My Applications Are Now In The Cloud – My Worries Are Over!

Wow, it seems really exciting for businesses to minimize their technology footprint when they go from on premise applications and servers to the cloud.  No more hardware to support and because the cloud provider has backups, that too is no longer a worry – right?  Unfortunately, that is very wrong!

Most cloud providers protect the data stored for their own failures not for yours.  They do this to ensure that all client data can be recovered consistently.  Your issues will often be very different or unique!

Consider this when moving to the cloud:

  1. How long does the provider keep your company email?
    1. Common answer is 3 months for most cloud providers to recover all messages, they often do not provide a service to recover one employee mailbox or will charge for that service.
    2. If an employee leaves the company, after 3 months their mail/mailbox is gone. One non-profit didn’t realize that considerable financial history was in an ex-employees email until 6 months had passed.  No options but try to recreate what they needed which took hours & hours.
  2. Can you get access to some files that had not been used for a year and perhaps were deleted?
    1. Most often the provider does not have a service to get back individual files, and like email if more than 3 months have passed they may be gone.
    2. Some providers are not willing to do this for you, or will charge you a great deal for the service. Know your options when you sign up!
  3. We just discovered someone on the team inadvertently deleted some major accounts from our system last week. Can we recover them?
    1. The answer will probably be yes, but…the vendor will most likely be able to restore a full copy of the database. However, any new work that went on since the deletion will have to be redone because the copy they replace was as of the last point in time.  You could be looking at hours of rework to bring everything back to current. Your other option is to try to recreate the missing information which will also take time.
  4. Is my information secured from vulnerabilities introduced by other clients?
    1. When many organizations share the same infrastructure, often referred to as multi-tenancy, be sure you get a clear understanding of what your risk may be if another company introduces a threat.
  5. Know who and how your users will be managed, timeliness may be more critical now.
    1. Have very clear responsibility for user management. Strong authentication, perhaps even 2-factor authentication should be in place especially if dealing with PCI, HIPAA, or critical financial information.
    2. Strong and frequently changed passwords are imperative. Be sure rules are in place to force changes, 90 days is recommended.
    3. When people leave a company whether voluntarily or involuntarily, ensuring that accounts are turned off immediately is crucial. In the days of in-house services, disabling network access protected the company.  Remember with the cloud, you don’t have to be in the office to access cloud applications, and an unhappy ex-employee could wreak havoc on your data and systems by walking next door to a coffee shop and logging in via a laptop or other mobile device.

While all of this may seem frightening, it doesn’t have to be.  When your business had servers in house, you had a backup strategy in place with good access/security practices, right?  A backup strategy doesn’t change when you go to the cloud, while someone else is managing your application and infrastructure, you still have to manage a backup solution and access to your systems.  There are some really good cloud to cloud backup solutions, if you are unsure about what to do, we are happy to help you make a solid decision for your business.

Contact Us

We would love to hear from you! Please fill out this form and we will get in touch with you shortly.
  • This field is for validation purposes and should be left unchanged.

Surge Protection… Are you truly protected?

They may always provide power, over time they will no longer prevent surges.

With crazy weather like we’ve been experiencing, soaked grounds and flooding, power outages, downed trees, landslides, and unpredictable storms can be a challenge for businesses and residences alike. Last month we shared a story of a business that because of a power outage experienced some long lasting effects.

Let’s talk about a few things that could provide a positive protection! How is power fed to computers and other electronic devices?  These days it is rare to see a computer plugged directly into a wall socket, isn’t it? Maybe not a workstation but we often see laptops, iPads, or phones connected directly into the wall for recharging.  That may not be a wise decision. If you have business servers, network gear, or specialty equipment in your office protecting them is critically important, don’t plug them directly into the wall!

The options for protection are based on a few simple decisions you can make:

  1. How often do your lights flicker in your home or office but you don’t lose power?
  2. Would the loss of the equipment due to a power surge be problematic for you if you were down for a few days?
  3. Do you want surge protection or require battery backup?
  4. How long have you had your current surge protector/suppression power strip?

