Posts

Upgrade Coming to Spaces in Google Chat: From Conversation Topics to in-line Threading

/in

upgrade from conversation topics to in-line threading in spaces

A Google Chat upgrade is rolling out as of September 30, 2023. Google will be upgrading the format of all spaces organized by conversation topic to in-line threaded spaces in batches. The changes take place over the course of several months. Upgrades for each space may take a few minutes to complete. In some cases, it may take up to 12 hours to complete. The space will be unavailable to users during the upgrade.

Most users’ spaces will be upgraded during non-peak hours on weekends to try and ensure minimal disruption. Upgrades for all customers are expected to be finished by March 31, 2024. If you have a preferred month during which you would like the upgrade to happen, fill out this form by September 28, 2023.

Spaces organized by conversation topic have messages and replies grouped together in the main chat window. In-line threaded spaces, on the other hand, allow direct replies to any message, and allow creating a separate in-line thread, which is a sub-conversation that appears in a separate pane in the UX to a sub-conversation where smaller groups of people can continue a conversation on a specific topic. 

Before the Spaces Google Chat Upgrade

  • A few weeks before the Google Chat upgrade begins, users will see a banner in spaces that are organized by conversation topic. The banner will notify users of the upcoming upgrade. It will also have a link to a Google Help Center article which will have more details about the upgrade.

Who’s Impacted

This update to spaces in Google chat will impact admins and end users.

During the Transition From Spaces Organized by Topic to in-line Threading in Google Chat

  • When users attempt to open a space while it is being upgraded, they will see and error message.  The message will state the ‘Space is temporarily not available. We are updating this space to an inline threaded space.’
  • If users are viewing a space when the upgrade starts, most features will become unavailable until the upgrade completes, including sending and receiving messages in that space.
  • Search in Google Vault for Chat messages will still function, but results may contain duplicated messages from spaces that are being upgraded.
  • Chat APIs/Chat Apps that are trying to access a space during the upgrade will not work and will receive errors when trying to update space content.

After the Google Chat Upgrade To in-line Threading

  • Messages sent before the Google Chat upgrade will be retained. They will be arranged chronologically, instead of by topic. There will also be a separator titled “Begin New Topic” to indicate every time a new topic was started.
  • In some cases, when people have responded on older topics, the new chronological order takes precedence. Messages may not appear next to the original topic, but rather by the time they were sent. When this occurs, the new response will quote the last corresponding message.
  • Users will see a separator between the last message sent before the upgrade. They will also see  a notification in the space indicating that the space has been upgraded to use in-line replies.
  • The upgraded spaces will have their conversation history turned on by default. This will match the existing history behavior of spaces organized by conversation topic, which always have history on. Depending on organization-level history controls, space history settings may be changed by space managers. New messages sent after the upgrade will respect applicable organization-level history controls configured by administrators.
  • Users might need to close and reopen Chat in order to get access to the upgraded spaces.
  • Messages sent after the upgrade will have the same experience as the existing in-line threaded spaces.

No Action Required During the Spaces Upgrade in Google Chat

You can learn more about in-line threaded spaces, and you can always contact us with your questions at info@cumulusglobal.com.

About the Author

Chris CaldwellChristopher Caldwell is the COO and a co-founder of Cumulus Global.  Chris is a successful Information Services executive with 40 years experience in information services operations, application development, management, and leadership. His expertise includes corporate information technology and service management; program and project management; strategic and project-specific business requirements analysis; system requirements analysis and specification; system, application, and database design; software engineering and development, data center management, network and systems administration, network and system security, and end-user technical support.

AI and Privacy Issues: Data Leaks and Breaches

/in

We recently posted about the AI warning we received from a partner about the use of AI tools and protecting their confidential information. Beyond the specifics of the warning, we quickly saw a much broader context. Using AI tools, if not managed carefully, will result in unauthorized data disclosures, breaches, or leaks. These disclosures may easily violate laws, regulations, industry standards, and contractual obligations. Before exposing your business to unnecessary liabilities, understand how your AI tools and services manage, and ensure, data privacy.

Scope of the AI and Privacy Problem

To gain a better sense of the issue, we decided to look into the data privacy practices of meeting assistants.  Meeting assistants are one of the most commonly used AI tools for small and midsize businesses.  Traditional meeting assistant tools transcribe discussions. Newer versions use AI engines to capture action items, summarize discussion points, and analyze the attitudes and sentiments of participants. We reviewed the terms of service, privacy policies, and FAQs for several services.

Here are some excerpts from our findings (company and service names redacted):

AI Terms of Service

Do not use the service if you need to keep protected or confidential information private:

You hereby represent and warrant to [Company] that your User Content … (ii) will not infringe on any third party’s copyright, patent, trademark, trade secret or other proprietary right or rights of publicity, personality or privacy; (iii) will not violate any law, statute, ordinance, or regulation (including without limitation those governing export control, consumer protection, unfair competition, anti-discrimination, false advertising, anti-spam or privacy);

The [Company] is not liable if you use their services:

… the user understands and accepts the risks involved with the use of AI or similar technologies and agrees to indemnify and hold [Company] harmless for any claims, damages, or losses resulting from such usage.

