Posts

IT Solutions: 3 You Can Live Without

/in

Business Continuity & Protection

With continued, rapid change and evolution of the cloud services and capabilities, we hear that we “need” many things. The reality, however, is that many of the “solutions” being hyped are not really needed. In our recent blog post, we offered three IT solutions you need. But in this blog post, we will share three solutions you can do without.

1 3rd Party Conference Tools

Both Microsoft and Google Workspace, with Teams and Meet, include robust audio and video conferencing services. There was a time when third-party services like Zoom offered unique features. However, capabilities such as transcription, translation, break-out rooms, and Q&A panels are now a part of Teams and Meet.

Notably, some of the advanced features of Teams and Meet, such as streaming, come with upgraded Microsoft 365 and Google Workspace licenses. These upgrades are generally less expensive than third-party services.

2 Physical Desk Phones

While some of us may have an emotional attachment to the physical phone on our desks, for many, these devices feel like clutter. The way we make and receive calls has changed. Our devices should change as well.

Features like hot links, click-to-dial, and voice dialing are available within the apps and browsers on our computers and phones. Smartphone apps let us make and receive business calls without sharing our personal phone numbers and maintaining separation between personal and business text messaging and voicemail.

Headsets and speaker/microphones give us hands-free access to our phone systems at our desks, from our smartphones, and in our cars and trucks.

3 Unsecure Artificial Intelligence

You do not need unsecure AI. Even so, you and your team likely want to use it.

Chances are, you and members of your team may already be using Chat-GPT, AI meeting assistants, and other AI-powered tools.

The challenge is that most public AI tools are not secure. Using them likely violates confidentiality and nondisclosure clauses in contracts. Using them may also put you in violation of HIPAA, PCI, and other data privacy laws and regulations.

Before jumping into AI as a company, and before “Shadow AI” (unvetted tools) gets out of hand, develop an AI strategy and plan. Begin with identifying use cases and understanding how to ensure data security, privacy, and compliance. Pilot solutions and educate/train your team.

Copilot and Gemini AI both offer artificial intelligence tools that integrate with Microsoft 365 and Google Workspace, respectively. These are secure tools that use the permissions capabilities of the ecosystems. 

What to Do:

Contact us or schedule time with one of our Cloud Advisors. Without obligation, we are happy to discuss your business and IT services. We can also map out opportunities to save money and leverage AI, along with other emerging technologies.

If you are interested in three solutions you need, jump over to this post.

About the Author

Allen Falcon is the co-founder and CEO of Cumulus Global.  Allen co-founded Cumulus Global in 2006 to offer small businesses enterprise-grade email security and compliance using emerging cloud solutions. He has led the company’s growth into a managed cloud service provider with over 1,000 customers throughout North America. Starting his first business at age 12, Allen is a serial entrepreneur. He has launched strategic IT consulting, software, and service companies. An advocate for small and midsize businesses, Allen served on the board of the former Smaller Business Association of New England, local economic development committees, and industry advisory boards.

IT Solutions: 3 You Need

/in

Business Continuity & Protection

With continued, rapid change and evolution of the cloud services and capabilities, we hear that we “need” many things. The reality, however, is that many of the “solutions” being hyped are not really needed. Therefore, we will cover three IT solutions that you do need.

1 Resilience

Basic protections against malware, ransomware, phishing, and other cyber attacks are no longer enough. Businesses are not pressing for better cybersecurity from suppliers. Cyber insurance carriers are looking for more cybersecurity capabilities to better manage their risks.

We expect most small and midsize businesses to be asked about, or required to deploy, more advanced cybersecurity services and solutions. Fortunately, these can be provided affordably and effectively to smaller businesses.

2 Continuity

It is not enough to be able to recover files from backup in the event of a disaster, system failure, or cyberattack. Your business needs to be able to return to operations (RTO) quickly, even if your operations are degraded. The ability to fully recover and return to normal operations (RTNO) is also a new priority.

If your customers are other businesses, you are part of a supply chain. Your customers are under pressure to ensure and demonstrate that their supply chains are secure and reliable. This means your customers want you to demonstrate that you are protected and, if a cyberattack happens, that you can recover quickly. Your business disruption is theirs as well. Your customers want and need assurances.

