Coronavirus: Prep Instead of Panic

/in

Updated Mar. 23, 2020. (new content in italics)

Coronavirus is in the news with broad localized impact.  The Centers for Disease Control is urging everyone to prepare for a major public outbreak of COVID-19 will strike the United States. Here is a high level update:

  • Extensive “Community Outbreaks” have been identified by the Centers for Disease Control (CDC), with confirmed cases rising at a sharp rate in several areas of the country.
  • Several states, counties, and local governments are issuing lock-down or “shelter-in-place” orders, severely restricting business and personal activities.
  • Many states and local governments restricting meetings and services.
  • School are closing for extended periods of time. Government facilities are closing to the public
  • Employers are restricting travel and meetings
  • Employers are telling employees to work from home
  • Restaurants and bars are restricted to carry-out and delivery only
  • Mandatory quarantines are in place in some areas

What does this mean for us and our businesses?

Experts currently agree that potential for wide-spread outbreaks exists and there is an urgent and critical need to minimize the spread of the virus.  That said, we should expect, and be prepared, to address localized issues.  These can include:

  • Employees being quarantined at home, or while traveling, due to possible exposure or systems.
  • Closing offices to facilitate social distancing
  • School closings, requiring employees to remain home with children.
  • Localized building shutdowns, including government offices, courts, etc.
  • Impact on, or hesitancy to use, public transportation; reduced public transportation schedules
  • Cancellation of conferences, meetings, and events.
  • Hesitancy to travel, or restrictions on travel destinations.

Each of these feels manageable if the inconvenience is only for a limited time. But with quarantines running 14 days (or more) and concerns that the virus might live on surfaces for as long as nine days, these disruptions may create serious challenges.

Question to Ask and Consider

  • Have we communicated a policy to employees that “Safe is better than Sorry”
    • Do employees know to stay home and avoid meetings if they are not feeling well?
    • Should your business alter or halt normal operations?
    • Should you close your facilities to some or all employees?
  • Can your employees easily and efficiently work remotely?
    • Does this include employees who normally work at the office?
    • What materials, documents, or services might they need?
    • Will functions, such as customer service, function properly with remote users?
    • For employees that don’t normally work at home:
      • Do they have sufficient Internet bandwidth?
      • Do they have the software needed to use your VoIP phone service?
      • Do they have an appropriate device (personal or company-provided)?
      • If using personal devices, do they have the necessary software and versions?
    • Can you extend business phone service to workers at home? If so, are you comfortable
      getting this setup?
  • Do you have the ability to replace travel and on-site meetings with video conferencing?
    • Are enough of your conference rooms equipped for conferencing?
    • Is your team comfortable using the equipment and services?
    • For employees who do not normally work remotely or use audio/video conferencing:
      • Do they have access to audio/video conferencing services from their devices?
      • Do they understand how to use the services from their computers or phones?
      • Are they comfortable with using these services?
  • What functions can be scaled back or delayed with minimal impact to operations, cash flow, customer service, etc.?
  • Which functions are critical to your business continuity?
  • Will supply chain issues disrupt your business?
  • How might the evolving economic fallout impact your business?

Steps to Take

As you consider and answer the above questions, and others, you can better understand how to prepare.  For some, enabling more remote work may be as simple as a temporary cloud file service or migrating files from on-premise file servers to cloud file services.  Other businesses might consider ensuring team members have suitable computers at home or company laptops available if needed. Now might be the time to add Teams Meeting or Hangout Meet hardware and services to your conference rooms and huddle areas. And some businesses may want to expand remote access to business systems or relocate applications to cloud servers.

The good news is that you are not alone.  As you monitor events, assess your risks, and plan, we are here to help.

Please:

  • Join our Open Office Hours on Wednesday March 18, 2020 at 2:00 pm ET.
  • Contact us and take advantage of our expertise and, if appropriate, our services.

We are in this together.

