Posts

See the Best Single Sign On (SSO) Solutions For Small Business and Even Better Alternatives

/in ,

In today’s fast-paced digital landscape, small businesses face numerous challenges when it comes to managing user access to various applications and systems. A single sign on for small business is unlike the traditional methods of authentication, such as separate usernames and passwords for each platform, can be cumbersome, time-consuming, and prone to security risks. That’s where Single Sign-On (SSO) solutions for small businesses comes in.

Single Sign-On is a powerful authentication solution that enables small businesses to simplify and centralize user access across multiple applications, platforms, and services. With SSO, employees and stakeholders can log in once using a single set of credentials and gain seamless access to all authorized resources.

This technology not only enhances convenience and productivity but also strengthens security measures by reducing the risks associated with weak passwords, password reuse, and unauthorized access. By implementing SSO, small businesses can effectively mitigate the complexities of managing multiple logins and bolster their overall operational efficiency.

As you move your small or midsize enterprise into the cloud, you will face new challenges around identity management.  Historically, identity management was an operational issue that managed user logins to desktops and local area networks. As you move to the cloud, the network is no longer local. Your network includes the suite of applications and services run and hosted by others. Identity management is now a security issue that should control access to your cloud applications, data, and services as well as your computers and mobile devices.

Single Sign On for Small Business

Even with the proliferation of usernames and passwords, most small businesses are not investing in Single Sign On (SSO).  With many applications using federated or 0Auth login services from platforms like Google Apps or Office 365, SMBs expect users to adapt and manage their identities. The result is a mix of usernames, passwords, and connections without a clear system of record and no centralized management. And while Single Sign On can help eliminate this mess, most SMBs struggle to justify the value.  In addition, single sign on solutions for small businesses lack the ability to manage access to devices, WiFi services, and other resources.

With SSO in place, you still need to manage and maintain a directory service. Directory services, such as Microsoft’s Active Directory and the many LDAP solutions are, in theory, capable of managing more than on-premise systems. Actually integrating directory services, however, is complex, costly, and requires regular maintenance.

Directory-as-a-Service and Identity Management

Directory-as-a-Service® (DaaS) is a modern identity platform that centrally manages user connections to this new world of cloud and SaaS-based infrastructure.

Compared to a single sign on for small businesses, it acts as a virtual directory, enabling businesses to securely manage user accounts, permissions, and policies across diverse applications, systems, and even remote environments.

Identity Management, on the other hand, refers to the processes, technologies, and policies that govern the lifecycle of user identities within an organization. It encompasses activities such as user provisioning, authentication, access control, and user lifecycle management. By implementing Identity Management practices and leveraging DaaS, businesses can streamline user administration, improve security, and enhance operational efficiency.

Features of a cloud-based directory service include:

  • Mac, Windows, and Linux devices are all treated as first-class citizens
  • Tight integration with Office 365 and Google cloud Apps, centralizing control over the productivity platform and enabling single sign-on capabilities for end users
  • Single Sign On integration with other cloud applications and services
  • Improved WiFi security that connects the authentication request to the directory service
  • Multi-factor authentication at the system level
  • Hosted LDAP capabilities can eliminate the need to have an on-prem LDAP server

In short, Directory-as-a-Service covers what contemporary organizations need in a modern identity management platform.

Learn more about Directory-as-a-Service and JumpCloud (our preferred DaaS solution), or contact us for a free, no obligation Cloud Advisor Session.

 

Myth-Busting Monday: On-Premise is Safer Than Cloud

/in

Office365-Logo-and-textJust because you can see it and touch it, does not mean it is safe and secure. With the number of successful ransomware attacks up more than 400% in the past year, it is increasingly clear that on-premise systems are not inherently more secure than they would be in the cloud. Many companies are hacked and remain unaware for weeks or months, as the use by cyber criminals of advanced persistent threats continues to rise.

Microsoft Office is secured with technologies and resources beyond the reach of nearly every small and mid-market business.