Allowing an AI engine to analyze your information, or allowing a service to use your information to train their AI-based services, is a disclosure:

When you post or otherwise share User Content on or through our Services, you understand and agree that your User Content … may be visible to others

AI Privacy Policies

Using AI tools has inherent risks:

By utilizing [Company]’s services, the user understands and accepts the risks involved with the use of AI or similar technologies and agrees to indemnify and hold [Company] harmless for any claims, damages, or losses resulting from such usage.

Some tools have service options, at added costs, to ensure data privacy:

… customers that want their data to be strictly segregated (for example, customers dealing with PHI) can choose the [service] option to exercise complete control over their compute and data infrastructure, ensuring that their data is separated per their compliance requirements.

Some services explicitly tell you that sharing confidential information violates their privacy policy:

You may also post or otherwise share only Content that is nonconfidential and that you have all necessary rights to disclose.

The Risks and Challenges with AI

With justifiable concerns about data protection and privacy, we have been trained to think about data leaks and breaches in terms of cyber attacks. We also look at “insider threats,” which are often human errors such as accidentally sharing files externally or putting confidential information in an unsecured email.

The use of meeting assistants and other AI-powered productivity tools creates a new category of risk.  In order to learn and improve, AI tools need to train using information. The easiest way to provide information to train an AI tool is to capture information provided by the users.  The users get their results; the AI tool trains, learns, and improves.

While this works for the AI tool or service provider, it creates a data breach platform for the users unless the tool has specific policies and services to ensure compliance with data privacy laws and regulations. 

Using an unsecured AI meeting assistant creates an incidental, if unintentional, breach. 

Some examples of incidental breaches caused by unsecure AI meeting assistants:

  • Two doctors discuss a patient consult, disclosing personal health information (PHI) to third parties in violation of HIPAA
  • You discuss project details with one of your clients, disclosing confidential intellectual property in violation of your contract
  • Your financial advisor discusses your financial holdings and accounts with you, disclosing personally identifiable financial information in violation of industry regulations and standards

Protect Yourself and Your Business from AI and Privacy Issues

From our review of several AI meeting assistant services, very few will keep your information private. Those that do will charge additional fees.

When you get on a video meeting or conference call, ask the host if their meeting assistant is secure. If not, or if they are unsure, ask them to turn it off.

More generally, take a step back and plan your approach to AI.

  • Consider how and when you want to use AI in your business
  • Make sure you and your team understand your contractual and regulatory responsibilities with respect to information privacy
  • Assess the AI tools and services you plan to use:
    • Understand their data privacy commitments
    • Match privacy policies and commitments against your business and legal requirements
    • Opt-in to agreements that ensure data privacy, even if it requires paying for the service,

With an understanding of your requirements and AI services, AI can add value to your business without introducing significant avoidable risk.

We Can Help

To discuss your technology service needs and plans, click here to schedule a call with a Cloud Advisor or send us an email.

About the Author

Allen Falcon is the co-founder and CEO of Cumulus Global.  Allen co-founded Cumulus Global in 2006 to offer small businesses enterprise-grade email security and compliance using emerging cloud solutions. He has led the company’s growth into a managed cloud service provider with over 1,000 customers throughout North America. Starting his first business at age 12, Allen is a serial entrepreneur. He has launched strategic IT consulting, software, and service companies. An advocate for small and midsize businesses, Allen served on the board of the former Smaller Business Association of New England, local economic development committees, and industry advisory boards.

Our First AI Warning: Why Using AI Services Can Breach Your Contracts

/in ,

We recently received our first AI Warning. This was not a a general warning such as, “anything built for good can be use for evil” or “AI can replace you.” We received a direct warning about specific uses of artificial intelligence services and our contracts. The warning we received applies to you as well.

Some Background About this AI Warning

Cumulus Global is known for our professional services, including our ability to successfully manage cloud migrations from a variety of local environments. We often provide these services to other technology firms that need our expertise and experience to solve specific client needs. We have standing partnership agreements with several of these firms.

The AI Warning came from one of our partners.

The AI Warning

The warning we received centered on our potential use of AI services and the implication for confidential information belonging to our partner and their clients. The warning stated that providing this data to any AI system or tool is a likely violation of our contract, confidentiality, and non-disclosure agreements.

Specifically:

  • Providing confidential information to any AI system or tool is an authorized disclosure unless we have a contractual agreement in place with the AI vendor that ensures all data remains private and confidential.
  • The use of any confidential information for feeding or training AI system or tool is considered an authorized disclosure. Even if the AI system or tool is private the confidential information will be used outside the scope of any project, work, or need.