Continuity solutions for small and midsize businesses are effective and can be cost-effective when properly planned and executed. These can range from system images that run in the cloud in an emergency to using remote desktop/virtual desktop services.

3 Secure BYOD

A few years ago, “Bring Your Own Device” (BYOD) was just an experimental strategy. With hybrid and remote work now a part of our norm, BYOD can be an effective means to provide budget-friendly IT services to your team. The challenge is that employee devices being used for company work need to be managed and secured as if they are company-owned.

Employees need to allow you to install security tools, such as endpoint protection and remote management agents, as well as backup/recovery and continuity tools. This can be a difficult task, as employees worry about the privacy of their information on their personal devices.

Securing BYOD can be a mix of policies, procedures, technology, and compensation. Secure BYOD can also be attained by separating the device from the business apps and data. Remote Desktop/Virtual Desktop Infrastructure solutions allow any device to access and use a secure and private environment –  network, systems, applications, and data – without commingling personal and business apps and data.

What to Do:

The first step is to assess your current business resilience and continuity capabilities. Completing our free Rapid Security Assessment will provide a quick review along with recommendations specific to your business and needs.

Next, please contact us or schedule time with one of our Cloud Advisors. Without obligation, we are happy to discuss your business’s operational IT needs and how you may increase your capabilities and save money.

Finally, stay tuned, as our next blog post will cover three IT Solutions you can do without.

About the Author

Allen Falcon is the co-founder and CEO of Cumulus Global.  Allen co-founded Cumulus Global in 2006 to offer small businesses enterprise-grade email security and compliance using emerging cloud solutions. He has led the company’s growth into a managed cloud service provider with over 1,000 customers throughout North America. Starting his first business at age 12, Allen is a serial entrepreneur. He has launched strategic IT consulting, software, and service companies. An advocate for small and midsize businesses, Allen served on the board of the former Smaller Business Association of New England, local economic development committees, and industry advisory boards.

New Security Demands & Requirements for Small and Midsize Businesses

/in

Security, Privacy, & Compliance

As the cybersecurity landscape continues to change, we see an evolving trend of new security demands being placed on small and midsize businesses. In this first post in our Security Update Series, which covers the evolving cybersecurity landscape for small and midsize businesses, we take a look at the drivers behind the new security demands on your business.

Three Drivers for Business Security

As is typical, the demands and security requirements are coming from three directions:

  • Regulation
  • Cyber Insurance
  • Supply Chain

Each of these three sources is increasing its expectations for your security practices and systems.

1 Regulation

As of November 2023, 12 states have enacted comprehensive data privacy laws, and 5 states have tailored information privacy laws. Other states have existing laws with similar protections that differ in implementation and enforcement. In 2023, 12 states introduced and are considering new privacy legislation. The vast majority of these laws may be enforced based on the location of the victim of a data breach. If you have customers in multiple states, you face a patchwork of legal requirements and potential liabilities. State rules extend beyond federal regulations, such as HIPAA, Sarbanes/Oxley, and SEC regulations, that may apply to your business.

Most businesses must also comply with industry regulations. If you accept credit cards, for example, you must comply with the Payment Card Industry Data Security Standard (PCI-DSS). These industry regulations often require additional policies and protections beyond federal and state regulations.

2 Cyber Insurance

Insurance carriers and underwriters base their calculations of risk through in-depth analysis of claims history and broader trends. Cyber insurance, being relatively new, does not have the same claims history as other business liabilities. As such, insurers continue to learn and adapt. Part of this learning is that cyber insurance claims are larger than previously predicted, basic security solutions often fail to provide sufficient protection, and a company’s ability to recover may be as important as its protections.