Large enterprises know that security is a full-time job, requiring a team of expensive experts and advanced technologies. And while large enterprise can afford to make this investment, most small and mid-size businesses do not have the resources to prevent, detect, and mitigate security issues.

Moving to Office 365, you enter an environment designed for security, backed by a team of security experts, industry leaders in regulatory compliance, and the latest security technologies and methods. Office 365 complies with the latest rules and regulations, including but not limited to:

  • HIPAA
  • Sarbanes-Oxley
  • Federal Information Security Management Act (FISMA)
  • ISO 27001
  • European Union (EU) Model Clauses and U.S.–EU Safe Harbor framework
  • Family Educational Rights and Privacy Act (FERPA)
  • Canadian Personal Information Protection and Electronic Documents Act (PIPEDA)

And, with this security, you get a 99.9% uptime guarantee.

Thinking of going cloud — or expanding your cloud use — and remain concerned about security and data privacy, give us a chance to assess your needs and map out a solution.

This is the third of a multi-part series designed to help companies better asses the opportunity and value of cloud-based solutions.  Contact Us for more information or a free Cloud Advisor session.

Myth-Busting Monday: Cloud Means Less Control

/in

Office 365 CloudCloud adoption continues to grow. Many business and IT leaders still have the misconception that moving data into the cloud means giving up control of your data or your technology.

In fact, when you move into Office 365 and other cloud services, you still have control over your IT environment. You have the admin tools to control the who, what, where, when, and how of your information and systems.

The role of your IS team shifts from technical issues to business issues.

When you move to the cloud, you give up most of the time spent maintaining hardware and upgrading software.  You no longer need to focus on maintenance, repairs, daily admin tasks, and upgrades. You free up the time you need to focus on improving business operations, developing new analytics and insights, and launching new and agile initiatives.

When you move to the cloud, you stop spending ever-increasing capital dollars on servers and storage while trying to match capacity with need.  Cloud solutions let you focus your IT spend on specific capabilities for specific roles and needs within your organization.

Moving to the cloud lets you think strategically and select solutions that support and respond to the needs of your managers and staff.

Think about how you want to improve your business, and contact us; we will help you select and deploy the cloud solution that can make it happen.

This is the second of a multi-part series designed to help companies better assess the opportunity and value of cloud-based solutions.  Contact Us for more information or a free Cloud Advisor session.

iOS 10 is Budget Risk for Schools

/in ,

ipad2On September 13, 2016, Apple will release iOS 10 and will stop providing updates for iOS 9.  While iOS 10 is reported have some great new features, the real story for schools — particularly those with iPad programs — is the impact on existing devices and budgets. ZDnet remotes that as many as 40% of existing iPads will become obsolete — a statistic that will certainly push many schools to consider accelerating new iPad purchases and/or move to other devices.

With the release of iOS 10, the following devices will no longer receive iOS updates:

  • iPad 2
  • iPad 3rd Gen
  • iPad Mini
  • iPhone 4s
  • iPod Touch 5th Gen

Schools committed to using iPad 2s, and iPad 3s through the 2016-2017 school year now face the prospect of increased security risks and loss of application support.

Apple is shortening the lifecycle of its devices.  Sold from March 2011 through March 2014, schools may find their devices becoming obsolete in less than their planned 3 year lifecycle.  Looking forward, this trend will impact lifecycle planning and budgets for schools with iPad classroom and 1:1 programs.

Pokemon Go is a Security Game?

/in ,

No Pokemon Go
While the news coverage has trailed off, the Pokemon Go phenomenon continues as kids and adults continue to play, and the game expands to new locations.

Also in the news, but with less coverage, was the security hole that gave the companies behind Pokemon Go completely unfettered access to users’ Google Apps and Gmail accounts.  This access was not just to read your contacts so you can “share”, Pokemon Go had full read/write access to all user data.

In a short but sobering report, our friends at CloudLock assess and quantify the risk posed by Pokemon Go. Click here to access the report; it serves as a great example of the risks posed by 3rd party apps.

