Posts

The Human Risk with Cloud Storage

Cloud File DrawerA recent survey by WinMagic, a UK-based storage security firm, highlights some interesting, if not disturbing, information about employee use of cloud file and storage services. Speaking with over 1,000 employees at companies with at least 50 employees, the survey found that both users and businesses appear to be unclear about the need to protect cloud data, and how to do it.

Key findings of the survey:

  • Only 35% use a service sanctioned by their employer
  • 50% use personal equipment to access work information and services at least once a week
  • 65% of employees don’t have or don’t know the company policy on cloud storage
  • 5% use cloud services knowing that the service has been restricted by the company

The disparity between IT policies regarding the use of cloud storage and employees habits is troubling, particularly given the risk of data corruption, loss, and breaches.

The solution is not to avoid the cloud. Nor should you create a draconian culture around technology and cloud usage.

  • Create and share a clear, concise policy on the use of cloud services, and IT in general, for your company
    • Clearly require that work related to data to be stored only in sanctioned systems and services, and the work and personal applications and data be completely separate.
  • Provide a suite of services that meet users’ needs
    • Ask users which tools help their productivity and evaluate the secure, business versions. Remember that one size does not fit all and you may need or want multiple options.
  • Monitor and manage access, security, and privacy
    • Deploy systems that let you monitor  and manage access to company data, the security of the data, and your data privacy compliance. In addition to user identity and access controls, monitor and manage file permissions based on content along with 3rd party application (especially mobile app) access to your data.
  • Inform and educate your team
    • You do not need a series of boring lectures and meetings to indoctrinate your team into the new world order. A clear, concise discussion regarding appropriate use policies gets the message across.
  • Be nimble and communicate
    • Cloud is still fairly new and services are constantly evolving and launching. Users’ needs are changing constantly as well. If you can respond to your users with tools and services that meet their needs, you eliminate their “need” to circumvent the official tools. Communication about why certain

A balance of useful and secure cloud services, clear policies that promote responsible use, and tools that monitor and mitigate risks will improve not just your security profile, but your efficiency as a business.


We offer a range of data protection & security services, contact us to learn more.


 

 

When and Why Go VDI?

This blog post is a reprint of an article first published on Experts Exchange as part of a series on cloud strategies and issues for small and mid-size businesses.


VDI DiagramLike many organizations, your foray into cloud computing may have started with an ancillary or security service, like email spam and virus protection. For some, the first or second step into the cloud was moving email off-premise.  For others, a cloud-based CRM service was the first application in the cloud.

Currently, we see organizations rapidly moving file services and storage into cloud-based solutions as more marketing, sales, and line of business applications switch to Software-as-a-Service (“SaaS”) solutions. Often, this leaves you with a small set of business applications running on-premise.

What do you do with applications and services left on-premise when most of your systems have moved, or will be moving, to the cloud?

While you may wish to keep these legacy systems on-premise, you can move them into a cloud or hosted Virtual Desktop Infrastructure (VDI) environment. VDI environments provide a virtualized, remote desktop accessible via browser or “receiver” app.  When connected, users get their full desktop environment with access to local and network applications.

Some applications, such as computer-aided design (CAD) and manufacturing/process controls, are not well-suited for VDI. Most local and network applications work well within a VDI environment. VDI services typically charge based on processor load, memory, and allocated diskspace. Fees may also include standard office software, data backup services, malware protection, and other common network services.

Why use a VDI solution?

  • Improved secure accessibility to legacy application, particularly for remote and mobile users
  • Lower cost for IT infrastructure, especially when email, apps, and other services are moving to the cloud
  • Improved reliability and security, as VDI solutions run in professionally managed data centers
  • IT resources are free to work on higher value projects than maintaining core infrastructure and services
  • Lower cost and less administration of end user devices, as you can move to thin clients, chromebooks, and tablets as existing desktops and laptops need replacing

When to use a VDI Solution? 

For some small and mid-size enterprises, VDI solutions provide a means to “clean out the closet”, to simplify their IT solutions and walk away from endless maintenance and updates. For others, a VDI solution enables them to move legacy systems and applications to a cloud-based environment.

When considering a VDI service for legacy applications and systems, answering a few basic questions while help you determine if your “when” is “now”.

  • Is the application is available in a Software-as-a-Service (Saas) subscription?
  • Does the application have custom modules or code that would prevent running the SaaS version?
  • Are application requirements — processor power, memory, disk space — known and understood?
  • How many users need access to the application?
  • How many users receive reports or data from the application?
  • What connections or integrations exist between local/network applications?