Furthermore, insurers are actively holding customers accountable for the statements made on applications, questionnaires, and audits. In 2022, Travelers Property Casualty Company of America sued International Control Services Inc. (ICS) in the U.S. District Court for the Central District of Illinois (Case No. 22-cv-2145). ICS stated that multi-factor authentication (MFA) was in place. The forensics investigation following a ransomware attack determined that MFA was not in place. Travelers claimed and maintained that the misrepresentation “materially affected the acceptance of the risk and/or the hazard assumed by Travelers.” The parties settled with cancellation of the payout, leaving ICS uncovered for any costs or damages.

While some insurers attempted to mandate specific security solutions or products, most insurers are now looking to verify a much broader range of security infrastructure. Beyond endpoint protection and MFA, insurers are using their growing understanding to set broader expectations. Security activities such as internal and external penetration testing, collection and analysis of security and activity logs, and the availability of business continuity solutions are starting to appear on cyberinsurance applications. Many insurers are also starting to request third-party validation and benchmarking against security frameworks, making streamlining security for SMBs even more important.

3 Supply Chain

If you provide products or services to businesses, you are in their supply chain. Governmental and industry regulations applicable to your customers will create new requirements for your business. The supply chain effect is not new. Organizations bound by HIPAA demand require a Business Associate Agreement (BAA) from suppliers. Sarbanes/Oxley, SEC regulations, and others include requirements that businesses must validate levels of compliance from suppliers and vendors. The same is becoming a reality for cybersecurity. As businesses develop their cybersecurity programs, they want and need to ensure their supply chain is equally secure. Cyberinsurance, industry regulations, and government regulations are starting to require this level of diligence.

As a smaller business, your customers may begin with changes to confidentiality and non-disclosure terms in your contracts related to the use of Artificial Intelligence (AI) tools and services. You may be asked to conform to a specific security framework. You may be asked to confirm and attest to a set of security practices. Businesses that do not comply risk litigation and losing customers.

What to Do:

The first step is to not panic. These changes will surface over time.

Start with making sure your basic security services are in place. Complete our Rapid Security Assessment for a quick review of your current, basic security infrastructure. We will also provide recommendations specific to your business and needs.

Our Security CPR Managed Security services deliver an affordable, effective, security solution that helps you meet current expectations. These services integrate well with our Managed Cloud Services and can be implemented quickly and affordably.

To learn more or to discuss your options in more detail, please contact us or schedule time with one of our Cloud Advisors.

And, continue to follow our blog for Security Update Series posts for more information and ideas.

About the Author

Allen Falcon is the co-founder and CEO of Cumulus Global.  Allen co-founded Cumulus Global in 2006 to offer small businesses enterprise-grade email security and compliance using emerging cloud solutions. He has led the company’s growth into a managed cloud service provider with over 1,000 customers throughout North America. Starting his first business at age 12, Allen is a serial entrepreneur. He has launched strategic IT consulting, software, and service companies. An advocate for small and midsize businesses, Allen served on the board of the former Smaller Business Association of New England, local economic development committees, and industry advisory boards.

Cumulus Global Offers Easier Public Sector Cloud Purchasing

/in ,

Managed Cloud Services by Cumulus Global

Cumulus Global Offers Easier Public Sector Cloud Purchasing

Participation in multiple, national, cooperative purchase programs to save schools and local governments time and money.

 

Cumulus Global proudly announces that schools and local governments can now purchase Google Workspace, other cloud services, and related professional services via one of four national cooperative purchasing programs. By participating in these programs, Cumulus Global services and solutions are now available with simplified bidding and quoting processes. Local governments and school systems will save time and money.

“This is a big step forward for Cumulus Global and our public sector customers,” stated Cumulus Global CEO Allen Falcon. “If we can quote cloud and professional services without extensive bidding and RFP processes, we save time and money.”

By participating in multiple procurement associations, Cumulus Global is more likely to find a match with schools and governments for managed cloud solutions. They can use any of the four procurement vehicles to which they belong: Equalis Group, National Cooperative Purchasing Alliance (NCPA), OMNIA Partners, or PEPPM Cooperative Purchasing.

“We are meeting governments and school districts where they are,” noted Falcon. “Chances are, we are in a program that your school or local government can use.”

As part of the company’s commitment to added value, the company is transparent with respect to program participation fees. The company will share and pass through these fees as-is, without markups. Local governments and schools interested in learning more can schedule an introductory call with a Cumulus Global Cloud Advisor.

