Posts

Best Practice – Completing Security Surveys and Questionnaires

/in

Data Protection & Security

In our recent Security Update Series blog post, New Security Demands & Requirements for Small and Midsize Businesses, we discussed three drivers for increased business security. We noted that expectations will often be expressed in security surveys and questionnaires you are asked to complete. Providing incorrect, incomplete, or misleading answers, whether intentional or not, can impact premiums and your available coverage.

To minimize the risks and potential pitfalls, here are five best practices to follow:

1 Know the Process

Before starting your response, have the broker or agent walk you through the process in detail. What role do the security surveys or questionnaires play in the underwriting process? While some carriers only use a single survey, others will ask for follow-up information and/or request evidence supporting your answers.

Understanding the process will guide how you answer questions and the nature and amount of information you provide.

2 Follow the Rule of Absolutes

Following the “Rule of Absolutes,” answering “yes” or “no” to a question means “yes” or “no” everywhere and in every instance. 

For example, if you answer “yes” to the question, “Do you require multi-factor authentication for user login?”, you are stating that MFA is in place for every possible user login for every system or service. Answering “yes” if this is not the case will be considered a misleading or deceptive response.

The better approach is to answer with commentary that accurately responds to the intended questions without absolutes. Using the above example, provide a list of systems for which MFA is required, optional but recommended, and/or not available. In addition to being a more accurate response, the information will better inform the underwriting risk assessment.

3 Understand the Questions

Not all questions may be clear. Some questions will focus on technology. Others will focus on policies, processes, and procedures. Still others will focus on outcomes.

For example, these three questions:

  1. What security incident and event management (SIEM) system is in place?
  2. Do you have security incident and event management?
  3. Do you monitor, save, and analyze security event logs to identify alerts and conditions that require responsive action?

Question 1 appears to be asking about specific software or tools. The second Question asks about capability; the software tools and operational resources may be implied or assumed with a “yes” answer. Question 3 probes procedures, possibly independent of the supporting technology and/or existence or use of a security operations center (SOC).

If you are not sure how to best answer the questions, consult with the broker or agent for guidance.

4 Pause and Implement

In reviewing the security surveys or questionnaires, you may notice an emphasis on certain aspects of your security systems, solutions, policies, and processes. 

If your answers appear to indicate weakness in these areas, consult with the broker or agent for guidance. You may benefit from pausing the effort until you can update or implement expected services and solutions.

In some cases, indicating that an improvement is in process may be sufficient to move forward.

5 Get Legal Advice

You own and are legally bound by the survey and questionnaire responses you provided. This holds true even if IT providers, vendors, and others have drafted portions of your response.

Before submitting your responses, review the surveys or questionnaires and your responses with qualified legal counsel familiar with cyber security. Understand if answers provided by third parties may create issues or liabilities. Understand any and all commitments expressed and implied in your responses.

What to Do:

The best course of action is to assess and, if appropriate, adjust your security services before you face a survey, questionnaire, or audit. Our Rapid Security Assessment provides a quick review of core security services. Our Cloud Advisors are ready to assist with any questions or concerns.

Contact us or schedule time with one of our Cloud Advisors

About the Author

Bill Seybolt bio pictureBill is a Senior Cloud Advisor responsible for helping small and midsize organizations with cloud forward solutions that meet their business needs, priorities, and budgets. Bill works with executives, leaders, and team members to understand workflows, identify strategic goals and tactical requirements, and design solutions and implementation phases. Having helped over 200 organizations successfully adopt cloud solutions, his expertise and working style ensure a comfortable experience effective change management. 

 

IT Solutions: 3 You Can Live Without

/in

Business Continuity & Protection

With continued, rapid change and evolution of the cloud services and capabilities, we hear that we “need” many things. The reality, however, is that many of the “solutions” being hyped are not really needed. In our recent blog post, we offered three IT solutions you need. But in this blog post, we will share three solutions you can do without.

1 3rd Party Conference Tools

Both Microsoft and Google Workspace, with Teams and Meet, include robust audio and video conferencing services. There was a time when third-party services like Zoom offered unique features. However, capabilities such as transcription, translation, break-out rooms, and Q&A panels are now a part of Teams and Meet.

Notably, some of the advanced features of Teams and Meet, such as streaming, come with upgraded Microsoft 365 and Google Workspace licenses. These upgrades are generally less expensive than third-party services.

2 Physical Desk Phones

While some of us may have an emotional attachment to the physical phone on our desks, for many, these devices feel like clutter. The way we make and receive calls has changed. Our devices should change as well.

Features like hot links, click-to-dial, and voice dialing are available within the apps and browsers on our computers and phones. Smartphone apps let us make and receive business calls without sharing our personal phone numbers and maintaining separation between personal and business text messaging and voicemail.

