Web Weary? Malware May Be the Reason


This blog post is the third in a series on Data Protection issues and practical solutions.

Mag_GlassBy some estimates, as many as 60% of search results are tainted with malware, attracting users to infected sites and putting your systems and data at risk.  While not every infection poses a threat, the industry consensus remains that web-resident malware is on the rise.

The problem is large enough that Google Chrome users now receive warning screens, letting users know when legitimate sites have been compromised.  Google has also launched a service to help hacked web sites recover, and regain users’ trust.

While web site owners struggle to keep web sites free of malware, visitors remain vulnerable.

Fortunately, businesses can protect themselves.

Web monitoring and filtering services offer protection from malicious code embedded in web sites and allow businesses to track web activity across their networks.  Advanced web filtering services also help business manage the use of web-based applications and can monitor other web activity.

Incorporating web monitoring and filtering into your computing environment adds an additional layer of data protection.  In addition to protection from malware, web monitoring and filtering gives businesses additional control over web usage and provides a mechanism for enforcing policies and procedures.  And, for most businesses, the value of this protection should outweigh the additional cost.



Incompetence 16; Microsoft 0


Last week, Microsoft’s new Outlook.com service suffered its second major outage since its launch earlier this year.  The most recent outage, a 16 hour fiasco impacting Outlook.com, Hotmail, and SkyDrive users, was due to an botched firmware update resulting in overheating servers in one of its data centers.  As reported in PC World, the switch-over to alternate servers also failed.

This outage follows a 9 1/2 hour Outlook.com outage in February that Microsoft acknowledge on Twitter but neglected to not on its status dashboard.  February also saw a major Azure outage, caused when Microsoft failed to renew and install new SSL security certificates (a mistake they also made one year earlier).  In November, the Office 365 service was down for most of a day when Microsoft was unable to allocate adequate resources.

These strings of outages, all due to operational errors and architectural limitations, raise serious questions about Microsoft’s ability to manage a multi-tenant data center.

They also raise questions about the Microsoft’s integrity with respect to marketing and customer expectations.  While Microsoft promotes Office 365 and it’s other services as redundant, these outages demonstrate that service reliability is facility-dependent.


Viral Spread of Cloud Creates New Challenges

This blog post is the second in a series on Data Protection issues and practical solutions.

Data Protection SeriesAs discussed in a recent TechRepublic Blog Post, cloud computing vendors are enabling the spread of on-demand software outside the control of the IT Department.

It is easy to see how it happens.  Somebody signs up for a service in order to complete a task that they cannot (or do not know the can) do with their current system.  They share the solution with co-workers, and, before you can say monthly recurring fee, the company must decide if this new tool is a de facto standard and should be included in the formal IT ecosystem.

Aside: On the one hand, shame on the users for not asking first.  On the other hand, shame on IT for not understanding the users’ needs and providing solutions with either current or new technologies.

The challenge becomes managing these services and making sure they are secure.  Beyond deciding who, why, and when services may be used, these services may create real security risks.

In the Google Apps environment, users can install any one of hundreds of third-party applications, many of which request and require access to user data.  While most applications only request and use the access they need, many request permissions that can inadvertently expose critical data such as sensitive documents and contact information.


To mitigate these risks, it is important for the IT team to review and evaluate all new applications and companies should have policies through which they can enforce this rule.  In return, the IT team must be held accountable for responsiveness.

In addition, it is wise to monitor your environment for new software.  For you in-house systems, free tools like Spiceworks, will update you with scheduled scans of all systems.

Within your Google Apps ecosystem, Cloudlock App Firewall, provides you with the ability to both monitor and manage which applications are running in your environment.  The App Firewall reports the level of data exposure by application and reports applications added by user and well as by application.  You can mark applications as approved, blocked or not trusted.  You can revoke permissions, effectively disabling applications as well.    The system also provides guidance, letting you know how other companies have rated applications.


While users will continue to look for apps, the IT team can and should be ahead of the curve.  Additional tools, however, can help monitor and manage applications, which will mitigate risk, enforce company policies, and meet regulatory requirements for data protection.


For more information about Cloudlock App Firewall, please contact us.

Microsoft Azure Fail! Will Customers Bail?


Once again, a flagship Microsoft cloud service blows through the Service Level Agreement like a blizzard through the Midwest.  Th February 22nd outage, impacting all Azure users worldwide, lasted more than 12 hours.

The culprit:  Microsoft failed to purchase and replace expiring SSL certificates.  In other words, Microsoft neglected to renew one of the most basic components that secure the Azure service.

