Posts

Cloud Computing Trends, Challenges & Provider Insights in 2023

/in ,

Cloud Computing Trends

Earlier this month, CRN published a story covering Flexera’s 2023 State of the Cloud Report.  Flexera provides software and systems to manage enterprise private and public clouds.  The report on cloud computing trends originates with an annual survey of 750 technology leaders across sectors, geographies, and size of the business.  While the report classifies small and midsize businesses as those with under 1,000 employees, we still find the results interesting and relevant.

As small businesses, our concerns are spending, security, compliance, and managing cloud services. The cloud model hits our income statements and balance sheets differently than historical IT services. The need to protect our businesses, and our customers, has never been greater. And, we find it difficult to understand if we are spending efficiently and effectively.

We take a look at the top 3 cloud challenges, discuss managing clouds, and explore cloud waste.  Understanding these issues, you will better understand how to create better cloud solutions. You will also be better able to set expectations from those providing cloud solutions and related services.

Top 3 Cloud Computing Challenges

For 2023, SMB respondents identify the top three cloud computing challenges as:

  • Managing Cloud Spend (80%),
  • Security (73%), and
  • Compliance (71%).

These concerns make sense. The spending model for managed cloud services, based on subscriptions or usage, is an operating expense.  Most smaller companies are used to making capital expenditures and paying for service contracts and managed services.  Additionally, many of the IT firms working with small businesses will replicate on-premise networks and servers in a public cloud service. They may lack the expertise and tools to actively manage costs.

Concerns about security and compliance reflect the increasing need and demands of protecting sensitive business and personal information.  We face the same increased regulations and expanding industry standards as larger enterprises. But we do not have the in-house resources or the same access to experts. We place our trust on local or regional IT service firms.

Latest Trends and Developments in Cloud Computing

Undefined Cloud Management

Following closely behind the top 3 cloud challenges, governance (67%) and subscription management (61%) indicate that small businesses are not sure how to best manage their cloud services.  As cloud infrastructure matures, the number of options expand.  To make simple decisions, such as whether to subscribe monthly or make an annual commitment at a lower per unit price, we need to understand the operating cost models.  We need standard operating procedures, such as on/off-boarding and access controls, in place.

Cloud is still new. We need our IT service firms and managed service providers to guide, if not lead, our cloud management efforts. Co-management is a viable strategy, provided it includes policies and procedures as well as products and services.

Cloud Waste

On average, the survey results show that businesses spent 18% more than budgeted on public cloud services last year.  The greatest contributor to the overspend appears to be Cloud Waste.

Cloud waste is spending on cloud services that go unutilized or are under-utilized.  Reducing cloud waste can be as simple as

  • Shutting down unused resources after hours
  • Selecting lower cost regions / data centers
  • Periodically right-sizing systems and resources

Policies that scale resources in real-time based on usage will increase efficiency, but require expertise and planning during the solution design process, monitoring, and refinement over time.

How to Pick a Cloud Computing Provider

Traditional managed service providers, or MSPs, are experts in buying, monitoring, and managing things. They focus on network components, servers, systems software, and end user devices.  To get the most value from our cloud services, we need partners that understand service and cost management.

Managed cloud service providers, or MCSPs, understand how the “as-a-Service” model is different. Security, compliance, and cost management only work when they are built into the requirements, design, and management of your cloud services.

Before picking your cloud provider, ask about their management and co-management models. Understand if they actively work to monitor and manage security, compliance, and costs. Ask them to explain how.

Call To Action

Get a copy of our recent eBook, Cloud Strategies for Small and Midsize Businesses. In this eBook, we: set the stage by looking at how small and midsize businesses acquire and use technology and IT services; explore the challenges we face moving into the cloud; and map out four strategies for enhancing your use and expansion of cloud services.

To discuss how your business can better utilize a broader range of cloud services, please contact us or schedule time with one of our Cloud Advisors at your convenience.

About the Author

Allen Falcon is the co-founder and CEO of Cumulus Global.  Allen co-founded Cumulus Global in 2006 to offer small businesses enterprise-grade email security and compliance using emerging cloud solutions. He has led the company’s growth into a managed cloud service provider with over 1,000 customers throughout North America. Starting his first business at age 12, Allen is a serial entrepreneur. He has launched strategic IT consulting, software, and service companies. An advocate for small and midsize businesses, Allen served on the board of the former Smaller Business Association of New England, local economic development committees, and industry advisory boards.