Contact us if you want to learn more about protecting Google Apps from 3rd party app risks.

 

Email Encryption is Not Compliance

/in ,

Security Key
While providing a reasonable level of protection from inappropriate access to your data, the built-in encryption is not sufficient to meet information privacy regulations. Laws such as the Health Information Portability and Accountability Act (“HIPAA”), and industry regulations including the Personal Card Information (“PCI”) standards require more than data encryption.

Privacy laws and regulations typically include three components:

  1. Policies and procedures that, when followed, provide appropriate data protections
  2. A means to monitor compliance, with the ability to detect and mitigate potential violations of the policies and procedures
  3. A defined response and resolution procedure in the event of a breach

As explained in our eBook, Email Encryption in Google Apps, Technology can support the implementation of these three components, but does not offer a full solution on its own.

Contact us to assess your email encryption needs and to define an affordable solution.

 

Third Party Apps: The Overlooked Data Risk

/in ,

risks of third-party apps It is easy to overlook the risks of third-party apps. You see a cool app and install it on your phone. You see the prompt asking you for permissions. It is not clear what the app wants to access or why, but you want the app. You click “Grant” or “Allow” and away you go. Some third party now has access to your contacts, you schedule, and maybe even your files. Whether mobile apps, browser extensions, or freemium apps, your user community is installing apps and tools and granting access to your data. And while most apps are harmless and well-behaved, one rogue app can be a disaster.

The Hidden Dangers of Third-Party Apps

Not every app, and not every app provider, is trustworthy.  And since most apps need access to some of your data in order to function, permissions should not be granted without some forethought. Preventing individual users from installing apps and granting permissions, however, is nearly impossible. Most small and midsize organizations have neither the money or resources to micromanage browsers and mobile devices — especially in our BYOD world.

Using third-party apps can come with certain risks, and it’s important to be aware of them before installing and using such applications. Here are some common risks associated with third-party apps:

  1. Security and Malware: Third-party apps may pose security risks as they are not subject to the same level of scrutiny and oversight as apps available on official app stores. Some third-party apps may contain malware, spyware, or other malicious code that can compromise your device’s security and steal personal information.
  2. Data Privacy: Third-party apps may collect and misuse your personal data without your knowledge or consent. These apps may access sensitive information stored on your device, track your online activities, or share your data with third parties for targeted advertising or other purposes. This makes a good case for implementing proper data protection and security measures.
  3. Compatibility and Reliability: Third-party apps may not be as reliable or compatible with your device as apps provided by trusted sources. They may crash frequently, have compatibility issues with your operating system or other apps, or cause other technical problems.
  4. Lack of Updates and Support: Third-party apps may not receive regular updates or support from developers. This can lead to compatibility issues with new operating system versions or security vulnerabilities that go unpatched, leaving your device exposed to potential threats due to outdated technology.
  5. Inadequate User Reviews and Ratings: Unlike official app stores that have stricter review processes, third-party app sources often lack reliable user reviews and ratings. This makes it challenging to assess the quality, safety, and overall user experience of these apps.
  6. Legal and Copyright Issues: Some third-party apps may infringe upon intellectual property rights, such as copyrighted content or trademarks. Installing and using such apps could potentially lead to legal repercussions.

To minimize the risks associated with third-party apps, consider the following precautions

The Best Ways to Safeguard Your Device and Data from Third-Party Risks

Fortunately, for those of us running Google Apps and other cloud services, we have affordable solutions for monitoring and managing third party app access to your data.

Our Recommendation to Shield Your Device from Potential Harm

If you are running Google Apps, we generally recommend BetterCloud Enterprise as our preferred solution for several reasons:

  • The Domain Health and Insight Center provides you with activity reports, alerts, and advanced reporting
  • Bettercloud includes a robust suite of Google Apps admin tools that are not available in the Google Apps Admin Console, including bulk actions, dynamic groups, and a user deprovisioning wizard
  • BetterCloud monitors and lets you manage third party app access to any data within Google Apps, and provides a trust rating to help you determine which applications pose a risk
  • BetterCloud monitors activity in Drive against business rules to ensure compliance with data privacy policies and regulations. BetterCloud will proactively modify permissions and send alerts to prevent accidental or intentional violations.

