Posts

Cloud Computing Trends and Small Business

/in ,

Earlier this month, CRN published a story covering Flexera’s 2023 State of the Cloud Report.  Flexera provides software and systems to manage enterprise private and public clouds.  The report on cloud computing trends originates with an annual survey of 750 technology leaders across sectors, geographies, and size of the business.  While the report classifies small and midsize businesses as those with under 1,000 employees, we still find the results interesting and relevant.

As small businesses, our concerns are spending, security, compliance, and managing cloud services. The cloud model hits our income statements and balance sheets differently than historical IT services. The need to protect our businesses, and our customers, has never been greater. And, we find it difficult to understand if we are spending efficiently and effectively.

We take a look at the top 3 cloud challenges, discuss managing clouds, and explore cloud waste.  Understanding these issues, you will better understand how to create better cloud solutions. You will also be better able to set expectations from those providing cloud solutions and related services.

Top 3 Cloud Challenges

For 2023, SMB respondents identify the top three cloud challenges as:

  • Managing Cloud Spend (80%),
  • Security (73%), and
  • Compliance (71%).

These concerns make sense. The spending model for cloud services, based on subscriptions or usage, is an operating expense.  Most smaller companies are used to making capital expenditures and paying for service contracts and managed services.  Additionally, many of the IT firms working with small businesses will replicate on-premise networks and servers in a public cloud service. They may lack the expertise and tools to actively manage costs.

Concerns about security and compliance reflect the increasing need and demands of protecting sensitive business and personal information.  We face the same increased regulations and expanding industry standards as larger enterprises. But we do not have the in-house resources or the same access to experts. We place our trust on local or regional IT service firms.

Managing Clouds

Following closely behind the top 3 cloud challenges, governance (67%) and subscription management (61%) indicate that small businesses are not sure how to best manage their cloud services.  As the cloud matures, the number of options expand.  To make simple decisions, such as whether to subscribe monthly or make an annual commitment at a lower per unit price, we need to understand the operating cost models.  We need standard operating procedures, such as on/off-boarding and access controls, in place.

Cloud is still new. We need our IT service firms and managed service providers to guide, if not lead, our cloud management efforts. Co-management is a viable strategy, provided it includes policies and procedures as well as products and services.

Cloud Waste

On average, the survey results show that businesses spent 18% more than budgeted on public cloud services last year.  The greatest contributor to the overspend appears to be Cloud Waste.

Cloud waste is spending on cloud services that go unutilized or are under-utilized.  Reducing cloud waste can be as simple as

  • Shutting down unused resources after hours
  • Selecting lower cost regions / data centers
  • Periodically right-sizing systems and resources

Policies that scale resources in real-time based on usage will increase efficiency, but require expertise and planning during the solution design process, monitoring, and refinement over time.

Pick a Provider

Traditional managed service providers, or MSPs, are experts in buying, monitoring, and managing things. They focus on network components, servers, systems software, and end user devices.  To get the most value from our cloud services, we need partners that understand service and cost management.

Managed cloud service providers, or MCSPs, understand how the “as-a-Service” model is different. Security, compliance, and cost management only work when they are built into the requirements, design, and management of your cloud services.

Before picking your cloud provider, ask about their management and co-management models. Understand if they actively work to monitor and manage security, compliance, and costs. Ask them to explain how.

Call To Action

Get a copy of our recent eBook, Cloud Strategies for Small and Midsize Businesses. In this eBook, we: set the stage by looking at how small and midsize businesses acquire and use technology and IT services; explore the challenges we face moving into the cloud; and map out four strategies for enhancing your use and expansion of cloud services.

To discuss how your business can better utilize a broader range of cloud services, please contact us or schedule time with one of our Cloud Advisors at your convenience.

About the Author

Allen Falcon is the co-founder and CEO of Cumulus Global.  Allen co-founded Cumulus Global in 2006 to offer small businesses enterprise-grade email security and compliance using emerging cloud solutions. He has led the company’s growth into a managed cloud service provider with over 1,000 customers throughout North America. Starting his first business at age 12, Allen is a serial entrepreneur. He has launched strategic IT consulting, software, and service companies. An advocate for small and midsize businesses, Allen served on the board of the former Smaller Business Association of New England, local economic development committees, and industry advisory boards.