In addition to clearly defining limits on the use of their data with AI services, the warning included the company’s intent to pursue any and all contractual and legal methods to prevent, or in response to, disclosures.

Bigger Context

While this AI warning was specific to one business relationship, we see a bigger context. The current flood of AI services is exciting, and the potential uses and benefits are great. If we want to engage, however, we need to be careful. Whether we are deliberately training an AI system or creating prompts and providing feedback to refine answers, we are placing information in the hands of others. Unless we take explicit steps to ensure privacy with AI tools, our expectation must be that the information we provide will be used train the AI service, effectively placing the information in the public domain.

We must also recognize that the generative nature of AI increases the risk of improper disclosure. While we may not intend to disclose information, AI engines can recognize and correlate information. In other words, AI services can piece together data to create and share  information that should be private.

Your Action Plan to Prevent AI Issues

Take a step back and plan your approach to AI.

  • Consider how and when you want to use AI in your business
  • Make sure you, and your team, understand your contractual and regulatory responsibilities with respect to information privacy
  • Assess the AI tools and services you plan to use;
    • Understand their data privacy commitments
    • Match privacy polices and commitments against your business and legal requirements
    • Opt-in to agreements, even if it requires paying for the service, that ensure data privacy

With an understanding of your requirements and AI services, AI can add value to your business without introducing significant avoidable risk.

We Can Help

To discuss your technology service needs and plans, click here to schedule a call with a Cloud Advisor or send us an email.

About the Author

Allen Falcon is the co-founder and CEO of Cumulus Global.  Allen co-founded Cumulus Global in 2006 to offer small businesses enterprise-grade email security and compliance using emerging cloud solutions. He has led the company’s growth into a managed cloud service provider with over 1,000 customers throughout North America. Starting his first business at age 12, Allen is a serial entrepreneur. He has launched strategic IT consulting, software, and service companies. An advocate for small and midsize businesses, Allen served on the board of the former Smaller Business Association of New England, local economic development committees, and industry advisory boards.

SaaSOps: Adapting the enterprise model for small and midsize businesses

/in ,

SaaSOpsThe term “SaaSOps” was first coined by David Politis, founder of BetterCloud. SaaSOps, short for Software-as-a-Service Operations, is the suite of processes, skills, and responsibilities for managing the lifecycle of software delivered as a cloud service. Most small and midsize businesses use multiple SaaS applications.

By effectively and efficiently managing these applications, we reduce operating costs and security risks.

The 5 SaaSOps Processes

Adapting the enterprise model for small and midsize businesses (SMBs), SaaSOps encompasses the following five processes.

1. Adoption

SaaS Adoption begins with discovery.  Discovery includes both (1) Selecting SaaS applications your business needs or wants; and (2) Identifying the SaaS applications in use by your team. In today’s world of cloud services, individual employees are likely signing up to use SaaS applications that they want or think they need. These are often free, or low cost, consumer oriented services. Often referred to as “Shadow IT”, these apps sit outside your control and outside of your security protections.  Selecting which SaaS applications you will use, as a company, and which you will not, sets the stage for successful operations.

2. Optimization

Optimizing SaaS operations requires cross-application and in-application analysis.  By examining SaaS applications and services, and how they are used, you can identify and remove redundant features and data sets.  Streamlining applications and systems in-use lowers complexity, support requirements, and cost.  Within applications, license management is key to ensure you do not under- or over-license your services.  Beyond the cost implications, unused licenses pose a security risk.

3. Management

SaaS Management includes the lifecycles for both users and applications.  If done well, SaaS Management automates common tasks prone to administrative error.

User lifecycle events focus on properly managing on-boarding, off-boarding, and mid-lifecycle changes.  These events cover accounts, access, security, permissions, and integrations users need to perform their jobs across your SaaS applications and services.  User lifecycle management also includes group management.  The ability to automate group membership based on user attributes gives you the ability to manage uses based on roles and responsibilities.

Application management focuses on application configuration, ensuring accounts, access, security, and data management. Active configuration management creates a dependable service for users.

4. Security

This includes five key integrated security pillars:

  1. Discovery of sensitive data, including data subject to industry or legal regulations.
  2. Mitigation of oversharing of data, externally and within your organization.
  3. App monitoring and remediation, spanning availability, access, and performance.
  4. User behavior analytics, providing data to support operations, planning, and improvements.
  5. Least privilege access management, ensuring

5. Experience

SaaSOps changes — improves — your business’ overall experience with your cloud-based services. The impact is visible to your employees and your IT administration.

  • Automation simplifies tasks and reduces administrative, security, and other errors while improving your IT team’s ability to respond quickly to change and support requests.
  • Change management ensures decisions to alter services are known and documented and helps ensure you remain compliant with policies, industry standards, and regulations.
  • Managed Access and Rights reinforces company policies, maintains compliance, and enables employees to access the applications, services, and data needed for their jobs.

