Posts

Cloud Backup: Small Businesses Hesitate at their Own Peril

Cloud Backup
According to a recent survey of IT service firms conducted by The 2112 Group, small and mid-size businesses (SMBs with up to 250 employees) do not respond to most marketing efforts.  The lack of interest appears to be due to underlying concerns about data security, bandwidth, availability, and recurring costs.

Not surprisingly, SMBs become interested in cloud backup after a data loss or downtime. Having experienced disruption or loss, SMBs better understand the cost of a failed recovery compared with the cost of adequate protection.

Businesses that move to cloud backup sited their primary motivations as:

  • Improved data protection and business continuity (34%)
  • Better overall IT reliability (20%)
  • Reduced IT costs (16%)

The challenge for us, as a cloud solutions provider, is to meet our customers’ objectives while addressing issues of security, bandwidth, availability, and cost.

The challenge for SMBs, as our customer or prospective customer, is to recognize the value of cloud-based backup before a crisis.  And, understand that by offering a range of solutions, we can ensure data integrity while keeping costs in-line.

 

Cloud File Sync & Sharing: Risks and Solutions (Part 2)

Secure Cloud This blog post is the second in a series on the data risks and solutions available for file sync and sharing services.

Your employees are using file sharing services. Ignoring reality or denying its existence will not change the fact that today’s tech users want to easily share files, and that they will circumvent IT if needed.

Understand the Technology.  Many organizations are using file sync services to share and backup files.  A poor understanding of how file sync services, however, can result in data corruption and loss.

Sync Basics. Most sync services keep a copy of your files on your local machine and in cloud storage, with synchronization happening for files saved in specific directories on your local machine.  In other words, you open and work on files locally.  When you save them in a sync folder (or folder tree), the file will be synchronized with the version in the cloud.  Files may also be used and saved using more traditional upload and download techniques. If you share a file with another person, they will download, or sync, a copy of the file to their local desktop.  This means that if you both are editing a document at the same time, you are both working locally on different copies of the file.  While some sync services offer basic file locking, most will allow the conflict to occur.  Data may be easily lost as each person syncs and overwrites the changes of the other. Better sync services offer multiple level or permissions, allowing you to restrict access to view versus edit.  Some services will also prevent downloading and printing.

Sync versus Backup. File sync is NOT backup.  If you overwrite or delete a file, those changes are synced to the server and to other users.  While some sync services offer version control with a limited ability to retrieve prior versions, most sync services quickly propagate errors and deletions. As such, sync is not a reliable technology for data restores.

When to Sync? Sync and sharing services can be part of a robust business continuity strategy. With near-real time updates, a local or remote service outage does not mean loss of access to files, or loss of operating data. Sync and sharing services are also useful for sharing files with outside parties, provided your users understand the limitations of the service. If you allow the use of sync and share services, however, make sure your team is using a company-owned and managed account and a business grade service.  We will discuss why this is so critical in our next installment.

Previous Post in the Series

Cloud File Sync & Sharing: Risks and Solutions (Part 1)

Secure Cloud
This blog post is the first in a series on the data risks and solutions available for file sync and sharing services.

Your employees are using file sharing services. Ignoring reality or denying its existence will not change the fact that today’s tech users want to easily share files, and that they will circumvent IT if needed.

Failing to provide a secure, reliable service, puts your data — and your business — at risk.

Case Study 1: Inside Sales Disappear

An inside sales representative at a B2B industrial supply company was signing on new customers.  While the contract were all boilerplate, the rep use a personal Dropbox account to share them with customers for signature and to store them once signed.  After failing to be promoted, the rep quit the firm.  The company had no copies and no access to dozens of customer agreements.

Case Study 2: Order Management Gone Wrong

A customer service rep was using a personal file sharing service to send/receive credit card authorization forms with customers and, unintentionally, his family.  The company became aware of the problem (and PCI violation) when a customer called to inquire about an attempted electronics purchase the day after they had provided the form.  The rep’s teenage son had attempted to make an online purchase with “credit card number in Dad’s account.”

Case Study 3: No Backup = No Restore

A CEO recently contacted his IT department, asking that  they restore several critical files needed for a business meeting the next day, as he could no longer find them.  After searching several iterations of backups and audit logs, they informed the CEO that the IT team could not find any indication that the files had ever existed. The CEO had created the documents locally on his PC, then placed them in a personal file sharing service so that he could access them while traveling.  Without any protection, restoring the deleted files was impossible.