Hybrid Business Strategy: Examples, Considerations, and Recommendations

/in

Hybrid Workplace

The Business Side of Hybrid Workplace Strategy

The business side of hybrid workplace strategy is forefront as we make plans for the future. In a survey recently published by Gartner, CEOs were asked to identify the top enduring changes resulting from the pandemic. 45% of CEOs stated that hybrid and remote work was the most significant long-term impact. This equals all other noted enduring changes, combined. Nearly every business will have some degree of remote and hybrid working arrangements, as we experience a change in employee expectations and broader cultural shifts.

In past posts, we have looked at the technology and related managed cloud services needed to properly support remote and hybrid workplaces. The business administration issues related to hybrid and remote work are more complex than the technology solutions.

Four Hybrid Workplace Business Considerations

We’ve broken down what you should think about when it comes to hybrid workplace strategy into four key points. Each of these aspects of a hybrid workplace contains examples of how a hybrid business strategy might be implemented. See how these four considerations can help you strike the right balance and create a hybrid workplace that prioritizes people.

1. Working Environment

As we have noted before, as employers we are responsible for providing staff with a safe and healthy work environment.  If employees are working remotely, or from home, on a regular basis (an expectation for the job), their work environment must be managed appropriately through a hybrid work strategy.  We are responsible to ensure appropriate lighting, noise, desk space, seating, and ergonomic accommodations, as well as productivity tools, and cloud collaboration services.

2. Payroll, Benefits, and Compliance

With employees working at home, you are more likely to be paying employees who both live and work out of state (or in another tax jurisdiction). In addition to accurately representing their work location for payroll, you will need to provide benefits in each state and comply with each state’s employment laws.  Minimum wage, sick time, and paid leave are a few of the regulations that differ between states, and need to be considered in a hybrid business strategy.  Healthcare plans and providers will also differ, as do contributions to state unemployment insurance programs.  Additionally, you will need workers’ compensation insurance coverage for each state in which employees work.

3. Insurance

Beyond workers’ compensation, you may need to update your general liability coverages to address employees working from home.  Your insurer may see additional risk and/or the need to document work locations to ensure your business is properly covered.  Most policies require that you list any company-owned or leased work spaces, including co-working spaces.

4. Taxes

Lastly, when it comes to a hybrid workplace strategy, having employees work in your state while living in another is not uncommon. States have reciprocity agreements that dictate how these employees need to file their personal tax returns.  When you have remote employees working in other states, the rules are not yet as clear. Some states expect you to withhold taxes based on your employees’ locations, as this is their workplace.

Even more impactful, some states see an employee’s work location as creating nexus, and will require you to file business tax returns in that state.

Recommendations on a Hybrid Workplace Strategy

We strongly recommend that you proactively address the business side of hybrid work.  Speak with your HR, tax, and legal advisors as you navigate and design your hybrid strategy and remote work plans.

  • Consider using a Professional Employment Organization, or PEO, to manage payroll, benefits, HR policies, unemployment insurance, and workers’ compensation insurance.  In addition to operating across state lines, PEOs provide you with a unified approach to human resource services. They can assist with recruiting, onboarding, offboarding, and regulatory needs such as driver safety, OSHA compliance, and testing for banned substances. PEOs als0 assume liability for compliance errors.
  • Be prepared to provide employees working from home with the workspace and accommodations they need to be healthy, safe, and productive. Beyond IT, we can assist with home office workstations, desks, stands, lighting, and more.
  • Communicate with your insurance provider to ensure your coverages are appropriate and correct.
  • Consult your tax and legal advisors to ensure you understand when, and where, you have nexus with respect to corporate registrations and taxes.

If you’d like to chat more about hybrid business strategy, be sure to get in touch!

4 Pillars of Cloud Security: The Most Important Strategies to Know

/in

Learn about the four pillars of cloud security that can help you reduce risk, increase agility, and run more efficiently: (C/I/A), external threat protection, data loss protection, and compliance.

While Cyber Security month comes and goes, the four pillars of cloud security remain integral to long term business success.  In what seems like a never-ending process, we continue to face new and advancing cyber security threats to the integrity of our data, identities, and businesses.  For those of use with small and midsize businesses, we need to ensure our systems and information are secure. At the same time, we want to keep our IT systems simple and manage our budgets.

Four Strategies for Cloud Security

To strike the right balance, we need to assess our current security foundation, identify gaps, and fill in services where needed. Doing so creates a security foundation that covers your basic needs.  From there, with the four pillars of cloud security in place, you can add services and build the security footprint you need to meet industry expectations and regulatory requirements.

