“Deja Vu?” or “Have We Learned Our Lesson?”

/in ,
Hurricane Matthew as of 2pm on Oct 4th

Hurricane Matthew as of 2pm on Oct 4th

As of this blog post, Hurricane Matthew is churning through the western Caribbean with a projected path eerily similar to Superstorm Sandy in 2012. In its wake, Sandy left a path of destruction up the East Coast and deep into New England with many families and businesses still in the process of rebuilding. Small and mid-size businesses (SMBs) up and down the eastern seacoast were crippled by flooding, loss of infrastructure, and extended Internet and power outages; many were unable to recover.

Could this be a devastating Deja Vu, or did we learn our lesson?

Have you ensured that your information services and data will survive the next storm? Do you know how quickly your business can recover if (more like when) the next storm hits?

Path of Superstorm Sandy in 2012

Path of Hurricane Sandy in 2012

These questions feel more pressing as our next potential big storm churns towards Florida.

Good. Better. Best.

Your “Good” strategy is Backup. Ensure that you back up all of your critical data. Backups should be off site to a service that lets you restore to new systems quickly and efficiently.

Your “Better” strategy is Recovery. In addition to backups, ensure you have the ability to recovery quickly to new systems or to a temporary data center. When your  Return to Operations (RTO) time lets you continue running your business without significant impact to you or your customers, your recovery plan is sound.

Your “Best” strategy is ResilienceYour business is resilient when you can continue running your business with minimal disruption and with little or no inconvenience to your customers, regardless of the weather outside. By placing key applications and services in the cloud, your business can continue to run whether or not your office is open. With Internet access and a browser, your team can connect and work. And while you still may have some aspects of your IT running on premise, a solid cloud strategy keeps critical systems available and operating.

Resiliency Roadmap

For most SMBs, you should consider having the following services hosted or in the cloud. Depending on your applications and needs, you can use Software-as-a-Service (SaaS) solutions or host your applications on cloud/hosted servers with virtual/remote desktops.

  • Communications
    • Email / Calendar / Contacts
    • Telephony — cloud/hosted Voice over IP (VoIP)
    • Messaging / Voice & Video Conferencing
  • Collaboration
    • File Storage & Sharing
    • Productivity Tools (document, spreadsheet, presentation editors)
  • Key Business Apps
    • Customer Relationship Management (CRM)
    • Account / Finance
    • Service / Support
    • Others …

Creating a Resilient business requires strategic thinking, advanced planning, and solid execution. This is especially true when you have integrated applications and systems that you cannot change in isolation. At a high level, the roadmap is:

  1. Identify the applications and services
  2. Prioritize all applications and services based on the impact in the event of a service outage. Look outward and inward, remembering to consider customer impact.
  3. Starting with your highest priority applications and systems, evaluate if your level or protection: Backup, Recovery, or Resilient protection.
  4. Identify and implement solutions that take you from Backup to Recovery, from Recovery to Resilience, or from Backup all the way to Resilience.
  5. Repeat as you move through your prioritized list.

While you may not have time to make your business Resilient before Hurricane Matthew works its way up the coast, you have options to improve your backups and your ability to recover that can be implemented within hours rather than days and weeks. Think about the value of keeping your business running and ensuring its survival. Act now.

Contact us immediately if you want assistance with your backup, recovery, or resiliency services.

 

See the Best Single Sign On (SSO) Solutions For Small Business and Even Better Alternatives

/in ,

In today’s fast-paced digital landscape, small businesses face numerous challenges when it comes to managing user access to various applications and systems. A single sign on for small business is unlike the traditional methods of authentication, such as separate usernames and passwords for each platform, can be cumbersome, time-consuming, and prone to security risks. That’s where Single Sign-On (SSO) solutions for small businesses comes in.

Single Sign-On is a powerful authentication solution that enables small businesses to simplify and centralize user access across multiple applications, platforms, and services. With SSO, employees and stakeholders can log in once using a single set of credentials and gain seamless access to all authorized resources.

This technology not only enhances convenience and productivity but also strengthens security measures by reducing the risks associated with weak passwords, password reuse, and unauthorized access. By implementing SSO, small businesses can effectively mitigate the complexities of managing multiple logins and bolster their overall operational efficiency.