Additional Ways to Guard Against the Pitfalls of Third-Party Apps

  • Only download apps from trusted sources, such as official app stores or reputable websites.
  • Read reviews and ratings from other users before installing an app.
  • Check the permissions requested by the app and ensure they are necessary for its functionality.
  • Keep your device’s operating system and security software up to date.
  • Use reputable antivirus software to scan apps before installation.
  • Be cautious when granting excessive permissions or sharing sensitive information with apps.
  • Regularly review and remove any unused or suspicious apps from your device.

How Cumulus Can Help Protect You From Third-Party App Risks

While there is a minimum fee for BetterCloud Enterprise, you can try BetterCloud for free for up to 30 days.  If you like what you see, we will waive the setup fees.  If not, you can keep running the Domain Health and Insight Center for free.

 

Tuesday Take-Away: Google Apps Security Updates

/in ,

google-drive-icon
Most organizations we work with are looking to the cloud for better collaboration, mobile integration, and remote user support. Google’s release of Drive for Work (aka Google Apps Unlimited) in 2014 promised to align Google Apps with user needs and priorities.

Over the past several months, Google has deployed several security and feature enhancements that make Drive a more robust file service. Some are only available with Drive for Work, others apply to all Google for Work domains.

Set Sharing Settings by Department
(Drive for Work / Google Apps Unlimited Only)

Sometimes different file settings make sense. You might, for example, have a research department that needs to keep information confidential and a sales team that needs to share presentations with their clients. To help manage these different sharing needs, now when you make selections in Drive settings from the Admin console, you can turn off sharing outside the domain for one organizational unit, while still allowing others to work and share files with anyone they need to.

Create Custom Drive Alerts / Track More Events with Drive Audit
(Drive for Work / Google Apps Unlimited Only)

To keep track of when specific actions are taken in Drive, you can set up custom Drive alerts. So if you want to know when a file containing the word “confidential” in the title is shared outside the company, now you’ll know. And there are more events coming to Drive audit, including download, print and preview.

Set up custom admin alerts to find out when things change
(All Google for Work Domains)

There are lots of moving parts to running a company, and now it’s easier for IT to find out about the things they care about with custom alerts — like when a new app is installed or a shared calendar is deleted — and get those right in their inbox.

Let people reset their own passwords
(All Google for Work Domains)

Recovering passwords isn’t the most pleasant thing we do in our lives. But now IT can let employees securelyreset their own passwords, so they don’t lose valuable time being locked out of their account. If this doesn’t make sense for your organization, admins can simply turn this ability off.

Disable downloading, printing and copying of any file with IRM
(All Google for Work Domains)

With Information Rights Management (“IRM”) you can disable downloading, printing and copying from the advanced sharing menu – perfect for when the file you’re sharing is only meant for a few select people. This new option is available for any file stored in Google Drive, including documents, spreadsheets and presentations created in Google Docs.

Share quickly with anyone outside your organization
(All Google for Work Domains)

When it comes to sharing, like giving final inventory lists to your caterer or last minute logos to your design agency, you want to make sure people can see it right away — whether they use Drive or not. Now, you canshare with any email address and they’ll be able to view the files you share —without having to sign-in to a Google account. Admins can disable this feature for certain departments that want to require sign-in before , while enabling it for others.

What Are the Risks Involved With Cloud Storage?