In Summary

As your use of cloud services grows, implementing SaaSOps solutions becomes an important management tool.  Beyond monitoring and managing costs, SaaSOps helps reduce management and administration errors, provides a better experience for IT teams and end users, and improves security. The incremental cost to deploy SaaSOps tools delivers savings while reducing risk.

Call To Action

Schedule time with one of our Cloud Advisors or contact us to discuss how best you can support your remote and hybrid workers. The conversation is free, without obligation, and at your convenience.

About the Author

Allen Falcon is the co-founder and CEO of Cumulus Global.  Allen co-founded Cumulus Global in 2006 to offer small businesses enterprise-grade email security and compliance using emerging cloud solutions. He has led the company’s growth into a managed cloud service provider with over 1,000 customers throughout North America. Starting his first business at age 12, Allen is a serial entrepreneur. He has launched strategic IT consulting, software, and service companies. An advocate for small and midsize businesses, Allen served on the board of the former Smaller Business Association of New England, local economic development committees, and industry advisory boards.

Security Best Practices to Protect Your Admin Accounts

/in ,

Data Protection & SecurityIn any client environment, it is critical for you to protect your admin account with current security best practices. Most cloud services have multiple levels of admin accounts, including a super admin with the ability to access, manage, and change every configuration and security settings.  In many cloud services, “super admin” accounts also have blanket access to your data.  In effect your super admin and admin accounts hold the keys to your kingdom.

Protecting and managing admin accounts is critical for keeping your data and your business secure.

Here are four security best practices for managing and protecting admin accounts.

1 Multi-Factor Authentification

While we recommend multi-factor authentication (‘MFA”, also known as Two Factor Authentication or Two-Step Verification) for all user accounts, the added protection of MFA is critical for super admin and admin accounts.  MFA helps to protect your admin account by preventing somebody from using stolen or compromised credentials to access your cloud services, your data, and your business.

For Super Admin accounts, consider a FIDO-compliant security key.  These keys, or fobs, are physical devices that provide a timed access code required to log in. Keys provide the most secure method for multi-factor authentication, and are our number one recommendation when it comes to security best practices for administrator accounts.

2Secondary Super Admin Access

Even a super admin account can be lost or compromised.  Should this happen, you need a way to perform critical admin tasks while you recover the super admin account.  You have a few options, as follows.

  • Create a second, dedicated, super admin account.  While this comes with a licensing cost, you are not giving additional privileges to other admins or users.
  • Assign super admin rights to an existing admin or user. You avoid any increased fees, but grant privileges which can be accidentally or intentionally misused. These privileges can include access to sensitive data, archives, and the ability to alter security settings.
  • Engage your cloud partner/reseller. If your cloud partner/reseller has the ability to recover super admin accounts and/or reset super admin passwords, make sure you have a service or support agreement in place that covers admin account password reset and account recovery.

3Force Logout Super Admins

Day to day admin services can and should be performed by Admin accounts with permissions to perform specific sets of tasks.  User your Super Admin account for specific administrative and security tasks not permissioned to other Admin accounts.

As a Super Admin: Log in. Perform the specific task. Log out.

If possible, set your system to automatically log out Super Admin accounts if idle for a short period of time.

4Privileged Access Management

Our final best practices to protect your admin account includes Privileged Access Management, or PAM, which limits access to critical security and administrative functions. Permission is granted to specific functions, upon request by another Admin or the system, for a limited amount of time. Using PAM provides additional tracking of who/when/why for critical settings and tasks.

Call To Action

Take a look at your cyber security. Complete our Rapid Security Assessment (free through June 2023) for a review of your basic security measures.

Contact us or schedule time with one of our Cloud Advisors to discuss your cyber security protections and/or your broader security needs, priorities, and solutions.

About the Author

Chris CaldwellChristopher Caldwell is the COO and a co-founder of Cumulus Global.  Chris is a successful Information Services executive with 40 years experience in information services operations, application development, management, and leadership. His expertise includes corporate information technology and service management; program and project management; strategic and project-specific business requirements analysis; system requirements analysis and specification; system, application, and database design; software engineering and development, data center management, network and systems administration, network and system security, and end-user technical support.

The State and Future of Remote Work

/in ,

As noted in a recent article published by American City Business Journals, the state and future of remote work are still up for debate.  Remote work and hybrid work arrangements continue to face resistance. Our reduced need for office space still impacts city centers and commercial real estate markets.  And yet, employees still want remote and hybrid work arrangements. The desire to have work-from-home options is strong enough that many employees will take pay cuts in exchange for the flexibility.

Some of the Data

Work from Home Research noted that paid full days worked out of office was about 27%, year to date, in 2023.  This represents a very slight decrease from recent months.

In February 2023:

  • 60% of employees worked full-time in the office
  • 28% of employees worked in a hybrid arrangement
  • 12% of employees worked remotely full time

40% of employees continue to work some or all of their time outside the office.