A sound cloud security foundation is built on four pillars of cloud security.

1. Basic C/I/A

Ensure the confidentiality, integrity, and availability (C/I/A) of information you create, receive, maintain, or transmit.

This first pillar of cloud security establishes your basic security infrastructure that protects against attacks and prevents breaches across your IT systems.  It also creates your ability to respond to issues and recover, key to ensuring business continuity and resilience.

2. External Threat Protection

Identify and protect against reasonably anticipated threats.

This pillar of cloud security focuses on the attacks and threats from outside your business. From phishing, ransomware, and business email compromise, to DNS and advanced persistent threats, the focus is on protecting your data, applications, systems,  and people from harm.

3. Data Loss Protection

Identify and protect against reasonably anticipated uses and disclosures.

Data breaches and data loss result from configuration issues, application errors, and individual actions. Permission errors, inappropriate sharing, and other actions are often accidental, resulting from a lack of understanding of policies and/or how systems work. They can, however, result from intentional acts of misconduct. Proper data protection and security solutions will help protect against these internal risks and threats.

4. Compliance

Ensure workforce and business compliance.

Nearly all businesses must meet basic legal requirements to protect sensitive information. Most businesses must also adhere to industry and additional legal requirements.  This cornerstone encompasses the policies and procedures that ensure your team, and your business meet your compliance requirements. IT also includes the tools and methods to enforce policies and report on compliance.

Tactics for Implementing the Four Pillars of Cloud Security

To ensure your cornerstones are set and your cloud security foundation is place, conduct a security footprint assessment.  For each pillar of cloud security, identity the services you have in place and those that may be needed. The assessment should cover the “CPRs” of security:

  • Communication/Education
  • Protect / Prevent
  • Respond / Recover

For more information, send us an email or complete our contact form.

Google Vault: What It Is Why You Should Consider It

/in

Google VaultWhat Is Google Vault?

Google Vault is a cloud-based information governance, compliant archive, and eDiscovery tool that allows organizations to manage, retain, search, and export their data across various Google services. Historically, Vault is an add-on for G Suite Basic and is included with G Suite Business and Enterprise. It provides a secure and centralized platform to manage all your organization’s data, including email, chat messages, and Google Drive files.

As Google transitions to the new Google Workspace, Google includes Vault in Google all Workspace Enterprise subscriptions and Google Workspace Business Plus.  Vault is not available as an add-on for the Google Workspace Business Starter and  Standard subscriptions at this time.

Overall, Google Vault provides a powerful and efficient way to manage and protect your organization’s data, giving you greater control over your information and helping you stay compliant with industry regulations.

To decide if you need, or want, Vault, you need to understand the What, How, and Why below.

What Google Vault Does

Vault is a compliant archive/e-discovery service for Google Workspace.  The service captures all email, documents, and chats, even if they have been deleted by the user.  As such, Vault meets federal and state regulations for legal discovery.  Vault features include:

  • Archive:
    • Inbound, outbound, and internal email messages
    • Documents
    • Internal and external chat messages
  • “Matters”:
    • Search and gather all relevant materials
    • Save searches and results
  • Legal Holds:
    • Retain relevant data regardless of retention period
    • Prevent removal of data until a “Matter” is resolved
  • Audit Trails:
    • Capture activities
    • Document searches and exports
  • Reports:
    • Export data related to a “Matter” for delivery
    • Documentation that validates data integrity

How Vault differs from Backup

While Vault and backup systems both preserve and protect data, they serve very different purposes and functions.

Vault is intended to keep, find, export, and deliver data in a way that complies with Federal and State laws for legal discovery.

Backup systems are designed to preserve and restore information that has been lost or damaged.

In Vault, you can retrieve individual items and small batches of data. Doing so, however, does not restore the data to its prior location. Nor does Vault preserve meta data, such as date last modified and permissions.

Backup solutions and systems cannot guarantee that you have preserved all of your data.  Most backups are configured to remove deleted items from backup files after set periods of time.  Backup systems also prune data into weekly and monthly snapshots, resulting in a potential loss of versions.

