• May 12, 2022
  • Catagory remote work

Disruption is an opportunity for improving security

By : Justin Folkerts

The pandemic has been a challenge from security perspective, but it can also be viewed as an opportunity to review your best practices, your cybersecurity tools, and the role of a managed service provider.

The move to remote work two years ago was quite sudden, and left many organizations caught off-guard. If they were in the process to moving to more cloud-based services, the pandemic accelerated that migration. It also brough to light security challenges that could not be ignored because the number of endpoints suddenly grew exponentially with the bulk of their employees working from home.

As Dell’Oro Group Mauricio Sanchez recently pointed out in a blog post about the top five demands and challenges faced by CISOs, the massive disruption of pandemic compounded the rate of technology and threat change, and provided an impetus for looking at security problems in new ways and drove investment that would not have been possible in a non-pandemic environment.

While small and medium-sized businesses rarely have a C-level executive in charge of security or even a CIO, there are lessons they can take from observing the cybersecurity trends affecting large enterprises.

Relationships matter

Sanchez notes that the security vendor landscape is highly fragmented, so if a CISO is trying to sort through many options, don’t feel bad as an SMB if you’re feeling a little lost about what to implement and who to work with.

It’s important not to be tempted by new and shiny security products simply because they are new and shiny. The products and services you choose should be guided by an understanding of what needs to be protected in your organization, both on-premises and through your distributed workforce. Vendors do have a role in helping you secure your organization by developing security controls and technologies that will benefit you, but bi-directional communication essential.

For smaller organizations, it’s often best to engage with a managed service provider who can keep abreast of the rapidly evolving landscape of threats and available cybersecurity products. They can help navigate the options, evaluate your current security posture, and implement and manage what works best depending on the nature of your business.

Consider Zero Trust, but remember it’s a strategy, not a product

The shift to remote work has given Zero Trust increased traction, but whether you’re a big enterprise with a CISO or a smaller organization with limited IT resources, don’t confuse tactics and strategy.

As Dell’Oro’s Sanchez notes, Zero Trust is a valuable strategy but it’s not a product you can buy. Having a coherent strategy and understanding what needs protected will help you avoid wasting your IT budget on products do very little to improve security. Simply buying “zero trust” product could create a false sense of security, he says, and ultimately lead to your business being compromised.

Even if you’re confident that they are the right fit for your organization, buying the latest and greatest security solutions only go so far if you don’t have a firm handle on the fundamentals. A managed service provider with security expertise can help you best understand how a Zero Trust strategy can be implemented, and what tools you need to support it.

  • April 14, 2022
  • Catagory Collaboration

Any business can benefit from a UCS

By : Sanjeev Spolia

If you’re an SMB who thinks a unified communication system (UCS) is a luxury for large organizations, think again.

With remote work still the norm even as employees head back to the office, having the right tools for remote workers is essential for attracting and retaining talent by offering flexibility to your team, as well as maintaining competitive advantage in your industry through efficiency and productivity.

A UCS enables distributed employees to collaborate effectively by pulling together all the communications and file sharing tools they need into a single platform, including calendaring, video conferencing, voice calling, chat and email. Together, your staff can communicate, share information, and easily keep everyone in the loop through advanced project management capabilities and cloud-based storage.

The right UCS platform will work with multiple devices, too, with an emphasis on mobile device optimization to enable employees to connect from anywhere. Your chosen UCS should balance simplicity to ensure an intuitive experience for all users while also offering advanced functionality such as one-button push to join, in-meeting chat, call-in and callback, and whiteboard capabilities.

If you’re already invested in cloud-based business tools such as Microsoft Office 365, Google Docs, and popular customer relationship management (CRM) software, you can integrate them and other software with a UCS through application programming interfaces (APIs). Any UCS should readily integrate with your existing IP network or on-premises IP telephony network.

All these capabilities and integrations might suggest that adopting a UCS is an expensive, complicated proposition best left to a large organization with an in-house IT team, but because today’s UCS solutions are cloud-based, it’s feasible and relatively easy to adopt and scale up a UCS in line with the growth of your business and headcount. A cloud based UCS streamlines ongoing management, so it’s easy to add users, devices and locations and keep an eye on all of them through a centralized, holistic dashboard.

Adopting the right UCS sets your employees up for success in an era of hybrid work, no matter where they’re working, enabling them to connect and collaborate cohesively to keep your business competitive. If evaluating and deploying a UCS still seems overwhelming, you don’t have to go it alone. A managed service provider can help you select the best platform for your needs and integrate with your existing telephony and productivity apps, as well as understand how a UCS aligns with your broader business goals.