While these examples may seem extreme, if your employees are using personal, unsecured file sharing services, they may already be happening to you.

Back in September, we posted about the increasing problem of rogue cloud services.  Over the course of this series, we will look specifically at cloud-based file sharing services, their risks, and solutions that protect your data, your reputation, and your business.

Web Weary? Malware May Be the Reason

 

This blog post is the third in a series on Data Protection issues and practical solutions.

Mag_GlassBy some estimates, as many as 60% of search results are tainted with malware, attracting users to infected sites and putting your systems and data at risk.  While not every infection poses a threat, the industry consensus remains that web-resident malware is on the rise.

The problem is large enough that Google Chrome users now receive warning screens, letting users know when legitimate sites have been compromised.  Google has also launched a service to help hacked web sites recover, and regain users’ trust.

While web site owners struggle to keep web sites free of malware, visitors remain vulnerable.

Fortunately, businesses can protect themselves.

Web monitoring and filtering services offer protection from malicious code embedded in web sites and allow businesses to track web activity across their networks.  Advanced web filtering services also help business manage the use of web-based applications and can monitor other web activity.

Incorporating web monitoring and filtering into your computing environment adds an additional layer of data protection.  In addition to protection from malware, web monitoring and filtering gives businesses additional control over web usage and provides a mechanism for enforcing policies and procedures.  And, for most businesses, the value of this protection should outweigh the additional cost.

 

 

Viral Spread of Cloud Creates New Challenges


This blog post is the second in a series on Data Protection issues and practical solutions.

Data Protection SeriesAs discussed in a recent TechRepublic Blog Post, cloud computing vendors are enabling the spread of on-demand software outside the control of the IT Department.

It is easy to see how it happens.  Somebody signs up for a service in order to complete a task that they cannot (or do not know the can) do with their current system.  They share the solution with co-workers, and, before you can say monthly recurring fee, the company must decide if this new tool is a de facto standard and should be included in the formal IT ecosystem.

Aside: On the one hand, shame on the users for not asking first.  On the other hand, shame on IT for not understanding the users’ needs and providing solutions with either current or new technologies.

The challenge becomes managing these services and making sure they are secure.  Beyond deciding who, why, and when services may be used, these services may create real security risks.

In the Google Apps environment, users can install any one of hundreds of third-party applications, many of which request and require access to user data.  While most applications only request and use the access they need, many request permissions that can inadvertently expose critical data such as sensitive documents and contact information.

Solutions

To mitigate these risks, it is important for the IT team to review and evaluate all new applications and companies should have policies through which they can enforce this rule.  In return, the IT team must be held accountable for responsiveness.

In addition, it is wise to monitor your environment for new software.  For you in-house systems, free tools like Spiceworks, will update you with scheduled scans of all systems.

Within your Google Apps ecosystem, Cloudlock App Firewall, provides you with the ability to both monitor and manage which applications are running in your environment.  The App Firewall reports the level of data exposure by application and reports applications added by user and well as by application.  You can mark applications as approved, blocked or not trusted.  You can revoke permissions, effectively disabling applications as well.    The system also provides guidance, letting you know how other companies have rated applications.

Conclusion

While users will continue to look for apps, the IT team can and should be ahead of the curve.  Additional tools, however, can help monitor and manage applications, which will mitigate risk, enforce company policies, and meet regulatory requirements for data protection.

 

For more information about Cloudlock App Firewall, please contact us.

3rd Tues @ 3 Webcast: Protecting Data in Google Apps

 

For those running or considering Google Apps, Google’s highly redundant, multi-tenant infrastructure protects data from nearly all risk of loss or corruption due to hardware or system failure.  Understanding the other risks to our data lets us decide when and how to better protect ourselves.

In this live web event, Allen Falcon, CEO of Cumulus Global, will discuss the business risks and use cases that drive the need for data protection and data loss prevention and will look at practical, affordable solutions.

Joined by experts from Backupify and Cloudlock, Falcon will overview and demonstrate affordable solutions for creating a secure and protected data ecosystem using Google Apps and Google Drive.

And, as always, there will be plenty of time for your questions.

Click Here to Register or for More Information.

 

Cloud Security Focus Shifts to Data Protection


This blog post is the first in a series on Data Protection issues and practical solutions.