Surge protection or surge suppression are often used interchangeably. Starting with surge protection, those are usually the multi-outlet devices that have a power switch. Their basic function is to prevent those unstable power spikes from reaching your equipment.  It is good to use these even for portable device charging and you can purchase on that has USB ports for portable devices.  A note of caution, while they may always provide power, over time they will no longer prevent surges.  These devices have a shelf life that depends on the reliability and issues with power. You will very often not know when they stop providing protection, as power is still provided to your devices.  Some units may have an indicator light but many do not.  When purchasing these protection devices, look for the joule rating.  The higher the number the longer they may last. For example, a model with a 1080 joule rating would support 5 different 200 joule episodes.  The challenge is you won’t know how to gauge each episode and you may not even be there when it happens.  Your best bet is to invest in a device with an indicator light.  The light will be a clear signal that replacement is needed.  Without an indicator light replace the unit often, just like the batteries in your smoke detector.  Remember that if you lose power completely your equipment most likely will shut down immediately.

Universal power supply and battery backup units, commonly referred to as UPS will often provide both surge protection and provide a battery source that will keep devices running when the power goes out.  The battery life you purchase will determine how much time you have.  Some devices on the market have a display of how much time is left, this is a useful feature.  Note that not all the outlets may have surge protection so you may need to be selective on what you plug in to which outlet.  Just like a surge protector, these devices don’t last forever, the batteries will deplete over time.  Invest in one that will alert you when the batteries are depleted.  Don’t find out the hard way that they are gone.  There are many on the market to choose from starting at just over $100.  The very best and most useful feature of a UPS it that it will try to shut down your equipment gently, to prevent a hardware crash that you may or may not recover from.

We often take our electrical power for granted, but when it comes to sensitive electronics even small fluctuations can be a problem.  Whether you are protecting your home or your office, if you need assistance, call us!

When You Crash – Who Do You Trust?

When You Crash – Who Do You Trust?

Case Study:

Something as simple and as common in the mountains as a power outage can cause a computer to fail to come back to life.  You can’t predict when that might happen, but there is a good chance it might.  Who you call or what you do at that moment is a very important decision for your business.  We recently experienced first-hand a story from a small, successful business that due to an area-wide electrical outage, their primary computer crashed.

The business prior to the crash felt they were doing all the right things and they essentially were.  They used a commercially available online backup tool for their data and files (good!), and installed a well-known antivirus software to prevent attacks (good!).  A local individual with computer experience was keeping an eye on things as needed.  They were soaring along.

At the point of the computer crash after the power failure, they called their support tech.  They were grounded for about 5 days for the recovery work needed to get the business back in the air, using the online backups to recover.  Things returned to a new normal – or so it seemed.  Some documents were never recovered and files had been moved around but business was flying along once again.

Imagine their surprise eight months later when they learned that their technical support person had not properly configured their online backup service and antivirus!  The service continued to back up old folders no longer in use, so the current backup was worthless.  And the computer was at risk of a serious infection or breach.   Unfortunately, technology is intimidating for many people.  It is hard to feel comfortable about how critical computer functions work, what questions to ask, or where to look to verify things are actually ok.  Unlike an airplane, there are no gauges, dials, and warning signals to let you know trouble may be looming on the horizon.  Computers, like airplanes, are not that easy to monitor without instruction!

Fortunately, our OneWhoServes team, performing a standard new client checklist, discovered these oversights and corrected them on the spot.  Can you imagine what a horror it would have been to have a second incident like the first?  Much worse this time to discover that the safety net is missing and there is nothing to recover.  It might not take an electrical outage to cause a second situation, a virus could just as easily have taken the computer down.

Regardless of who provides your support and how uncomfortable you might feel, take these steps:

  1. Learn how to verify that your backups are working and check them at least weekly.
  2. If your anti-virus software doesn’t provide a status when you log in, learn how to check it too. Make sure that your protection is up to date and active and that the computer was recently scanned.