With answers to these questions, you can scope the size and configuration of your VDI environment. You can also assess if the benefits, and the costs, of a VDI solution outweigh the costs and effort required to maintain the systems on-premise.

As you move applications and services to the cloud, you will likely reach a point where you no longer have the critical mass necessary for on-premise servers to be the most economical and effective solution. When you reach this tipping point, a VDI solution will provide a secure home for your systems, your business, and your budget.

Define the Role of Your Cloud File Service

Experts Exchange.Standard.200

This blog post is a reprint of an article first published on Experts Exchange as part of a series on cloud strategies and issues for small and mid-size businesses.

 


Cloud file services can fill many different roles for your business. Often, the use of cloud file services begins with employees using consumer products, like Dropbox, to share files with customers and each other. While sync-and-share can be an effective way to manage files, you should always rely on the business editions to ensure that the business is in possession of, and is managing, your data.

That said, this use of sync-and-share tends to be transient in nature. At the other end of the spectrum, many businesses are replacing on-premise servers, NAS, and SANs with cloud file services, which become the primary file service.
To help you plan how to create the best file service for your business, consider these working definitions and considerations with respect to data protection and management.

Transient File Service

  • Transient file services are used occasionally for storage and sharing of files.
  • Often a sync-and-share service (Dropbox, box.net, etc) or a peer-to-peer service (Drive, etc.), files are copied to the file service and shared.
  • In most cases, files sync back, or are manually copied, to their primary location. As the primary location for files is protected by backups and permissions management, transient file service generally don’t need or have backup protection.
  • Permissions management is often the responsibility of the individual users. As such, transient file services should not be used for sensitive or protected (PHI, PCI, etc) information.

Secondary File Service

  • A Secondary File Service will fill the role that the Transient File Service provides, but will also be the home — the system of record — for some information.
  • Companies create Secondary File Services to handle information that is used collaboratively, but wants to keep internally-used data and critical business information in-house. An architecture firm, for example, might have active projects residing in a cloud file service while keeping past project data and internal operations (HR, finance, accounting, strategy) on in-house systems.
  • While sync-and-share can serve the needs of secondary file server, peer-to-peer and managed file services provide better control over your data.
  • As a Secondary File Service will be the system-of-record for important information (i.e., the data is not synced or copied to other storage), these file services should be protected by Backups.
  • Secondary File Services may or may not be used for sensitive or protected information. If they are, then active permissions monitoring and management is advised to prevent inappropriate disclosures, leaks, or breaches.​

Primary File Service

  • A Primary File Service becomes the system of record for most, if not all, of your company’s files and data. As such, the cloud file service will hold sensitive and protected data.  Access, permissions, and protection are as critical in the cloud as they are on-premise.
  • Backup/recovery and active permissions management become critical components for ensuring data reliability, security, and privacy, and may be required for regulatory or industry compliance.
  • While smaller businesses can use the peer-to-peer, larger businesses or those with larger numbers of files find that a managed and structured file service works better.
  • Centralized ownership and control over permissions improves security and efficiency.
  • Sync-and-share services may still be used to support off-line work, but should be managed closely to ensure sensitive and protected data remains secure.
 Hybrid File Service
  • A Hybrid File Service exists when the Primary File Service is split between on-premise servers and cloud-based file services.  A Hybrid File Service differs from the use of a Secondary File Service in that the Hybrid File Service sees both on-premise and in-cloud as equal components of the ecosystem. Data location is based on access needs and usage rather than on the type of data.
  • For some organizations, Hybrid File Services represent a transition period from on-site to cloud file services. For others, Hybrid File Services reflect a broader hybrid cloud strategy that mixes SaaS and IaaS services with on-premise systems.
  • As Hybrid File Services create a cloud-based extension of on-premise servers, a managed file service with central ownership and permissions control is most often the best structure.
  • With a Hybrid File Service, the cloud component requires backup/recovery and permissions protection on-par with your in-house servers.

By understanding and defining the role of your cloud file services, you have a better understanding of the type of service to use — sync-and-share, peer-to-peer, or managed file services. You can also best determined the level of backup/recovery, access, permissions, and encryption you want and need to meet your business’ needs and any regulatory or industry requirements.


To learn more watch our 3T@3 Webcast from May 2015, Designing a Cloud File Service, or contact us with your questions or interest.