Headsets and speaker/microphones give us hands-free access to our phone systems at our desks, from our smartphones, and in our cars and trucks.

3 Unsecure Artificial Intelligence

You do not need unsecure AI. Even so, you and your team likely want to use it.

Chances are, you and members of your team may already be using Chat-GPT, AI meeting assistants, and other AI-powered tools.

The challenge is that most public AI tools are not secure. Using them likely violates confidentiality and nondisclosure clauses in contracts. Using them may also put you in violation of HIPAA, PCI, and other data privacy laws and regulations.

Before jumping into AI as a company, and before “Shadow AI” (unvetted tools) gets out of hand, develop an AI strategy and plan. Begin with identifying use cases and understanding how to ensure data security, privacy, and compliance. Pilot solutions and educate/train your team.

Copilot and Gemini AI both offer artificial intelligence tools that integrate with Microsoft 365 and Google Workspace, respectively. These are secure tools that use the permissions capabilities of the ecosystems. 

What to Do:

Contact us or schedule time with one of our Cloud Advisors. Without obligation, we are happy to discuss your business and IT services. We can also map out opportunities to save money and leverage AI, along with other emerging technologies.

If you are interested in three solutions you need, jump over to this post.

About the Author

Allen Falcon is the co-founder and CEO of Cumulus Global.  Allen co-founded Cumulus Global in 2006 to offer small businesses enterprise-grade email security and compliance using emerging cloud solutions. He has led the company’s growth into a managed cloud service provider with over 1,000 customers throughout North America. Starting his first business at age 12, Allen is a serial entrepreneur. He has launched strategic IT consulting, software, and service companies. An advocate for small and midsize businesses, Allen served on the board of the former Smaller Business Association of New England, local economic development committees, and industry advisory boards.

IT Solutions: 3 You Need

/in

Business Continuity & Protection

With continued, rapid change and evolution of the cloud services and capabilities, we hear that we “need” many things. The reality, however, is that many of the “solutions” being hyped are not really needed. Therefore, we will cover three IT solutions that you do need.

1 Resilience

Basic protections against malware, ransomware, phishing, and other cyber attacks are no longer enough. Businesses are not pressing for better cybersecurity from suppliers. Cyber insurance carriers are looking for more cybersecurity capabilities to better manage their risks.

We expect most small and midsize businesses to be asked about, or required to deploy, more advanced cybersecurity services and solutions. Fortunately, these can be provided affordably and effectively to smaller businesses.

2 Continuity

It is not enough to be able to recover files from backup in the event of a disaster, system failure, or cyberattack. Your business needs to be able to return to operations (RTO) quickly, even if your operations are degraded. The ability to fully recover and return to normal operations (RTNO) is also a new priority.

If your customers are other businesses, you are part of a supply chain. Your customers are under pressure to ensure and demonstrate that their supply chains are secure and reliable. This means your customers want you to demonstrate that you are protected and, if a cyberattack happens, that you can recover quickly. Your business disruption is theirs as well. Your customers want and need assurances.

Continuity solutions for small and midsize businesses are effective and can be cost-effective when properly planned and executed. These can range from system images that run in the cloud in an emergency to using remote desktop/virtual desktop services.

3 Secure BYOD

A few years ago, “Bring Your Own Device” (BYOD) was just an experimental strategy. With hybrid and remote work now a part of our norm, BYOD can be an effective means to provide budget-friendly IT services to your team. The challenge is that employee devices being used for company work need to be managed and secured as if they are company-owned.

Employees need to allow you to install security tools, such as endpoint protection and remote management agents, as well as backup/recovery and continuity tools. This can be a difficult task, as employees worry about the privacy of their information on their personal devices.

Securing BYOD can be a mix of policies, procedures, technology, and compensation. Secure BYOD can also be attained by separating the device from the business apps and data. Remote Desktop/Virtual Desktop Infrastructure solutions allow any device to access and use a secure and private environment –  network, systems, applications, and data – without commingling personal and business apps and data.

What to Do:

The first step is to assess your current business resilience and continuity capabilities. Completing our free Rapid Security Assessment will provide a quick review along with recommendations specific to your business and needs.

Next, please contact us or schedule time with one of our Cloud Advisors. Without obligation, we are happy to discuss your business’s operational IT needs and how you may increase your capabilities and save money.

Finally, stay tuned, as our next blog post will cover three IT Solutions you can do without.

About the Author

Allen Falcon is the co-founder and CEO of Cumulus Global.  Allen co-founded Cumulus Global in 2006 to offer small businesses enterprise-grade email security and compliance using emerging cloud solutions. He has led the company’s growth into a managed cloud service provider with over 1,000 customers throughout North America. Starting his first business at age 12, Allen is a serial entrepreneur. He has launched strategic IT consulting, software, and service companies. An advocate for small and midsize businesses, Allen served on the board of the former Smaller Business Association of New England, local economic development committees, and industry advisory boards.

