Posts

Security Trends Will Impact Small Businesses

Security, Privacy, & ComplianceSpeaking at a recent CRN-hosted security summit for midsize enterprises, Paul Furtado, Gartner’s Vice President of Midsize Enterprise Security stated, “The only thing harder than defending yourself against a cyberattack is telling your executives and your partners why you didn’t do enough to protect yourself.”  His comments reflect current security trends from our historic “Trust but Verify” security model to one that is “Never Trust; Always Verify” — also known as Zero Trust.

Expectations are changing and our tolerance for breaches is dropping.  More than 56% of successful attacks exploit known vulnerabilities with patches available for more than 90 days.  Frankly, many of us are failing at the fundamentals of IT security and this needs to change.

While smaller in size, SMBs remain prime targets of cyber attacks.  With “Ransomware as a Service” readily available, finding and attacking vulnerable small businesses is inexpensive and effective.  SMBs are more likely to have fewer security protections; SMBs are less likely to be able to recover from an attack and more likely to pay ransoms.

Here are 7 security trends that warrant our attention and action:

1 Zero Day Exploits

As the name implies, Zero-Day  Exploits take advantage of newly discovered security holes before our tools and systems can be updated to prevent an attack.

Next Gen solutions are needed to protect from attacks on devices, in the flow of email, and in web traffic.

2 Insider Threats

Insider risk refers to every account that has access into an organization’s environment such as service accounts, custom integrations, and API accounts. Insider threats, meanwhile, are the small percentage of insiders actually doing something that will cause a security incident, intentionally or not.  For example, the increased use of QR codes allows attackers to create malicious QR codes that install keyloggers and screen grabbers to steal identities and multi-factor authentication tokens.

We need Security Awareness Training to help individuals understand the risks and build safe habits.

3 Regulatory Changes

As noted, security expectations are changing.  State and federal laws are changing. Passed by the Senate this year, the Strengthening American Cybersecurity Act will require businesses to report significant cyber events within 72 hours and ransomware payments within 24 hours. These requirements lay on top of other federal regulations, multiple states’ privacy laws (CCPA, MA PII, etc.), and industry regulations (PCI-DSS, etc.).

With cyber insurance and cyber response services in place, small businesses are more likely to avoid fines, losses, and legal actions.

4 IoT

Internet of Things devices, and similar automation technologies are popular and often lack basic security features.

As IoT-based solutions move into smaller businesses, we need to secure and monitor devices and the networks on which they run.

5 Supply Chain

Bad actors know that attacks on supply chains can be more effective than attacking an intended target.

If your smaller business is in the supply chain of a larger company, expect security to become an issue.  They are likely to request — or demand – additional security measures as a condition of your business relationship.  And, be ready to demonstrate (prove) that you actually do what you claim on the security checklist.

6 Data Mining

Data mining enables attackers to not only go after your business, but your vendors and customers as well.  Imagine attackers telling your customers their private data will be released if you do not pay the ransom.  Even more common, imagine your customers receiving emails “from” (impersonating) you instructing them to send money.

We need to start protecting unregulated data in the same ways we protect regulated data.  Encryption, for example, does not prevent a breach but ensures the data cannot be used.

7 Ransomware

It would be nice to think we are past the ransomware pandemic, but we are not.  Over 80% of ransomware attacks are on small and mid-size businesses. Because attacks have moved beyond encryption to data exfiltration, attackers are likely to understand your business and set ransoms that are steep, but payable (often 1% to 1.5% of annual revenue).  Businesses hit by ransomware average more than 20 days of significant business disruption. On average, they permanently lose more than 35% of their data.

A response and recovery plan that includes business continuity ensures that you can keep your business running while you recover from and respond to an attack.

Your Next Step

Please contact us to evaluate your security footprint and needs, and discuss possible next steps, or schedule a no-obligation introductory call with one of our Cloud Advisors.

XChange of Ideas – Trends with Benefits

XChange Events

This XChange of Ideas shares trends that can boost your business’ productivity.

We recently spent three packed days at the XChange 2022 Conference. While we attend to improve our service offerings and business, many of the insights will benefit your business as well.