A recent study by Robert Half found:

  • 28% of job postings were advertised as remote
  • 32% of employees who work in the office at least one (1) day per week would take an average 18%  pay cut to work remotely full time

Data from the Federal Reserve indicates that:

  • From 2020 to 2021, during the surge in remote work, productivity jumped from 108.57 per hour to 115.3 per hour
  • In 2022, productivity dropped slightly as more employees returned to the office

Using the Data

Remote and hybrid work arrangements will likely continue as companies and employees work to find the right balance for the company and employees.  As small business leaders, we understand that remote work is an attractive feature of job postings, and 1/3 of employees would take a pay cut or change jobs to work remotely.

We need to manage our remote and hybrid work arrangements in ways that employees see as flexible and accommodating. 

In-person interactions with colleagues can improve morale and enhance company culture. It makes sense that we want most employees in the office, interacting face-to-face, at least some of the time.

Employees see most hybrid work arrangements as designed to meet the needs of the company, not employees.  Employees see incentives, such as free meals and other “perks”, as gimmicks to attract employees to the office without addressing employees’ needs.  We need to present hybrid work arrangements honestly in terms of company needs and priorities and those of the employees. If we provide a real balance of needs and priorities, employees will feel respected and heard. They will be more accepting of change.

The Role of Technology

We have no doubts about the power of technology to empower your employees to do their best work — in office or remotely.  Many small businesses scrambled to support remote work at the onset of the pandemic.  These solutions were often rushed and, as such, less efficient or effective than needed.  Too many of us, however, have not stepped back to assess, revise, and improve our IT support for remote and hybrid work.

We need support and technologies in place to ensure the long-term viability of remote and hybrid work.

Employees, when working remotely, want and need the same resources and abilities as when they are working in the office.  They want the same user experience regardless of where or how they work.  At the same time, we need to ensure our systems and data remain secure and protected.

When assessing your IT services, make sure you have the SPARC you need:

  • Security
  • Performance
  • Availability
  • Reliability
  • Cost

Leveraging cloud services, you can provide secure access to your systems and data, with a consistent user experience, at a reasonable cost.

Calls To Action

1. Read our recent eBook, Cloud Strategies for Small and Midsize Businesses. In this eBook, we: Set the stage by looking at how small and midsize businesses acquire and use technology and IT services; Explore the challenges we face moving into the cloud; and Map out four strategies for enhancing your use and expansion of cloud services.

2. Schedule time with one of our Cloud Advisors or contact us to discuss how best you can support your remote and hybrid workers. The conversation is free, without obligation, and at your convenience.

About the Author

Allen Falcon is the co-founder and CEO of Cumulus Global.  Allen co-founded Cumulus Global in 2006 to offer small businesses enterprise-grade email security and compliance using emerging cloud solutions. He has led the company’s growth into a managed cloud service provider with over 1,000 customers throughout North America. Starting his first business at age 12, Allen is a serial entrepreneur. He has launched strategic IT consulting, software, and service companies. An advocate for small and midsize businesses, Allen served on the board of the former Smaller Business Association of New England, local economic development committees, and industry advisory boards.

Effective Cloud Strategies for Small Businesses

/in ,

As small and midsize businesses (SMBs), most of us have cloud strategies centered around productivity suites for email, calendars, chat, and file services. Beyond Microsoft 365 and Google Workspace, we need cloud strategies for small businesses that differ from those used by larger organizations.  Although our goals and objectives may be similar, we differ in the scope of our IT services, how we acquire and use IT services, and our budgets.

Understanding these differences, we need appropriate strategies to guide our plans and decisions. We need to focus on getting the most value from our current systems and new, managed cloud services.

What is a Cloud Strategy?

Cloud strategy refers to a comprehensive plan and approach that an organization adopts to leverage cloud computing technology effectively. It involves determining how to utilize cloud services, platforms, and infrastructure to achieve specific business objectives, optimize operations, enhance agility, and drive innovation.

A typical cloud strategy includes several key components:

  1. Cloud Adoption
  2. Cloud Service Models
  3. Cloud Provider Selection
  4. Data Management and Security
  5. Cost Optimization
  6. Integration and Interoperability
  7. Governance and Compliance
  8. Training and Skills Development
  9. Performance Monitoring and Optimization

Evolving Business Strategy into the Cloud

Historically, we ran our applications and databases on local workstations, servers, and networks. Evolving markets, business models, and hybrid work patterns drive change. The on-premise architecture no longer meets our needs. Remote access to on-premise systems is cumbersome, more difficult to secure, and likely to be slower. 

From a cost perspective, most of us have outgrown the on-premise model as well. Servers, storage, and related infrastructure represent significant capital expenditures and fixed configurations. Infrastructure and services add hardware, software, and service costs. If you have a managed service provider, or MSP, you pay monthly per-server monitoring and management fees.

