Posts

Cloud Management

Security Drives Need for Cloud Management

Cloud ManagementIn a recently published report, one of Forrester Research’s five key cloud predictions for 2020 is that cloud management providers will tackle cloud security.  With the Capital One breach, the first major breach in a public cloud, the industry has a new focus on security public cloud services. Small and midsize businesses (SMBs) are more likely to use public cloud services over specialty providers and private clouds. As such, SMBs need to focus on cloud management.

Effective cloud management can prevent holes in your security protections and save you money.

Cloud management, as a practice, formalizes access, licensing, usage, security, and spending for your cloud services. Instead of focusing on each cloud application or service independently, Cloud Management as a practice oversees and manages the big picture.

Seven key components of Cloud Management are:

  1. Document which cloud services are needed and used based on each person’s role within the organization
  2. Based on need, determine the level of access for each person/group based on their roles and responsibilities
  3. Understand and document subscription and licensing rules for each service, to ensure you can optimize subscriptions and spend
  4. Create standardized on-boarding work flows to ensure new employees and those changing roles are
    • Provided access to only the cloud services they need
    • Are assigned appropriate access to features, functionality, and data within each system
    • Access to data is consistent across cloud services
  5. Create standardized off-boarding work flows to ensure:
    • All cloud services accounts are deactivated, preventing orphan accounts from being left open
    • Data within each cloud service is archived or transferred to other user(s), preventing data loss
    • Cloud subscriptions/licenses are modified to prevent unnecessary costs
  6. Track licensing and subscriptions to:
    • Adjust your subscriptions to match your need, as allowed by each cloud service
    • Identify and remove unused licenses
    • Understand and manage your spending
  7. Actively search for, identify, and manage use of unauthorized cloud services to:
    • Minimize or eliminate “Shadow IT” risks with respect to security, data loss, and compliance
    • Identify and move users from duplicate services to authorized services
    • Provide training on authorized apps and services, preventing the need to use other services
    • Identify cloud services needed or wanted by staff, but not yet available through and authorized app or service

By applying the basic tenants of cloud management you can reduce your security risks, optimize your services and licensing, and better manage your spend.


Cumulus Global offers Cloud Management tools and services.  Contact us for a free, no obligation Cloud Advisor session to learn more.


 

Best Practices

Cyber Protection: Time for New Best Practices

Best PracticesAccording to a recent survey* of IT service providers, ransomware attack downtime costs 23 times more than requested ransom. The average ransom for small and midsize businesses (SMBs) victims jumped 37% to $5,900 from 2018 to 2019.  The average cost of ransomware downtime jumped from $46,800 to $141,000, and increase of more than 200%.

To add to your concerns, SMBs fall victim to cyber crime and ransomware attacks even when they have traditional antivirus, email/spam, ad/pop-up blockers, and endpoint protection in place.  67% of IT service providers report their SMB customers fall victim to phishing emails; 30% report that most customers still rely on weak passwords and access management.

Traditional cyber security solutions are no match for many cyber attackers. We need a new approach to ransomware, with business continuity at the core.

Using business continuity as a guiding principle drives new best practices for preventing and responding to cyber security attacks. With a business continuity mindset, you focus on what is needed to keep the business running, and how quickly you can “return to operations”.  When we discuss business continuity, we understand that we need to take steps to prevent disruption, mitigate the scope of potential disruptions, respond effectively when disruptions happen, and have the systems and processes in place to recover quickly.

For over a year, we have promoted and refined our CPR model:

Communicate and Educate: Involve everybody in the solution by educating your team on the risks, how to spot and report fraudulent content, and how their behavior can prevent or help an attack.

Protect and Prevent: Implement multi-layer, multi-vector protections that focuses on your people (identities), data, applications, and systems. Our data, our businesses, no longer sit comfortably hidden in a computer room behind a firewall.

Respond and Recover: No defense is perfect. Have services in solutions in place that let you recover and return to operations within a time frame that protects the health of your business. More than getting data and systems back on line, put in place the forensics, legal, public relations, and customer service resources you will likely need in a cyber attack emergency.

Time for Action

Here are 10 Actions you can initiate today to improve your cyber protection:

  1. Ensure your computing environment is protected across multiple attack vectors: Identity, Endpoints, User Data, Cloud Apps, and Infrastructure.
  2. Deploy multi-factor authentication, advanced threat protection, next-gen endpoint protection, and DNS/web protection across your ecosystem for a comprehensive baseline or protection.
  3. Encrypt your data at rest and in transit.
  4. Educate your team on the risk and how their actions can impact the business.
  5. Actively manage your cloud and “as-a-Service” subscriptions, standardize on-boarding and off-boarding of staff and contractors based on role, application needs, and appropriate access to data.
  6. Understand how your team uses your business and unauthorized (“shadow IT”) applications and services.  Reign in shadow IT by ensuring your business systems provide staff with the necessary capabilities.
  7. Test your staff’s behavior related to cyber attacks and follow up with additional coaching and guidance. Discipline and, if needed, terminate those who are unwilling or unable to adapt to the current realities of behavior and risk.
  8. Upgrade from data backup/recovery to a business continuity solution that will get you up and running in minutes or hours, instead of days, should an attack get past your defenses.
  9. Arrange in advance for the legal, forensic, PR, communications, and customer service resources you need to respond to an attack with a potential or actual data breach.  Prepaid breach response services give you nearly instant access, reducing your risks and liability while bundling in baseline cyber insurance coverage.
  10. Get cyber insurance, either a baseline policy bundled with Breach Response services and/or a fully underwritten policy from your business insurance provider.

Please contact us for more information about your cyber protection, available assessments, and solutions. We are happy to schedule a free, no obligation Cloud Advisor Session.

* Global State of the Channel Ransomware Report. Datto, Inc. Oct. 2019.