Why You May Need or Want Google Vault

The driving factor for most businesses and organizations is regulatory compliance.  A range of laws and industry regulations require businesses to maintain records, including but not limited to:

  • Sarbanes/Oxley
  • Freedom of Information / Public Records
  • SEC-17
  • FINRA
  • PCI-DSS
  • HIPAA

If you are not subject to these regulations, you may want Vault in order to maintain data for:

  • Policy enforcement
  • Contact and legal negotiations
  • Personnel matters
  • Quality control

We recommend that your Google Workspace (G Suite) subscription is protected  by a backup/recovery solution.  You may not need or want Vault.  If you do not have a regulatory need, assess the value proposition of the added business protection and cost.

FAQs

Is Google Vault Free?

You can add Vault from your Google Admin console if you purchased Google Workspace online and your edition supports add-on licenses. You’ll begin with a free 30-day trial. Vault is also included at no extra cost with Google Workspace Business and Enterprise editions.

How do I access Google Vault?

Sign in to your Google Workspace account at https://vault.google.com. If you are unable to sign in to Vault, contact your Google Workspace administrator and request that Vault be enabled for you.

Learn more about Cumulus Global’s data protection and security solutions, contact us with any questions, or schedule a complimentary Cloud Advisor appointment.

Zoom Privacy Policy is a Risk

/in

Updated 4/05/20

Updates:

  • 4/05/20: Zoom posted an updated Privacy Policy, back dated to 3/29/2020.  This policy clarifies Zoom’s actions and intents and changes some terms and conditions, indicating that Zoom is now doing the right thing with your personal data.  Zoom has also expanded users’ ability to use passwords and waiting rooms to control meeting access.  We still recommend reviewing the policy and using the “do not sell” process.  We also recommend using conferencing systems within your productivity suite, Office 365 or G Suite, as these are secure and integrate with your email, calendar, and file services.
  • 4/01/20: MIT Tech Review summarizes the security issues with Zoom, including information about a Class Action Lawsuit.
  • 3/31/20: Vice.com reports that Zoom is leaking personal emails and photos to strangers.
  • 3/31/20: The Intercept reports that Zoom is not using End to End Encryption as claimed in their marketing materials and user interface. 
  • 3/31/20: New York Times reports that Zoom, the videoconferencing app whose traffic has surged, is under scrutiny by the New York attorney general’s office for its data privacy and security practices.
  • 3/30/20: FBI Warns of Teleconferencing and Online Classroom Hijacking During COVID-19 Pandemic

On March 18, 2020, the Zoom.us posted changes to its privacy policy that impact all users, even those without accounts attending meetings as guests.  This change follows a dramatic increase in Zoom users (and stock price), as Zoom has been offering its services for free to many businesses and schools.

Under this version of the Zoom’s privacy policy, Zoom is collecting more information, in our assessment, than is necessary to provide users with the service. Zoom also acknowledges providing this information to third parties. The information Zoom is collecting includes, but is not limited to:

  • Name, physical address, and other similar personally identifying information
  • Information about your job, such as your title and employer
  • Your Facebook profile information (when you use Facebook to log-in to Zoom or to create a Zoom)
  • General information about your product and service preferences (including software installed and/or in use on your computer)
  • Information about your device

Per Zoom’s policy, downloading and using the Zoom app provides Zoom with consent to share any personal information they collect with third parties.

In reference to the use of third party services, the policy states

“We use these tools to help us improve your advertising experience (such as serving advertisements on our behalf across the Internet, serving personalized ads on our website, and providing analytics services).”

In other words, Zoom may use the personal information of any person using their services to market to that person across their use of the Internet.

Additionally, we do not see any effort by Zoom to determine the age of individuals using the service, so they are likely collecting and using the personal information of children.

Vice.com is reporting that Zoom’s iOS app sends data to Facebook even if you do not have a Facebook account.

Impact

Our current assessment of the impact is as follows:

  • Data collection is based on the way each meeting participant enters the meeting.  Even if the organizer is on a paid and secure business or education edition, meeting attendees using the free client or entering as a guest are subject to dating mining and sharing.
  • For businesses and schools, some of the data Zoom collects and shares is prohibited under the Children’s Online Privacy Protection Act (COPPA).
  • For schools and libraries, not using the K12 version of Zoom for faculty and students may result in violations of the Children’s Internet Protection Act (CIPA)
  • Zoom does provide a means for users to instruct Zoom to “Do not Sell” their personal information. This help with California Consumer Privacy Act (“CCPA”) and  EU’s General Data Protection Regulation (“GDPR”) compliance.  It may not be practical to advise all meeting attendees of this option.