3 Secrets to Avoiding IT Problems

/in

Problem and SolutionIf you are a sole practitioner, a solopreneur, or the owner of smaller businesses, you face unique technology challenges. You, and businesses like yours, are uniquely dependent on your technology.  Your computer and phone are critical tools without which your business can screech to a halt.  Avoiding IT problems is critical. And yet, you do not have time to be the IT guru. You may not have access to, or the budget for, traditional IT services.

The good news is that you can take steps to avoiding IT problems without overspending.

1 Stay Current

When we say “stay current”, we do not mean spending hours reading and studying the lasted IT advancements and opportunities.  Stay Current means keeping your systems up to date.

  • Make sure you regularly apply Windows (or MacOS) updates.
  • Windows Update should also inform you of firmware updates from your laptop manufacturer.
  • If you are not running cloud-based software that updates automatically, make sure your desktop applications are up to date as well.

Staying current with system and application updates ensures you have the latest system-level security protections in place. It is common for security experts to find “holes” in Windows and applications. Updates fix these risks and reduce the chance of a successful malware, ransomware, or other form of cyber attack.

2 Security CPR

Security CPR is our model for pragmatic protection for your business.

  • Communicate & Educate:
    • Know that even your business is a target;
    • Understand the current nature of cybersecurity risks; and
    • Learn how your behavior can prevent or enable attacks.
  • Protect & Prevent:
    • Deploy security solutions focused on stopping the most common type, and the most damaging, cyber attacks on small businesses.
      • Email advanced threat protection and next-gen endpoint protection, for example, protect you from attacks steal your identity and passwords.
      • Proper DNS configuration can stop cyber attackers from impersonating you or your business.
    • Include low-cost and no-cost solutions like multi-factor authentication (MFA) and local disk encryption to prevent access should an account get compromised.
    • Ensure you meet industry and legal security and privacy regulations and requirements; several states are imposing regulations above and beyond more familiar requirements (PCI, HIPAA, etc.).
  • Respond & Recover:
    • No protection or prevention is perfect.
    • Use affordable services that not only recover your data, but let you continue operating while you recovery.
    • Be prepared to address the customer service, legal, and financial aspects of a successful cyber attack. Cyber Insurance is a key component.

Many of your peers assume that security will be too expensive. They see the press coverage and read the articles, failing to realize that tech media targets larger businesses.  Our Security CPR model focuses on balancing risks, protections, and costs to deliver the best value for your business, and smaller business like yours.

Additionally, the model helps you with avoiding IT problems beyond security and compliance. The same solutions help you minimize the risk of hardware problems and software issues while making it easier to recover should something go wrong.

3 Partner with a Pro

If you are worried that you cannot afford expert IT services, you are not alone.  Most sole practitioners and owners of smaller businesses worry about upfront and on-going IT costs. As a result, you may turn to family, friends, or the “guru” in the blue shirt at the store in the mall. Even if your go-to person is in IT,

  • Do they focus on your needs as a small business?
  • Are they available when needed?
  • Do they plan ahead, or only offer guidance when it is time to make a purchase or after a problem?
  • Are they helping you get the most out of the features and capabilities of your IT services?

It is easy to let concerns about cost get in the way of IT services than can truly help you and your business thrive and grow.

A single IT problem can easily cost more, directly and indirectly, than using IT professionals to plan, manage, and support your business. An unexpected failure or cyber attack can disrupt your business for days, resulting in missed deadlines, lost revenue, unexpected costs, and a damaged reputation. Sound planning and active management prevents problems. The right services are key to avoiding IT problems, keeping you operational, and helping you recover should the unexpected happen.

Focus on value.

The right cloud solutions simplify your IT services. Simple reduces the number of things — hardware, software, services — to learn, manage, and support. Matched with the right guidance, management, and support, the right IT services more than pay for themselves.

How Cumulus Global Can Help You Avoid IT Problems

We build our Essential and Basic Managed Services to meet your needs as a solopreneur or owner of a smaller business. Leverage the cloud; focus on key solutions; Rely on expert guidance, management and support.

Explore how our Managed Cloud Services can help you and your business. Click here to schedule a call with a Cloud Advisor or send us an email. There is no cost and no obligation.

About the Author

Bill Seybolt bio pictureBill is a Senior Cloud Advisor responsible for helping small and midsize organizations with cloud forward solutions that meet their business needs, priorities, and budgets. Bill works with executives, leaders, and team members to understand workflows, identify strategic goals and tactical requirements, and design solutions and implementation phases. Having helped over 200 organizations successfully adopt cloud solutions, his expertise and working style ensure a comfortable experience effective change management. 