/in ,

risks involved with cloud storage

While cloud storage offers numerous benefits, it’s important to be aware of potential risks associated with this technology. Here are some common risks involved with cloud storage:

  1. Data Breaches: Cloud storage providers are responsible for securing your data, but no system is entirely immune to data breaches. A breach could potentially expose your sensitive information to unauthorized individuals or cybercriminals.
  2. Data Loss: Although cloud storage providers typically have robust backup systems, there is still a small chance of data loss. This could occur due to hardware failure, natural disasters, software bugs, or human error. It’s important to have additional backup measures in place to mitigate this risk.
  3. Limited Control: When you store your data in the cloud, you rely on the provider’s cloud infrastructure and security measures. This means you have limited control over the physical storage environment, data handling processes, and security protocols implemented by the provider. It’s crucial to choose a reputable and trustworthy provider to minimize this risk.
  4. Service Disruptions: Cloud storage services can experience downtime due to various reasons, such as maintenance, power outages, or network failures. During these disruptions, you may be unable to access your data temporarily, which can impact your productivity or business operations.
  5. Compliance and Legal Issues: Depending on your industry or geographical location, storing certain types of data in the cloud may raise compliance and legal concerns. You need to ensure that your cloud storage provider complies with applicable regulations and provides adequate data protection measures to avoid potential penalties or legal consequences.
  6. Vendor Lock-In: If you heavily rely on a specific cloud storage provider and its proprietary technologies, switching to a different provider may be challenging. This vendor lock-in can limit your flexibility, scalability, and bargaining power. It’s advisable to choose cloud storage solutions that allow for easy data migration and interoperability.
  7. Dependency on Internet Connectivity: Cloud storage relies on an internet connection for data access and synchronization. If you have limited or unreliable internet connectivity, it can hinder your ability to access your data in real-time or perform backups effectively.

Other Human Risks Involved with Cloud Storage

A recent survey by WinMagic, a UK-based storage security firm, highlights some interesting, if not disturbing, information about employee use of cloud file and storage services. Speaking with over 1,000 employees at companies with at least 50 employees, the survey found that both users and businesses appear to be unclear about the need to protect cloud data, and how to do it.

Key findings of the survey:

  • Only 35% use a service sanctioned by their employer
  • 50% use personal equipment to access work information and services at least once a week
  • 65% of employees don’t have or don’t know the company policy on cloud storage
  • 5% use cloud services knowing that the service has been restricted by the company

The disparity between IT policies regarding the use of cloud storage and employees habits is troubling, particularly given the risk of data corruption, loss, and breaches.

The solution is not to avoid the cloud due to the perceived risks involved with cloud storage. Nor should you create a draconian culture around technology and cloud usage.

To mitigate Cloud Storage Risks, Consider Implementing the Following Measures:

  • Create and share a clear, concise policy on the use of cloud services, and IT in general, for your company
    • Clearly require that work related to data to be stored only in sanctioned systems and services, and the work and personal applications and data be completely separate.
  • Provide a suite of services that meet users’ needs
    • Ask users which tools help their productivity and evaluate the secure, business versions. Remember that one size does not fit all and you may need or want multiple options.
  • Monitor and manage access, security, and privacy
    • Deploy systems that let you monitor and manage access to company data, the security of the data, and your data privacy compliance. In addition to user identity and access controls, monitor and manage file permissions based on content along with 3rd party application (especially mobile app) access to your data.
  • Inform and educate your team
    • You do not need a series of boring lectures and meetings to indoctrinate your team into the new world order. A clear, concise discussion regarding appropriate use policies gets the message across.
  • Be nimble and communicate
    • Cloud is still fairly new and services are constantly evolving and launching. Users’ needs are changing constantly as well. If you can respond to your users with tools and services that meet their needs, you eliminate their “need” to circumvent the official tools. Communication about why certain

By being aware of these risks involved with cloud storage and taking appropriate precautions, you can make informed decisions about utilizing cloud storage effectively while safeguarding your data.

A balance of useful and secure cloud services, clear policies that promote responsible use, and tools that monitor and mitigate risks will improve not just your security profile, but your efficiency as a business.

We offer a range of data protection & security services, contact us to learn more.

 

 

library

Nothing Found

Sorry, no posts matched your criteria