The work to be done on the plane in this picture requires more than just straightening the wing to fly. Just like you wouldn’t rely on your savvy friend, cousin, or the neighbor’s mechanically inclined child to fix it for you, you are wise not to take that approach with your business either.  There is a lot at stake!

Be sure that you are taking the right preventative measures, keep a checklist and use it, and determine that your “mechanic” knows your computers and system well enough to look out for the full scope of your business.  Require them to teach you what you need to know to go safely and confidently on your way.

We are pleased to announce that Geri Spangler has joined our team ready to serve you!  Geri will be our Office Manager, handling much of our bookkeeping activity including payables and receivables as well as other back office and support tasks.  She will also work with Dawn to stay on top of our calls and service requests so you will likely get to know her on the phone.  Geri joins us after 20 years of office, business, and financial management, much of it in the medical community including several years as the HIPAA compliance officer for a local medical provider.  So in addition to her in-house responsibilities she will be an asset to our work with medical offices.

Geri and her husband have raised a family in Asheville and enjoy long trips on their motorcycle.  In her spare time she teaches piano and voice.  You can get to know her better on our website.

Earlier this spring, Charles Thames joined us as a senior Systems Engineer.  He has over 20 years of IT experience on top of a BS degree in Computer Science.  He spent his last 6 years as Network Administrator for a large medical marketing web services company, and before that he provided outsourced IT services to clients in WNC.  Charles hit the ground running with us and many of our clients have already reaped the benefit of his skills and expertise.

Charles also loves motorcycle trips and camping, and he is our resident athlete.  He still plays tennis and golf and he is an avid college sports fan.  You can meet him on our website as well.

We continue to build a team that works together closely to provide our clients with the best IT experience they’ve ever had.  OneWhoServes provides complete outsourced IT services to hundreds of commercial, industrial, medical, financial, legal, and non-profit organizations ranging in size from small ventures to large multi-location facilities.  We also provide backup services to in-house IT departments for big projects and hard problems.

Your Small Network Is More Valuable Than You Think

When I discuss network security with small businesses I always hear the same refrain, “We don’t have anything worth stealing, so why should we care about information security?”  Sometimes I think I audibly groan when they are halfway through that sentence. We are so secure in the idea that our mundane work is of no significance that we often overlook the value that is literally right in front of our faces.

It’s not you; it’s your computer and your bandwidth that intruders are after. If they can also dig up some juicy info that someone else might pay for, well that’s just icing on the cake.

Let’s take a small 5 computer workgroup office setup for an example. This might be a boring network for those going about their day to day tasks, but it’s a playground for the mischievous. This is a perfect network for a hacker to use as a botnet node (computers in a botnet, called nodes or zombies, are often ordinary computers sitting on desktops in homes and offices around the world) to launch attacks on larger more protected networks.  A botnet is a network of private computers infected with malicious software and controlled as a group without the owners’ knowledge, in order to send spam messages.  It could also be used for nothing more than just to force that user that beat you on an online game off the internet for a week using a DDOS (distributed denial-of-service) attack which occurs when multiple systems flood the bandwidth or resources of a targeted system, usually one or more web servers.  Perhaps they’re more ambitious and decide to use your network to serve out a hidden website on TOR (free software for enabling anonymous communication) in order to sell drugs or other black market goods and services. Maybe they just need a place to stash an illicit trove of child porn; your network will do just fine. Besides when the cops catch on they will kick down your door, not theirs.

On the internet, size doesn’t matter, but security does.  To those intruders that wish to use your network for their purposes it just matters that you are there.

Lane_prof_91A0963-2-2

Lane Monk, Systems Engineer

NO, You Really Should Be Using a Password Manager By Now!

Every couple of weeks we see a familiar news article “Website XYZ hacked, millions of accounts exposed”, but we seldom think about how that affects us.  So why should you change all of your passwords just because LinkedIn lost a few (117million, to be exact) accounts?