About Cumulus Global

Managed Cloud Services for Small and Midsize Businesses, Governments, and Schools

Cumulus Global (www.cumulusglobal.com) is an industry-leading managed cloud service provider with a mission to deliver solutions with tangible value.

  • What We Do: We translate your business goals and objectives into solutions and services.
  • How We Do It: We start with your business needs and priorities. Planning and migration includes guidance to help your team adopt and utilize new services. Your team benefits from co-managed services, ongoing support, and client success services that help you adapt as your business changes and grows.
  • What We Offer: Managed cloud solutions featuring Google, Microsoft, and more than three dozen providers.

For more information, schedule a no-obligation introductory meeting with a Cloud Advisor.

Cumulus Global Awarded 2024 Google Premier Partner Status

/in ,

Google Premier Partner

Cumulus Global Awarded 2024 Premier Partner Status for Google Workspace

Google recognizes Cumulus Global for expert service delivery and growth.

 

Cumulus Global is proud to share that Google has recognized the company as a Google Premier Partner for Google Workspace.  The award reflects Cumulus Global’s ability to consistently provide high-quality service to its customers and the company’s ongoing commitment to service quality and growth.

 “We are honored to receive Premier Partner status for 2024,” stated Cumulus Global CEO Allen Falcon. “Our team works hard to ensure our customers move smoothly into cloud services and get the best possible value from their Google Workspace and related services.”

Google awards Premier Status to partners that meet and maintain a rigorous set of standards. These standards include maintaining advanced levels of training and certification, reaching business development milestones, and receiving customer recommendations and testimonials.

Serving small and midsize businesses, governments, and schools, Cumulus Global supports hundreds of organizations and over 30,000 end users throughout North America.

“From sole practitioners to organizations with hundreds of people, we do more than provide subscription licensing and migrate data,” noted Falcon. “Our focus is on helping individuals and teams best use the capabilities of Google Workspace and on helping organizations make sure their data is secure and protected.”

Beyond licensing and ‘support,’ Cumulus Global specializes in delivering Managed Cloud Services. With options that scale to meet your organization’s needs and budget, Cumulus Global’s Managed Cloud Services deliver security, data protection, monitoring, management, support, and professional services in service packages that cost less than traditional MSP services.

About Cumulus Global

Managed Cloud Services for Small and Midsize Businesses, Governments, and Schools

Cumulus Global (www.cumulusglobal.com) is an industry-leading managed cloud service provider with a mission to deliver solutions with tangible value.

  • What We Do: We translate your business goals and objectives into solutions and services.
  • How We Do It: We start with your business needs and priorities. Planning and migration includes guidance to help your team adopt and utilize new services. Your team benefits from co-managed services, ongoing support, and client success services that help you adapt as your business changes and grows.
  • What We Offer: Managed cloud solutions featuring Google, Microsoft, and more than three dozen providers.

For more information, schedule a no-obligation introductory meeting with a Cloud Advisor.

Update: Cumulus Global Grows its Sustainability with Evertreen Reforestation Initiative

/in ,

Cumulus Global Partners with Evertreen to Offset CO2 with Reforestation Projects 

Reforestation

Updated January 8, 2024 — Cumulus Global is expanding its sustainability efforts and its partnership with Evertreen, increasing monthly plantings to 100 trees.  Planting forests in Honduras, Mozambique, Ethiopia, Madagascar, and the Philippines, will improve both the ecology and economies in areas near the forests.  Each month, trees planted will remove over 72 tons of CO2 from the atmosphere. This is equivalent to the amount of CO2 created by 188 cars driving over 1,000 miles in cars getting the average miles per gallon in the United States.

 

August 10, 2023 – Westborough, MA – Cumulus Global announces a dramatic expansion of our company’s sustainability efforts. Partnering with Evertreen, Cumulus Global is supporting reforestation projects in four countries trees. Joining a reforestation program helps the company offset emissions from commuting, business travel, and other business activities. Each monthly planting will remove over 4.2 tons of CO2 from the atmosphere.  This is equivalent to the amount of CO2 created by driving over 11, 000 miles in a car getting the average miles per gallon in the United States. 