Thank you,

 

 

Allen Falcon, CEO and Pragmatic Evangelist

Cumulus Global Recognized on CRN’s 2020 MSP 500 List

/in ,

CRN MSP 500 Continued Recognition of Cumulus Global as Pioneer in Managed Cloud Services

Cumulus Global, the Cloud Forward service provider, announced today that CRN® a brand of The Channel Company has named Cumulus Global to its 2020 Managed Service Provider (MSP) 500 list in the Pioneer 250 category. The MSP 500 identifies North American solution providers that deliver operational efficiencies, IT system improvements, and a higher rate of return on investments for their customers.

“MSPs are the critical bridge for customers looking to assess, implement and migrate their IT and cloud solutions to drive efficiencies, lower costs and secure your environment,” said Bob Skelley, CEO of The Channel Company. “On behalf of our team at The Channel Company, I want to congratulate the accomplished companies on CRN’s 2020 MSP 500 list and thank them for their commitment to finding innovative solutions that move the IT channel forward.”

For the second consecutive year, Cumulus Global is being recognized for its managed cloud services that deliver desired business outcomes to small and midsize businesses, local governments, and K12 schools. Beyond deployment, training, and support, Cumulus Global helps organizations and teams fully utilize their IT and cloud services for the best value and greatest impact.

“We are honored for the continued recognition as an industry leader,” noted Allen Falcon, CEO of Cumulus Global. “I am proud of our team members who measure our success by measuring our clients’ success.”

The MSP 500 list is available in the February 2020 issue of CRN and online at www.crn.com/msp500.

Please contact us for more information or to schedule a complimentary Cloud Advisor session.

Customer Notice Update: Email Advanced Threat Protection

/in , ,

Data ProtectionGiven the demand and need to improve your protection from the devastating impact of ransomware, crypto attacks, and other forms of cyber attacks we are extending the Advanced Threat Protection Priority Opt-in discount period through March, 2020. We understand that adding a service, even a critical service, impacts your budget and costs. Our Priority Opt-In discounts, and other measures (see below), intend to minimize the impact.

Email Advanced Threat Protection (ATP) and Multi-factor authentication (MFA) are necessary, baseline services for protecting your business

Beginning April 1, 2020, we require Advanced Threat Protection for all of our customers’ email service, unless you specifically opt out. Opting out is appropriate if you already have an advanced threat protection service in place.

If you opt out, the cost of our data recovery efforts will not be covered under our unlimited support plans (See our Support Services SLA). When we add ATP to your service, we will discuss with you when we can add MFA.

We will mitigate the cost.

We are sensitive to your budget.

  • ATP requires a technical setup and typically incurs a setup fee along with the monthly or annual subscription.
  • We are discounting both the setup and subscription fees for all customers. For customers requesting Priority Opt-In, we will waive the ATP related setup fees completely.
  • MFA implementation is covered by our support plans as an administrative change.  If you do not have on of our support plans, we will provide an affordable, discounted quote for the project.
  • For customers without an unlimited support plan and/or those that choose to Opt-Out, we will discount our hourly fees for recovery work.

For more information on specific discounts and pricing, and to let us know if you want to Opt-In, to have Priority Opt-In, or to Opt-Out, please visit this web page and complete the form.

We realize that this is a significant change for most of our customers.  We also understand the importance of these protections.  Please contact us with questions or concerns

Thank you for being part of our community,
Allen Falcon
CEO & Pragmatic Evangelist

Managing Chrome the Education Upgrade Price Increase

/in ,

On January 22, 2020, Google is informing all Chrome Education Upgrade (aka Chrome Management Service) users that that perpetual per-device license price is increasing from $30 to $38 dollars, effective March 9, 2020.

While Google is not unreasonable in raising prices to ensure continued innovation and feature expansion, the timing of the increase is problematic for many schools.  With fiscal years starting July 1, schools and districts have drafted or completed their budgets for the upcoming year.  The timing of the increase impacts purchases planned for the end of this fiscal/school year as well.

Cumulus Global will help you manage the price increase.

