Viewing entries in
IT Management

You’re Fired! Now Give Me Your Password

You’re Fired! Now Give Me Your Password

Losing an employee is not usually a good experience. If they leave voluntarily, you lose a valuable asset. If they have to be fired, you have the arduous task of the progressive discipline process and the final termination meeting. But there are other concerns that arise when an employee leaves. Those concerns are security and their access to company data.

Here are some considerations regarding passwords and voluntary termination (A.K.A. resigned) or involuntary termination (A.K.A. fired.) It is important you have a process in place so that whenever a termination occurs, nothing slips through the cracks regarding corporate data security.

  1. When you dismiss an employee, you should immediately change out all passwords for anything the employee had access to. Because almost all terminations should be planned, you should also define the process for canceling access. It is unwise to cancel prior to the termination meeting. If you do that, you create the potential for a confrontation when they arrive at work and find their passwords have been disabled. Instead, plan ahead and assign someone to disable their passwords during the time you are having the termination meeting. Before the meeting, be sure you have a list of all access cards, keys, etc. prepared so they can be cancelled before the employee leaves the building.
  2. Voluntary terminations ­- Different firms have different policies handling resignations. Depending on the specific position, an employee will be permitted to continue working during their 2 week notice period. In that case, you need to consider if there is any possibility the employee might get up to no good during the final days. That is something only you can judge.

In some cases, firms will ask an employee to leave the facility immediately. In that case, you need to have a plan in place. You need to have a list available of all of the restricted systems to which they have access for when this situation arises. The employee should not leave the building until all of their access has been canceled.

This all may seem a bit harsh, but things have changed. 30 years ago, for a disgruntled employee to steal files, they’d be carrying out large boxes of file folders. Now, not only can they empty the building onto a thumb drive, they can take nefarious action that wasn’t possible when data was stored on paper.

IT Defense In Depth Part I

IT Defense In Depth Part I

In the 1930s, France built a trench network called the Maginot Line to rebuff any invasion. The philosophy was simple: if you map out all the places an enemy can attack, and lay down a lot of men and fortifications at those places, you can rebuff any attack. The problem is, you can’t map every possible avenue for attack.

What does this have to do with IT security? Today many business owners install an antivirus program as their Maginot Line and call it a day. However there are many ways to get into a network that circumvent antivirus software.

Hackers are creating viruses faster than antivirus programs can recognise them (about 100,000 new virus types are released daily), and professional cybercriminals will often test their creations against all commercially available platforms before releasing them onto the net.

Even if you had a perfect anti­virus program that could detect and stop every single threat, there are many attacks that circumvent anti­virus programs entirely. For example, if a hacker can get an employee to click on a compromised email or website, or “brute force guess” a weak password, all the antivirus software in the world won’t help you.

There several vulnerabilities a hacker can target: the physical layer, the human layer, the network layer, and the mobile layer. You need a defense plan that will allow you to quickly notice and respond to breaches at each level.

The physical layer refers to the computers and devices that you have in your office. This is the easiest layer to defend, but is exploited surprisingly often.

Here are a few examples:

  • Last year 60% of California businesses reported a stolen smartphone and 43% reported losing a tablet with sensitive information.
  • The breaches perpetrated by Chelsea Manning and Edward Snowden occurred because they were able to access devices with sensitive information.
  • For example, CompTIA (https://www.comptia.org) left 200 USB devices in front of various public spaces across the country to see if people would pick a strange device and insert into their work or personal computers. 17% fell for it.

For the physical layer, you need to:

  • Keep all computers and devices under the supervision of an employee or locked away at all times.
  • Only let authorized employees use your devices
  • Do not plug in any unknown USB devices.
  • Destroy obsolete hard drives before throwing them out

Next time in Part II, we will talk about the human and network layers of security.

DEMYSTIFYING THE CLOUD IN LAYMAN’S TERMS

DEMYSTIFYING THE CLOUD IN LAYMAN’S TERMS

INTRODUCTION

For several years, cloud technology has been one of the most talked about subjects in business technology circles. By now, most small-to-medium sized business (SMB) owners have heard that cloud computing is transforming the way their peers do business, and they’ve been inundated with talk of how the cloud enables small businesses to cut IT costs and operate more efficiently. 