Because, you use that password all the time, all over the web and they know it. Hackers are a lot of things, but mostly they can be lazy, just like the rest of us. The first thing that a hacker will do is to check other sites (especially social media) to see if that email address / password they have in their list will work on your account. You may have noticed a few months ago  that you started getting emails every time you signed onto your account using a new computer. They warned you that you have just signed on from a new location. It’s with these alerts your web service provider is trying to prevent others from accessing your account. Of course, if it’s your email account they just hacked, they could very easily delete the email before you even read it.  Billy Mays once said “…but wait, there’s more!!”

Hackers often use these large lists of real accounts (called “dumps”) and their associated passwords to create a word list (or “dictionary”) that they will then use later to attempt to gain access to other accounts. Using these “dictionary attacks” is more successful when the passwords in the dictionary have been thought up by people and not programs.  And large dumps like the LinkedIn hack help create serious dictionaries. Of course having 117 million passwords is going to help hackers crack a few codes, but it gets even worse when they cross reference these accounts with other hacks to create more refined lists that can be used for more targeted attacks on your accounts, because you are more predictable that you think.

Let’s face it, you’re bad at passwords. You make them too easy to guess because there are too many passwords to remember.  Any requirement for you to change your password every 90 days results in you using a few passwords that you remember or just adding a number (usually +1) to the end.  It’s all just bad, but you shouldn’t feel bad. You didn’t make this system and let’s face it, the system isn’t very good.

But Password Managers are here to help you out! Just remember a single secure password and your password manager will handle the rest.  No more bad passwords, let KeePass generate one for you and remember it FOREVER! Pesky websites you need to register for but are never going to go back to? Let LastPass generate and remember that throwaway account! And if XYZ.COM gets attacked by the black hats, so what! They didn’t get anything from you plus all of your accounts have different passwords anyway. You’re in the clear and can go back to finding that cute cat video for your “10 best AWW!!” list.

You can find KeePass here:

http://keepass.info/

You can find LastPass here:

https://lastpass.com/

Lane_prof_91A0963-2-2  Lane Monk, Systems Engineer

Ransomware Business is Booming!

Cybercrime got it’s moonshot with Cryptolocker, and now everyone is trying to get in on the action. Hidden in the dark web are servers that will launch a ransomware campaign for you if the price is right. Just provide them with your list (or you can buy one from any illegitimate hack site along with the stolen passwords) and they will do the rest. From generating emails to handling the payment, it’s all been taken care of for you. Just sit back and let the Bitcoin roll in. Want to be more “hands on” and collect even more of that internet loot? Buy a script kiddie kit for a few thousand dollars and set up a web server in another country to collect the bounty and you are ready to target anyone you wish to have a bad day.  It’s little wonder that Cryptolocker and it variants (FireEye now reports that 92% of all phishing email are loaded with Ransomware) are taking the internet by storm. If you think this is someone else’s problem you would be wrong, it’s waiting for you in your inbox disguised as the receipt from Amazon or the shipping confirmation you’ve been waiting for.

The threat from ransomware is growing and it will not be stopped. If you have been resisting backing up your computers or servers, you are destined to pay these thieves what they ask for.  Hospitals, Universities, Enterprise size businesses, and one man shops have all been made to pay up. You are not too small to stay hidden or too big to have a vulnerability that will be exposed.  When one of your employees opens that email, the only thing that will keep you in business is your backup system.

If you have been keeping your backups on an external hard drive that you swap once a week (most of the time) and never look at it, you don’t have an effective backup system. You have a hope-based disaster recovery plan, which is not much of a plan at all. Of course having all of your company data on a drive you keep in your car is a bad idea as well, just ask the NFL Raven’s team doctor who had his laptop stolen from his car with over 10,000 player’s medical records on it. It’s past time to re-evaluate how we backup our data and what we expect from our backups.

Modern backup systems have a number of features that ensure integrity of the data as well as the ability to rapidly restore functionality to limit downtime. New backup systems can “spin up” a virtual copy of the workstation or server in the case of a massive system failure and allow work to proceed while recovery efforts are in progress. Automated, verified and quick recovery is the holy trinity of backup solutions and products like our Backup Disaster Recovery (BDR) units can do all three. These solutions can be purchased with or without off-site cloud retention. If you are interested in a BDR solution that is sized perfectly for your needs and growth, call us to schedule a Systems Engineer to help select the right system for you.