  • November 16, 2021
  • Catagory cloud backup

Keep your data protection simple by using cloud backup

By : Sanjeev Spolia

When it comes to data protection, simple is always better, even as remote work and hybrid offices makes things more complex.

Even as endpoints flourish, you should continue to streamline your systems by leveraging cloud backup and combat complexity—the more systems you have in place, the more likely something will go wrong. You must balance redundancy with simplicity.

Even before the pandemic and the massive proliferation of remote endpoints, there were already many different applications and systems needing backup as lines of businesses spun up their own Software-as-a-Service (Saas) applications such as Microsoft Office 365 and Salesforce. Even worse, they assumed data is automatically backed up by the vendor. But in addition to those applications, you need to keep track of your servers, physical and virtual machines, and multiple endpoints that include workstations and laptops, satellite offices, and of course, remote workstations, which may even be an employee’s personal device.

The attack surface has expanded since the pandemic but having multiple data protection systems isn’t the answer. Instead, consider a single cloud backup service with built-in redundancy. As with any application, a data protection system has its own maintenance requirements and processes, so it’s best to have one that’s well-managed and reliable that makes verification simple. That way, you can be confident all your data, regardless of application, server or endpoint, is being consistently backed up. Having as single cloud backup service is also better for your IT budget.

However, depending on your environment, it may not be realistic to have a single cloud backup solution; your best approach is to implement a select few data protection systems to meet user requirements so that your IT team isn’t overwhelmed by too many backup tools as the resulting complexity will lead to misconfigurations and ultimately, a data breach that leads to a business disruption.

Having confidence in your cloud backup isn’t just important for your IT team. Data protection plays a strong role in maximizing business uptime, so you’re not only trying to keep senior IT management happy—the CEO has a stake in data protection, whether they realize it or not.

Like any application you implement to realize business goals, not all data protection and cloud backup systems are created equal. In addition, IT environments are more dynamic than ever thanks to digital transformation efforts, the emergence of the hybrid office, and the persistence of remote work. When selecting a cloud backup solution, be sure they meet all your data protection criteria including compliance, security, and restoration windows.  You might want to consider taking the opportunity to replace legacy systems that can be difficult to back up, rather than keeping them going because it will reduce maintenance costs, add data management capabilities, and improve your overall data protection effectiveness.

Remember that data is more portable than ever, too, especially when fewer people are working in the office behind the corporate firewall. If applications and data are spread cross multiple clouds, as well as endpoints and workstations, then your cloud back solutions must consider that your data is distributed across many platforms, as well as understand the built-in data protection of SaaS productivity applications—not just what they can do, but also what they don’t do.

A dramatic increase in the number of remote workers and the emergence of the hybrid office are great reminders that the need for robust data protection is never going to go away. As the year ends, take the opportunity to revisit the cloud backup solutions you have in place and implement a strategy to modernize it as needed to reflect the world of work with the help of an experienced managed services provider.

  • October 17, 2021
  • Catagory PCaaS

PC-as-a-Service (PCaaS) streamlines and procurement and enhances productivity

By : Sanjeev Spolia

With the trend toward remote work evolving to a hybrid office modelv, the case for small and medium-sized businesses to embrace PC-as-a-Service (PCaaS) is more compelling than ever.

Businesses need their employees to be as productive as possible no matter where they are without worrying if their PC workstations are fast enough, secure enough or properly connected to the data and applications they need to get things done.

PCaaS offers many benefits, allowing you to scale up your employee PC footprint as quickly as needed to support essential on-site employees, remote workers and hybrid offices with the latest and greatest Windows-based desktops and laptops.

Predictable costs and more secure data

Moving to PCaaS eliminates the upfront of cost of buying PC workstations and reduces the time and effort necessary to source and negotiate with vendors. Guided by your requirements, a managed service provider acquires the best hardware on your behalf, and you subscribe instead of buy through a monthly leasing model.

A PCaaS subscription provides predictable budget because your costs are fixed over the course of the agreement rather than occasional small or large capital expenditures and all the associated costs with deploying, managing, and maintaining a fleet of workstations. The cost savings of embedding the cost of equipment into a monthly fee add up quickly because lifecycle management of hardware becomes the responsibility of your service provider, including device disposal. You also have the flexibility to scale up or down as needed without worrying about whether you have the available management expertise or devote resource to sourcing and negotiating with vendors.