 

The #1 Security Solution that Costs You Nothing: Multi-Factor Authentication

/in

Security KeyWe have all seen and heard the warnings about the ever increasing number of cyber attacks against small business.  More than crypto-ware, small and midsize businesses are targets of other forms for ransomware, impersonation, crypto-mining, and business email compromise attacks. The threats are real, as are the operational and financial risks to your business. Multi-Factor Authentication, or MFA, is an effective, “no cost” solution.

Along with the warnings, you are likely, almost certain, to receive pitches, promos, and offers for a never-ending array of security tools and services.  Like other small and midsize businesses, you lack the bottomless budget. You cannot do it all; you need to prioritize your spending on security products and services with the biggest bang for the buck.  “No Cost” solutions are, of course, the best option when they work.

Protect versus Prevent With Free Multi-Factor Authentication

Some security solutions protect your and your systems, other prevent access and actions.  The difference is important.

Protection solutions help stop attacks from happening.  Services like advanced threat protection and next-gen endpoint protection stop phishing, infecting attachments, and dangerous link attacks by blocking the attack from reaching you or your team.

Prevention solutions stop attackers from successfully accessing your systems and data.  These solutions work after a cyber-attacker has figured out, or purchased, your identity.

In reality, you need both types of solutions. Protection solutions provide the broad shield against targeted and broad scale attacks. Since no protection is perfect, prevention solutions stop the attackers before they can get in and do damage.

“No Cost” Prevention: MFA

The good news is that you can deploy the most effective prevention solution, Multi-Factor Authentication, at “no cost.” We put “no cost” in quotes because, while the basic solution is free, you will need to spend some time setting it up and educating your team.

Multi-Factor Authentication is an authentication method that requires the user to provide two or more verification factors to gain access or entry to a system, application, or other online account or resource.  Most of the applications and systems you use, including Google Workspace and Microsoft 365, include MFA as security feature and option.

These integrated MFA services often provide the second level of verification via SMS message, single-use link, and/or an authenticator app on your smart phone. In general, using an authenticator app is considered more secure than SMS message or single-use link.

As reported by Microsoft in 2019, MFA can block more than 99.9% of account compromise attacks.  If a cyber attacker has your username and password, MFA is the best way to prevent them from getting in and doing harm.

Overcoming Objections with a Free MFA

When putting MFA in place, you may get some pushback or hesitation from your team.

  • MFA does add extra steps when logging in, an inconvenience for your team.
  • As you likely run several apps and systems, your team will need to setup multiple entries in one, or more, authenticator apps.
  • Your team may need to create and save “backup access codes” in case of system or access issues.

While your team may object to the inconvenience, the added effort is reasonable given the level of prevention.

You Can Do More with a Free Multi-Factor Solution

If the number of accounts, passwords, and MFA services is too much, you have options. While they come with a price tag, single sign-on (SSO) and identity and access management (IAM) services can minimize the inconvenience.  Most small and midsize businesses do not see the value given the cost, but it remains an option.

We Can Help

Configuring and managing MFA is part of our Basic, Business, and Premium Managed Cloud Services. We can also help you put MFA in place for your current IT services. For more information, click here to schedule a call with a Cloud Advisor or send us an email.

About the Author

Allen Falcon is the co-founder and CEO of Cumulus Global.  Allen co-founded Cumulus Global in 2006 to offer small businesses enterprise-grade email security and compliance using emerging cloud solutions. He has led the company’s growth into a managed cloud service provider with over 1,000 customers throughout North America. Starting his first business at age 12, Allen is a serial entrepreneur. He has launched strategic IT consulting, software, and service companies. An advocate for small and midsize businesses, Allen served on the board of the former Smaller Business Association of New England, local economic development committees, and industry advisory boards.

SaaSOps: Adapting the enterprise model for small and midsize businesses

/in ,

SaaSOpsThe term “SaaSOps” was first coined by David Politis, founder of BetterCloud. SaaSOps, short for Software-as-a-Service Operations, is the suite of processes, skills, and responsibilities for managing the lifecycle of software delivered as a cloud service. Most small and midsize businesses use multiple SaaS applications.

By effectively and efficiently managing these applications, we reduce operating costs and security risks.

The 5 SaaSOps Processes

Adapting the enterprise model for small and midsize businesses (SMBs), SaaSOps encompasses the following five processes.