1 Industry Consolidation Awareness 

As with most maturing, dynamic industries, consolidation of vendors is not unusual in technology. Bringing together complimentary technologies and solutions can create synergy and economies of scale.  Currently, we are seeing something a bit different.  Companies that provide the systems we use to run our business are acquiring products and services that we offer to our customers.  By offering solutions we sell, and the solutions we use, our vendors are hoping to provide us with better integration and efficiencies.

The risk, however, is that service providers will focus, or limit, their options to match the “single vendor” efficiency. While you, as the customer, may benefit from the efficiency, these benefits will be fleeting if the solutions do not meet your needs.

We, at Cumulus Global, will continue to offer multiple solutions for nearly all of the services we offer. We commit to this strategy because efficient mediocrity serves nobody well.

2 VDI is Better than O.K.

Acceptance and use of virtual desktop infrastructure (VDI) and remote desktop services is on the rise. Beyond an interim solution, VDI services prove to offer many businesses long term value. We see several reasons for considering a move to VDI, including:

  • Support for hybrid work environments. With employees working in office and remote, a VDI environment provides a single computing environment for your entire business.  Accessing files and applications is the same, regardless of location and end user device.
  • Strategic Savings. VDI services extend the useful life of your existing laptops and desktops.  Since VDI clients are not processing data locally, the demand on processors, memory, and disk space are minimal.  Aging equipment can remain in service without impacting performance.
  • Improved Security.  VDI services run in secure, professionally run data centers. We use Microsoft Azure and Google Cloud Platform for VDI services. VDI provides private, secure networks, with multiple access options to meet your business needs.
  • Business Continuity and Resiliency. The faster you can recover from a disaster or technology failure, the better your business will survive and grow. VDI services remove most of the risks from local disasters and system failures.  As you can access your services from anywhere you are Internet-connected, and from most any end user device, teams can easily relocate and work around localized disruptions.

As disruption of technology supply chains continues, VDI allows you to upgrade your environment without investing in new desktop and laptop devices. You can move forward with your business without worrying about system availability.

To explore if VDI services can help your business, contact us about our security assessments, or schedule an intro call with one of our Cloud Advisors.

XChange of Ideas – Security

XChange EventsLooking at what we learned during three packed days at the XChange 2022 Conference, we have much to share.  The XChange conferences help IT service providers, like Cumulus Global, explore emerging trends, challenges, products, and solutions.  While we attend to improve our service offerings and business, many of the insights will benefit your business as well. This XChange of Ideas shares three emerging security trends.

1 Security is Not a Technology

Most small and midsize businesses see themselves as having security because they have some security technologies and systems in place.  Security, however, is not a technology; security is an ecosystem that spans people, processes, and systems, as well as a lifecycle of prevention, response, and recovery. As important, we need to understand that managing our security

Most businesses still lack the basic set of security protections that span the security lifecycle. A solid security foundation should include advanced threat protection, next-gen endpoint protection, DNS security, web protection, multi-factor authentication, and encryption. A solid backup/recovery is also necessary; having a business continuity solution is preferred.

With the dynamic nature of threats and cyber attacks,  many businesses are at higher risk and should be deploying advanced security services. Advanced security services may include managed security incident detection and response (MDR) services, internal application whitelisting, segmentation, and other protections that can detect, halt, and stop the spread of an attack.

2 Cyber Insurance is Not Assurance

Cyber Insurance is more than a good idea, it is a necessity for almost every business.  But cyber insurance is not assurance that you can quickly recover from a cyber attack.

  • Cyber insurance underwriters have you complete a questionnaire or audit about your cyber protections, policies, and procedures. When you submit a claim, most cyber insurers will ask you to demonstrate that the protections were in place, how they were functioning, and that you follow the policies and procedures noted in your application.  If you cannot show that you do what you promise, expect your claim to be denied.
  • Your cyber insurance underwriters may prevent you from starting your systems and data recovery. Recovery typically destroys evidence of the attack, it’s cause, and it’s method of propagation. You may be unable to restore your systems and data for days — or even weeks — while your insurer completes a forensics investigation.