In short, Zoom’s privacy policy may conflict with your business’ privacy policy and how you manage and respect your customers and their data. The policy may also create regulatory and legal issues.

Recommendations

If you organization uses G Suite or Microsoft Office 365, you already have the ability to securely conduct audio and video conferencing with services that do not mine and share attendee data.

  • G Suite
    • Hangouts Meet (the new service) is secure and HIPAA compliant.  Individuals outside your organization can join via shared URL, without providing personal information. Through June 2020, Google has enabled all G Suite users to conduct meetings with up to 250 participants and provided organizers with the ability to record meetings. Participants can mute their own audio/video and can present to the meeting. Meeting include dial-in numbers and pins to allow access from phones.
    • Participants can join via web browser or use the free iOS and Adroid Apps.
    • Traditional Hangouts and Chat, while not HIPAA compliant, are still secure and work within organizations and with guests.
  • Office 365
    • Teams (and formerly Skype for Business) is a secure video/audio conferencing service with screen sharing, waiting rooms, and other helpful features.  As with all of Office 365, Teams can be deployed to meet HIPAA compliance. Teams does not collect and share personal information.
    • Teams, by default is device-to-device conferencing.  You can add the ability for individuals to connect by phone for a small monthly fee for each meeting organizer that needs this function.
    • Participants can join via web browser, or use the free apps for Windows, Mac, iOS, and Android.

Before adding another service or tool for audio/video conferencing, take full advantage of the services you have. Contact us if you need help with user training and support.

If you are not using G Suite or Office 365, several communications and conferencing services are offering secure, free access for up to 90 days.  These include, but are not limited to, Dialpad, UberConference, Ring Central, and Cisco WebEx. Please contact us for help selecting and deploying the right service for you and your teams.

 

Customer Notice Update: Email Advanced Threat Protection

/in , ,

Data ProtectionGiven the demand and need to improve your protection from the devastating impact of ransomware, crypto attacks, and other forms of cyber attacks we are extending the Advanced Threat Protection Priority Opt-in discount period through March, 2020. We understand that adding a service, even a critical service, impacts your budget and costs. Our Priority Opt-In discounts, and other measures (see below), intend to minimize the impact.

Email Advanced Threat Protection (ATP) and Multi-factor authentication (MFA) are necessary, baseline services for protecting your business

Beginning April 1, 2020, we require Advanced Threat Protection for all of our customers’ email service, unless you specifically opt out. Opting out is appropriate if you already have an advanced threat protection service in place.

If you opt out, the cost of our data recovery efforts will not be covered under our unlimited support plans (See our Support Services SLA). When we add ATP to your service, we will discuss with you when we can add MFA.

We will mitigate the cost.

We are sensitive to your budget.

  • ATP requires a technical setup and typically incurs a setup fee along with the monthly or annual subscription.
  • We are discounting both the setup and subscription fees for all customers. For customers requesting Priority Opt-In, we will waive the ATP related setup fees completely.
  • MFA implementation is covered by our support plans as an administrative change.  If you do not have on of our support plans, we will provide an affordable, discounted quote for the project.
  • For customers without an unlimited support plan and/or those that choose to Opt-Out, we will discount our hourly fees for recovery work.

For more information on specific discounts and pricing, and to let us know if you want to Opt-In, to have Priority Opt-In, or to Opt-Out, please visit this web page and complete the form.

We realize that this is a significant change for most of our customers.  We also understand the importance of these protections.  Please contact us with questions or concerns

Thank you for being part of our community,
Allen Falcon
CEO & Pragmatic Evangelist

The Cost of Downtime Explained in 7 Ways

/in

A recent survey found that 40% of small and midsize businesses (SMBs) experiences 8 or more hours of downtime due to a severe security breach within the past year. According to the National Cyber Security Alliance, 60% of SMBs who experience a significant data breach go out of business within six months. The highest cost of an unplanned outage is more than $17,000 per minute. The average cost per minute of an unplanned outage is nearly $9,000 per incident. These statistics are sobering. For many SMBs, however, the risks still feel foreign and not something that warrants action. To protect your business requires some knowledge and good advice, intent, action, small investments.