Lane_prof_91A0963-2-2 Lane Monk, Systems Engineer

Windows 10

Windows 10 is a curious combination of enormous potential and disappointing current reality. With big advances in many areas, and fumbling starts in many others, it’s a mixed bag, particularly for anyone relying on the Microsoft-developed Universal apps. For example, if you need to run a Mail client on Windows 10, the Microsoft-supplied Universal Mail app works, but the Maps and Photos app will have you pulling your hair out.

Windows 10 does what it set out to do: Bring the Windows 7-style interface into the tiled universe. It is, in many ways, what Windows 8 should’ve been. It has all the advancements from Windows 8 — security, stability, power saving, and on and on — with much of the Windows 7 interface fully integrated. Windows 10 makes the old-fashioned desktop an integral part of the product, instead of an accidental tag-along, as it was in Windows 8 and, to a lesser degree, Windows 8.1.

At some point — sooner rather than later — I figure most Windows 8/8.1 users will want to upgrade to Windows 10, although there may be some touch-sensitive types who won’t like the new Tablet Mode.

For Windows 7 users, it may make more sense to hang tight for the foreseeable future — or at least until Windows 10 Update 2 or 3 or 4 or 17 may be available. Sit back and watch the rollout unwind. It will take months for the major problems to surface and be corrected by Microsoft. It will take longer — perhaps much longer — for updates to make the promising new features attractive enough to warrant upgrading.

croppedBF3Brian Fox, Systems Engineer

The Frustration of Spam

Spam control is one of the biggest challenges in the IT world, comprising well over half of all email traffic. The problem is that there is no clear line between what is spam and what is not. Spammers go to great lengths to send messages that do not get filtered out, and some legitimate email messages have the characteristics of spam. There are spam filters available, both cloud-based and server room appliances, that use a combination of heuristics (making decisions based on analyzing the characteristics of the emails) and published blacklists of domains that have a history of sending spam. While the blacklists are absolute, the heuristics are making programmed best-guesses based on evidence in the email. Also, the heuristic rules “learn” over time to become more effective for an organization. While a person can recognize most spam immediately, the programmed rules in the spam filter are sometimes less definitive. Whitelists are used to override the filter process to tell the device that anything from the whitelisted domain should be passed through. Remember that spam originating from a whitelisted account will always get through.

There are settings in most filters that adjust the heuristic decision thresholds. Increasing the filter thresholds will decrease the spam but will cause more false-positives, meaning that more valid emails will be blocked. Decreasing the thresholds will reduce false-positives but allow more spam. There is no setting that will guarantee that all spam is blocked and all valid messages are allowed. Even people have a hard time distinguishing some messages.

I know this is a frustrating problem but I hope this explanation helps. If the volume of spam you are receiving seems unreasonable, we can evaluate your situation and recommend an appropriate solution.

Gordon-WaltonGordon Walton, President

Does your IT service team need a checkup?

Is your IT service solution a necessary evil or part of your competitive edge? Computer technology is critical to your business, legal practice, or medical practice and effective IT support is critical to your day to day operations and productivity. Is yours working for you?

It starts with trust. When you give anyone your administrative passwords, you’re handing over the keys to your kingdom. The integrity of each Systems Engineer (SE) is all that protects your business, financial, and patient information from misuse. That same integrity ensures that you are not being sold more than you need.

Technical competence is paramount. Experienced, knowledgeable SEs that work together as a team can optimally configure your software and systems to enhance your work flow. The result is increased efficiency and fewer problems. And when problems do occur, competent SEs should identify and resolve them quickly to minimize the impact on your operations.

Your relationship with your IT provider defines whether you have a hired hand or a key extension of your team. Your lead SE should know you, your staff, your practice, and your preferences and should speak your language. Then they can help educate and guide you to the best technology decisions for your practice. Your staff members should be as comfortable with your SE as they are with each other. A long-term, close relationship with your lead SE (not just the sales account manager) makes all the difference.

