TeleConsult Solutions

We're just a call away: 877.835.2266

Addressing Cloud Security Myths

by

Cloud, SecurityAs public cloud use becomes more widespread, companies must address certain questions that surface with implementation. Security is often part of the discussion, with IT professionals tasked with reassuring line of business managers about the safety of storing data in the cloud.

With any data storage — public or private cloud, on-site, or a hybrid solution — there are security risks to address. The novelty of cloud technology often makes it of particular concern to managers. They want to know that measures are being taken to ensure the safety of data. They also often embrace certain myths about security.

The “black or white” myth: While data stored in the public cloud is not inherently unsafe, it’s not impenetrable, either. One of the myths of public cloud data storage is double-sided, with some believing that it cannot possibly be safe and others believing that the cloud will not allow a security breach.

Neither statement is completely true. It’s important when accessing a cloud solution that you carefully assess security risks and address them with your vendor in writing. You should not only determine which party is responsible for each aspect of security, but also who takes responsibility for damages in the event of a breach.

Public cloud options are not safe by accident; instead, they are safe because enterprises and vendors work together to adopt robust security features which often outperform any security system used in an on-site system. 

The vulnerability myth: Don’t imagine that, because you have humans working on your systems, that you’ll always have some unsolvable vulnerability. It requires training and education, but you can help your staff support your security policies.

Passwords written on sticky notes adhered to a monitor and out-of-date firewalls are just two examples of the ways that casual administration of security policies can leave your system vulnerable. Shadow IT, or the unauthorized downloading of apps and other technology, can also create vulnerability.

Don’t throw up your hands and assume  your system can never be safe. With the right training, your employees can be some of your best security resources. Once they know what’s at risk, they can work alongside your IT professionals to ensure a safe public cloud environment for your company.

At TeleConsult, our cloud and IT services bring you the performance and reliability you need to realize growth. We specialize in helping companies move forward as the marketplace rapidly changes, and we do it by offering unparalleled performance, flexibility, and scalability. Contact us today to find out more.

What to Know About Safely Moving Your Data to the Cloud

by

CloudWhenever company data needs to be transferred from one place to another, a series of questions should be answered, particularly in cloud-based migrations.

First, ask yourself where your sensitive data is going. If it’s going to the cloud, can you rest assured that the cloud is going to continue to dominate for years to come? If the numbers related to cloud adoption keep growing, the answer to that question is a resounding “yes.”

Interest in the Cloud Is Growing
Gartner has predicted that the worldwide public cloud industry will grow 18 percent this year. Furthermore, nearly 75 percent of tech CFOs are saying cloud computing will have the most measurable impact on their organization this year.

Many companies are utilizing a hybrid cloud platform, which is increasingly popular because it allows a company to keep data on-site, while less critical data can be moved off-site. However, in a recent RightScale survey, 32 percent of respondents said their IT departments weren’t able to manage increasing workloads in the cloud – and this is a trend that seems to be growing.

IoT Taking Over
The Internet of Things (IoT) is among the hottest technology trends happening today, and it’s also driving the adoption of cloud-based solutions.
Many companies still rely on their premise-based IT software and the tools that go with it, but a larger trend is for cloud-based applications to take over because they offer more functionality than legacy systems. This assists companies in improving performance and productivity.

Confronting Fear
There are enterprises that still have concerns regarding their data in the cloud despite all of its advantages. Some have fears regarding getting locked in with a vendor, worrying that it comes time to migrate data and the cost of that migration process is revealed, it will be too late to back out.

There is also a rising concern related to application security even though most enterprises trust the cloud infrastructure.

Getting Prepared for the Move
What can you do to protect your data as you move it to the cloud? First, you have to know your data – what’s important, what’s not, what you want to catalog, and what should remain behind.
You also need to know your options and which cloud type fits you best: private, public, hybrid, or community. Once you’ve made that decision, determine who is accountable for the data that is collected. Further, encrypting data is important, and you need to decide who controls access to your encryption keys.
Backing up your data is among the first lines of defense, so make sure you’ve done this before you even start considering cloud-based vendors for data storage. Make sure the data is backed up in a fault domain that is distinct from where it is stored in production.