A Notable Shift in Cyber Attacks

/in ,

As we proceed into 2023, we begin receiving reports and analysis of 2022, the year that was.  Now is a time when we gather data and perspectives on the past year. This new information helps guide us to better decisions in the year ahead. With respect to Cyber Attacks, the information is definitely both positive and negative in nature.

Mixed News

As reported recently in CRN, SonicWall reports in their 2023 annual Cyber Threat Report that ransomware attack volume dropped by 21% worldwide last year. In the US, the volume dropped by 48%.  While this is good news, we see some serious caveats in the data.

  • 2021 was the worst year on record for ransomware attacks, with more than 600 million worldwide.
  • Even with the 21% drop, 2022 still had the second largest number of ransomware attacks in history.
  • Ransomware attack volume in 2022 was 50% more than in 2020, and more than 2019 and 2022 combined.
  • SonicWall also reports that the last quarter of 2022 had a spike of attacks with an increase over Q4 in 2021.

What does this mean?  Ransomware attack volumes have dropped, but they are still at historical highs.  It is too soon for us to predict a change that would alter how we protect and respond these attacks.

Shifting Landscape

Related data suggest the cyber attack landscape is shifting. This information suggests that cyber criminals are focusing on other types of attacks. In 2022,

  • Cryptojacking attacks jumped by 43%
  • IoT malware attacks increased by 87%

Similarly, CRN reported that security vendor CrowdStrike noted a 20% increase in data theft and data extortion attacks that did NOT deploy encryption. More attackers are avoiding the protections against ransomware and simply threatening to expose or release sensitive data.

What does this mean? Businesses with solid cyber security and business recovery solutions in place can avoid paying ransoms. Collecting ransoms to decrypt files has become less attractive.  By quietly identify and collecting sensitive information, cyber attackers regain the upper hand.  They can release portions of the data if the victim hesitates to pay.

The Impact on Your Business

While we may see some encouraging signs, your business remains at risk. Our Security CPR model guides decisions on cyber security solutions. The model offers a holistic approach that begins with communication and education, ensures protection and prevention, and includes your ability to restore and recover.

To ensure your business has the resiliency it needs, focus on threats most likely to impact your business and those that will be the most damaging if successful. We have a number of blog posts, webcasts, and whitepapers in our Resource Center.

Call To Action

For a look at your cyber security, complete our Rapid Security Assessment (free through June 2023) for a review of your basic security measures.

Contact us or schedule time with one of our Cloud Advisors to discuss your cyber security protections and/or your broader security needs, priorities, and solutions.

About the Author

Allen Falcon is the co-founder and CEO of Cumulus Global.  Allen co-founded Cumulus Global in 2006 to offer small businesses enterprise-grade email security and compliance using emerging cloud solutions. He has led the company’s growth into a managed cloud service provider with over 1,000 customers throughout North America. Starting his first business at age 12, Allen is a serial entrepreneur. He has launched strategic IT consulting, software, and service companies. An advocate for small and midsize businesses, Allen served on the board of the former Smaller Business Association of New England, local economic development committees, and industry advisory boards.

Lessons from the Rackspace Attack

/in
ransomware

Cyber Security Ransomware Email Phishing Encrypted Technology, Digital Information Protected Secured

On December 2, 2022, a ransomware attack on Rackspace disrupted email services for thousands of businesses.  The attack encrypted files throughout Rackspace’s Hosted Exchange environment, one of the largest in the world.  The outage impacts mostly small and midsize businesses (SMBs).  While Hosted Exchange is only 1% of Rackspace revenue, the incident was large enough to warrant a filing with the Securities and Exchange Commission. We can all learn lessons from the Rackspace attack with respect to cybersecurity and response.

Lessons from the Rackspace Attack

1 Incident Response Must Be Quick

In their SEC filing, Rackspace noted that their “… information security team had strong incident response protocols in place that led to the quick containment of the ransomware attack.”  They were able to limit the damage to the Hosted Exchange service, protecting other aspects of the company’s operations and other services.

For SMBs like ours, speed is also necessary. Quickly identifying an attack and isolating effected devices is critical. An infected laptop can spread the infection to servers and through files sync’d into cloud storage (ie, OneDrive, Google Drive, Dropbox). From there, every connected device is vulnerable.