Be more productive and more competitive by making sure your IT service is the best it can be. If you’re not sure yours is, call us. We can help.

Gordon-WaltonGordon Walton, President

Are you securing the keys to your company?

Today’s headlines are full of security breaches and the penalties are steep. You can lock the doors to your office but how do you lock up your data? With mobile access and cloud computing your data can be available anywhere. Passwords are the only barrier to unauthorized access and should protect every workstation and every data application on the workstation.

You wouldn’t lock your office with a skeleton key so you shouldn’t lock your data with simple passwords. The best ones are lone, complex, and look incomprehensible, which are difficult to remember especially when changed often. Passwords should be at least 8 characters long with a mix of uppercase, lowercase, numerals, and special characters. Never use personal information or words found in the dictionary and don’t use the same passwords for less secure sites (e.g. shopping) as you do for more secure ones (e.g. your electronic health records [EHR]).

To make them complex but memorable use a few of these tips together: Combine two or more “keywords” as a base, or generate keywords by making a mnemonic from a phrase or sentence, such a ftybr for “follow the yellow brick road”. Make some of the letters uppercase, and substitute special characters for letters such as @ for a, ! for 1, or $ for s. Use the buttons on your phone to convert some of the letters into digits such as 8 for T, U, or V. You can include a special date but put some of the digits at the beginning and some at the end.

Now that you have strong passwords, protect them! Never write them, share them, or save them on your computer.

Gordon-WaltonGordon Walton, President

Is your data protection process healthy?

Can your practice survive a major data or server loss?  Recently we’ve had a clear reminder that catastrophic failures happen.  Much more common, but less public, are disk failures and data losses that are costly and can hinder a practice’s ability to conduct business.

Backup data must be moved offsite daily so that it is safe in the event of a catastrophe.  Some options are removable media such as tapes or external hard drives that are carried off site.  Internet backup services are also widely available.  Files and folders are selected and transmitted offsite during the night.  The volume of data that can be protected is dependent upon the bandwidth (data rate) of your Internet connection, and data must be encrypted to comply with HIPAA.  While fully automated, only the pre-selected files are retrievable if needed.  When choosing this type of service be sure to check features offered, user feedback, and the reliability of the company that will hold your data.

None of these methods address business continuity.  A failed server can take days to recover.  The hardware must be replaced, the operating system (Windows) reinstalled, your software installed and configured, and finally your data is restored.  Cost-effective backup and disaster recovery systems (BDRs) offer comprehensive protection.  They provide fully-automated secure daily offsite backups, disk-image copies to restore your server disks in one quick step, and onsite backup snapshots for recovery of files lost weeks or months ago.  And BDRs keep your practice running – they act as a stand-in server so your staff goes back to work while your own server is being cured.

Gordon-WaltonGordon Walton, President

Do you have effective access to your company?

With the increased use of web-based and cloud-based applications, your internet connection has become critically important.  However, it’s commonly treated like your electric utility, ordered and forgotten.  We find that many organizations pay too much or have inadequate service or both with an ISP (Internet Service Provider) that made sense years ago.

There are many technologies available in WNC including DSL, T1, cable, point-to-point radio, Ethernet-over-copper, MPLS, fiber, and satellite.  Each has its own characteristic data rates, reliability, price ranges, and geographic availability.  Some integrate well with your phone service needs and can be bought as a package.  Data rates range from 1.5 Mbps (megabits per second) to 50 Mbps or more.  Commonly, the download speed (data coming into your workstation) is much higher than the upload speed (asynchronous) which works well for web browsing.  For IP phones, many EHR and database applications, and connection to remote offices, performance might be substantially improved with a synchronous link (both speeds the same).

We have many ISPs in WNC offering some or all of these solutions.  First, determine your needs.  Your software providers specify minimum recommended requirements.  Consider connections to your remote offices and the demands of automated nightly offsite backups.  You may want to install a secondary service with automatic rollover if your operations will suffer in the event of failure.  Talk to your staff to determine what’s not working well.  Get quotes from several providers and check references for the service you select.  Some services have monthly data limits (costly when exceeded) and some vendors have long contract terms.  Your IT provider can guide you through this process, and don’t forget – they need to be on site during the changeover!