As you move your small or midsize enterprise into the cloud, you will face new challenges around identity management.  Historically, identity management was an operational issue that managed user logins to desktops and local area networks. As you move to the cloud, the network is no longer local. Your network includes the suite of applications and services run and hosted by others. Identity management is now a security issue that should control access to your cloud applications, data, and services as well as your computers and mobile devices.

Single Sign On for Small Business

Even with the proliferation of usernames and passwords, most small businesses are not investing in Single Sign On (SSO).  With many applications using federated or 0Auth login services from platforms like Google Apps or Office 365, SMBs expect users to adapt and manage their identities. The result is a mix of usernames, passwords, and connections without a clear system of record and no centralized management. And while Single Sign On can help eliminate this mess, most SMBs struggle to justify the value.  In addition, single sign on solutions for small businesses lack the ability to manage access to devices, WiFi services, and other resources.

With SSO in place, you still need to manage and maintain a directory service. Directory services, such as Microsoft’s Active Directory and the many LDAP solutions are, in theory, capable of managing more than on-premise systems. Actually integrating directory services, however, is complex, costly, and requires regular maintenance.

Directory-as-a-Service and Identity Management

Directory-as-a-Service® (DaaS) is a modern identity platform that centrally manages user connections to this new world of cloud and SaaS-based infrastructure.

Compared to a single sign on for small businesses, it acts as a virtual directory, enabling businesses to securely manage user accounts, permissions, and policies across diverse applications, systems, and even remote environments.

Identity Management, on the other hand, refers to the processes, technologies, and policies that govern the lifecycle of user identities within an organization. It encompasses activities such as user provisioning, authentication, access control, and user lifecycle management. By implementing Identity Management practices and leveraging DaaS, businesses can streamline user administration, improve security, and enhance operational efficiency.

Features of a cloud-based directory service include:

  • Mac, Windows, and Linux devices are all treated as first-class citizens
  • Tight integration with Office 365 and Google cloud Apps, centralizing control over the productivity platform and enabling single sign-on capabilities for end users
  • Single Sign On integration with other cloud applications and services
  • Improved WiFi security that connects the authentication request to the directory service
  • Multi-factor authentication at the system level
  • Hosted LDAP capabilities can eliminate the need to have an on-prem LDAP server

In short, Directory-as-a-Service covers what contemporary organizations need in a modern identity management platform.

Learn more about Directory-as-a-Service and JumpCloud (our preferred DaaS solution), or contact us for a free, no obligation Cloud Advisor Session.

 

Google Cloud and G Suite

/in ,

G SuiteNew Names, Same Great Solutions

At this point, every Google For Work customer has likely received an email from Google with the big announcement:

Google for Work is now Google Cloud

Google Apps is now G Suite

Why the change?

Google’s has greatly expanded the range of cloud-based business services over the past few years, and the ways in which businesses are using Google’s cloud portfolio continues to change and evolve. Google Cloud better reflects how all of Google’s business cloud services are part of a single, integrated ecosystem. Changing Google Apps to G Suite, better represents the range of services that lets you communicate, store, collaborate, and manage your business. G Suite has grown beyond “Gmail and tools for business”.

What does it mean?

Your Google Cloud services, including G Suite, do not change. You will continue to use the same email, file, and collaboration services you know and love. You still have the features, security, accessibility, and ease-of-use you expect.

We will spend the next several days updating our website and marketing materials and remembering to use the new names.

What does the future hold?

Looking forward, we encourage you to explore more ways to take advantage of G Suite‘s capabilities and to watch for new applications, features, and functions. Google’s commitment to expanding the platform and ecosystem is greater than ever. If you want to explore new use cases or to further your digital transformation, please contact us for a free Cloud Advisor consulting session.

 

 

Cloud Computing Still Needs a Grand Strategy

/in ,

In a recent post on Forbes, columnist Joe McKendrick discusses a Cisco-sponsored IDC survey results showing a lack of coordinated cloud strategies among large enterprises.  Nearly half, or 47%, describe their cloud strategies as “opportunistic” or “ad hoc”. The 14% or respondents claiming managed, optimized cloud strategies, report substantial and tangible business benefits. These successes come from how applications are built and deployed, a strategy that does not always work for small and midsize businesses (SMBs).