It is easier to rely on myths such as, “We are not a target for cyber attackers”, “We can run on pen and paper until we recover”, and “Our customers will understand” than it is to assess your risks and take action. Nevertheless, the risks are real and the number of SMBs hurt by downtime continues to rise.

The cost of downtime can vary depending on the size of the organization, the industry, and the nature of the downtime. Downtime can be caused by various factors such as power outages, network failures, software issues, or hardware failures. In today’s world, it’s essential to streamline security if you’re a SMB, and understand the consequences downtime can have on your business.

Here are seven ways downtime can damage your business:

1. Monetary Cost

Downtime leads to lost sales and lost productivity impacting top-line revenue and your bottom line. These costs hit your pocket in addition to the cost of recovery and returning to normal operations. If you need to calculate the average cost of downtime, our specialists can help.

2. Customer Trust

When you are unable to serve your customers, they lose faith in your business. While downtime for natural disasters is understandable, today’s customers have little tolerance for disruptions due to cyber attacks and breaches. Lost trust means lost customers.

3. Brand Damage

Your brand identity and reputation drives customer loyalty and growth. Service disruptions from technology failures or breaches sends a message that your business may be poorly managed and is unreliable. These messages lead to loss of goodwill and create negative impressions of your business in the minds of your customers.

4. Employee Morale 

Disasters due to data loss or breaches means employees need to perform double duties. Employees spend time on recovery while working to keep the business operational. It often requires additional work hours. Recovery can be stressful and demoralizing.

5. Business Value 

Businesses that suffer data breaches and service disruptions are perceived as poorly managed. With the potential financial liability, public companies can see stock prices fall. All companies can suffer a loss of business value.

6. Legal Action

Downtime creates the risk of legal action. This is particularly true for downtime that is perceived as preventable. System failures, data loss, security breaches, and other incidents can put your business in breach of contract. You may also be in violation of state and federal regulations, making proper data protection and security vital.

7. Compliance Fines & Penalties 

As information privacy and security regulations expand, data loss and breaches create the real potential for fines and penalties related to regulatory compliance, privacy, and data retention requirements.

These risks carry the potential for lasting damage. Whether by increased financial burdens or winning back customers, the impact of downtime extends well beyond getting yourself up and running again.

Is your business worth protecting?

Protecting your business will not break the bank. We offer practical, affordable cloud infrastructure solutions that help you and your team understand the risks, prevent problems from happening, and continue operating in the event something bad does happen.

If your business is worth protecting, contact us for a complimentary Cloud Advisor session to discuss how we can improve your business’ resiliency.

 

Customer Notice: Email Advanced Threat Protection

/in ,

Data Protection

(Updated January 20, 2020)

We continue to witness the devastating impact of ransomware, crypto attacks, and other forms of cyber attacks on our customers.  The recovery cost and frequency of attacks are increasing at alarming rates. The average cost for a small or midsize business (SMB) to fully recovery from a cyber attack has increased to between $145,000 and $180,000. This includes loss of direct business, remediation costs, damage to reputation, and employee downtime.  At the same time, the number of ransomware attacks so far in 2019 has doubled when compared with the same period in 2018.

As a managed cloud service provider, you have heard from us that you “should” have more protections in place. Our position is changing: these protections are a “must”.

Multi-factor authentication (MFA) and email Advanced Threat Protection (ATP) are necessary, baseline services for protecting your business. 

Beginning April 1, 2020, we will require and will begin adding Advanced Threat Protection to all of our customers’ email service unless you specifically opt out. If you opt out, the cost of our data recovery efforts will not be covered under our unlimited support plans (See our Support Services SLA). When we add ATP to your service, we will discuss with you when we can add MFA.

We will mitigate the cost.

We are sensitive to your budget.

  • ATP requires a technical setup and typically incurs a setup fee along with the monthly or annual subscription.  We are discounting both the setup and subscription fees for all customers. For customers requesting Priority Opt-In, we will waive the ATP related setup fees completely.
  • MFA implementation is covered by our support plans as an administrative change.  If you do not have on of our support plans, we will provide an affordable, discounted quote for the project.
  • For customers without an unlimited support plan and/or those that choose to Opt-Out, we will discount our hourly fees for recovery work.

For more information on specific discounts and pricing, and to let us know if you want to Opt-In, to have Priority Opt-In, or to Opt-Out, please visit this web page and complete the form.