1. Adoption

SaaS Adoption begins with discovery.  Discovery includes both (1) Selecting SaaS applications your business needs or wants; and (2) Identifying the SaaS applications in use by your team. In today’s world of cloud services, individual employees are likely signing up to use SaaS applications that they want or think they need. These are often free, or low cost, consumer oriented services. Often referred to as “Shadow IT”, these apps sit outside your control and outside of your security protections.  Selecting which SaaS applications you will use, as a company, and which you will not, sets the stage for successful operations.

2. Optimization

Optimizing SaaS operations requires cross-application and in-application analysis.  By examining SaaS applications and services, and how they are used, you can identify and remove redundant features and data sets.  Streamlining applications and systems in-use lowers complexity, support requirements, and cost.  Within applications, license management is key to ensure you do not under- or over-license your services.  Beyond the cost implications, unused licenses pose a security risk.

3. Management

SaaS Management includes the lifecycles for both users and applications.  If done well, SaaS Management automates common tasks prone to administrative error.

User lifecycle events focus on properly managing on-boarding, off-boarding, and mid-lifecycle changes.  These events cover accounts, access, security, permissions, and integrations users need to perform their jobs across your SaaS applications and services.  User lifecycle management also includes group management.  The ability to automate group membership based on user attributes gives you the ability to manage uses based on roles and responsibilities.

Application management focuses on application configuration, ensuring accounts, access, security, and data management. Active configuration management creates a dependable service for users.

4. Security

This includes five key integrated security pillars:

  1. Discovery of sensitive data, including data subject to industry or legal regulations.
  2. Mitigation of oversharing of data, externally and within your organization.
  3. App monitoring and remediation, spanning availability, access, and performance.
  4. User behavior analytics, providing data to support operations, planning, and improvements.
  5. Least privilege access management, ensuring

5. Experience

SaaSOps changes — improves — your business’ overall experience with your cloud-based services. The impact is visible to your employees and your IT administration.

  • Automation simplifies tasks and reduces administrative, security, and other errors while improving your IT team’s ability to respond quickly to change and support requests.
  • Change management ensures decisions to alter services are known and documented and helps ensure you remain compliant with policies, industry standards, and regulations.
  • Managed Access and Rights reinforces company policies, maintains compliance, and enables employees to access the applications, services, and data needed for their jobs.

In Summary

As your use of cloud services grows, implementing SaaSOps solutions becomes an important management tool.  Beyond monitoring and managing costs, SaaSOps helps reduce management and administration errors, provides a better experience for IT teams and end users, and improves security. The incremental cost to deploy SaaSOps tools delivers savings while reducing risk.

Call To Action

Schedule time with one of our Cloud Advisors or contact us to discuss how best you can support your remote and hybrid workers. The conversation is free, without obligation, and at your convenience.

About the Author

Allen Falcon is the co-founder and CEO of Cumulus Global.  Allen co-founded Cumulus Global in 2006 to offer small businesses enterprise-grade email security and compliance using emerging cloud solutions. He has led the company’s growth into a managed cloud service provider with over 1,000 customers throughout North America. Starting his first business at age 12, Allen is a serial entrepreneur. He has launched strategic IT consulting, software, and service companies. An advocate for small and midsize businesses, Allen served on the board of the former Smaller Business Association of New England, local economic development committees, and industry advisory boards.

Security Best Practices to Protect Your Admin Accounts

/in ,

Data Protection & SecurityIn any client environment, it is critical for you to protect your admin account with current security best practices. Most cloud services have multiple levels of admin accounts, including a super admin with the ability to access, manage, and change every configuration and security settings.  In many cloud services, “super admin” accounts also have blanket access to your data.  In effect your super admin and admin accounts hold the keys to your kingdom.

Protecting and managing admin accounts is critical for keeping your data and your business secure.

Here are four security best practices for managing and protecting admin accounts.

1 Multi-Factor Authentification

While we recommend multi-factor authentication (‘MFA”, also known as Two Factor Authentication or Two-Step Verification) for all user accounts, the added protection of MFA is critical for super admin and admin accounts.  MFA helps to protect your admin account by preventing somebody from using stolen or compromised credentials to access your cloud services, your data, and your business.

For Super Admin accounts, consider a FIDO-compliant security key.  These keys, or fobs, are physical devices that provide a timed access code required to log in. Keys provide the most secure method for multi-factor authentication, and are our number one recommendation when it comes to security best practices for administrator accounts.

2Secondary Super Admin Access

Even a super admin account can be lost or compromised.  Should this happen, you need a way to perform critical admin tasks while you recover the super admin account.  You have a few options, as follows.

  • Create a second, dedicated, super admin account.  While this comes with a licensing cost, you are not giving additional privileges to other admins or users.
  • Assign super admin rights to an existing admin or user. You avoid any increased fees, but grant privileges which can be accidentally or intentionally misused. These privileges can include access to sensitive data, archives, and the ability to alter security settings.
  • Engage your cloud partner/reseller. If your cloud partner/reseller has the ability to recover super admin accounts and/or reset super admin passwords, make sure you have a service or support agreement in place that covers admin account password reset and account recovery.