 

Reconsider Your File Sync-and-Share Services

File sync share
It is no wonder why file sync-and-share services are so popular. They are easy to setup and use, particularly with people outside your company or organization. And, most people you want to share with have, or are willing to create, a free account to see your shared files.

As a business, government, school, or non-profit, however, you may want to reconsider how you let your team use file sync-and-share services.  Here’s why:

Who “Controls” the Data?
  • Do you know if individuals are sharing information inappropriately?
  • Could you recover files deleted by a user from their account?

File sync-and-share services create de facto peer-to-peer networks. Files are “owned” by the person that created or uploaded them. Permissions are controlled by each user, not by any central policy. As such, you have little ability to monitor or manage access to your data, which puts your business at risk for data breaches, as well as policy and regulatory violations.

Can You “Find” the File?
  • Are you comfortable with a peer-to-peer file service with little central control?
  • Are folks wasting time figuring out in which folder files are stored?

With each user creating folders and files to meet their own organizational needs, finding files shared with you can be challenging. As users create similarly named folders, locating files can be a challenge. You should never need to call a person for help locating a shared file.

Where, “Exactly”, is the File?
  • Would a lost or stolen laptop or phone give somebody easy access locally saved files?
  • Is locally saved data as secure as data on your server?

Chances are, your team is syncing files to/from laptops and mobile devices. So even if you are using a secure file sync-and-share service, your data is likely at risk. File sync-and-share services create local directories for storage and most services rely on your local security to protect those files. In other words, your data may be on a laptop or mobile device with no (or trivial) password protection. Adding drive-level encryption is an option, but adds money, complexity, and support costs to your environment.

 

Fortunately, solutions exist.

Secure, enterprise file sync-and-share solutions provide centralized control of what data can be synced to local devices, and by whom. These solutions also require login verification before accessing information on the local devices. Managed cloud file services let employees use locally installed apps with cloud-stored data, while providing centralized ownership and permissions management. Each solution has its limitations and benefits; understanding how your users need and prefer to work is key to making the picking the best solution.


Contact us for more information about available cloud file service options.


 

Consider Cloud File Services


When we talk to businesses about moving into the cloud, we often focus on the cloud-based, managed file services. We see how trendy file sync-and-share services have become as IT continues its love-hate relationship with consumerization.  We also see how simply putting a traditional file server in a cloud-hosted environment does not reap the benefits many expect.

For us, a managed cloud file service provides users with secure access to files in a central service, from any Internet-connected device.  “Managed” means that your IT admins and/or data managers are able to monitor and control the access rights, exposures, permissions, and ownership of information stored within the service. “Managed” also means your data is protected from user error (or intention) as well as hardware/software issues.

While file-sync-and-share is one type of cloud file service, it is not the only form of cloud file service. 

As you think of how to best move file storage into cloud file services, consider your business and technical needs.

File-sync-and-share is easy to deploy, but implies that you will have multiple copies of data on different devices, each of which will then require protection.  File-sync-and-share also creates a peer-to-peer sharing service, in which users can get lost among shared folders and unclear ownership.

Other peer-to-peer solutions, including OneDrive and Google Drive, can cause similar user confusion as the number of users, or the number of documents, increases.  And while peer-to-peer file services where the rage back in 1998 with the release of Windows for Workgroups, most businesses have been running on centralized file servers for at least the past decade.

A managed cloud file service can provide a working environment similar to an on-premise file server. When structured properly a managed cloud file service can provide:

  • A single location for data (no need to replicate to local machines)
  • Centralized ownership of file space, libraries, and directory hierarchies
  • Centralized administration of access rights and permissions, by user or group
  • The ability to provide shared folders/directories for company, department, or project team work, along with personal folders/directories for individual activities
  • Unified search across shared and individual file spaces
  • Secure access from any device — PC, Mac, iOS, Android, Chrome, etc.
  • Administrative ability to monitor and audit permissions and access by individuals and applications
  • Data protection in the form of versioning and backup/recovery systems
  • Integration of additional metadata, document management, and workflow management tools to reinforce and accelerate business processes

If your cloud storage is not giving you the advantages of a managed cloud file service, let us know. We are happy to review your environment and suggest alternatives.

 

 

Beyond reducing

SBS End of Life: Microsoft Punishes Small Businesses

 

Don’t get me wrong.  Companies retire products all the time; New product road maps are a necessary and valuable part of the technology ecosystem.  How a vendor decides to retire a product, however, can be very telling with respect to how they view and treat their customers.  Let’s talk about Microsoft.