“We are excited about expanding our sustainability efforts in ways that will also benefit local communities around the world,” stated Cumulus Global CEO Allen Falcon. “This is a creative way that we, as a small business, can make a difference.”

Each month, Cumulus Global will plant at least 7 trees across four projects. The projects are located in Ethiopia, Madagascar, South Africa, and the United States. Beyond reducing carbon in the atmosphere, the reforestation projects also address local community needs.  Evertreen designs each project to provide local employment. Tree selections help increase local food supplies, prevent soil erosion, and protect local watersheds.

“We chose Evertreen for their holistic approach to the reforestation projects,” noted Falcon. “Their monitoring program and existing partnerships with IT industry leaders further proves their credibility and integrity.”

Beyond planning and planting forests, Evertreen actively monitors the health and growth of its forests with staff on-the-ground and advanced satellite imagery. View a summary of Cumulus Global’s participation, add trees to Cumulus Global’s forest, and learn more about Evertreen.

This tree planting program further extends the company’s sustainability program, that also includes recycling and the use of renewable energy. Since October 2020, Cumulus Global has relied on 100% renewable energy for all of the electricity needs at its main office. 

About Cumulus Global

Cumulus Global is an industry-leading managed cloud service provider with a mission to deliver solutions with tangible value.

  • What We Do: We translate your business goals and objectives into solutions and services.
  • How We Do It: We start with your business needs and priorities. Planning and migration includes guidance to help your team adopt and utilize new services. Your team benefits from co-managed services, on-going support, and client success services. We help you adapt as your business changes and grows.
  • What We Offer: Managed cloud solutions featuring Google, Microsoft, and more than three dozen providers.

About Evertreen

Evertreen (www.evertreen.com) helps individuals and companies offset CO2 emissions by planting trees around the world. In addition to reducing CO2 in the atmosphere, Evertreen forests contribute to local economies and ecosystems. As of the date of this post, Evertreen has planted more than 707,700 trees in more than a dozen forests spanning 10 countries. 

3 Google Changes Happening Now

/in

Google Premier Partner

As we enter 2024, Google is making changes to further improve the email and Google Workspace user experience.  Google has three initiatives to further prevent spam, reduce cyber attacks, and expand the capabilities of Google Workspace users. Each of these three efforts can impact your subscriptions and, in many cases, the fees you pay.

  1. Google will Enforce Email Best Practices
  2. G Suite to Google Workspace Conversions Continue and Can be Costly
  3. Google is Enforcing Pooled Storage Limits

Please review each of the 3 changes and let us know if you need assistance.

1 Google will Enforce Email Best Practices

Google is leading email providers in a new effort to protect individuals from cyber attacks. While initially targeting bulk email senders, we, along with Google, encourage all email senders to adopt best practices for email validation and security.

Email remains the primary method of cyberattacks.  While phishing and ransomware remain the most common forms of attack,  business email compromise (BEC) cyber attacks are the most costly and damaging. As we noted in this blog post, DKIM and DMARC are the best methods for preventing BEC and email/domain impersonation attacks.  The post includes a link to this eBook with more detailed information. 

The relatively low cost to set up these protections and optionally monitor DMARC reports has saved small businesses like yours tens of thousands of dollars in losses.

2 G Suite to Google Workspace: Conversions Continue and Can Be Costly

As announced in October 2022, the migration from G Suite to Google Workspace will wrap up in 2024.  If you are still on a G Suite subscription, Google will automatically move you to a Google Workspace subscription on your renewal date.

What to Expect:

This migration results in significant fee increases for many organizations, as noted in prior blog posts and direct communications.