2 Recovery is Not a Sure Thing

Rackspace is NOT recovering customers’ Hosted Exchange service. The company is moving these customers to Microsoft 365.

Paying the ransom is not always possible. Paying a ransom does not guarantee that your get your data back.

3 Recovery is Difficult

As of December 12, 2022 — a full 10 days after the attack, Rackspace disclosed that about two thirds of its customers have been transitioned to Microsoft 365. Nearly one third of customers remain without email service. Rackspace is effectively abandoning its Hosted Exchange service.

The logistics of identifying recoverable data and understanding interdependencies is complex. Managing data restoration across multiple devices, systems, and data sets is challenging. Some data will be lost. Understanding which data, and how much data, has been lost is challenging.

4 Recovery is Big and Slow

Rackspace has hired staff and contracted with many Microsoft Fast Track service providers.  Even so, call wait times are still averaging about 30 minutes.  Rackspace is setting expectations, repeatedly telling customers that data recover will “necessarily take significant time”.

Starting with a clean system gets your systems up and running. How effectively can your run your business without your data?  Data recovery takes time, even from backups. While emails may be relatively easy to live without, what is the impact if your accounting system is unavailable for days or weeks?

5 Recovery needs Expertise

While Rackspace is a leading technology firm, they have hired outside firms to investigate the attack and remediate the incident.

Most IT firms servicing SMBs do not have the expertise or staff to respond to a cyber attack. Expertise and resources will be needed for investigations and forensics, data recovery, systems restoration, communications, regulatory reporting and compliance, and customer service.

6 Recovery is Expensive

Rackspace is actively promoting that it maintains sufficient cybersecurity insurance to cover the costs of the incident. Their SEC filing, however, does not indicate if or how they plan to compensate customer for their losses.

You will spend money … lots of money … beyond the cost of getting your data back, your systems restores, and your business back up and running. Regulatory filings, communication, legal services, and litigation can be a crushing burden that threatens. More than half of SMBs fail within six months of a significant cyber attack.

Steps You Can Take

Looking at the lessons from the Rackspace Attack informs how we should think about protecting our businesses and ensuring we can return to normal operations quickly and efficiently. Here are resources for you to learn more.

Earlier this year, we blogged about how Streamlining Security for SMBs can protect you from the most common and the most expensive types of cyber attacks without breaking your budget.  We held a webinar on the same subject.

Our Security CPR model outlines the three critical aspects of cyber security communication/education, protection/prevention, and recovery/response.  Our eBook, 15 Best Practices for Cyber Protection, dives into the model.

To discuss your security footprint, risks, and options, contact us by email, via our website, or by scheduling time directly with one of our Cloud Advisors.

Debunking 5 Cyber Security Myths for SMBs

/in

Data Protection & SecurityAs owners and leaders of small and midsize businesses (SMBs), we have limited resources for IT and cybersecurity.  We should not be surprised, therefore, that SMBs face the biggest threat from ransomware and other cyber attacks.  Beyond the cost and risk of ransomware and encryption attacks, SMBs face business email compromise (BEC) attacks and threats to disclose regulated information.  Recovery costs, fines, and legal actions resulting from a successful attack can destroy your business. And yet, many SMBs remain unaware of the risk and/or lacking reasonable data protections and security.  This post intends to debunk five (5) cyber security myths for SMBs.

1My company is too
small to be a target

While note every attack is successful, one global report states that 86% of SMBs have been hit by ransomware attacks, with 20% attacked more than six times. With fewer resources and less focus on cyber security, SMBs represent an attractive target for attackers.  The increase in remote work and use of remote desktop protocols creates additional opportunities for attackers. Securing and managing these services requires time and attention.

The impact of a successful ransomware attack continues to increase.  According to Verizon’s 2020 Data Breach Investigations Report, the average cost of a successful ransomware attack grew from an average of $34,000 to just under $200,000.

2I cannot afford to protect
against cyber attacks

Cyber attacks are inevitable. Protecting your business does not require expensive solutions.  Your cost for endpoint protection for your devices, advanced threat protection for email, and security awareness training is pennies per day per person.  You can deploy multi-factor authentication (MFA), local disk encryption, and the Sender Policy Framework (SPF) and DomainKeys Identified Mail (DKIM) protocols for free. You can deploy cloud-based business continuity and disaster recovery (BCDR) for less than traditional backup/recovery solutions.