Having the right protections in place, and being able to demonstrate compliance, is a clear expectation to resolve cyber insurance claims.  Having a continuity solution in place that allows you to return to operation in parallel with a forensics investigation should be considered.

3 HIPAA is Not Just For Doctors

HIPAA is the regulatory cornerstone for protecting personal health information (PHI). These regulations control how we store, transmit, and share — procedurally and technically — PHI. Compliance, however, is not just required of healthcare providers, insurers, and others direct access to patient records. Businesses serving healthcare providers — those that sign a Business Associates Agreement — face compliance requirements as well.

HIPAA enforcement is expanding beyond Covered Entities to Business Associates, as is notable on the US Department of Health and Human Services Office of Civil Rights HIPAA “Wall of Shame

If you are not sure that your security services are up to par, contact us about our security assessments, or schedule an intro call with one of our Cloud Advisors.

Resources for Small Businesses and Solopreneurs

Modern Workplace: Benefits and Challenges

The modern workplace brings together teams, information, and processes to empower our teams and enable our businesses. Powered by cloud, getting the most out of our systems requires more than simply moving from one system to another. Managing adoption, ensuring users understand how to use tools effectively, increases individual and team productivity and efficiency.

5 Benefits

Most of our businesses realize benefits when we create our modern workplace.

1 Faster and more reliable communication
The modern workplace improves our ability to communicate. Beyond fast Internet connections, the integration of voice, messaging, audio/video conferencing, file sharing, real-time collaboration, and other tools lets us work together and share information in the ways that work best for us. Secure access from virtually anywhere enables us to work where we are most productive.

2 Enhanced efficiency and productivity
The modern workplace ushers in efficiency and productivity in many ways. Automating tasks and workflows, improved access to files and information, and embedded AI help users complete work more effectively.

3 Lower costs; Higher profits
Technology-driven increases in efficiency and productivity decrease operating costs. Reduced travel, faster time to market, quicker customer response times, and faster and more effective decision-making all result from the reliability, mobility, and productivity of a modern workplace.  These benefits save time and money, and drive revenue and profits.

4 Greater transparency and interconnected operations
You can replace complex, bureaucratic processes when you match access to data and information with updated processes that take advantage of integrated, secure applications, tools, and services. Whether simple file sharing or ensuring you have one record of customer information across your systems, the modern workplace helps connect, streamline, and simplify.

5 Improved security
Modern workplaces are more secure. Integrated, layered security is embedded into the architecture of cloud services, designed and built to meet your security and data privacy needs. Beyond the traditional focus of protecting physical computers in specific locations, security for the modern workplace protects the systems, networks, applications, data, and processes. You also protect your people with identity and access management that removes the physical boundaries of security.

3 Challenges

Moving to a modern workplace, like any, change comes with challenges.

Resistance to Change
Even when they understand the objectives and benefits, some members of your team will hesitate to embrace change. Helping team members understand how the changes will benefit them individually —  how it will enable them succeed — improves buy-in and acceptance. Offering tools to help them learn and apply new features and capabilities supports their personal growth and overall adoption of new apps, tools, and processes.

Inadequate Training
Turning on a new app, tool, or process is not enough. “One and Done” sessions are not effective.  To fully benefit from your modern workplace investments, your team needs to understand your apps and tools as they use them. Individuals retain and apply learning best when they have time to use what they have learned. Adoption plans that provide training and support relevant to a person’s role and responsibility in small, manageable doses, over time are most effective.

Mismatched Technology
Technology for the sake of technology leads to disaster. Picking the best technology that is not the best fit creates problems. Start your selection process by defining your business goals and objectives. Identify the types of technologies you need and want to support your objectives. Then select the specific technologies that match your prioritized needs and wants.

Your Next Steps

Email us or complete our contact form to discuss how your modern workplace can help your business thrive and grow.

The Business Case for Teamwork Solutions

CollaborationHow our teams work, and our businesses run, continues to evolve. Teamwork — communication and collaboration — brings people together to share information, work together, and accomplish common goals and objectives. When you have a place to create and make decisions, you empower your team to achieve.