Last week, Microsoft announced it’s server options for MS Windows Server 2012, due out sometime later this year.  The announcement included three major components that, while they seem to be unrelated, both impact small and mid-size businesses.  With Windows Server 2012, Microsoft is:

  • Switching from per server to per CPU licensing.
  • Eliminating Small Business Server
  • Restricting which Server licenses can run on virtualized hardware.

In press interviews and its announcements, Microsoft is very clear that businesses running SBS must either now purchase separate Exchange and Sharepoint licenses or must move to the cloud (hopefully Office 365).   The impact, however,  is actually much greater for businesses with fewer than 75 users.

  • Companies with 25 or fewer users can get the new “Essentials” edition of Server 2012.  This version cannot, however, run in a virtual environment.  Small businesses cannot, therefore, buy one server and run Windows, Exchange, and Sharepoint servers virtually without licensing the more expensive Server 2012 Standard Edition.
  • The move to processor-based licensing will also push cost increases on small businesses.  Many SMBs have purchased quad processor boxes to deliver performance and support virtualization.  With a 2 processor limit on Server 2012 Standard Edition, many customers will need to double the number of paid Windows Server licenses.

Microsoft has made it clear that they expect SMBs to switch from SBS to a file server and run Exchange and Sharepoint in the cloud.  This option, too, will represent significant cost increases for SMBs given Microsoft’s pricing model for Office 365 and the need to upgrade specific Office 2010 versions for full functionality.

If this move seems coercive, it just may be.  As reported in PC World, Office 365 has not been the smash hit Microsoft predicted.  The company is not releasing sales or usage numbers.  As a Microsoft spokewoman quoted in the article stated:

“We’re not breaking out customer, user, or revenue numbers at this time”

And according to IDC Analyst Melissa Webster, “They’ll give metrics when the metrics are meaningful, demonstrating scale and depth.”

So with lackluster performance, Microsoft releases a licensing and pricing model that “encourages” SMBs to move into the cloud or pay a heavy hardware and licensing penalty for upgrading in-house systems.

Fortunately, small and mid-size businesses have alternatives.  Google Apps for Business and other services offer more cost effective solutions for email, communication, and collaboration than Office 365. Beyond moving the Exchange and Sharepoint components of SBS to Google Apps, businesses can deploy secure cloud-based file services with full drive letter mapping and network place integration; access from PCs, MACs, and mobile devices; and integrated security and backup/recovery services.

Friday Thought: Building a Cloud File Service

For many of the companies, non-profits, school systems, and local governments we work with, the desire to use the cloud is expanding beyond email and calendar.  These organizations are looking to move some or all of their file services into the cloud as well.

Motivation:

While the initial motivation is often to improve access to and sharing of information on projects, or in general, the planning process often reveals a greater value proposition. These secondary benefits derive from giving users direct access to data, and include, but are not limited to:

  • Reduced need for SSL VPN services and/or remote access, desktop, or virtual desktop solutions, resulting in lower hardware, software, networking, and support costs.
  • Reduced need for site-to-site links, enabling organizations to replace expensive point-to-point WAN links and MPLS networks with much less costly direct Internet access links.
  • Improved access to information from tablets and smart phones.
  • Reduced backup/restore costs, as physical infrastructure and in-house administration is replaced by cloud-to-cloud data protection services.

In short, cloud file services provide better user access to information, a simpler IT infrastructure, and lower costs.

Ecosystem

Many services exist to provide cloud-based file services and organizations are best off if they  review their needs before making a selection.  Beyond methods of accessing the service, be sure to review your permissions/security requirements with the features and function of the service.

Building a file service also means having the necessary components to ensure a robust ecosystem.

  • Affordable storage purchased as used or in flexible blocks
  • Drive letter access (DLA) or Network Place access from Windows desktops
  • Drive type access from Mac desktops, if needed
  • Access from mobile devices, including smart phones and tablets
  • Ability to integrate user identity with your LDAP, Active Directory, or SSO service
  • Availability of cloud-to-cloud backup/restore services
  • Encryption of data at rest and in transit
  • Ability to set permissions in accordance with your business needs, policies, and procedures

Execution

Moving to a cloud file service starts with understanding your requirements and the impact of the change on your computing environment and your end users.  Which aspects of the ecosystem do you need/want?  How will the change effect the user experience?  How will a new file service fit in with your other cloud solutions?  With an understanding of requirements, you can better match your needs to the available solutions and map out a migration that minimizes risk and enhances the benefits of the move.