3I have backups,
so I am safe

Not all backup solutions are equal.  Many backup/recovery solutions for SMBs run on the same servers and networks as your business systems. Ransomware and other cyber attacks will seek out and encrypt/damage backup servers to render your backups useless.  Your backup/recovery solutions should be segregated from your production network and systems to shield them from attack.  Business Continuity/DR solutions offer the additional ability to bring systems back on line in an alternate cloud data center while you recover your primary systems.

4Technology alone
will save me

As with most security protocols, people are your first line of defense.  As many as 93% of cyber attacks begin with a phishing attack. People click on links, unwittingly downloading malware or sharing usernames and passwords.

Security awareness training should be a standard practice within your business.  The training is a proven way to reduce risk, decrease infections and help desk requests, reduce the chances of a security breach and strengthen the overall security posture.

5Cyber resiliency is
too hard to achieve

Cyber Resilience is the ability to withstand security attacks and land on your feet, no matter what happens. Cyber resilience protects your business, customers, and employees from ransomware, business email compromise, and other potential issues and attacks.

While some gaps in security will always remain, you can affordably improve your cyber resiliency.

To overcome these 5 small business cyber security myths, review your security footprint, and improve your resilience, please contact us by email, via our website, or by scheduling time directly with one of our Cloud advisors, with any questions or concerns regarding this service update.

Cyber Protection Solutions for SMBs

/in

Data protection iconAs our businesses become even more reliant on technology and cloud services, the frequency and sophistication of cyber attacks continue to accelerate. Your Cyber Protection 

Cyber Protection Needs

We need our businesses — and our people — to be aware, protected, and able to recover.

At Cumulus Global, our CPR model maps the necessary components of cyber security into three areas.

  • Communicate & Educate
    • Ensure you team understands the risk, educate them so they can avoid falling prey, create a culture of security and data privacy.
  • Protect & Prevent
    • Leverage advanced and “next gen” technologies to prevent attacks and to protect your networks, systems, data, and people from attacks.
  • Recover & Respond
    • No system is perfect; make sure you can recover your data and systems, return to normal operations, and respond to the technical, legal, and communication challenges.

Successful Cyber Protection relies on your policies and procedures, technologies, and people working in sync. Across more than a dozen focus areas, you need to balance the level or protection you need with the costs and with the risks of not doing enough. You need to balance external requirements, such as government and industry regulations, with internal priorities.

Your Cyber Protection Solution

To design and implement an affordable, integrated, and effective cyber protection solution for your business, start with a Cyber Protection Assessment (CPA).  A CPA will assess your needs, within the context of your business, and preferred solutions across 15 areas of focus:

  • Written Information Security Plan
  • Patches and Updates
  • Email Encryption
  • Data Destruction
  • Background Checks
  • Written Information Response Plan
  • Antivirus and Intrusion Detection
  • Email and Web Security
  • Account and Identity Management
  • Employee Training
  • Firewalls
  • Backup / Continuity / Disaster Recovery
  • File Encryption
  • Network Access Security
  • Responsible Parties

Using the results of the Cyber Protection Assessment, you can plan and implement your levels of protection in each area to create the balance that is best for your business.

Next Steps and Resources

Your best next step is to contact us and discuss your cyber protection status and needs with one of our Cloud Advisors. Consider using our Cyber Protection Assessment to understand your needs, current protections, gaps, and priorities.

Related Resources:

Evaluating SaaS Backup Solutions and Software

/in

Data protection icon

You have many choices when choosing your SaaS backup solution for Google Workspace (G Suite), Microsoft 365, Salesforce.com, and other cloud services. But first, lets learn more about what a SaaS backup solution entails, as well as what to expect with this type of cloud service.

What is a SaaS Backup?

Backup of Software as a Service, or SaaS backup, is the process of duplicating and storing data generated by SaaS products. This information is frequently derived from cloud-based SaaS applications, PaaS (Platform as a Service), and cloud-based network IaaS. (Infrastructure as a Service).

The responsibility of a SaaS provider extends only to their software and not to the information or data contained within it. They only guarantee the app’s and its supporting infrastructure’s uptime. As a result, businesses and organizations must obtain SaaS backup and disaster recovery services to protect their data in the cloud.

When picking your backup solution, look for the data protection capabilities you need. At a minimum, a SaaS backup solution should offer the following.