Market Dynamics

Finding secure, easy ways to connect across teams and locations is a high priority if you want to create a competitive advantage in today’s quickly changing business landscape.

83% of knowledge workers depend on technology to work together

72% of workers will work remotely, full or part time

35% of knowledge workers still collaborate on documents using email

 

Cloud Forward teamwork solutions enable you to customize your workspace, keep your team secure, and communicate more effectively.

Challenges You Face

Most businesses see the value of Cloud Forward solutions, but migrating to the cloud does not ensure results. Real value requires changing some of the ways you work, leveraging features, and enhancing individual and team productivity and effectiveness.

Communications: How can you bring teams and resources together?

  • Enable real-time communication
  • Provide secure mobile access
  • Empower teams to work remotely

Mobility: How can you enable employees to work from virtually anywhere, on any device?

  • Enhance mobility within your company
  • Reduce overhead, and save money on office space, as employees work remotely

Secure Sharing: How can you make it easier to connect with customers, co-workers, and others?

  • Secure and preserve company data when sharing information with others
  • Distinguish between the information external users can and cannot access
  • Keep track of who has what information

Solutions that Drive Success

Adopting Microsoft 365 means more than migrating emails and files. Adopting Microsoft 365 involves managing change; educating your team on ways to use the teamwork technology to:

Get more done

Teamwork technology embedded in Microsoft 365 enables productivity solutions that:

  • Streamline teamwork
    Integrate team chats, meetings, and files in one place; increase productivity
  • Enable real-time teamwork
    Make it easy for teams to work together on documents; rapidly advance ideas and innovation
  • Connect applications
    Provide the tools and services customers use every day to collaborate; connect people, information, and ideas

Work better together

Microsoft Teamwork solutions enables collaboration solutions that help you:

  • Improve security
    Strengthen your overall security posture and improve compliance and reduce your use of unsecure apps
  • Work from virtually anywhere
    Use digital tools to empower teamwork across your mobile workforce, no matter where your people work or what devices they use

Build your business

Microsoft 365 makes it easier to set up and manage users, devices, and data within a highly secure, cloud-based productivity platform.

  • Use an integrated solution
    Save time, money, and the headache of managing multiple vendors and technologies for security and team solutions
  • Reduce costs
    Microsoft technology provides a nearly 80% cost savings over similar technologies provided by third-party vendors

Partner for Success

We understand that change is challenging. We also see that the results outweigh the effort when teams embrace and adopt new capabilities and improve how they work.  Empowering your team enables success.  Through our Managed Cloud Services, we co-manage your IT services and provide on-going education and support to help your team adopt and leverage new capabilities.  We help your employees succeed at their jobs; we enable your company to achieve your desired results.

Contact us or email us to learn more. Or, schedule a complimentary Cloud Advisor Session and discuss your goals, challenges, and opportunities.

Security Drives Need for Cloud Management

Cloud ManagementIn a recently published report, one of Forrester Research’s five key cloud predictions for 2020 is that cloud management providers will tackle cloud security.  With the Capital One breach, the first major breach in a public cloud, the industry has a new focus on security public cloud services. Small and midsize businesses (SMBs) are more likely to use public cloud services over specialty providers and private clouds. As such, SMBs need to focus on cloud management.

Effective cloud management can prevent holes in your security protections and save you money.

Cloud management, as a practice, formalizes access, licensing, usage, security, and spending for your cloud services. Instead of focusing on each cloud application or service independently, Cloud Management as a practice oversees and manages the big picture.

Seven key components of Cloud Management are:

  1. Document which cloud services are needed and used based on each person’s role within the organization
  2. Based on need, determine the level of access for each person/group based on their roles and responsibilities
  3. Understand and document subscription and licensing rules for each service, to ensure you can optimize subscriptions and spend
  4. Create standardized on-boarding work flows to ensure new employees and those changing roles are
    • Provided access to only the cloud services they need
    • Are assigned appropriate access to features, functionality, and data within each system
    • Access to data is consistent across cloud services
  5. Create standardized off-boarding work flows to ensure:
    • All cloud services accounts are deactivated, preventing orphan accounts from being left open
    • Data within each cloud service is archived or transferred to other user(s), preventing data loss
    • Cloud subscriptions/licenses are modified to prevent unnecessary costs
  6. Track licensing and subscriptions to:
    • Adjust your subscriptions to match your need, as allowed by each cloud service
    • Identify and remove unused licenses
    • Understand and manage your spending
  7. Actively search for, identify, and manage use of unauthorized cloud services to:
    • Minimize or eliminate “Shadow IT” risks with respect to security, data loss, and compliance
    • Identify and move users from duplicate services to authorized services
    • Provide training on authorized apps and services, preventing the need to use other services
    • Identify cloud services needed or wanted by staff, but not yet available through and authorized app or service

By applying the basic tenants of cloud management you can reduce your security risks, optimize your services and licensing, and better manage your spend.


Cumulus Global offers Cloud Management tools and services.  Contact us for a free, no obligation Cloud Advisor session to learn more.


 

Recognition for Excellence in Managed IT Services Drives New Direction for Cumulus Global

Pioneer 250Westborough, MA, November 5, 2019 – When CRN®, a brand of The Channel Company, named Cumulus Global to its 2019 Managed Service Provider (MSP) 500 list back in February 2019 in the Pioneer 250 category, Cumulus Global accepted the recognition as a challenge. While appreciative of the inclusion on the annual list of North American solution providers with innovative approaches to managed services for the SMB market, the team at Cumulus Global recognizes that this is just the beginning.

“In February, we were recognized for our innovative shift in focus towards business outcomes,” noted Cumulus Global CEO Allen Falcon. “This early recognition validates our view that managed cloud services and emerging cloud-enabled technologies are powerful tools only when they are used to support desired business goals and objectives.”

Managed service providers are integral to the success of businesses. As a managed cloud service provider, Cumulus Global helps businesses implement and operate complex technologies while staying within budgets and keeping focus on their core business. 

“Capable MSPs enable companies to take their cloud computing to the next level, streamline spending, effectively allocate limited resources and navigate the vast field of available technologies,” said Bob Skelley, CEO of The Channel Company. “The companies on CRN’s 2019 MSP 500 list stand out for their innovative services, excellence in adapting to customers’ changing needs and demonstrated ability to help businesses get the most out of their IT investments.” 

Embracing the challenge, Cumulus Global has launched a series of new and expanded services that empower individuals and enable organizations to do more. 

“We are excited to help our clients overcome challenges, advance business objectives, and simplify IT,” stated Falcon. “By getting more value from cloud forward solutions and emerging technologies, our clients gain more value from their current systems and new solutions.”

The MSP500 list is published in the February 2019 issue of CRN and is available online at www.CRN.com/msp500

The QuickBooks Hosting Challenge

QuickbooksQuickBooks is the leading accounting package for small business. And yet, many businesses cannot run QuickBooks Online, the Software-as-a-Service (SaaS) version. Whether the online versions lack industry-specific features you need, or you have integrated third party tools/add-ons, staying with an on-premise version of QuickBooks remains the best solution for your business.

As you move to the cloud, hosting your QuickBooks Pro, Premier, or Enterprise system makes sense. You keep the version of QuickBooks you need and improve accessibility, reliability, security, and resiliency from system failures and disasters.

In general, we find two levels of common QuickBooks hosting options. Looking at these services more closely, we find these services often fail to meet basic needs without expensive upgrades.  Fortunately, we have a third option designed to deliver the business value you need and want.

Basic

Basic QuickBooks hosting services run between $27 and $30 per user per month, with you purchasing and providing the QuickBooks license key. These services start with 1 GB of storage with fees for added storage that add-up quickly. Adding storage you need for reports, exports, etc., can easily increase the cost to the $75-$90 per user per month range. More importantly, your instance of QuickBooks is running on shared servers and on a shared network. As such, you have greater risk for performance issues, security breaches, and outages. In this type of multi-tenant environment, the actions of other can impact your business. These services offer backup, usually once per day with a fixed retention period of 7, 14, 30, or 90 days, depending on the service.