As noted on RedmondMag.com

“Furious customers wanted to know how something as simple as renewing a SSL cert could fall through the cracks. Even worse, how could that become a single point of failure capable of bringing down the entire service throughout the world?”

Once again, an operational error puts thousands of customers  in the dark.  And this outage is one in a string of major service outages, including:

Microsoft described the issue as “A breakdown in our procedures”.  If not for the disruption and financial impact for thousands for companies, this statement might be considered almost comical.  Ironically, a different certificate error was behind a major Azure outage in February 2012.

To put this in perspective, how would you respond if your internal IT department had Microsoft’s track record of catastrophic failure?


It is difficult to trust that Microsoft has the operational maturity and rigor to design and manage multi-tenant, hosted services.  The Azure outage, and others like it, demonstrate immaturity, negligence, or incompetence.  Do the reasons matter given the frequency and impact?  With certificate outages on two subsequent annual renewal terms, it is hard to believe that Microsoft is learning from its mistakes.


3rd Tues @ 3 Webcast: Protecting Data in Google Apps


For those running or considering Google Apps, Google’s highly redundant, multi-tenant infrastructure protects data from nearly all risk of loss or corruption due to hardware or system failure.  Understanding the other risks to our data lets us decide when and how to better protect ourselves.

In this live web event, Allen Falcon, CEO of Cumulus Global, will discuss the business risks and use cases that drive the need for data protection and data loss prevention and will look at practical, affordable solutions.

Joined by experts from Backupify and Cloudlock, Falcon will overview and demonstrate affordable solutions for creating a secure and protected data ecosystem using Google Apps and Google Drive.

And, as always, there will be plenty of time for your questions.

Click Here to Register or for More Information.


Cloud Backup/Recovery: The Same, Only Different

This blog post is the second in a series on Data Protection issues and practical solutions.

Data Protection Series

Backup and Restore, the most basic form of data protection, has been a standard IT practice since teams or Operators managed racks and rows of tape drives and tapes for early mainframe computers.  Borrowing from proven audio technologies, tape backups protected programs and data from the fickle failings of early disk drives.

As computers became more interactive, and more personal, the need for backup and restores services expanded.  Yes, your hardware might fail.  More likely, however, an assistant would “save as” over the boss’ most recent masterpiece.  Computers were new, and human error was inevitable.  Then came viruses, poorly written applications, spyware, bots, and the Internet (the ying and yang of all things good and evil).

As we move into the cloud, some of the reasons for backup/restore remain, and some new ones emerge.  

For those of us running Google Apps for Business, Education, and Government, Google’s highly redundant, multi-tenant infrastructure protects us from nearly all risk of data loss or corruption due to hardware or system failure.  Understanding the other risks to our data lets us decide when and how to better protect ourselves.

Third Party Applications

While domain-level access for applications is usually restricted to administrators, users often have the ability to run and connect third party applications to accounts.  Whether global or individual, poorly written third party applications can wreak havoc with your data.  Applications that need write access to docs, email, calendars, or contacts, can overwrite or delete content.  Determining the scope of a problem, and recovery, can be nearly impossible without reviewing all of your data.

User Error

Recent research shows that data loss within Google Apps is due to user error 63% of the time (0% is caused by Google).  As with any new system, unfamiliarity can bring unintended harm.  Ill-placed pastes, mistaken deletions, and save instead of “save as” are some of the ways data may be lost.   Even more complex, mistakes using Manage Revision settings, and permanently deleting items, can make recovery impossible.

Willful Misconduct

Protecting your data from the employee (or soon to be ex-employee) intent on doing harm is nothing new.  In Google Apps, as well as any other system, employees with access to sensitive information often have the ability to damage or destroy that information in ways intended to harm your business.

Security Breach

Google Apps is one of the most secure public cloud services in the world.  Even so, no system is ever completely safe from user identity theft or corrupt systems with access. A mal-ware infected computer running Google Drive can allow damage to data in Google Apps as easily as with a computer connected to a Windows server down the hall.  If a user — knowingly or as a result of social engineering — shares his or her identity, hackers and others can damage your data.

Google Error

While Google has never had errors resulting in permanent data loss, and Google’s systems are designed to withstand multiple points of failure, a very, very small chance still exists that a software or hardware error could corrupt data.

All of these cases are, and have been, reasons to run a backup/recovery service.  But at what point do you add backup/recovery to your?  For most, the answer is as simple as the answer to the following question:

If you had this data on a server in your computer room, would you back it up?

If the answer is “Yes”, than you should protect the data where it lives — even in Google Apps.