SaaS Backup Solutions

Comprehensive Protection

Some SaaS backup solutions only protect email, files, and folders. Look for solutions that offer protection for contacts, shared drives, collaboration and chat tools, and calendars. Solutions with these features are far more effective at maintaining business continuity. And, the cost is often comparable.

Frequent Backups

More frequent backups let you to restore to a more recent point in time, minimizing data loss. Restores are faster and easier with less manual effort to perform restores. Services that backup multiple times per day will provide better results than those that only backup daily.

Access During Outages

Look for and choose a SaaS backup service that lets you export and access your data in the event of an outage. While limited in scope, the ability to use data should Google Workspace or Microsoft 365 be unavailable can help you keep essential work on-track.

Security & Compliance

The SaaS backup service you choose should be secure, with data encrypted at rest and in motion.  Additionally, SaaS backup solution services that meet SOC1/SSAE-16 and SOC 2 Type II reporting standards will help you meet HIPAA, GDPR, CCPA, SEC, and other regulatory compliance requirements.

Your Next Step for Choosing a SaaS Backup Solution:

Comprehensive protection, frequent backups, access during outages, and security and compliance should all be included in your SaaS backup solution, software, or service.

We recommend you protect all data in Google Workspace or Microsoft 365 with a secure and robust backup/recovery solution.  Protecting your cloud-resident data is no different than protecting data hosted on servers and systems in your office. We can help you make the right choice.

For more information, view and download our eBook, SaaS Protection Buyers Guide.

Learn more about Cumulus Global’s data protection and security solutions, contact us to discuss you needs and options, or schedule a complimentary cloud advisor appointment.

3 Reasons to Secure Your Data with SaaS Data Protection Solutions

/in

Data protection icon

What is SaaS Data protection and why You Should Consider it

SaaS data protection refers to the measures and strategies that software-as-a-service (SaaS) providers implement to safeguard their customers’ data from unauthorized access, alteration, theft, or loss.

SaaS data is not immune to permanent data loss. Microsoft and Google make no guarantees when it comes to restoring deleted data, whether from human error or a malicious act. While Microsoft 365 and Google Workspace (formerly G Suite) may make collaboration more efficient, data protection and management is a shared responsibility. Both Google and Microsoft include some basic recovery capabilities, but they not enough to protect your business.

SaaS providers use a combination of technical, administrative, and physical controls to protect their customers’ data. Encryption of data in transit and at rest, access controls and permissions, firewalls, intrusion detection and prevention systems, multi-factor authentication, regular security audits and assessments, and disaster recovery and business continuity plans are examples of these controls. SaaS providers also have legal and regulatory obligations to protect their customers’ data, depending on the type of data and the jurisdiction in which they operate. This may include compliance with industry standards such as the General Data Protection Regulation (GDPR) or the Health Insurance Portability and Accountability Act (HIPAA).

Here are 3 major reasons to add SaaS data protection to your Microsoft 365 or Google Workspace solution.

Overall, SaaS data protection is crucial for maintaining the trust of customers and ensuring the confidentiality, integrity, and availability of their data. The three reasons below are vital to understand as it relates to how to secure data in SaaS.

1: Data Loss Due to Permanent Deletion

If an employee accidentally deletes a critical spreadsheet from OneDrive or Google Drive, or a deleted folder of important emails passes the retention period in Trash, neither Microsoft nor Google will be able to recover your data.

Even if those files are within your retention period, locating and restoring lost data can cost you more time than you can afford.

2: Data Loss Due to a Ransomware Attack

If your business suffers a ransomware attack, you cannot roll-back your data to a point-in-time before the attack without a backup solution. Your data is likely gone forever.

More than losing valuable business data, you will face potentially crippling costs.  You may choose to pay the ransom (without any guarantee your files will be unlocked). You may work to rebuild your lost data. Either way, you will spend significant money, time, and lost productivity trying to save your business.

3. Time and Money Lost in Recovering Files

Retaining critical user data when employees leave your company is costly without a backup solution in place. The time spent to recover data might be more than what your business can afford. SaaS Data Protection and backup solutions lets you retain past employee data without the need to keep their Microsoft 365 or Google Workspace account active. You save time and money.

Whether you lose data or time, the impact to your bottom line can be significant. To address this challenge, you need a secure solution for this growing reliance on the cloud.

Learn more about Cumulus Global’s data protection and security solutions. To ensure your business continues to run smoothly, schedule a complimentary cloud advisor appointment.