You can order your Chrome Education Upgrade / Management licenses now, before the price increase.  Based on your quantity, we are offering discounts up to 10% or more off the current $30 price.  If you are unable to purchase the licenses now, you can also request a binding quote and receive similar discounts off the $38 price through August 31, 2020.

Please complete the form, below, and request your quote.

Request your quote …

5 Ways We Can Lower Your Chrome Device Costs

/in ,

As part of our ChromeCycle Program, we help you manage the total cost of ownership of your Chrome devices.

Here are five (5) ways we can lower the purchase cost for your next round of Chrome devices.

1. Preregister Your Purchase:

We can often secure preferred pricing when we preregister your intended purchase with your preferred Chrome device manufacturer. Letting your manufacturer know now how many units you plan to buy later helps them plan production and distribution. Some of those savings come back to you.

3. Competitive Bidding:

If you do not have a preferred Chrome device manufacturer, we can bid your intended purchased out across manufacturers and distributors to obtain the best purchase price possible.

3. Trade-In: 

Trading in devices at the end of their life cycle can lower the cost of refreshing your devices by as much as 20%. We can estimate trade-in value now, to help with your budgets for purchases later in the year

4. Buy-Back:

Even if you are not buying your refresh fleet from us, we can buy back devices you are retiring. The international market for used devices and parts can save you money.

5. Financing Services:

We work with multiple finance partners to offer both finance and fair market value leasing options. We can put your purchase financing out to bid to help get the best rate and terms possible.

Chrome Device Costs

Chrome devices are typically sold with a license included, which provides access to the Chrome operating system and management console. However, if you need to purchase additional licenses for your organization, the cost can vary depending on the type of license and the number of devices you need to license.

There are two main types of Chrome device licenses:

  1. Chrome Enterprise Upgrade: This license provides access to additional features and management tools, such as enhanced security, access to the Chrome Web Store, and support for virtual desktop infrastructure (VDI). The cost for the Chrome Enterprise Upgrade license is $50 per device per year.
  2. Chrome Education Upgrade: This license is designed for educational institutions and provides additional features tailored to the needs of students and educators, such as Google Classroom integration and content filtering. The cost for the Chrome Education Upgrade license is $30 per device per year.

When you sign up for a Chrome Enterprise Upgrade, you will get a free 30-day trail. Final prices are subject to change, and may vary by region. Please contact us if you have any questions about the specific pricing available in your area, and to best determine how much value a Chrome Enterprise upgrade will have for your unique situation.

Click here to learn more about our ChromeCycle services, or contact us for a no-obligation Cloud Advisor consultation.

 

The Cost of Downtime Explained in 7 Ways

/in

A recent survey found that 40% of small and midsize businesses (SMBs) experiences 8 or more hours of downtime due to a severe security breach within the past year. According to the National Cyber Security Alliance, 60% of SMBs who experience a significant data breach go out of business within six months. The highest cost of an unplanned outage is more than $17,000 per minute. The average cost per minute of an unplanned outage is nearly $9,000 per incident. These statistics are sobering. For many SMBs, however, the risks still feel foreign and not something that warrants action. To protect your business requires some knowledge and good advice, intent, action, small investments.

It is easier to rely on myths such as, “We are not a target for cyber attackers”, “We can run on pen and paper until we recover”, and “Our customers will understand” than it is to assess your risks and take action. Nevertheless, the risks are real and the number of SMBs hurt by downtime continues to rise.

The cost of downtime can vary depending on the size of the organization, the industry, and the nature of the downtime. Downtime can be caused by various factors such as power outages, network failures, software issues, or hardware failures. In today’s world, it’s essential to streamline security if you’re a SMB, and understand the consequences downtime can have on your business.

Here are seven ways downtime can damage your business:

1. Monetary Cost

Downtime leads to lost sales and lost productivity impacting top-line revenue and your bottom line. These costs hit your pocket in addition to the cost of recovery and returning to normal operations. If you need to calculate the average cost of downtime, our specialists can help.