3Force Logout Super Admins

Day to day admin services can and should be performed by Admin accounts with permissions to perform specific sets of tasks.  User your Super Admin account for specific administrative and security tasks not permissioned to other Admin accounts.

As a Super Admin: Log in. Perform the specific task. Log out.

If possible, set your system to automatically log out Super Admin accounts if idle for a short period of time.

4Privileged Access Management

Our final best practices to protect your admin account includes Privileged Access Management, or PAM, which limits access to critical security and administrative functions. Permission is granted to specific functions, upon request by another Admin or the system, for a limited amount of time. Using PAM provides additional tracking of who/when/why for critical settings and tasks.

Call To Action

Take a look at your cyber security. Complete our Rapid Security Assessment (free through June 2023) for a review of your basic security measures.

Contact us or schedule time with one of our Cloud Advisors to discuss your cyber security protections and/or your broader security needs, priorities, and solutions.

About the Author

Chris CaldwellChristopher Caldwell is the COO and a co-founder of Cumulus Global.  Chris is a successful Information Services executive with 40 years experience in information services operations, application development, management, and leadership. His expertise includes corporate information technology and service management; program and project management; strategic and project-specific business requirements analysis; system requirements analysis and specification; system, application, and database design; software engineering and development, data center management, network and systems administration, network and system security, and end-user technical support.

The High Cost of Low Adoption

/in ,

Roughly 53% of the more than 33 million small and midsize businesses in the US rely on cloud services.  The vast majority use Microsoft 365 or Google Workspace for basic productivity tools: email, calendars, contacts, and files. The popularity is due, in part, to the ease of deployment.  You can quickly deploy either of the productivity suites and have your team on-board, running, and using basic features. Within Microsoft 365 and Google Workspace, however, our cloud adoption tends to be fairly low.

We should look past the basics.  Both Google Workspace and Microsoft 365 offer a deep range of capabilities.  As small and midsize business owners and leaders, we should assess how well we are using these tools.  Better cloud adoption improves productivity, communication, and security. Higher cloud adoption within Google Workspace and Microsoft 365 also saves you money.

Improve Productivity

Studies show that typical users only leverage 10-15% of their Microsoft 365 or Google Workspace suites. With low cloud adoption, our teams fall into usage patterns that mimic prior systems rather than taking advantage of new capabilities.  Examples of habits that hurt productivity include:

  • Inefficient meetings
  • Poor inbox and email management
  • Searching for information
  • Limiting “collaboration” to attachments and file shares

Education and support enables your team to overcome these common productivity killers. Motivating your team to learn and use the 85-90% untapped potential helps them become more capable and effective in their roles.

Remove Duplicate Application Costs

Improving cloud adoption of Microsoft 365 and Google Workspace eliminates your need to pay for many other applications and services.

  • Microsoft OneDrive and Google Drive for Desktop remove the need for Dropbox, Box, file servers, and local network storage.
  • Google Meets and Microsoft Teams replace Zoom, WebEx, GoTo Meeting, Adobe Connect, and paid audio conferencing services.
  • Microsoft Yammer and Google Chat preempt the need for Slack, Jive, Facebook for Work, and other social messaging apps.
  • Features in Microsoft Outlook and Google Calendar eliminate the need for third party scheduling tools like Scheduly.
  • Google Voice and Microsoft Teams offer low cost VoIP telephony services than many other providers.

With fewer applications and services, you pay less in subscription fees and reduce support costs. Your team has fewer logins and fewer applications to learn. You spend less time managing integration and updates.

Reduce Your Security Risk

Improving cloud adoption is more than using additional features.  Successful cloud adoption includes learning how to best use the features you need.  With your data in the cloud, you rely on users making good decisions to avoid compromising security or data protections.  We often see teams where employees fall into these security traps:

  • Sharing files inappropriately
  • Emailing sensitive information
  • Incorrectly granting permissions internally or with external parties
  • Bypassing permission and security by storing files locally or in other systems

Matching appropriate security settings and protections with proper training, your team will make better data decisions. Understanding how to work efficiently within security guidelines eliminates the need, and motivation, to work-around protections.

Maximize Your Investment

Your Microsoft 365 or Google subscription may be one of your larger IT budget line items. Why leave that value untapped?  In both environments, we frequently observe under utilization of applications, features, and resources.  Some of the commonly underutilized capabilities include:

  • OneDrive for Business and Google Drive for Desktop
  • Microsoft Teams and Google Meets
  • SharePoint Online and Google Shared Drives and Sites
  • Security features and functions.