Service Update: Datto SaaS Protection

/in , ,

Service Update: Datto SaaS Protection. The latest Datto SaaS Protection platform is now available to all of our costumers. For more recent customers, you are already on the newest platform.  For our longer term SaaS Protection (aka Backupify) customers, the transition process will begin as early as February 1, 2021. The process will complete before May 31, 2021.

Benefit:

With this move, all Datto SaaS Protection customers will have access to the latest features. These include protection for Microsoft Teams and Google Shared Drives, and the Daily Backup Success Report.

Process:

To ensure a smooth transition, any data on the legacy platform will be archived in one of Datto’s secure Microsoft Azure instances. A fresh backup set will initiate on the new platform. We can assist you in exporting your legacy backup data if you prefer to not have it stored by Datto on Microsoft Azure.

There are some unique aspects of the transition for some of our customers, our Service Team will contact you as needed to discuss your transition.

Please contact us with any questions or concerns.

SaaS Backup Myths – 4 Dangerous Misconceptions Debunked

/in

SaaS Backup is just as important, and necessary, as backups for data hosted on in-house servers and systems.

Data protection iconWith more remote work, our reliance on SaaS applications and services such as Microsoft 365 and Google Workspace has become more critical to our success. Easy access to files and folders from anywhere and the integrated collaboration tools keep our teams connected and productive.

Here are 4 common, but dangerous, myths and misconceptions about SaaS applications and services that will put your data and your business at risk.

Top 4 Software as a service (SaaS) Backup Myths Dispelled

Myth 1: SaaS Applications do not Require Backup

While SaaS applications protect against data loss in their cloud servers, this does not protect against user error, accidental and malicious deletion, or ransomware attacks. And while accidental deletion of files is by far the most
common form of data loss in SaaS apps, ransomware can be the most damaging. Ransomware is designed to spread across networks and into SaaS applications, impacting many users.

Ransomware isn’t only an on-premises problem. It can and does spread into the cloud, especially when using the OneDrive and/or Drive File Sync clients.

You need a way to quickly revert files, folders, settings, and permissions in the event of an attack.

Myth 2: File Sync is a Backup

While file sync tools like Microsoft OneDrive or Google Drive File Sync do create a second copy of files and folders, they do not replace backup. File sync automatically copies changes to synchronized files. If a file or folder is infected with ransomware, the malware will automatically be copied to all synced versions of that file.

File sync services do offer some restore capabilities via versioning, but they fall short of a true SaaS backup solution.

  • If a file is deleted, older versions of the file are also deleted
  • End users control backup and recovery, so you have no control over coverage or process
  • Large restores are a time-consuming, manual process.

Beyond simply lacking the restore capabilities of a backup solution, file sync and share can introduce ransomware to Microsoft 365 or Google Drive. File sync and backup are not competitive solutions, rather they can and should be used together.

File sync and share tools are for productivity; backup is for data protection and fast restore.

Myth 3: SaaS Applications are Always Available

While SaaS apps are highly reliable, outages do occur. In 2020 alone, Microsoft 365 suffered five significant outages in the space of six weeks. Last year, Google Workspace suffered a global outage, leaving users with no access to for several hours.

Outages and slow restore times are not just an inconvenience. When you cannot access important business data, productivity falls and revenue suffers. Creating backups that are independent of a SaaS provider’s cloud servers is the only way to ensure access to essential files in the event of an extended outage.

Myth 4: Microsoft and Google are Responsible for Backup

Microsoft and Google ensure they will not lose your cloud data. However, they do not take responsibility for restoring data if you lose it. This is why Microsoft recommends third party backups for Microsoft 365 data, having defined the concept of the Shared Responsibility Model.

In the Shared Responsibility Model:

  • Microsoft and Google protect your data against:
    • Service interruptions due to hardware or software failure
    • Loss of service due to natural disaster or power outage
  • You must protect your data against:
    • Accidental deletion and damage
    • Hackers, ransomware attacks, other malware
    • Malicious insiders

The Shared Responsibility Model places the onus of SaaS data protection squarely on you. Google and Microsoft are responsible for keeping their systems up and running; you are responsible for preserving and securing your data.

FAQs

What are the disadvantages of cloud backups?

Many people are wondering what the drawbacks of cloud backups are, and while there are more pros than cons, there are certainly still a few key factors to consider. These include the following SaaS backup drawbacks:
  1. Cost
  2. Complexity
  3. Time-consuming
  4. Data recovery time
  5. Risk of failure
  6. Security concerns

Do I need to backup SaaS?