SMB Cloud is Different

Cloud StrategyWhereas most enterprise cloud strategies focus on building new line of business applications and rebuilding existing systems for the cloud, most small and midsize businesses are not building or customizing their own applications. When SMBs do use custom applications, they typically rely on outside firms for development and support. When SMBs move to the cloud, they normally start with “infrastructure” services like email and file services. Existing business applications are often replaced by SaaS (Software-as-a-Service) cloud solutions — either from the current vendor or as a replacement.

SMB Cloud Forward Strategy

Without a strategy, you can end up struggle to get all of the pieces of your IT in the cloud connected to each other and/or your on-premise systems. For you, as an SMB decision maker, a sound strategy will:

  • Identify your business goals and objectives
  • Use these goals and objectives to define and prioritize your near-term and long-term technology needs
  • Create an architecture that defines the pieces — platforms, applications, and data — and how the pieces fit together
  • Drive your decision to go Google Apps, Microsoft Office 365, and/or another cloud platform or ecosystem

Creating your cloud strategy requires some thought and effort, but need not be a lengthy or overwhelming task. Starting with your business priorities and answering a few key questions gets you most of the way there. Once in place, your Cloud Strategy will guide your product selections as well as the order and timing of your deployments.

Interested in creating or updating your Cloud Strategy? Contact us for a Cloud Advisor session — for free and without obligation, or complete our Productivity Cloud Questionnaire for a free assessment and recommendation report.

 

Overconfidence in Disaster Recovery: Common and Costly

/in ,

support-liferingAs reported in CloudTech, a recent study in the UK of 250 businesses finds that 95% experienced outages or data loss in the past year, with 87% needing to go to failover systems.

There is a mismatch between expectation and reality when it comes to disaster recovery.

Of the 87% that executed a failover, 82% were confident it would go well, but 55% encountered problems. And while 69% stated outages lasting minutes would be “highly disruptive” or “catastrophic”, only 27% were able to recover all systems immediately following an outage. With 37% of respondents indicating they do not regularly test their DR capabilities, many organizations have no basis for expecting a smooth failover.

Outage Sources

While we often focus on the “big disaster” that could interrupt our businesses, 53% of the outages were to mundane system failures and 52% were due to human error (more than one response was possible). Cyber attacks and environmental issues caused 32% and 20% of the outages, respectively.

Three Things We Can Learn

  1. Comprehensive disaster recovery and business continuity costs money. Running infrastructure and systems in the cloud and/or using cloud-based DR and Business Continuity solutions can help mitigate these costs.  You will, however, need to assess potential downtime and time to recover, the impact of downtime, and the cost to create the right balance for your organization.
  2. Testing your DR/Business Continuity solutions should be easy and cost-effective. Plan on testing at least twice per year.
  3. Your DR/Business continuity solution should help reinforce your overall data protection and business operations. Shifting from a “recovery”-centric strategy to one of resilience can lower costs and minimize the risks and impacts of unplanned outages.

If you want to improve your business’ resilience and lower your IT costs, contact us for a free Cloud Advisor session.

 

Study Confirms: Education Faces Highest Risk of Ransomware

/in

As reported in EducationDIVE and Information Week, a recent study of 20,000 organizations by security firm BitSight found educational institutions suffered ransomware attacks at rates 2 to 10 times higher than other sectors of our economy. 10% of educational institutions have been attacked, compared with 6% of government entities, 3.5% of healthcare organizations, and 1.5% of financial institutions.

With the rate of ransomware attacks continuing to rise, schools and districts need to enhance their protections. Beyond traditional endpoint protection, user education and communication, web filtering, protection for advanced persistent threats (APTs), and tools/processes for recovery need to be in place.

Our Business Guide to Ransomware eBook provides valuable information covering the types of threats, protections, and recovery systems you should consider.

 

 

Rethinking Risks and Responses

/in ,

Malware, Ransomware, Natural Disasters and More Keep Hitting SMBs Hard

Never have we had a greater ability to work together to get things done than we do right now. As our cloud and hybrid environments expand, the ease-of-use encourages us to share ideas and information and to collaborate in new and exciting ways.