When companies began moving to cloud computing solution, a great deal of time and anxiety was spent on security.  For most considering the move, the questions were basic: Will my vendor access my data?  Will my vendor prevent unauthorized access to my data? How secure is my connection to my data? With the maturing of security standards (SSAE-16, ISO 27001, FISMA, and others), these fundamental questions are less of a concern to most businesses.  Top tier providers not only create secure infrastructures, but build commitments to customer data security and integrity into their contracts, Terms of Service, and Service Level Agreements, or SLAs. That said, security in the cloud requires thought and planning.  In addition to basic access concerns, organizations need to be as vigilant with cloud-based data as they are with in-house data when it comes to data integrity, exposure, and loss prevention.  Holistically, the focus should be “Data Protection”. As we look at Data Protection in this blog series, we will focus on the areas of greatest risk to your data:

  • User Identity and Account Security
  • User Actions — accidental and malicious
  • Data Leaks /Permission Errors
  • Mal-ware
  • Rogue Applications

For each of these issues, we will look at how the risks change (or not) when data is in a public cloud service, as well as practical solutions for mitigating the risks.

Backing up Google Apps: A Smart Idea or a Needed Service?

As companies move their systems and data from on-premise servers into cloud computing solutions, companies maintain control of their data.  Control over the systems that house the data, however, belongs to the cloud provider.  The same is true for businesses moving to Google Apps.

When businesses move to Google Apps, they are trusting Google’s fault-tolerant, grid-based architecture to run with any disruptions due to hardware or software failures.  But a reliable system cannot prevent all forms of data loss.

  • 75% of incidents involving sensitive data lossare caused by human error, according to the IT Policy Compliance Group, as reported in PC World.
  • 32% of data loss is due to user error, according to Gartner surveys, cited by the SANS Institute.
  • 70% of companies go out of business after a major data loss, according to DTI as cited by the SANS Institute.

While Google protects you from data loss due to system failure, Google cannot protect you from data loss due to user error (or malicious act).

Nor can Google protect you from data loss or corruption caused by third party applications. These applications pose new and different risks as these application range from integrated applications installed through the Google Apps cPanel to tablet and smart phone apps users may install themselves on personal devices.  In the emerging world of Bring Your Own Device (BYOD), monitoring and managing third party applications is a challenge.

Given the risks, backing up your data in Google Apps seems smart, but is it necessary and worth the expense?

If information is lost or damaged, the cost can be staggering.  Lost contract amendments may prevent a business from getting paid in full; Missing emails can create customer service nightmares;  Corrupt data can cause employees and customers to lose confidence in your business.

And beyond tangible losses, the cost of recovery adds up quickly.  Losing a day’s worth of work costs more than the lost day.  Recovery takes time and resources and disrupt your normal business activities.  A loss of one day of work that takes one day to recovery, actually costs your business 3 to 5 days of lost productivity.

In comparison, protecting your data in Google Apps from user error and third party applications costs between $3 and $8 per user per month.  Given the value of your data, the cost and impact of lost data, and the cost of recovery, backing up your data in Google Apps is an affordable insurance policy.

Affordable protection for your data is a service you should want and probably need.

Protect Your Data in the Cloud

When IT pros plan backup and recovery solutions for in-house systems, they start with the big events, such as server failures and disk crashes.  In reality, most restores are not as a result of a catastrophic loss.  Most restores are for individual files that were accidentally overwritten, deleted, or otherwise corrupted.

How is this relevant when your files are in the cloud?

Most cloud file services provide sufficient redundancy and resilience to prevent data loss due to hardware or software failure.  These services, however, cannot protect your data from the users.  Files stored in the cloud remain susceptible to deletion and accidental overwrites.    In addition, new desktop utilities that let users work locally and sync files between desktop and cloud increase your risk of file corruption.

What to do?

You do have some protections available.

Version History:  If your cloud file service has version history features, take the time to understand how and when the service saves versions.  Some services only save documents uploaded via their web interface or client, and not when documents are updated via drive mapping or folder desktop sync applications.

Cloud File backup tools:  Consider adding a backup tool to your cloud ecosystem.  A cloud backup tool will periodically move content from your cloud file service to another location periodically or continuously.  The data is stored in a format that facilitates restores to your cloud file service, and many backup tools let you download the backup set.

If you have concerns about your cloud-based data, or have questions about backing up your data in the cloud, please contact us.

 

library

Nothing Found

Sorry, no posts matched your criteria