Yes, it is important to backup SaaS data to ensure that your critical data is protected against loss, corruption, or cyber attacks. While SaaS providers typically have their own data backup and recovery processes in place, they may not always guarantee the recovery of data lost due to user error, malicious deletion, or other data loss scenarios.

Why cloud backup may not be the best choice?

While cloud backup solutions can offer many benefits, they may not always be the best choice for all organizations. The main downsides include the following:
  1. Cost of cloud backup solutions can be expensive
  2. Security concerns still remain
  3. Dependency on internet connection
  4. Lack of control over how data is stored, accessed, and managed.
  5. Compliance concerns
  6. It can be difficult and costly to switch to a different provider or to migrate your data to a different solution in the future

To review your data protections, and your ability to recover from accidental or malicious loss, contact us or schedule an appointment with our Cloud Advisors.

Passwords – 3 Fails and 3 Wins

/in

Data protection iconBad passwords are the cause for over 80% of cyber security incidents.

Bad passwords are bad for business.  ID Agent, a leading provider of Dark Web ID monitoring and protection services, recently surveyed over 2 billion passwords to find the worst problems and mistakes. The research boiled down the least secure passwords into three groups.

  1. Team Pride: Using your favorite team or team slogan is risky. This information about you is often easily found on social media.
  2. Rock and Roll: Your music preferences are also likely visible to the world on social media and in streaming services. As these services may or may not be secure, band names, song titles, and artists are high risk passwords.
  3. Heroes: Heroes are weak and vulnerable when they are part of your password. Our favorite hero — fictional or not — is easily discoverable and exploitable.

Bad password habits can lead to Dark Web exposure. Here are 3 ways to protect yourself.

Communicate and Educate: Consistently communicate with your team about cyber risks and the need for good password habits. Educate and guide your team to reinforce behaviors.

  • Discourage reuse, sequential, iterated, recycled, or simple passwords.
  • Encourage use of secure, company-approved, password vaults.
  • Solve access problems to prevent the need for sharing passwords for convenience.
  • Increase phishing training to avoid password compromises.

Prevent & Protect: One of the best ways to prevent breaches due to compromised passwords is to add multi-factor authentication (MFA) for every user.

  • Weak user-made passwords are stronger with a second identifier.
  • Stolen/compromised passwords are much harder to use with MFA in place.
  • MFA is a compliance tool with HIPAA, PCD-DSS, SJIC, and other industry and legal regulations.
  • Identifiers and tokens can be delivered via phone, app, or fob.

Other prevention and protection strategies include: advanced threat protection, encryption of data at rest and in motion, permissions management, and dark web monitoring.  Dark Web monitoring lets you know when personal or company data is circulating, even if you have not had a breach. Third-party partner and service breaches put your systems and data at risk. As such, you should:

  • Monitor the Dark Web for lists of you company’s potentially compromised passwords and available personally identifiable information (PII).
  • Spot compromised passwords that employees may be reusing on our systems.
  • Find password and credential threats quickly, to mitigate them faster.

Respond and Recover: Even with protections in place, cyber attacks can succeed.  Whether a data breach, denial of service attack, or ransomware, be prepared to respond and recover. You want and need to get your business up and running as quickly as possible.

  • Backup all company data, on premise and in the cloud, so that you can recover corrupted files quickly.
  • Have business continuity solutions in place for critical systems and applications, so that you can be up and running in minutes or hours, rather than days or weeks.

Your Next Step

CPR With “CPR” in mind, learn how Cumulus Global can help you minimize your risks and maximize your recovery to ensure your business continues to run smoothly.

Schedule a complimentary cloud advisor appointment to learn more.

Webcasts

Streamlining Security

/in

(5/17/2022) – While small businesses are more vulnerable and more frequent targets of cyber attacks, constant fear-mongering and hype does not help. Sound business practices, not fear, should be your motivation to protect against cyber attacks.

Read more

Next Normal: IT Efficiency

/in

(02/23/2021) – COVID-19 and the events of the past 10 months have, and continue, to change the way we run our businesses. Are the IT choices made during the crisis the best for your business in the long term?

Read more

library

15 Best Practices for Cyber Protection

/in

eBook | Source: Cumulus Global 

Read more