Our Big Cloud Challenge

Most cloud services are designed for larger entities that will rebuild systems, applications, and databases to use specific cloud services. As small businesses, we use the cloud differently. We rely on software packages rather than custom-built applications or highly customized systems.

Moving our applications and systems into the cloud is challenging for a few key reasons:

  • Our software vendor may not offer a SaaS version
  • The SaaS version of our software may be missing key features we need, or does not support our customizations
  • Integrations may not be available for the applications and systems we use and need.

Cloud Strategies

If we want to take advantage of the benefits of the cloud, we need better strategic services for the cloud.

Selective Cloud Services

We define selective cloud services as point solutions for a specific need, often in support of other cloud or on-premise services. You can leverage cloud solutions to meet specific business and IT service needs.

Server to Service

Simply stated, the Server to Service strategy replaces your servers – on-premise or hosted – with managed cloud services.  Replacing your file servers with managed cloud file services is the best example of the Server to Service strategy. File servers come with the added burdens of backup/restore services, hardware maintenance and upgrades, and with most managed service contracts, per-device fees for monitoring and management.

Lift and Shift

As noted above, many small business software packages lack a cloud version comparable with the traditional version. In these situations, you can still move into the cloud using the “Lift and Shift” strategy. With “Lift and Shift”, you move your applications and systems from their existing on-premise servers (physical or virtual), to cloud-based servers. You access the applications over a secure VPN or using remote desktop services.

Remote Desktop / VDI

As the name ‘remote desktop’ implies, your actual desktop is running remotely in a cloud environment. You access your desktop via a thin client application running locally on your PC, Laptop, or mobile device, or through a web browser. Using Remote Desktop / Virtual Desktop Infrastructure (VDI) services gives you a complete, secure environment in which you have your private network, servers, and clients. Using Remote Desktop / VDI enhances Lift and Shift solutions.

Final Thoughts on Cloud Strategy for a Small Business

These cloud strategies are NOT mutually exclusive.  With proper analysis and planning, you can match the services to your business and technology needs. More information is available in our eBook, Cloud Strategies for Small and Midsize Businesses.

Call To Action

Contact us or schedule time with one of our Cloud Advisors to discuss if, when, and how expanding your cloud services will help your business thrive and grow.

About the Author

Chris CaldwellChristopher Caldwell is the COO and a co-founder of Cumulus Global.  Chris is a successful Information Services executive with 40 years experience in information services operations, application development, management, and leadership. His expertise includes corporate information technology and service management; program and project management; strategic and project-specific business requirements analysis; system requirements analysis and specification; system, application, and database design; software engineering and development, data center management, network and systems administration, network and system security, and end-user technical support.

Cloud Computing Trends, Challenges & Provider Insights in 2023

/in ,

Cloud Computing Trends

Earlier this month, CRN published a story covering Flexera’s 2023 State of the Cloud Report.  Flexera provides software and systems to manage enterprise private and public clouds.  The report on cloud computing trends originates with an annual survey of 750 technology leaders across sectors, geographies, and size of the business.  While the report classifies small and midsize businesses as those with under 1,000 employees, we still find the results interesting and relevant.

As small businesses, our concerns are spending, security, compliance, and managing cloud services. The cloud model hits our income statements and balance sheets differently than historical IT services. The need to protect our businesses, and our customers, has never been greater. And, we find it difficult to understand if we are spending efficiently and effectively.

We take a look at the top 3 cloud challenges, discuss managing clouds, and explore cloud waste.  Understanding these issues, you will better understand how to create better cloud solutions. You will also be better able to set expectations from those providing cloud solutions and related services.

Top 3 Cloud Computing Challenges

For 2023, SMB respondents identify the top three cloud computing challenges as:

  • Managing Cloud Spend (80%),
  • Security (73%), and
  • Compliance (71%).

These concerns make sense. The spending model for managed cloud services, based on subscriptions or usage, is an operating expense.  Most smaller companies are used to making capital expenditures and paying for service contracts and managed services.  Additionally, many of the IT firms working with small businesses will replicate on-premise networks and servers in a public cloud service. They may lack the expertise and tools to actively manage costs.

Concerns about security and compliance reflect the increasing need and demands of protecting sensitive business and personal information.  We face the same increased regulations and expanding industry standards as larger enterprises. But we do not have the in-house resources or the same access to experts. We place our trust on local or regional IT service firms.

Latest Trends and Developments in Cloud Computing

Undefined Cloud Management

Following closely behind the top 3 cloud challenges, governance (67%) and subscription management (61%) indicate that small businesses are not sure how to best manage their cloud services.  As cloud infrastructure matures, the number of options expand.  To make simple decisions, such as whether to subscribe monthly or make an annual commitment at a lower per unit price, we need to understand the operating cost models.  We need standard operating procedures, such as on/off-boarding and access controls, in place.

Cloud is still new. We need our IT service firms and managed service providers to guide, if not lead, our cloud management efforts. Co-management is a viable strategy, provided it includes policies and procedures as well as products and services.