At TeleConsult, we know some of our clients have been apprehensive about the cloud, but we’ve proven that there is nothing to fear. We know how to manage a data center and keep our clients’ data secure and always available. Talk to us about what you should do before you migrate to the cloud.

Energizing Business by Moving to the Cloud

by

CloudGame-changing technology has opened new possibilities for businesses over the last decade. The new landscape is filled with start-ups that wouldn’t have been possible five or ten years ago, and the major player in that evolution is cloud technology. Rather than requiring costly hardware investments, virtual machines and pay-as-you-go applications offer the flexibility and agility demanded in today’s global marketplace. Yet, some companies are still hesitant to embrace the change, and the delay can be costly.

Established organizations with in-house systems often cite concerns like security, cost, disruption to daily operations, and a lack of knowledge about how to make the move when justifying their reluctance to migrate systems and data into the virtual arena. However, those concerns are largely unfounded.


Security

Companies hesitant to adopt cloud computing have vague impressions that security is lacking, but nothing is further from the truth. Providers that host data in a virtual environment take security concerns very seriously because their reputations depend on confidentiality.

Operational Fluidity

In-house data centers are typically the result of years of investment. Hardware, software, and systems that support daily operations seem too intricate to move to a virtual environment, so companies often think that migrating data and applications will present a set of difficulties that will be costly to overcome. However, since legacy systems must be evaluated and updated to meet changing needs, cloud services offer a significant reduction in upkeep expense. Companies that resist the change often find themselves falling behind competitors that have transferred service to cloud computing and can operate on smaller budgets.

Getting Started

Knowing how to begin cloud migration is one of the biggest challenges for many organizations. For those companies, making small changes is the best way to get started. For example:

  • Move data archives to a cloud storage facility. Instead of storing data on tapes and other methods, the cloud offers a low-cost alternative for storage compliance.
  • Move one application. Start small by moving something like email. This will give businesses the confidence to move other applications.  
  • Deploy a new application virtually. Keep legacy systems running, but introduce new applications virtually so that mission-critical operations remain in-house.
  • Employ a hybrid approach. Private options allow businesses to choose which applications to augment virtually for the best performance.

Moving data to a virtual environment offers reduced costs, increased scalability, and dependable business continuity in a secure environment. Businesses that embrace this technology benefit from lasting improvements.

Backup and Recovery: A Treatment for the Ransomware Virus

by

Ransomware In 1989, one Dr. Joseph Popp mailed a set of floppy disks innocuously labeled as “AIDS Information Introductory Diskettes” to several thousand members of a mailing list of researchers. These disks, when read by the computers, replaced and renamed system files so that when the computer was later booted up, it would display a fake license agreement and ask that the user send $189 to a P.O. box in Panama in order to continue using the computer. In doing so, he set the pattern for a type of virus which would come to be known as ransomware.

Ransomware on the Rise

People may no longer receive floppy disks in the mail, but the pattern remains similar: most ransomware attacks are delivered as an innocuous email attachment. And the number of these attacks has been rising. In 2016, the Department of Homeland Security and the Department of Justice issued statements on the ransomware threat, and the number of ransomware attacks is estimated to be even higher than the number of data breaches. In this environment, businesses need to know how to handle an attack which may be inevitable.

Protecting Against Ransomware

The top protection against these attacks may be to sidestep their effects by investing in backup and recovery. This way, if a virus corrupts, encrypts, or otherwise blocks access to business data, the company can simply restore to an earlier “snapshot” of their business data. Companies should design journaling procedures and reporting practices, and engineer frequent recovery points into their data days so that the loss from any attack is minimal. And companies should ensure that they retain backup data long enough to recover from an attack.