2. Customer Trust

When you are unable to serve your customers, they lose faith in your business. While downtime for natural disasters is understandable, today’s customers have little tolerance for disruptions due to cyber attacks and breaches. Lost trust means lost customers.

3. Brand Damage

Your brand identity and reputation drives customer loyalty and growth. Service disruptions from technology failures or breaches sends a message that your business may be poorly managed and is unreliable. These messages lead to loss of goodwill and create negative impressions of your business in the minds of your customers.

4. Employee Morale 

Disasters due to data loss or breaches means employees need to perform double duties. Employees spend time on recovery while working to keep the business operational. It often requires additional work hours. Recovery can be stressful and demoralizing.

5. Business Value 

Businesses that suffer data breaches and service disruptions are perceived as poorly managed. With the potential financial liability, public companies can see stock prices fall. All companies can suffer a loss of business value.

6. Legal Action

Downtime creates the risk of legal action. This is particularly true for downtime that is perceived as preventable. System failures, data loss, security breaches, and other incidents can put your business in breach of contract. You may also be in violation of state and federal regulations, making proper data protection and security vital.

7. Compliance Fines & Penalties 

As information privacy and security regulations expand, data loss and breaches create the real potential for fines and penalties related to regulatory compliance, privacy, and data retention requirements.

These risks carry the potential for lasting damage. Whether by increased financial burdens or winning back customers, the impact of downtime extends well beyond getting yourself up and running again.

Is your business worth protecting?

Protecting your business will not break the bank. We offer practical, affordable cloud infrastructure solutions that help you and your team understand the risks, prevent problems from happening, and continue operating in the event something bad does happen.

If your business is worth protecting, contact us for a complimentary Cloud Advisor session to discuss how we can improve your business’ resiliency.

 

Customer Notice: Email Advanced Threat Protection

/in ,

Data Protection

(Updated January 20, 2020)

We continue to witness the devastating impact of ransomware, crypto attacks, and other forms of cyber attacks on our customers.  The recovery cost and frequency of attacks are increasing at alarming rates. The average cost for a small or midsize business (SMB) to fully recovery from a cyber attack has increased to between $145,000 and $180,000. This includes loss of direct business, remediation costs, damage to reputation, and employee downtime.  At the same time, the number of ransomware attacks so far in 2019 has doubled when compared with the same period in 2018.

As a managed cloud service provider, you have heard from us that you “should” have more protections in place. Our position is changing: these protections are a “must”.

Multi-factor authentication (MFA) and email Advanced Threat Protection (ATP) are necessary, baseline services for protecting your business. 

Beginning April 1, 2020, we will require and will begin adding Advanced Threat Protection to all of our customers’ email service unless you specifically opt out. If you opt out, the cost of our data recovery efforts will not be covered under our unlimited support plans (See our Support Services SLA). When we add ATP to your service, we will discuss with you when we can add MFA.

We will mitigate the cost.

We are sensitive to your budget.

  • ATP requires a technical setup and typically incurs a setup fee along with the monthly or annual subscription.  We are discounting both the setup and subscription fees for all customers. For customers requesting Priority Opt-In, we will waive the ATP related setup fees completely.
  • MFA implementation is covered by our support plans as an administrative change.  If you do not have on of our support plans, we will provide an affordable, discounted quote for the project.
  • For customers without an unlimited support plan and/or those that choose to Opt-Out, we will discount our hourly fees for recovery work.

For more information on specific discounts and pricing, and to let us know if you want to Opt-In, to have Priority Opt-In, or to Opt-Out, please visit this web page and complete the form.

We realize that this is a significant change for most of our customers.  We also understand the importance of these protections.  Please contact us with questions or concerns

Thank you for being part of our community,
Allen Falcon
CEO & Pragmatic Evangelist

Managed Cloud Security: 7 Ways to Keep Your Cloud Environment Safe

/in

Managed Cloud Security ServicesIn a recently published report, one of Forrester Research’s five key cloud predictions is that cloud management providers will tackle cloud security.  With the Capital One breach, the first major breach in a public cloud, the industry has a new focus on security and public cloud services. Small and midsize businesses (SMBs) are more likely to use public cloud managed services over specialty providers and private clouds. As such, SMBs need to focus on cloud management.