Cloud Waste

On average, the survey results show that businesses spent 18% more than budgeted on public cloud services last year.  The greatest contributor to the overspend appears to be Cloud Waste.

Cloud waste is spending on cloud services that go unutilized or are under-utilized.  Reducing cloud waste can be as simple as

  • Shutting down unused resources after hours
  • Selecting lower cost regions / data centers
  • Periodically right-sizing systems and resources

Policies that scale resources in real-time based on usage will increase efficiency, but require expertise and planning during the solution design process, monitoring, and refinement over time.

How to Pick a Cloud Computing Provider

Traditional managed service providers, or MSPs, are experts in buying, monitoring, and managing things. They focus on network components, servers, systems software, and end user devices.  To get the most value from our cloud services, we need partners that understand service and cost management.

Managed cloud service providers, or MCSPs, understand how the “as-a-Service” model is different. Security, compliance, and cost management only work when they are built into the requirements, design, and management of your cloud services.

Before picking your cloud provider, ask about their management and co-management models. Understand if they actively work to monitor and manage security, compliance, and costs. Ask them to explain how.

Call To Action

Get a copy of our recent eBook, Cloud Strategies for Small and Midsize Businesses. In this eBook, we: set the stage by looking at how small and midsize businesses acquire and use technology and IT services; explore the challenges we face moving into the cloud; and map out four strategies for enhancing your use and expansion of cloud services.

To discuss how your business can better utilize a broader range of cloud services, please contact us or schedule time with one of our Cloud Advisors at your convenience.

About the Author

Allen Falcon is the co-founder and CEO of Cumulus Global.  Allen co-founded Cumulus Global in 2006 to offer small businesses enterprise-grade email security and compliance using emerging cloud solutions. He has led the company’s growth into a managed cloud service provider with over 1,000 customers throughout North America. Starting his first business at age 12, Allen is a serial entrepreneur. He has launched strategic IT consulting, software, and service companies. An advocate for small and midsize businesses, Allen served on the board of the former Smaller Business Association of New England, local economic development committees, and industry advisory boards.

A Notable Shift in Cyber Attacks

/in ,

As we proceed into 2023, we begin receiving reports and analysis of 2022, the year that was.  Now is a time when we gather data and perspectives on the past year. This new information helps guide us to better decisions in the year ahead. With respect to Cyber Attacks, the information is definitely both positive and negative in nature.

Mixed News

As reported recently in CRN, SonicWall reports in their 2023 annual Cyber Threat Report that ransomware attack volume dropped by 21% worldwide last year. In the US, the volume dropped by 48%.  While this is good news, we see some serious caveats in the data.

  • 2021 was the worst year on record for ransomware attacks, with more than 600 million worldwide.
  • Even with the 21% drop, 2022 still had the second largest number of ransomware attacks in history.
  • Ransomware attack volume in 2022 was 50% more than in 2020, and more than 2019 and 2022 combined.
  • SonicWall also reports that the last quarter of 2022 had a spike of attacks with an increase over Q4 in 2021.

What does this mean?  Ransomware attack volumes have dropped, but they are still at historical highs.  It is too soon for us to predict a change that would alter how we protect and respond these attacks.

Shifting Landscape

Related data suggest the cyber attack landscape is shifting. This information suggests that cyber criminals are focusing on other types of attacks. In 2022,

  • Cryptojacking attacks jumped by 43%
  • IoT malware attacks increased by 87%

Similarly, CRN reported that security vendor CrowdStrike noted a 20% increase in data theft and data extortion attacks that did NOT deploy encryption. More attackers are avoiding the protections against ransomware and simply threatening to expose or release sensitive data.

What does this mean? Businesses with solid cyber security and business recovery solutions in place can avoid paying ransoms. Collecting ransoms to decrypt files has become less attractive.  By quietly identify and collecting sensitive information, cyber attackers regain the upper hand.  They can release portions of the data if the victim hesitates to pay.

The Impact on Your Business

While we may see some encouraging signs, your business remains at risk. Our Security CPR® model guides decisions on cyber security solutions. The model offers a holistic approach that begins with communication and education, ensures protection and prevention, and includes your ability to restore and recover.

To ensure your business has the resiliency it needs, focus on threats most likely to impact your business and those that will be the most damaging if successful. We have a number of blog posts, webcasts, and whitepapers in our Resource Center.

Call To Action

For a look at your cyber security, complete our Rapid Security Assessment (free through June 2023) for a review of your basic security measures.

Contact us or schedule time with one of our Cloud Advisors to discuss your cyber security protections and/or your broader security needs, priorities, and solutions.