  • Accounts with more than 300 users will be moved to a Google Workspace Enterprise version.
    • G Suite Basic and Business customers will see their fees jump from $6 or $12 per user per month to $23 or $30 per user per month.
  • Google Workspace feature alignment differs from G Suite. Google will move your subscription based on the features you use:
    • As appropriate, Google will move you from G Suite Basic or Business, at $6 or $12 per user per month, to Google Workspace Business Standard or Plus, at $12 or $18 per user per month.
    • Google will move some G Suite Basic and Business customers to Google Workspace Enterprise Standard at $23 per user per month.
    • Depending on the features you use in G Suite Enterprise, at $20 per user per month, Google will move you to Google Workspace Enterprise Standard or Plus at $23 or $30 per user per month.

In addition to the initial transition from G Suite to Google Workspace:

  1. Google increased the pricing for Google Workspace Enterprise Standard from $20 to $23 per user per month
  2. Customers without an annual commitment — month to month service — 20% more for each license
  3. With pooled storage for all subscriptions, Google no longer allows you to add additional storage subscriptions

These 3 changes create additional reasons for subscription upgrades and fee increases.

What to Do:

Although Google halted its generous migration incentives and discounts early last year, we can help you avoid or mitigate fee increasesContact us or schedule time with one of our Cloud Advisors Advisors for assistance.

3 Google Will Enforce Pooled Storage Limits

As we blogged in November, Google is now enforcing pooled storage limits across all Google Workspace subscriptions.

While Google Workspace Enterprise subscriptions have unlimited storage, pooled storage limits for Google Workspace Business subscriptions as follows:

  • Starter = 30 GB per user
  • Standard = 2 TB per user
  • Plus = 5 TB per user

If you exceed your pooled storage limit, Google will place your service in “read-only” mode, which impacts your ability to create/add content.

What to Expect:

  • As you approach your pooled storage limit, Google will send you warnings.
  • If you exceed your pooled storage limit and have additional storage licenses, Google will give you up to 60 days before limiting your account. If not, you will only receive up to 14 days notice.

What to Do:

As soon as you receive either of the warnings from Google, you need to plan to either free up storage or add more storageOur blog post discusses your options in more detail. For more information or assistance, please contact us or schedule time with one of our Cloud Advisors.

About the Author

Allen Falcon is the co-founder and CEO of Cumulus Global.  Allen co-founded Cumulus Global in 2006 to offer small businesses enterprise-grade email security and compliance using emerging cloud solutions. He has led the company’s growth into a managed cloud service provider with over 1,000 customers throughout North America. Starting his first business at age 12, Allen is a serial entrepreneur. He has launched strategic IT consulting, software, and service companies. An advocate for small and midsize businesses, Allen served on the board of the former Smaller Business Association of New England, local economic development committees, and industry advisory boards.

Cumulus Global Grows its Sustainability with Evertreen Reforestation Initiative

/in ,

Cumulus Global Partners with Evertreen to Offset CO2 with Reforestation Projects 

ReforestationAugust 10, 2023 – Westborough, MA – Cumulus Global announces a dramatic expansion of our company’s sustainability efforts. Partnering with Evertreen, Cumulus Global is supporting reforestation projects in four countries trees. Joining a reforestation program helps the company offset emissions from commuting, business travel, and other business activities. Each monthly planting will remove over 4.2 tons of CO2 from the atmosphere.  This is equivalent to the amount of CO2 created by driving over 11, 000 miles in a car getting the average miles per gallon in the United States. 

“We are excited about expanding our sustainability efforts in ways that will also benefit local communities around the world,” stated Cumulus Global CEO Allen Falcon. “This is a creative way that we, as a small business, can make a difference.”

Each month, Cumulus Global will plant at least 7 trees across four projects. The projects are located in Ethiopia, Madagascar, South Africa, and the United States. Beyond reducing carbon in the atmosphere, the reforestation projects also address local community needs.  Evertreen designs each project to provide local employment. Tree selections help increase local food supplies, prevent soil erosion, and protect local watersheds.

“We chose Evertreen for their holistic approach to the reforestation projects,” noted Falcon. “Their monitoring program and existing partnerships with IT industry leaders further proves their credibility and integrity.”

Beyond planning and planting forests, Evertreen actively monitors the health and growth of its forests with staff on-the-ground and advanced satellite imagery. View a summary of Cumulus Global’s participation, add trees to Cumulus Global’s forest, and learn more about Evertreen.