We realize that this is a significant change for most of our customers.  We also understand the importance of these protections.  Please contact us with questions or concerns

Thank you for being part of our community,
Allen Falcon
CEO & Pragmatic Evangelist

G Suite Security: Advanced Security for Modern Threats

/in

G Suite Security In multiple blog posts over the past 2+ years, we have covered the changing and growing nature of threats to your organization, systems, and people. G Suite security offers advanced measures to protect user data, including encryption, 2-step verification, phishing protection, and admin controls.  For us the answer is CPR

Communicate and Educate;

Prevent & Protect;

Recover & Review. 

Once you have these basics in place, the challenge becomes keeping up with the times.  As the nature of threats change, the protective capabilities of our key systems should evolve as well. This includes thinking about managed cloud services, which are being driven by modern security needs.

For those of us running G Suite, we may understand that Google has expanded the security footprint and capabilities, but have we altered our configuration to properly protect ourselves?

G Suite Security Best Practices

The first step in assessing your data protections and security is to understand the risks.

  • 91% of attacks start with a phishing email
  • 66% of malware was installed via malicious emails or attachments
  • 90% of all reported breaches caused by employee negligence, extortion, and external threats

These statistics, while not unfamiliar, point to the change in risk from physical devices to data and human interactions.

As people can be your greatest risk, the best protections compensate for human behavior.

Versions of G Suite Security to Protect Your Business

Step two is mapping your security needs to the right version of G Suite. Each version adds additional protections, allowing you to move up to the version that best meets your needs and priorities. Understand what each version offers and map them back to your regulatory and business requirements.

G Suite Basic Security Features

  • Encryption in transit and at rest, including policy-based TLS enforcement
  • 2-Step Verification via prompt, SMS, Security Key, or Authenticator app
  • Single Sign-on (SAML 2.0)
  • OAuth 2.0 and OpenID Connect
  • Restrict emails to authorized recipients
  • Drive audit logs

G Suite Business Security Features

  • Vault for compliant archiving and e-discovery for Gmail, Drive, and Hangouts Chat
  • Team Drives for centralized access controls and permissions management
  • Domain white-listing for Drive with alerts
  • Basic Information Rights Management (IRM) to manage scope of sharing by Organizational Units

G Suite Enterprise Security Features

  • G Suite Security Center with a unified security dashboard
  • Advanced Data Loss Prevention for Gmail and Drive files
  • Email content compliance and objectional content filters, with OCR
  • Security key enforcement
  • User S/MIME Certificates for Gmail encryption
  • App white-listing to control 3rd party data access
  • Sandboxing (pre-delivery deep scanning) or email attachments

Moving to the right version of G Suite security has never been easier

While no one product or service will meet all of your security, privacy, and data management needs, moving to the right version of G Suite improves your security footprint and can mitigate the need for 3rd party solutions. To help you move, we are partnering with Google to offer pricing incentives.

Your next step is to contact us to schedule a complimentary Cloud Advisory Session to assess your needs, priorities, and options.

FAQs

How secure is G Suite?

G Suite is a highly secure platform that offers a range of advanced security measures to protect user data. It uses encryption to protect data in transit and at rest, and offers features such as 2-step verification, phishing protection, and admin controls. Google also undergoes regular security audits and certifications, and has a dedicated team of experts to monitor and respond to any security threats. While no system can be 100% foolproof, G Suite’s security measures are among the most advanced and robust in the industry, making it a trusted choice for businesses of all sizes.

How do I make my G Suite more secure?

There are several steps you can take to make your G Suite more secure:

  1. Enable 2-step verification: This adds an extra layer of security by requiring a second form of authentication, such as a code sent to your phone, when signing in.
  2. Use strong passwords: Use unique and complex passwords for each account and change them regularly.
  3. Enable mobile device management: This allows you to monitor and manage access to G Suite on mobile devices.
  4. Enable security key enforcement: This adds another layer of protection to your account by requiring a physical security key to access it.
  5. Use data loss prevention (DLP) rules: DLP rules can help prevent sensitive data from being shared outside of your organization.
  6. Regularly review your security settings: Make sure your settings are up-to-date and in line with best practices.
  7. Educate your users: Train your employees on security best practices and provide them with regular updates and reminders to help keep your organization safe.

Is G Suite more secure than Gmail?