Ensure your team knows how to fully utilize the capabilities you have.  Doing so prevents them from using “shadow IT” — using other apps and services without your knowledge.

Create a Culture of Self-Learning

When your team adopts a culture of self-learning, they will optimize their use of the IT services you provide.  Your job: provide the leadership and resources your team needs in place to train and continue to develop their skills.

The results:

  • More productive individuals and teams
  • Fewer IT systems and services that lower costs
  • Improved security and data management
  • Better returns on your IT investments and spending

Your Call To Action

Schedule time with one of our Cloud Advisors or contact us to discuss ways to upskill your team, reduce IT redundancy, and streamline your IT budget. The conversation is free, without obligation, and at your convenience.

About the Author

Bill SeyboltBill is a Senior Cloud Advisor responsible for helping small and midsize organizations with cloud forward solutions that meet their business needs, priorities, and budgets. Bill works with executives, leaders, and team members to understand workflows, identify strategic goals and tactical requirements, and design solutions and implementation phases. Having helped over 200 organizations successfully adopt cloud solutions, his expertise and working style ensure a comfortable experience effective change management. 

The State and Future of Remote Work

/in ,

As noted in a recent article published by American City Business Journals, the state and future of remote work are still up for debate.  Remote work and hybrid work arrangements continue to face resistance. Our reduced need for office space still impacts city centers and commercial real estate markets.  And yet, employees still want remote and hybrid work arrangements. The desire to have work-from-home options is strong enough that many employees will take pay cuts in exchange for the flexibility.

Some of the Data

Work from Home Research noted that paid full days worked out of office was about 27%, year to date, in 2023.  This represents a very slight decrease from recent months.

In February 2023:

  • 60% of employees worked full-time in the office
  • 28% of employees worked in a hybrid arrangement
  • 12% of employees worked remotely full time

40% of employees continue to work some or all of their time outside the office.

A recent study by Robert Half found:

  • 28% of job postings were advertised as remote
  • 32% of employees who work in the office at least one (1) day per week would take an average 18%  pay cut to work remotely full time

Data from the Federal Reserve indicates that:

  • From 2020 to 2021, during the surge in remote work, productivity jumped from 108.57 per hour to 115.3 per hour
  • In 2022, productivity dropped slightly as more employees returned to the office

Using the Data

Remote and hybrid work arrangements will likely continue as companies and employees work to find the right balance for the company and employees.  As small business leaders, we understand that remote work is an attractive feature of job postings, and 1/3 of employees would take a pay cut or change jobs to work remotely.

We need to manage our remote and hybrid work arrangements in ways that employees see as flexible and accommodating. 

In-person interactions with colleagues can improve morale and enhance company culture. It makes sense that we want most employees in the office, interacting face-to-face, at least some of the time.

Employees see most hybrid work arrangements as designed to meet the needs of the company, not employees.  Employees see incentives, such as free meals and other “perks”, as gimmicks to attract employees to the office without addressing employees’ needs.  We need to present hybrid work arrangements honestly in terms of company needs and priorities and those of the employees. If we provide a real balance of needs and priorities, employees will feel respected and heard. They will be more accepting of change.

The Role of Technology

We have no doubts about the power of technology to empower your employees to do their best work — in office or remotely.  Many small businesses scrambled to support remote work at the onset of the pandemic.  These solutions were often rushed and, as such, less efficient or effective than needed.  Too many of us, however, have not stepped back to assess, revise, and improve our IT support for remote and hybrid work.

We need support and technologies in place to ensure the long-term viability of remote and hybrid work.

Employees, when working remotely, want and need the same resources and abilities as when they are working in the office.  They want the same user experience regardless of where or how they work.  At the same time, we need to ensure our systems and data remain secure and protected.

When assessing your IT services, make sure you have the SPARC you need:

  • Security
  • Performance
  • Availability
  • Reliability
  • Cost

Leveraging cloud services, you can provide secure access to your systems and data, with a consistent user experience, at a reasonable cost.

Calls To Action

1. Read our recent eBook, Cloud Strategies for Small and Midsize Businesses. In this eBook, we: Set the stage by looking at how small and midsize businesses acquire and use technology and IT services; Explore the challenges we face moving into the cloud; and Map out four strategies for enhancing your use and expansion of cloud services.

2. Schedule time with one of our Cloud Advisors or contact us to discuss how best you can support your remote and hybrid workers. The conversation is free, without obligation, and at your convenience.