This tree planting program further extends the company’s sustainability program, that also includes recycling and the use of renewable energy. Since October 2020, Cumulus Global has relied on 100% renewable energy for all of the electricity needs at its main office. 

About Cumulus Global

Cumulus Global is an industry-leading managed cloud service provider with a mission to deliver solutions with tangible value.

  • What We Do: We translate your business goals and objectives into solutions and services.
  • How We Do It: We start with your business needs and priorities. Planning and migration includes guidance to help your team adopt and utilize new services. Your team benefits from co-managed services, on-going support, and client success services. We help you adapt as your business changes and grows.
  • What We Offer: Managed cloud solutions featuring Google, Microsoft, and more than three dozen providers.

About Evertreen

Evertreen (www.evertreen.com) helps individuals and companies offset CO2 emissions by planting trees around the world. In addition to reducing CO2 in the atmosphere, Evertreen forests contribute to local economies and ecosystems. As of the date of this post, Evertreen has planted more than 707,700 trees in more than a dozen forests spanning 10 countries. 

SaaSOps: Adapting the enterprise model for small and midsize businesses

/in ,

SaaSOpsThe term “SaaSOps” was first coined by David Politis, founder of BetterCloud. SaaSOps, short for Software-as-a-Service Operations, is the suite of processes, skills, and responsibilities for managing the lifecycle of software delivered as a cloud service. Most small and midsize businesses use multiple SaaS applications.

By effectively and efficiently managing these applications, we reduce operating costs and security risks.

The 5 SaaSOps Processes

Adapting the enterprise model for small and midsize businesses (SMBs), SaaSOps encompasses the following five processes.

1. Adoption

SaaS Adoption begins with discovery.  Discovery includes both (1) Selecting SaaS applications your business needs or wants; and (2) Identifying the SaaS applications in use by your team. In today’s world of cloud services, individual employees are likely signing up to use SaaS applications that they want or think they need. These are often free, or low cost, consumer oriented services. Often referred to as “Shadow IT”, these apps sit outside your control and outside of your security protections.  Selecting which SaaS applications you will use, as a company, and which you will not, sets the stage for successful operations.

2. Optimization

Optimizing SaaS operations requires cross-application and in-application analysis.  By examining SaaS applications and services, and how they are used, you can identify and remove redundant features and data sets.  Streamlining applications and systems in-use lowers complexity, support requirements, and cost.  Within applications, license management is key to ensure you do not under- or over-license your services.  Beyond the cost implications, unused licenses pose a security risk.

3. Management

SaaS Management includes the lifecycles for both users and applications.  If done well, SaaS Management automates common tasks prone to administrative error.

User lifecycle events focus on properly managing on-boarding, off-boarding, and mid-lifecycle changes.  These events cover accounts, access, security, permissions, and integrations users need to perform their jobs across your SaaS applications and services.  User lifecycle management also includes group management.  The ability to automate group membership based on user attributes gives you the ability to manage uses based on roles and responsibilities.

Application management focuses on application configuration, ensuring accounts, access, security, and data management. Active configuration management creates a dependable service for users.

4. Security

This includes five key integrated security pillars:

  1. Discovery of sensitive data, including data subject to industry or legal regulations.
  2. Mitigation of oversharing of data, externally and within your organization.
  3. App monitoring and remediation, spanning availability, access, and performance.
  4. User behavior analytics, providing data to support operations, planning, and improvements.
  5. Least privilege access management, ensuring

5. Experience

SaaSOps changes — improves — your business’ overall experience with your cloud-based services. The impact is visible to your employees and your IT administration.

  • Automation simplifies tasks and reduces administrative, security, and other errors while improving your IT team’s ability to respond quickly to change and support requests.
  • Change management ensures decisions to alter services are known and documented and helps ensure you remain compliant with policies, industry standards, and regulations.
  • Managed Access and Rights reinforces company policies, maintains compliance, and enables employees to access the applications, services, and data needed for their jobs.