Never have we been under attack from so many directions. Changing weather patterns and aging infrastructure leave businesses without power for days instead of hours. Fading employee loyalty means more chances for information to walk out the door. The same features that let us easily share information also let us accidentally share information we shouldn’t. Malware and viruses have evolved from a nuisance to potentially existential threats with the increase in ransomware and advanced persistent threats.

Our Businesses, Employees, and Customers Need and Expect Protection

With the risks and impacts on the rise, we as small and midsize business owners and technologists should rethink how we both prepare and respond. Since the dawn of business computing, large enterprises have built expensive solutions to ensure that their businesses keep running “no matter what”.  Now that we are in the cloud, and solutions are incredibly affordable, we need to adopt the same approach.

Business continuity is no longer just being able to keep your business running after a disaster.

Business continuity means that you are able to prevent business disruptions and distractions, regardless of the cause. Business continuity means …

  • You actively work to minimize the chance of a ransomware attack, and that you can respond and recover quickly should it happen.
  • You have systems and procedures in place to prevent data loss and privacy breaches, and that you can detect and mitigate issues quickly and effectively.
  • You and your team are no longer tethered to the hardware, Internet access, and electricity in your offices.

For SMBs, now is the time to consider the tangible and intangible costs of business interruptions of all types and to see the value in solutions to prevent and recovery. Understand the value proposition of that goes beyond dollars and cents to include the customer relationship impact and the toll that business disruption has on your team.

Food for Thought:

iOS 10 is Budget Risk for Schools

/in ,

ipad2On September 13, 2016, Apple will release iOS 10 and will stop providing updates for iOS 9.  While iOS 10 is reported have some great new features, the real story for schools — particularly those with iPad programs — is the impact on existing devices and budgets. ZDnet remotes that as many as 40% of existing iPads will become obsolete — a statistic that will certainly push many schools to consider accelerating new iPad purchases and/or move to other devices.

With the release of iOS 10, the following devices will no longer receive iOS updates:

  • iPad 2
  • iPad 3rd Gen
  • iPad Mini
  • iPhone 4s
  • iPod Touch 5th Gen

Schools committed to using iPad 2s, and iPad 3s through the 2016-2017 school year now face the prospect of increased security risks and loss of application support.

Apple is shortening the lifecycle of its devices.  Sold from March 2011 through March 2014, schools may find their devices becoming obsolete in less than their planned 3 year lifecycle.  Looking forward, this trend will impact lifecycle planning and budgets for schools with iPad classroom and 1:1 programs.

Ransomware is Front Page News (Again)

/in ,

Over the past several weeks, we have been aggressively communicating with our customers and others about the sharp rise in ransomware hitting small and midsize enterprises.  We have blogged about the need for preparation against attacks and for recovery just in case, as well as the full cost of ransomware attacks. While some organizations are taking action, others still see the threat as a low risk.

This weekend, the Wall Street Journal emphasized the critical nature of the threat with a front page article reinforcing the severity and scope of the problem. The article reiterates the rapid growth of Ransomware, the increasing ransoms, and the ease by which computers become infected.

To help organizations better understand the risks, strategies for prevention, and preparation for recovery “just in case”, we recently published our Business Guide to Ransomware.  Written for the non-techie, it is a must read for any small or midsize enterprise with an Internet connection.

Want help with your Ransomware strategy, contact us for a free consultation.

 

Pokemon Go is a Security Game?

/in ,

No Pokemon Go
While the news coverage has trailed off, the Pokemon Go phenomenon continues as kids and adults continue to play, and the game expands to new locations.

Also in the news, but with less coverage, was the security hole that gave the companies behind Pokemon Go completely unfettered access to users’ Google Apps and Gmail accounts.  This access was not just to read your contacts so you can “share”, Pokemon Go had full read/write access to all user data.

In a short but sobering report, our friends at CloudLock assess and quantify the risk posed by Pokemon Go. Click here to access the report; it serves as a great example of the risks posed by 3rd party apps.

Contact us if you want to learn more about protecting Google Apps from 3rd party app risks.