G Suite and Gmail both offer advanced security measures to protect user data, but G Suite is generally considered to be more secure than Gmail. This is because G Suite is designed for business use and offers additional security features such as mobile device management, data loss prevention, and advanced administrator controls. Additionally, G Suite undergoes regular security audits and certifications to ensure the highest levels of security. While Gmail also offers strong security measures, it is primarily a personal email service and may not provide the same level of security features required for business use.

 

 

 

Partnering for G Suite Productivity

/in ,

Partner for ProductivityG Suite is more than an email, calendar, and simple file sharing service.  G Suite is a productivity suite that serves as a platform for a range of tools that helps your team, and your business, work more effectively.

9 ways your team can be more productive with G Suite:

  1. Share Files, Not Copies:
    Stop sending attachments. Stop wasting time figuring out of the copy of the file in you inbox, on your local drive, or on a shared folder is the most current. Whether you use Google Docs for creating documents, spreadsheets, and presentations or you continuing using Microsoft Office, Google Drive and Team Drives serves your files rather than just sharing them.  People share via link, so all comments, suggestions, and edits are made within a single copy of the file. Versioning keeps this orderly and gives you the ability to look back and compare.
  2. Serve Files, Not File Servers:
    Use Team Drives and Drive File Stream to provide users with “explorer” access to files from Macs, PCs, and local software. Store files under central ownership and managed permissions; avoid performance and capacity problems with unlimited storage. Allow team members to work remotely and securely on computers, tablets, and mobile devices without VPNs and remote desktop services slowing things down.
  3. Communicate, Don’t Just Text:
    Most laptops now have microphones, speakers, and Bluetooth features similar to your smartphones and tablets. Have face to face conversations using Hangouts Meet instead of long email threads, phone tag, or text messaging. Communication is 55% non-verbal. Let you employees see and hear each other, your vendors, and your customers. You can share screens to live document reviews and discussions. Why pay extra for a conferencing service?
  4. Collaboration, Don’t Just Comment:
    True, Google Docs allow contributors to comment and suggest edits. You can also collaborate in real-time or as each participant is able. Version history lets you look back at who contributed, when, and where. You can name versions to track official revisions or specific working copies of documents.
  5. Schedule Productivity, Not Just Appointments:
    Your personal and shared calendars track your time as well as project or team activities. Resource calendars let you book rooms or any scheduled resource. Integrated with Hangout Meets, automatically include voice and video conferencing for the human touch. Integrated with Chrome for Meetings and you have 1-click video conferencing with screen sharing in your conference rooms.
  6. Manage Customer Relationships, Not Data:
    Integrated CRM applications, automatically pull person and company data into your CRM records and automatically track inbound and outbound emails with your prospects. Side panel gives you “pane of glass” access and context from within your Gmail inbox.
  7. Manage Communications, Not Data:
    Integrated sales and marketing tools, empower you team to better manage marketing, sales, and service communications without leaving your Gmail inbox.  Templates, mail merge, and tracking save time and energy as you drive your sales pipeline forward.
  8. Automate Tasks, Not People:
    Automate workflows and repetitive tasks, and build simple apps to boost productivity with AppMaker. The Low-code/no-code tool means you don’t need a cadre of programmers. Free up task time for more valuable activities.
  9. Protect Your Business; Not Just Data:
    Compliant archiving and e-discovery covers your email communications and your documents. Integrated solutions provide third party backup/recovery protection from accidental or intentional damage and loss. Cloud-to-cloud backup is less costly and requires less admin effort than traditional file server protection services.

Get the most value from your G Suite platform:

  • Verify you are on the right version of G Suite, with the capabilities that best meet your needs
  • Help your team learn how to use the G Suite apps to their fullest
  • Integrate 3rd party solutions for line of business needs, such as marketing, sales, and service

Please contact us for a free Cloud Advisor session to discuss getting the most value from G Suite.

 

Webcasts

Email Security and Reliability

/in

(8/17/2021) – A deep dive look at email security and reliability, with a focus on how DMARC prevents business email compromises, spoofing, and phishing attacks. In addition to protecting you from inbound attacks, DMARC protects your domain’s reputation and helps ensure reliable email deliverability.

Read more

Email Security and Compliance

/in

(7/20/2021) – An updated look at email security and compliance. Summarizing risks and trends, we dive into a tiered approach to ensuring your business, data, employees, and reputation are protected.  We also discuss emerging compliance requirements and steps you can take to ensure you operate within regulatory, industry, and policy expectations.

Read more