In Summary

As your use of cloud services grows, implementing SaaSOps solutions becomes an important management tool.  Beyond monitoring and managing costs, SaaSOps helps reduce management and administration errors, provides a better experience for IT teams and end users, and improves security. The incremental cost to deploy SaaSOps tools delivers savings while reducing risk.

Call To Action

Schedule time with one of our Cloud Advisors or contact us to discuss how best you can support your remote and hybrid workers. The conversation is free, without obligation, and at your convenience.

About the Author

Allen Falcon is the co-founder and CEO of Cumulus Global.  Allen co-founded Cumulus Global in 2006 to offer small businesses enterprise-grade email security and compliance using emerging cloud solutions. He has led the company’s growth into a managed cloud service provider with over 1,000 customers throughout North America. Starting his first business at age 12, Allen is a serial entrepreneur. He has launched strategic IT consulting, software, and service companies. An advocate for small and midsize businesses, Allen served on the board of the former Smaller Business Association of New England, local economic development committees, and industry advisory boards.

Security Best Practices to Protect Your Admin Accounts

/in ,

Data Protection & SecurityIn any client environment, it is critical for you to protect your admin account with current security best practices. Most cloud services have multiple levels of admin accounts, including a super admin with the ability to access, manage, and change every configuration and security settings.  In many cloud services, “super admin” accounts also have blanket access to your data.  In effect your super admin and admin accounts hold the keys to your kingdom.

Protecting and managing admin accounts is critical for keeping your data and your business secure.

Here are four security best practices for managing and protecting admin accounts.

1 Multi-Factor Authentification

While we recommend multi-factor authentication (‘MFA”, also known as Two Factor Authentication or Two-Step Verification) for all user accounts, the added protection of MFA is critical for super admin and admin accounts.  MFA helps to protect your admin account by preventing somebody from using stolen or compromised credentials to access your cloud services, your data, and your business.

For Super Admin accounts, consider a FIDO-compliant security key.  These keys, or fobs, are physical devices that provide a timed access code required to log in. Keys provide the most secure method for multi-factor authentication, and are our number one recommendation when it comes to security best practices for administrator accounts.

2Secondary Super Admin Access

Even a super admin account can be lost or compromised.  Should this happen, you need a way to perform critical admin tasks while you recover the super admin account.  You have a few options, as follows.

  • Create a second, dedicated, super admin account.  While this comes with a licensing cost, you are not giving additional privileges to other admins or users.
  • Assign super admin rights to an existing admin or user. You avoid any increased fees, but grant privileges which can be accidentally or intentionally misused. These privileges can include access to sensitive data, archives, and the ability to alter security settings.
  • Engage your cloud partner/reseller. If your cloud partner/reseller has the ability to recover super admin accounts and/or reset super admin passwords, make sure you have a service or support agreement in place that covers admin account password reset and account recovery.

3Force Logout Super Admins

Day to day admin services can and should be performed by Admin accounts with permissions to perform specific sets of tasks.  User your Super Admin account for specific administrative and security tasks not permissioned to other Admin accounts.

As a Super Admin: Log in. Perform the specific task. Log out.

If possible, set your system to automatically log out Super Admin accounts if idle for a short period of time.

4Privileged Access Management

Our final best practices to protect your admin account includes Privileged Access Management, or PAM, which limits access to critical security and administrative functions. Permission is granted to specific functions, upon request by another Admin or the system, for a limited amount of time. Using PAM provides additional tracking of who/when/why for critical settings and tasks.

Call To Action

Take a look at your cyber security. Complete our Rapid Security Assessment (free through June 2023) for a review of your basic security measures.

Contact us or schedule time with one of our Cloud Advisors to discuss your cyber security protections and/or your broader security needs, priorities, and solutions.

About the Author

Chris CaldwellChristopher Caldwell is the COO and a co-founder of Cumulus Global.  Chris is a successful Information Services executive with 40 years experience in information services operations, application development, management, and leadership. His expertise includes corporate information technology and service management; program and project management; strategic and project-specific business requirements analysis; system requirements analysis and specification; system, application, and database design; software engineering and development, data center management, network and systems administration, network and system security, and end-user technical support.