But simply backing up data may not be enough. Some ransomware viruses lie dormant for some time before launching their ransom demand, which may mean that unwary businesses back up the virus along with their legitimate data. Recovery for these companies can be painful, as a restoration simply re-introduces the virus. Backup and recovery services need to be integrated with data validators and malware scanners in order to provide an adequate defense against these and other viruses.

Don’t Pay

If there’s one thing that’s ineffective, it’s paying the ransom. Payment doesn’t guarantee a release of data – and, in fact, those companies which do pay may face additional monetary demands or re-targeting at a later date, once they demonstrate their willingness to comply.

In all, ransomware protection boils down to a few key points:

  • All employees of a company should be educated against opening suspicious attachments, or attachments from unknown sources
  • Data should be backed up regularly, scanned for malware, and verified
  • Backup data should be retained long enough to provide for recovery in the event of an attack
  • Attacks should be expected, and planned for
  • Attacks should be reported to law enforcement when they occur, and ransoms should not be paid.

While these practices cannot guarantee safety from ransomware attacks, they provide a solid foundation upon which to build a security protocol.

Key SMB Technologies in 2017: What to Watch

by

SMBGartner’s recent list of trends in technology for 2017 paint an exceptionally interesting picture for any SMB willing to think big heading into the new year. Although accurate predictions of what the business/technology landscape will look like grow fuzzier and less distinct the further out we look, what seems clear now is that there will be ample opportunities for a forward-thinking SMB to leverage a number of key technologies in order to reach new levels of productivity – and even to deliver entirely new products, services, and customer experiences.

More Mobility

Although this may seem like just more of the same – after all, mobility has been a steadily growing aspect of business tech for years – adoption of services like cloud-based document storage, hosted VoIP, distributed project management, and communications suites are set to reach a critical mass that might just change how the majority of companies do business.

Intelligent Apps

Intelligent apps, sometimes called smart apps, are applications that leverage the burgeoning abilities of artificial intelligence (AI) to support workers in becoming more productive, more creative, and more effective. The ways in which AI can be applied to business apps are already varied and nuanced, and we’ve only begun to scratch the surface when it comes to potential uses.

At the moment, the most commonly used applications involve voice recognition and transcription as well as anticipating the information needs of workers – applications of great utility to an SMB.

Virtual and Augmented Reality

As is so often the case with new technology, what was once developed for the game room is now moving to the board room. Virtual reality (VR) creates an entirely artificial environment that is experienced by the user as though it was real by way of a VR headset. Augmented reality, most recently popularized by the game Pokémon Go, overlays the real world with additional information that only exists digitally, often through the use of a smart phone or tablet.

The human resources/training and customer contact applications of this technology are immediately useful for almost any SMB, and it also has implications, through its use in tele-presence solutions, in allowing a small business to expand operations over a wider geographical area without significantly increasing staffing.

Adaptive Security

Almost a combination of several of the previously mentioned technologies, adaptive security uses a multi-layered security framework and machine learning to identify and remember potential threats and protect against them in the future. This type of security is superior to inert security solutions in that it is always actively scanning the system for threats and breaches. It protects the network proactively rather than reactively, and does so more quickly than any human being could.

The development of cloud services and numerous “as a Service” technologies over the past decade have allowed SMBs to level the playing field and hold their own against much bigger corporations. These new developments might go one step further and allow SMBs to truly take advantage of their adaptability, flexibility, and agility to not just compete with big corporations – but to out-compete them.

Opening a Dialogue about Data Protection and Security: What SMBs Should Know

by

Data ProtectionMany small and medium businesses (SMBs) are vulnerable to security threats. Whether they’re aware of the risks and know that they need improvements or they’re operating in blissful ignorance of the costs of a cybercrime, discussing security and data protection upgrades can be challenging. Many of these companies consider themselves a low priority target for attackers, or simply feel that their current antivirus is adequate protection against an attack. These businesses typically focus more thought on daily operations than on whether or not they are at risk for a data breach.

