tape. Initial reports have said that the tapes contain  the account information and Social Security numbers of more than 267,000 customers on the US East Coast. The tape was not encrypted so, while the bank is unaware of any misuse of the information, anyone who does obtain the tape could easily read the information it contains.

I was with some TD Bank customers the day the data breach was acknowledged. There were two comments made that I hear anytime a breach occurs so I wanted to share them to help you protect your brand image in the event of a data loss.

It took too long to notify customers of the data breach

The first comment the people I spoke with made was that six months was too long for the bank to notify customers that a data breach occurred. TD Bank has said that they were investigating the incident during this period. The customers I spoke with took the view that the bank either had the tape or they didn’t, so why did it take so long to be notified. The customers felt that the delay put their accounts at further risk as well as increasing their exposure to identity theft.

Notice of a data breach to your customers needs to be timely. The definition of timely rests on the perception of the customer. Any time beyond the customers’ perception of timely may be seen as the investigation not having been a priority or, as seen by the comments above, that you are putting the customers at additional risk.

The more complex a breach is perceived to be the more time customers will tolerate for notification. For example, an intrusion into your systems is perceived to take longer to investigate than something that has been misplaced.

More should have been done to protect against the data breach

Hindsight is 20/20 and we begin thinking “if only we had….”. Hopefully we wil learn from each others’ experiences and improve our own programs.

In this case more should have been done to protect the data. TD Bank has customers in Massachusetts.  MA 201 CMR 17.00 provides standards of protection for personal information for residents of this commonwealth. Under this statute, the encryption of personal data that resides on portable devices is required. Personal information under the Massachusetts law includes financial account information or social security number in conjunction with first name or initial and last name. Massachusetts includes tapes as portable storage devices.

In my conversations with the bank’s customers they began to question the overall security procedures used in the bank’s data processing. This may be a large leap in thinking, but one that someone unfamiliar with IT practices may make.

Privacy professionals today recognize that for any organization it is not if a data breach will occur, but when will it occur. How the public perceives your communications about, response to, and the circumstances of the breach will have an impact on your brand image. Preparing a response plan before a data breach occurs is something every organization should do to minimize any impacts, including  brand damage, that may occur.

 

Tuesday Take Away: DLP in Google Apps

In at least one prior post, we have written about the nature of data protection and the reasons for backing up information in the cloud.  Backupify, one of the vendors we work with often, recently conducted  a study of known data loss incidents in Google Apps with known resolutions.   Here is what they learned:

  • 0.00% = Due to Google systems or software
  • 4.05% = Due to an integrated, third party application
  • 10.81% = Due to unauthorized use of a users’ credentials
  • 85.14% = Due to user action

What does this mean?

For most Google Apps users, the best mechanism for Data Loss Prevention (DLP) is to protect your data from user error and malicious acts.  In other words, back up your data!  Assess your needs with respect to retention period and retention points, and pick the backup solution that best meets your business needs.  And remember, backups solutions for Google Docs should do more than export with conversion.

In addition, users should understand the importance and risks involved in sharing account information or using weak passwords.  If you want to enforce best practices, consider Google Apps Directory Sync or an affordable Single Sign-On (SSO) solution.

Drop us a note if you want to know more.