What is managed cloud security?

Managed cloud security refers to the practice of outsourcing the security management and monitoring of a business’s cloud infrastructure to a third-party service provider. This includes the implementation of security measures such as firewalls, access controls, and intrusion detection systems, as well as 24/7 monitoring and incident response. With managed cloud security, businesses can ensure the security and integrity of their data and applications in the cloud, while freeing up internal resources to focus on core business operations.
Managing cloud security risks involves a multi-layered approach to ensure the security of a business’s cloud infrastructure.  Effective cloud management can prevent holes in your security protections and save you money.

Cloud management, as a practice, formalizes access, licensing, usage, security, and spending for your cloud services. Instead of focusing on each cloud application or service independently, Cloud Management as a practice oversees and manages the big picture.

Seven key components of Cloud Management are:

  1. Document which cloud services are needed and used based on each person’s role within the organization
  2. Based on need, determine the level of access for each person/group based on their roles and responsibilities
  3. Understand and document subscription and licensing rules for each service, to ensure you can optimize subscriptions and spend
  4. Create standardized on-boarding work flows to ensure new employees and those changing roles are
    • Provided access to only the cloud platform services they need
    • Are assigned appropriate access to features, functionality, and data within each system
    • Access to data is consistent across cloud services
  5. Create standardized off-boarding work flows to ensure:
    • All cloud services accounts are deactivated, preventing orphan accounts from being left open
    • Data within each cloud service is archived or transferred to other user(s), preventing data loss
    • Cloud subscriptions/licenses are modified to prevent unnecessary costs
  6. Track licensing and subscriptions to:
    • Adjust your subscriptions to match your need, as allowed by each cloud service
    • Identify and remove unused licenses
    • Understand and manage your spending
  7. Actively search for, identify, and manage use of unauthorized cloud services to:
    • Minimize or eliminate “Shadow IT” risks with respect to security, data loss, and compliance
    • Identify and move users from duplicate services to authorized services
    • Provide training on authorized apps and services, preventing the need to use other services
    • Identify cloud services needed or wanted by staff, but not yet available through and authorized app or service

By applying the basic tenants of cloud management you can reduce your security risks, optimize your services and licensing, and better manage your spend.

FAQs

What are the three key areas for cloud security?

  1. Data Security: This involves protecting the confidentiality, integrity, and availability of data stored in the cloud. It includes measures such as encryption, access controls, and data backups.
  2. Network Security: This involves securing the network infrastructure used by cloud services, including firewalls, intrusion detection/prevention systems, and virtual private networks (VPNs).
  3. Application Security: This involves securing the software applications running on the cloud infrastructure, including secure coding practices, vulnerability management, and web application firewalls.
By focusing on these three key areas of cloud security, businesses can effectively address the most critical security risks associated with the use of cloud services.

Cumulus Global offers Cloud Management tools and services.  Contact us for a free, no obligation Cloud Advisor session to learn more.

 

Chrome Device Lifecycle Update

/in

Like any hardware, Chrome devices have a useful life.  Per Google’s policies:

  • Every Chrome device receives regular updates from Google until it reaches its Auto Update Expiration (“AUE”) date, subject to support from component manufacturers. When a device reaches AUE, automatic software updates from Google will no longer be provided.

  • Chrome devices that have not reached their AUE date will continue to receive OS updates and function with Chrome Education Upgrade and Chrome Enterprise Upgrade (a.k.a Chrome management licensing). After the AUE date is reached, existing and future policies may not work as intended, and technical support will not be provided.

  • Google will publish a model’s AUE date after its release, giving buyers time to make purchase decisions. Please check the AUE date when making a purchasing decision.