About the Author

Allen Falcon is the co-founder and CEO of Cumulus Global.  Allen co-founded Cumulus Global in 2006 to offer small businesses enterprise-grade email security and compliance using emerging cloud solutions. He has led the company’s growth into a managed cloud service provider with over 1,000 customers throughout North America. Starting his first business at age 12, Allen is a serial entrepreneur. He has launched strategic IT consulting, software, and service companies. An advocate for small and midsize businesses, Allen served on the board of the former Smaller Business Association of New England, local economic development committees, and industry advisory boards.

Cloud Computing Trends, Challenges & Provider Insights in 2023

/in ,

Cloud Computing Trends

Earlier this month, CRN published a story covering Flexera’s 2023 State of the Cloud Report.  Flexera provides software and systems to manage enterprise private and public clouds.  The report on cloud computing trends originates with an annual survey of 750 technology leaders across sectors, geographies, and size of the business.  While the report classifies small and midsize businesses as those with under 1,000 employees, we still find the results interesting and relevant.

As small businesses, our concerns are spending, security, compliance, and managing cloud services. The cloud model hits our income statements and balance sheets differently than historical IT services. The need to protect our businesses, and our customers, has never been greater. And, we find it difficult to understand if we are spending efficiently and effectively.

We take a look at the top 3 cloud challenges, discuss managing clouds, and explore cloud waste.  Understanding these issues, you will better understand how to create better cloud solutions. You will also be better able to set expectations from those providing cloud solutions and related services.

Top 3 Cloud Computing Challenges

For 2023, SMB respondents identify the top three cloud computing challenges as:

  • Managing Cloud Spend (80%),
  • Security (73%), and
  • Compliance (71%).

These concerns make sense. The spending model for managed cloud services, based on subscriptions or usage, is an operating expense.  Most smaller companies are used to making capital expenditures and paying for service contracts and managed services.  Additionally, many of the IT firms working with small businesses will replicate on-premise networks and servers in a public cloud service. They may lack the expertise and tools to actively manage costs.

Concerns about security and compliance reflect the increasing need and demands of protecting sensitive business and personal information.  We face the same increased regulations and expanding industry standards as larger enterprises. But we do not have the in-house resources or the same access to experts. We place our trust on local or regional IT service firms.

Latest Trends and Developments in Cloud Computing

Undefined Cloud Management

Following closely behind the top 3 cloud challenges, governance (67%) and subscription management (61%) indicate that small businesses are not sure how to best manage their cloud services.  As cloud infrastructure matures, the number of options expand.  To make simple decisions, such as whether to subscribe monthly or make an annual commitment at a lower per unit price, we need to understand the operating cost models.  We need standard operating procedures, such as on/off-boarding and access controls, in place.

Cloud is still new. We need our IT service firms and managed service providers to guide, if not lead, our cloud management efforts. Co-management is a viable strategy, provided it includes policies and procedures as well as products and services.

Cloud Waste

On average, the survey results show that businesses spent 18% more than budgeted on public cloud services last year.  The greatest contributor to the overspend appears to be Cloud Waste.

Cloud waste is spending on cloud services that go unutilized or are under-utilized.  Reducing cloud waste can be as simple as

  • Shutting down unused resources after hours
  • Selecting lower cost regions / data centers
  • Periodically right-sizing systems and resources

Policies that scale resources in real-time based on usage will increase efficiency, but require expertise and planning during the solution design process, monitoring, and refinement over time.

How to Pick a Cloud Computing Provider

Traditional managed service providers, or MSPs, are experts in buying, monitoring, and managing things. They focus on network components, servers, systems software, and end user devices.  To get the most value from our cloud services, we need partners that understand service and cost management.

Managed cloud service providers, or MCSPs, understand how the “as-a-Service” model is different. Security, compliance, and cost management only work when they are built into the requirements, design, and management of your cloud services.

Before picking your cloud provider, ask about their management and co-management models. Understand if they actively work to monitor and manage security, compliance, and costs. Ask them to explain how.

Call To Action

Get a copy of our recent eBook, Cloud Strategies for Small and Midsize Businesses. In this eBook, we: set the stage by looking at how small and midsize businesses acquire and use technology and IT services; explore the challenges we face moving into the cloud; and map out four strategies for enhancing your use and expansion of cloud services.

To discuss how your business can better utilize a broader range of cloud services, please contact us or schedule time with one of our Cloud Advisors at your convenience.

About the Author

Allen Falcon is the co-founder and CEO of Cumulus Global.  Allen co-founded Cumulus Global in 2006 to offer small businesses enterprise-grade email security and compliance using emerging cloud solutions. He has led the company’s growth into a managed cloud service provider with over 1,000 customers throughout North America. Starting his first business at age 12, Allen is a serial entrepreneur. He has launched strategic IT consulting, software, and service companies. An advocate for small and midsize businesses, Allen served on the board of the former Smaller Business Association of New England, local economic development committees, and industry advisory boards.