 

Gordon-WaltonGordon Walton, President

Should your company be in the cloud?

Last month we presented an overview of cloud services. Now let’s discuss advantages and disadvantages.

The major advantage of cloud services is that management and maintenance of these services is not your responsibility. Software and hardware upgrades are handled by the provider and are generally transparent to you aside from possible scheduled service downtime. You may see IT cost savings due to not having to pay a contractor or in-house staff for these time-consuming upgrade projects, though you’ll still need to pay for the service and maintain your office PCs, printers, and networking equipment. Since the vendor performs upgrades for you, you run little risk of your cloud-based applications becoming outdated.

The downside is that since your applications and data are hosted offsite at the provider facility, you’re completely dependent on them to maintain operations. If the provider suffers a service outage or disaster, you have no way of accessing your data. This is rare but has happened with some vendors. Most vendors offer an uptime guarantee in their service agreement. Your vendor can potentially access your data as well.

You must also maintain access to the Internet. If your office suffers an Internet outage (equipment failure, ISP service disruption, etc.) you will be unable to access your cloud-based applications or data. We recommend that any organization considering moving critical applications into the cloud maintain a backup ISP of a different service type than your primary (e.g. Cable and DSL, T1 and Cable, etc.) to minimize the impact of a local service outage.

Matthew-HortonMatthew Horton,  Directory of Technology
 

 

So what is this cloud anyway?

There’s a lot of talk these days about cloud computing, and much confusion about what that means.  So how do you know if you should be in the cloud?

Use of computers usually involves two things – the application software that does your work and the data the software manages.  Traditionally the data and software are stored and run on your own computers.  You are responsible for purchasing, installing, maintaining, repairing, and managing this infrastructure.

Cloud computing refers to accessing your data and software programs as a service over the Internet.  Your software and data are hosted elsewhere and the results are delivered to you on your monitor.  The host provider is responsible for equipment and more.  You just purchase the capability that you need, usually paying per time period, per user.  Everything still runs on computers, just not at your facility, and each user still needs a workstation.  If the Internet is unavailable, you can’t work.

There are several levels of cloud computing.  With Software-as-a-Service (SaaS), your vendor/host provides the application and your data is stored on their servers.  Common for years and usually accessed with a web browser, familiar examples are Salesforce CRM, Gmail, and Google Apps.

Another level is Infrastructure-as-a-Service (IaaS), where the vendor/host provides the computer, storage, and network hardware infrastructure, and you upload and manage your own software.  This model requires more technical expertise but gives a lot more flexibility to choose your applications.

Gordon-WaltonGordon Walton, President

 

Is BYOD good for your organization?

There’s a lot of talk today about BYOD (Bring Your Own Device), the practice of employees bringing their own mobile technology into the workplace for work-related purposes.  This practice, using laptops, tablets and smartphones, is also known as the consumerization of IT.  It is increasingly prevalent in many businesses and can improve worker productivity and satisfaction.  However, it introduces significant challenges to data security.

Maintaining security can be very difficult on devices not owned by organization.  Most of us are aware of the risk of compromised data, and now personal devices are being connected to the corporate network.  These devices are carried in and out of your office and then connected to personal and unsecured networks.  If confidential information is accessed, it may be stored on the smartphone for ease of use.  Many users have backup services in the cloud.  Once there, your data is beyond your reach and out of your control.  And if that smartphone is lost or stolen, untrusted parties can gain access to anything stored on the phone.

Make sure you have a BYOD policy that clearly defines expectations and rules of engagement.  Minimum security requirements and tools for the device should be specified as a requirement before connecting to company resources.  Work with your IT provider to evaluate your specific needs and risks, develop policies and implement technology safeguards to protect your data.  Be sure that your policy specifies how data will be retrieved and removed from personal devices when an employee leaves your organization.  Don’t become the next case study in compromised private information.

Gordon-WaltonGordon Walton, President