For your convenience, we are providing a link to Google’s Chrome Device Auto Update Policy here on our site.

Cyber Protection: Time for New Best Practices to Safeguard Your Business in the Digital Age

/in

Cyber ProtectionAccording to a recent survey* of IT service providers, ransomware attack downtime costs 23 times more than requested ransom. The average ransom for small and midsize businesses (SMBs) victims jumped 37% to $5,900 from 2018 to 2019.  And lastly, the average cost of ransomware downtime jumped from $46,800 to $141,000, an increase of more than 200%. This underscored the importance of having cyber protection protocols in place in an increasingly digital age.

To add to your cyber security concerns, SMBs fall victim to cyber crime and ransomware attacks even when they have traditional antivirus, email/spam, ad/pop-up blockers, and endpoint protection in place.  67% of IT service providers report their SMB customers fall victim to phishing emails; 30% report that most customers still rely on weak passwords and access management.

The Need for a New Approach to Cyber Protection

Traditional cyber security solutions are no match for many cyber attackers. We need a new modernized approach to ransomware, with business continuity at the core.

Using business continuity as a guiding principle drives new best practices for preventing and responding to cyber security attacks. With a business continuity mindset, you focus on what is needed to keep the business running, and how quickly you can “return to operations”.  When we discuss business continuity, we understand that we need to take steps to prevent disruption, mitigate the scope of potential disruptions, respond effectively when disruptions happen, and have the systems and processes in place to recover quickly.

For over a year, we have promoted and refined our Security CPR® managed security services and model to help ensure appropriate data protection and security.

Implementing Security CPR® Managed Security Services Can Help Combat Cyber Threats

Communicate and Educate: Involve everybody in the solution by educating your team on the risks, how to spot and report fraudulent content, and how their behavior can prevent or help an attack.

Protect and Prevent: Implement multi-layer, multi-vector protections that focuses on your people (identities), data, applications, and systems. Our data, our businesses, no longer sit comfortably hidden in a computer room behind a firewall.

Respond and Recover: No defense is perfect. Have services in solutions in place that let you recover and return to operations within a time frame that protects the health of your business. More than getting data and systems back on line, put in place the forensics, legal, public relations, and customer service resources you will likely need in a cyber attack emergency.

Here are 10 Actions you can initiate today to improve your cyber protection:

  1. Ensure your computing environment is protected across multiple attack vectors: Identity, Endpoints, User Data, Cloud Apps, and Infrastructure.
  2. Deploy multi-factor authentication, advanced threat protection, next-gen endpoint protection, and DNS/web protection across your ecosystem for a comprehensive baseline or protection.
  3. Encrypt your data at rest and in transit.
  4. Educate your team on the risk and how their actions can impact the business.
  5. Actively manage your cloud and “as-a-Service” subscriptions, standardize on-boarding and off-boarding of staff and contractors based on role, application needs, and appropriate access to data.
  6. Understand how your team uses your business and unauthorized (“shadow IT”) applications and services.  Reign in shadow IT by ensuring your business systems provide staff with the necessary capabilities.
  7. Test your staff’s behavior related to cyber attacks and follow up with additional coaching and guidance. Discipline and, if needed, terminate those who are unwilling or unable to adapt to the current realities of behavior and risk.
  8. Upgrade from data backup/recovery to a business continuity solution that will get you up and running in minutes or hours, instead of days, should an attack get past your defenses.
  9. Arrange in advance for the legal, forensic, PR, communications, and customer service resources you need to respond to an attack with a potential or actual data breach.  Prepaid breach response services give you nearly instant access, reducing your risks and liability while bundling in baseline cyber insurance coverage.
  10. Get cyber insurance, either a baseline policy bundled with Breach Response services and/or a fully underwritten policy from your business insurance provider.

Please contact us for more information about your cyber protection, available assessments, and solutions. We are happy to schedule a free, no obligation Cloud Advisor Session.

* Global State of the Channel Ransomware Report. Datto, Inc. Oct. 2019.