 

Tuesday Take Away: 8 Ways that Clouds Beat Blizzards

Once again, the team and I at Cumulus Global found ourselves working from our homes, pizza shops, libraries, and coffee shops.  An unusual and record-breaking October Nor’easter dumped about a foot of very heavy and wet snow on us, snapping power poles and trees like, well, twigs.  In our area of the state, most towns reported between 60% and 100% of residences and businesses without power.  Starting on Saturday evening, many will be without power until late Thursday or Friday.

Businesses tied to their physical offices, again, are learning the hard way how Cloud Computing can help keep things running when life throws the unexpected your way.

1) Message Continuity

If you run MS Exchange, Google Message Continuity not only provides you with bullet-proof spooling if your server or Internet link are down, you get Gmail’s web interface and the ability to send and receive emails.  And while most email contingency services dump all activity in your spool to your inbox (including sent message), GMC actually syncs your sent and saved messages, preserving your folders and your sanity.

2) Cloud Storage Mirror

Different than backing up for restores or recovery, synchronizing or mirroring local and network data to a cloud service gives you the ability to access and use your documents, usually through a web interface, from anywhere at anytime.  Matching the cloud service and the sync tool to your needs ensures your critical data is available even if your office is not.

3) Google Talk

With a laptop or smartphone, the Google Talk app, and an Internet connection anywhere, you can communicate with your team and your associates securely via instant messaging, voice conferencing, or video conferencing.  Don’t worry of phone lines or in-house PBXs are down, with Google Talk you can see who is available and converse at will.

4) Google Voice

Get your laptop to an Internet connection with a headset and microphone and you can send and receive calls without a fuss.

5) Hosted VoIP Phone Services

It may seem like the throw-back to the days of Centrex, but hosted VoIP (aka Hosted iPBX) services keep your phone lines working regardless of what is happening with your building.  And, you can access and use your lines, extensions, and voice mail from pretty much anyplace with either a VoIP phone, softphone software on your laptop, or your smartphone.

6) Cloud-Based Email

If you are thinking of using the cloud as a contingency service because cloud-based email is going to be available when your in-house system goes off-line, why not make the more reliable service the one you use every day?  Do you need or want to keep your in-house server when a cloud-based service will be more reliable and more available?  Ok, it’s a loaded question … but still worth some thought.

7) Cloud File Services

Just as with cloud-based email, Cloud File Services will prove more reliable and available over time, and especially during emergencies.  Granted, you may have applications, and work flow issues that make using cloud file services as your primary file service impractical.  But, you will never know if you don’t take a look. And, many of these requirements work with the right local sync technology in place.

8) Google Apps for Business / Government / Education

There, I finally said it.  Google Apps gives you the reliability and availability of the cloud-based Gmail, cloud storage you can mirror or sync, Google Talk, Google Voice integration, and a cloud file service.  Better yet, Google Apps rolls these services into an integrated, affordable package with access from most any computer and smartphone.  Some of the solutions may require third party components.  But, when disaster strikes (and disasters will strike), why not have an IT Ecosystem that is resilient to available rather than you you need to recover.

Protect Your Data in the Cloud

When IT pros plan backup and recovery solutions for in-house systems, they start with the big events, such as server failures and disk crashes.  In reality, most restores are not as a result of a catastrophic loss.  Most restores are for individual files that were accidentally overwritten, deleted, or otherwise corrupted.

How is this relevant when your files are in the cloud?

Most cloud file services provide sufficient redundancy and resilience to prevent data loss due to hardware or software failure.  These services, however, cannot protect your data from the users.  Files stored in the cloud remain susceptible to deletion and accidental overwrites.    In addition, new desktop utilities that let users work locally and sync files between desktop and cloud increase your risk of file corruption.

What to do?

You do have some protections available.

Version History:  If your cloud file service has version history features, take the time to understand how and when the service saves versions.  Some services only save documents uploaded via their web interface or client, and not when documents are updated via drive mapping or folder desktop sync applications.

Cloud File backup tools:  Consider adding a backup tool to your cloud ecosystem.  A cloud backup tool will periodically move content from your cloud file service to another location periodically or continuously.  The data is stored in a format that facilitates restores to your cloud file service, and many backup tools let you download the backup set.

If you have concerns about your cloud-based data, or have questions about backing up your data in the cloud, please contact us.