For others, it is one of critical mass.  When the cloud is considered a secondary data store, some wait for usage to reach a level “significant” enough to warrant the additional cost of backup/recovery services.  Unfortunately for some who “wait and see”, the significance is often measured by the pain of a data loss event.


Read more

Outlook.com Goes Dark This Time: Can Microsoft Run Cloud Services?


As reported by ZDnet on the Feb 25th, Microsoft’s new Outlook.com service suffered an outage lasting more than seven (7) hours.  Many customers could not log in, and those that could experiences significant performance issues.

Even more disturbing, Microsoft did not acknowledge the outage until over 4 hours into the incident, via Twitter.  And,  7 hours into the outage, the outlook.com status page failed to note the outage at all.

This outage follows two Office 365 Outages totaling more than 9.5 hours of down-time in November, 2012.

While Microsoft has not commented on the cause of the Outlook.com outage, their apology to customers back in November disclosed that Microsoft cannot dynamically add and allocate resources to their infrastructure.  The best they can do is improve their ability to recovery (related: Microsoft’s Apology Says Volumes about Office 365 Outages).

With a history of operational failures and acknowledged limitations in the underlying architecture, one has to wonder how well Microsoft is able to manage multi-tenant services.  Will the pattern of failures lead to a lack of trust?


Guest Post: Why Half of Our Company is Using Chromebooks Full-Time

Originally posted by David Politis, CEO of BetterCloud.  BetterCloud offers FlashPanel, an integrated management and administrative tools for organizations using Google Apps. Cumulus Global recommends and includes Flash Panel with most Google Apps implementations.

Being a Gmail and Google Apps fanatic, I’ve always been intrigued by the concept of Chromebooks and Chrome OS in general. And with every 3 minute reboot of my aging Windows laptop this past spring, I became more tempted to take the plunge and go 100% web with a Chromebook, at least for the large portion of my day when I’m working in Google Apps and not installable software programs. So when the new Samsung 550 Chromebooks came out this past June, I made my case to the bossman that we should order a few of these devices. They’re cheap, and if we’re true Google Apps experts developing for the Google Apps ecosystem, we need at least a basic understanding of how Chromebooks function and are managed in a business environment.

What I didn’t expect, however, is that I’d be using a Chromebook nearly 100% of the time in the months to follow – we’ve even converted the office’s Controller, an Excel power user, to a Chromebook and Google Spreadsheets. So with about 4 months of Chromebook experience under my belt, I thought it would be a good time to share some of the top reasons why a few of my coworkers and I find Chromebooks indispensable.


You’ve heard the stats, “8 second boot, instant wake from sleep” etc. etc. I can tell you this: you won’t fully appreciate this kind of speed until you use it. I used to come into the office, turn my laptop on, go get a cup of coffee and chat with a couple coworkers, then come back to a laptop that was still rolling out of bed. The Chromebook is ready to go when you are, and over the course of days, weeks and months, saving a few minutes here and there really adds up. You can get similar speeds with any computer using a solid-state drive, but if you don’t have $1,000 to spend on a new MacBook Air, you can get the same speed with the new $249 Chromebook.


While the simplicity of Chrome OS is certainly a big reason for its speed, the simplicity in and of itself actually makes working in Chrome OS a very nice experience. The tools you need to access consistently throughout the day, like Gmail and Google Drive, are always at your fingertips in the launch bar. Obviously you can do this on a “real” laptop with hot keys, browser shortcuts, etc. but with a Chromebook it’s just so easy. And I find that the stripped-down nature of Chrome OS creates far less distractions.

Security and Standardization

There’s definitely a security benefit for personal Chromebook users, as the device doesn’t truly store local files (more security by limitation) and the OS only boots from a read-only version, but the security benefits are even greater for an organization deploying Chromebooks. As an IT administrator, not only can you implement security settings like restricting sign-in to accounts on your domain only or wiping local files after every log out, but you can also standardize certain aspects of the Chromebook experience by proactively pushing out useful Chrome extensions, or even pre-configuring WiFi network logins for every Chromebook on your domain, or particular Org. Units (useful if you use geography to group your OUs).

Using Chromebooks has been a great experience for our team. Not only do we get lightning-fast, affordable laptops, we also have seen Chrome OS evolve significantly over the past 4 months alone. The user experience has improved pretty significantly every few weeks, while the Chrome OS team continues to add more “traditional” PC features like extended desktop and better multimedia support. It’s certainly a Google-centric solution so we wouldn’t recommend it for everyone, but if you’re a Google Apps customer and are already spending the majority of your day in a web browser, it’s worth checking out a Chromebook.

Editor’s note:  Click Here if you are interested in learning more about Chromebooks, or taking one for a test drive.