PCaaS frees up your own IT teams for more strategic projects aligned with business objectives because you can trust that a managed service provider will provide the technicians needed to manage any hardware and software regardless of location, including on-site troubleshooting or remote updates and maintenance. This also translate into reduced downtime because this IT support is available 24/7. Productivity is also enhanced because any new device that lands on an employee’s desk is pre-configured to desired specifications with all needed apps necessary for them to do their job.

Another added benefit to PCaaS is enhanced data protection due to better business continuity and security. The right service provider will also offer off-site data so that in the wake of a natural disaster or power loss they can easily restore critical data and re-provision your equipment quickly so there’s little to no disruption to your business operations. PCaaS also encompasses security safeguards such as hardware-based security measures, secure authentication for users, and data encryption and malware detection/remediation as part of any device deployment. By managing your fleet from a central location, your provider can update all devices with any security patches remotely, as well as keep a real-time inventory by tracking their location and status.

Workstations on demand

Supra ITS’ PCaaS, also known as “Workstation-as-a-Service” (WaaS) takes on the day-to-day management of all your employee workstations, no matter where they work or what they do. We manage any software updates and hardware upgrades, answer any technical support calls, and reconfigure the PC as needed to improve productivity and meet business objectives. This enables both your employees and IT staff to focus on strategic initiatives that drive revenue for the business rather than get bogged down with PC troubleshooting.

Because we automatically deliver the latest patches and updates to every endpoint in alignment with robust security policy and any mind any regulatory requirements that govern your industry, you can have peace of mind your business is protected without any barriers to productivity. Our sourcing strategy future-proofs your business with workstations that will be able to run your core applications for years to come.

  • September 30, 2021
  • Catagory Security

Cybersecurity Attacks Target Remote Work Technology: Things You Can Do

By : Justin Folkerts

Remote work technology continues to be a prime target for cybersecurity attacks.

Recent research released by Tenable in collaboration with Forrester found that nearly three quarters of organizations have traced recent cyberattacks that have impacted their businesses to vulnerabilities in remote work technology. Even before the pandemic began, the traditional perimeter around enterprise IT infrastructure had become rather porous due to increased mobility of workers and cloud adoption. With a hybrid workforce that has fully embraced remote access tools, cloud services, and personal devices, that perimeter is pretty much gone.

The Tenable / Forrester research found that 80 per cent of security and business leaders say remote work has put their organizations at higher risk because IT teams lack visibility into remote employee home networks as more than half of remote workers use a personal device to access work data. This has meant three quarters of cyber attacks are targeting remote employees. Threat actors are also exploiting third-party software providers or leveraging vulnerabilities in those products, with 65 per cent respondents linking those compromises to recent cyberattacks. 

For small and medium-sized businesses, it can be challenging to invest a great deal of money in security technology and dedicated IT staff, but there several core things that can help to better protect remote work technology from cybersecurity attacks.

  • Use a Virtual Private Network (VPN): Implementing a VPN for anyone accessing corporate data and applications via the Internet provides an additional layer of security via multi-factor authentication and should be required for anyone looking to access valuable company intellectual property and other sensitive data.
  • Use complex passwords: Many employees opt for simple passwords they can remember and use them for more than one application or website, which means once a hacker guesses one of them, they have access to a great deal of private information. Since these can be difficult to remember, consider implementing password encryption software that stores usernames and passwords without the need to know what they are because the information is encrypted from the start.
  • Educate everyone: Having the right technology in place only goes so far; you need a culture where all employees understand the need for complex passwords, log in via VPNs, and recognize phishing attacks and other suspicious emails. In addition to employee training, set aside a budget for your cybersecurity team to attend webinars and other courses that help them keep up with an ever-changing threat landscape.
  • Keep everything up to date: Whether it’s hardware or software, getting behind upgrades and patches is sure fire to create vulnerabilities that threat actors will support. While much of this can be automated, you should have a program in place to verify all necessary updates are done on schedule.
  • Pick a reputable cloud service provider: A great deal of security misconfigurations that lead to data breaches are the result of connecting with the many cloud services available to businesses today. Make sure your chosen providers have a solid track record on the security front and understand what they’re responsible for securing and what must be done at your end.

Keeping ahead of cybersecurity attacks has always been a challenge and the remote work era hasn’t made it easier. Consider seeking out a managed security services partner who can help you evaluate your security posture, implement new technologies and policies, and automate where possible so that your business is a less appealing target for threat actors.