About the Author

Allen Falcon is the co-founder and CEO of Cumulus Global.  Allen co-founded Cumulus Global in 2006 to offer small businesses enterprise-grade email security and compliance using emerging cloud solutions. He has led the company’s growth into a managed cloud service provider with over 1,000 customers throughout North America. Starting his first business at age 12, Allen is a serial entrepreneur. He has launched strategic IT consulting, software, and service companies. An advocate for small and midsize businesses, Allen served on the board of the former Smaller Business Association of New England, local economic development committees, and industry advisory boards.

The Cloud, Shared Responsibility, and You

/in ,

The vast majority of small and midsize businesses (SMBs) understand — or have learned the hard way — that the ability to recover lost or damaged data is critical to your IT services and business resiliency.  You need to be able to recover and restore files, databases, servers, and workstations from loss due to disasters, hardware failures, software errors, or human action. In the cloud, it is your shared responsibility to protect your data.

The Cloud

As we move data, services, and servers, we rely on infrastructure and security built into the services.  Google and Microsoft operate industry-leading, sophisticated services designed for security as well as performance, features, and functions.  The capabilities do three things:

  1. Continuity: Ensure the clouds run with little or no disruption
  2. Recovery: Enable the restoration of services without loss of failure do to hardware, network, or other issues
  3. Capability: Provide us with the ability to secure and protect our data based on our usage

Microsoft, Google, and other cloud services do not, however, protect us from how we use their services.

You

Microsoft and Google do not control how we use Microsoft 365 or Google Workspace services.  We, as subscribers, control how we manage and protect our data, including:

  • Who can access the services
  • Which applications can connect and integrate
  • Which other applications and services will share user identities
  • Which users can manage, edit, suggest, or view files and folders
  • Which users can access various services within each of the productivity suites

With these controls comes great responsibility.  You are responsible for how your data is stored and used.  You are responsible if that use causes data loss or damage.

Shared Responsibility

Microsoft and Google  both use a “Shared Responsibility” model for security and data protection. The model defines which aspects of the cloud service security and data protection are your responsibility and which are the responsibility of the service provider.

Microsoft

Microsoft Shared Responsibility ModelMicrosoft discusses Shared Responsibility as a component of its terms of service.  A recent Microsoft Learning article notes the following:

“In an on-premises datacenter, you own the whole stack. As you move to the cloud some responsibilities transfer to Microsoft. The following diagram illustrates the areas of responsibility between you and Microsoft, according to the type of deployment of your stack.”

For Microsoft 365, a “Software as a Service” (SaaS) offering, Microsoft expects you to take responsibility for protecting and recovery of your information and data; devices; accounts and identities; and portions of your identity and directory infrastructure. Microsoft has a detailed white paper covering shared responsibility for Azure services.

Google

Google Shared Responsibility ModelThe Google Workspace Data Protection Guide includes a section dedicated to the Shared Responsibility model. Google states:

“Data protection is not only the responsibility of the business using Google Workspace services; nor is it only that of Google in providing those services. Data protection on the cloud is instead a shared responsibility; a collaboration between the customer and the Cloud service provider (CSP).”

“As a Google Workspace customer, you are responsible for the security of components that you provide or control, such as the content you put in Google Workspace services, and establishing access control for your users.”

As a SaaS offering, Google warns that you are responsible for the access control, security, and protection of any and all content you place in the Google Workspace service. The Google Cloud Platform: Shared Responsibility Matrix provides a detailed overview of shared responsibility for Google Cloud Platform.

Back to You

Understanding your shared responsibility, you can meet your data security and protection obligations.

First and foremost, configure and use the security and data protection features included within your Microsoft 365 or Google Workspace subscription. These services range from multi-factor authentication to secure user identities and access to advanced data loss prevention services in enterprise level subscriptions.

Your next step is to add additional services to cover aspects of data protection not provided with your Microsoft 365 or Google Workspace subscriptions.  These services may include:

  • Advanced threat protection for inbound email
  • Backup/recovery of all user content in Google Workspace (including shared drives) and Microsoft 365 (including Teams)
  • Archive/eDiscovery services to meet internal data policy, industry guidelines, or regulatory requirements
  • Backup/recovery for data located on end user devices and on-premise or hosted servers
  • Continuity services for mission-critical servers and end user device
  • Message-level and file-level encryption for compliance with industry or regulatory requirements

Your business may or may not need all of the services listed.  Which services you deploy should be part of a larger assessment of your cyber security and data protection needs.

Call To Action

Contact us or schedule time with one of our Cloud Advisors to discuss how you are meeting your shared responsibility and/or your broader security needs, priorities, and solutions.

For a broader look at your cyber security, complete our Rapid Security Assessment (free through June 2023) for a review of your basic security measures.

About the Author

Chris CaldwellChristopher Caldwell is the COO and a co-founder of Cumulus Global.  Chris is a successful Information Services executive with 40 years experience in information services operations, application development, management, and leadership. His expertise includes corporate information technology and service management; program and project management; strategic and project-specific business requirements analysis; system requirements analysis and specification; system, application, and database design; software engineering and development, data center management, network and systems administration, network and system security, and end-user technical support.