However, companies of all sizes must protect themselves against malware attacks, injections, and similar hacking techniques to avoid extreme losses. For SMBs, this discussion is vital, because a major breach can cause insolvency. In fact, Experian estimates that as much as 60% of SMBs go out of business within six months of a cyberattack. By understanding what to discuss with their service provider, SMBs can develop stronger protections against catastrophic events.

Operating and Mission Critical Systems

First, identify the primary operating system (OS) and version of it that is running. Many older OS versions, such as Windows XP, no longer offer support for the latest protocols. Patches that were put in place four years ago won’t cut it today, so companies that are operating on systems that are no longer supported should upgrade immediately.

Software that is critical to daily business operations should also be considered. Web services, communications, and planning systems should undergo examination concerning the type of securities in place.

Current Authentication Practices

Another area that SMBs should discuss involves internal policies. When considering how to heighten data protection, companies should examine current password policies and physical restrictions. Often, weak passwords open up a variety of cybersecurity concerns. A qualified service provider will ascertain whether or not an SMB is using the best password development system for strength, duration (if needed), and confidentiality. A recent study by Verizon determined that in 2015, stolen credentials accounted for more than 30 percent of attacks.

Password policy best practices include:

  • Using at least 8-12 characters
  • Never writing passwords down anywhere
  • Creating passwords that are complex (have upper and lower case letters, numbers, and symbols), but are also easy to remember.

Password encryption services are also an effective tool. The idea is to fortify the weakest link in business data protection, which is most often the human factor.

Know the Risks

A cyberattack has the power to cause serious repercussions for SMBs that aren’t prepared. Whether it comes in the form of denial of service (DoS) attacks, malware infiltrations, language injections, brute force attacks, package transmissions that are susceptible to man-in-the-middle attacks, or some other malicious trespass, SMBs can’t afford to ignore data protection and cybersecurity concerns.

Data Breach Preparedness: Practice Your Plan

by

Data BreachEach year it becomes more and more likely that a given company will experience some form of data breach. Most companies now have plans in place to deal with these events, but many of them do little beyond that. It is still relatively rare for a company to drill or practice putting their plan into effect, but having a plan and being prepared are not always the same thing.

It is a sad fact that many companies develop their data breach plans and then stop, as though their data protection is now taken care of. Rather than thinking of being prepared as a single action to be taken, it is much more beneficial to view it as a process – one that includes regularly reviewing the plan and practicing putting it into effect.

Increased Spending

This year’s Ponemon Institute study on data protection preparedness had some interesting results with regard to how much attention companies are paying to the subject.

  • 61% of those surveyed indicated that they already have data protection training in place.
  • 58% have increased their investment in security to better detect and more quickly respond to data breaches.
  • More than 70% of respondents understand that it is necessary to take action after a data breach in order to minimize the effects to their finances and reputation. The top three methods preferred were complimentary credit monitoring and identity protection, gift cards, and discounts, respectively.

The Need for Time

The same study also points out that, though most companies are spending more on cyber security, they still aren’t putting the necessary time and attention into it. They found that:

  • 29% have never reviewed their data breach plan,
  • 38% have not specified a time to perform review,
  • 27% felt confident in their ability to deal with the aftermath of a data breach, and
  • 31% felt inadequate to dealing with an international breach.

Perhaps most alarming of all is that, while incidents of ransomware attacks in 2015 had increased by 35%, 56% of businesses feel unprepared to deal with this type of attack.

When Disaster Strikes

Preparing for a data breach is very much like preparing for a natural disaster. It is important to have a good response plan, and to make sure that everyone knows what to do should the plan need to be executed. It is just as important, however, that employees have the chance to practice the plan. The ability to effectively put a plan into action can be the difference between a very serious situation that the company can work through and a very serious situation that spells the end of the company.

Stay Connected

Keep up with the latest industry news. Subscribe to our newsletter here.

TeleConsult Solutions LLC
PO Box 18686
Phoenix, AZ 85005-8686

Email Christine Guidi

↑ Top of Page