Better

The better QuickBooks hosting services cost between $49 and $60 per user per month, with you purchasing and providing the QuickBooks license key.  These services also start with 1 GB of storage with fees that add up when you need more space. Typical fees quickly creep up to the $95 to $120 per user per month range.  The main difference is that these services generally run your version of QuickBooks on a dedicated server, but still run on a shared network. While this does reduce the chance of interference from other tenants, this model still has your service running in the same security envelope as other companies. You still have a risk. Like the basic services, you have a once per day backup with a fixed retention period that varies with each service provider.

Best

The best solution for hosting QuickBooks will use your license of QuickBooks in the following environment:

  • Dedicated server
  • Private network
  • A usable amount of storage included (100 GB or more)
  • Flexible backup schedules and retention plans
  • Easy access from desktops, laptops, tablets, and smartphones
  • Access to Excel (MS Office) in the hosted environment

We this type of setup, you are more secure, will have better performance, and greater reliability.

The good news is that we can build you this type of environment at a cost comparable to other services, and we can integrate your QuickBooks environment with your Office 365 or G Suite service.


If you are interested in learning more about QuickBooks hosting options, please contact us for a free Cloud Advisor session.


 

Pumpkin Spice Cloud Solutions

Pumpkin Spice Brake PadsIt doesn’t just happen. It seems to become a bigger and bigger thing over time. More feel like they are missing out. More try to join in. Many see an opportunity and try to ride the perceived popularity. And many get turned off because of personal taste or even just to buck the trend.

Such is the tangential arc of fads and trends. And, unfortunately, such is the way many small and midsize businesses approach the cloud. 

There is little doubt that Cloud Computing is a trend that is quickly evolving into a “real thing” with staying power. Many “experts” insist it is the “thing to do”. And while we do not disagree with these experts — we do believe that cloud is the best strategic and tactical direction for most (not all!) businesses — approaching cloud as a trend in which we need to participate is the wrong approach. SMBs that get caught up in the “trend” will miss the long term opportunities and will do more harm than good.

Small and Midsize Businesses are Different!

Much of the hype around “Digital Transformation”, machine learning, augmented reality, and artificial intelligence focuses on the enterprise. Yes, these capabilities will make it to SMBs and cloud will help accelerate the availability and adoption. SMBs, however, do not generally have the resources to run DevOps teams and rebuild or build custom applications.  SMBs rely much more heavily on SaaS and packaged solutions.

For SMBs the challenge is to pick the application or system that fills the need, and integrate that application or system into the overall ecosystem. Microsoft, Google, Salesforce.com, and others are creating ecosystems that foster integration within the ecosystem, but offer less support for solutions outside the multi-vendor boundaries they create.

A Cloud Forward Approach

Given this reality, a forward-looking approach is critical to your cloud success.  Your IT should clearly help you achieve your business goals and objectives. Your goals and objectives are forward looking, so too should be your IT and cloud decisions. For many SMBs, the first major decision is which cloud, and the initial focus is on productivity.  Do you go Office 365 and build your ecosystem around Microsoft 365 and Azure?  Do you deploy G Suite and look to deploy apps and systems Google Cloud Platform? Are you using Salesforce.com and will you limit yourself to solutions on the force.com platform? Are you looking at services or solutions that run on Amazon Web Services, and if so, how do those fit in?

Cloud Forward starts by asking the question “Which Cloud?”.  To answer, we map business goals and objectives into technology-driven objectives that, in turn, guide your decisions. Knowing that “cloud” is not simply “what we have running someplace else”, we actively assess other factors that should guide your decision — the structure of your information, your company structure, the culture your have or want, your existing applications and systems, industry-specific solutions, mobile and remote work, and more. We look ask uses about their preferences and what tools they feel make them most productive. And, we look at the near-term and long-term integration required to create a holistic solution.

Without a comprehensive assessment and understanding, your cloud solution will behave like a fad — a trend that fades.  By looking Cloud Forward, you can avoid the hype and fluff. You will focus on substance and will realize tangible results.


Contact us for more information or a complementary Cloud Advisor Session. For a customized Which Cloud Analysis and Recommendation, please complete our Which Cloud Survey. We are waiving the $895 fee through the end of 2017.