But for many small businesses, the cloud is a pretty (ahem) nebulous idea, and they have a pretty wispy notion of its potential business value. 

For example. 54% of SMBs told Wakefield Research – a market research firm - that they’ve never used cloud technology. Of that figure, it was found that roughly 95% of them were already in the cloudand had been for years. They just didn’t recognize it. 

The purpose of this e-guide is to explain cloud computing in layman’s terms. For decision makers who aren’t necessarily technology gurus, any mention of the cloud can sometimes set off a “Stranger Danger” alarm. SMBs often resist change because they fear the risks and costs of investing in new technology and they lack knowledge and support. 

We’ve reached a point now where it’s obvious the cloud is here to stay and its economic benefits simply make too much sense to ignore. Since most start-ups and small businesses run with exceptionally strict budgets, bearing the financial brunt of owning, maintaining, and securing their technology may be impossible. Understanding the cloud – what it is, its benefits, its risks, and how to manage those risks – is critical.

A SIMPLE VIEW OF THE CLOUD

Let’s try describing the cloud for once without any tech lingo. Picture for a moment a really cramped office space. You and a few coworkers sit in tight quarters with disheveled desktops buried in mounds of files and paperwork. There is absolutely no room for storage. And it will be years before you’ll be able to afford a larger office space. 

Your building manager offers to rent you an empty file cabinet in the basement. Although this basement space is shared with other tenants, only you and your team will have a key to this locked file cabinet to store and retrieve documents and files as you wish. Your rent is relatively cheap compared to other tenants since you’re only paying for the file cabinet and not the larger storage areas they’re renting. 

Suddenly, those once cluttered desktops are cleared, leaving some actual physical space to work. Work can be done much more efficiently without the complications that once hindered it. This is close to what the cloud does for the backend of small business IT infrastructure. 

THE CLOUD IS A TECHNOLOGY EQUALIZER 

Historically, the technology used by larger companies has never been available to smaller businesses. Most SMBs have neither the hardware budget nor internal support to “own” a massive internal network infrastructure. 

Previously, only large organizations have had the money to invest in IT infrastructure. But the cloud truly democratizes computing and levels the playing field. In many ways, it’s the great equalizer, giving companies of any size the ability to store information at a remote datacenter rather than on-premises. It gives small businesses the ability to do large-scale business at a lower cost. 

THE CLOUD ISN’T NEW, YOU’VE BEEN USING IT FOR YEARS

The cloud is more or less a sexy buzzword for the Internet... or at least the next evolution of the Internet. Many SMBs don’t even realize that they’re already in the cloud and have been for more than a decade. Anyone that has ever used a hosted email provider such as Gmail has already had sensitive data stored, accessed and exchanged in the cloud. Cloud-based email hosting was one of the first and most broadly adopted cloud services used for both personal and professional use. 

If you’re using social media sites like Facebook, Twitter, LinkedIn, or photo sharing sites like Instagram, you’re already part of the public cloud. Do you shop at Amazon or order movies through Netflix? You’re again in the cloud. 

Since SMBs don’t typically have the resources to build private clouds, most rely on public clouds. Public cloud deployments are completely virtual, which means less hands-on management is required since the infrastructure (hardware such as servers, storage devices, networking equipment, and firewalls) is all off-premises. In an economy where SMBs find themselves having to stretch their technology investment as far as it can go, the benefit of not having to pay for hardware, employees to maintain and manage that hardware, software licensing, deployment, and updating is critical. 

One analogy commonly used is the public utility. Obviously nobody would expect you to power your home or business with your very own electrical plant. The costs to do so would be exorbitant and the maintenance would be impossible. Consequently, you and others within the same electric grid share in the overall cost of the infrastructure to generate and transmit electric power into your home. Being part of the grid enables us all to have access to affordable power based on our usage – just as the cloud makes business solutions that were once only affordable to large enterprises reasonable for SMBs by spreading costs across a network of users and charging only for actual usage. 

Companies typically focus on offering one of three categorized cloud-computing services that are referred to as layers in the cloud:

  • SOFTWARE as a SERVICE or SaaS

Remote services accessed online predominantly used for office processes such as email, file storage/sharing, communication, bookkeeping - Examples: Salesforce’s CRM, Citrix’s GoToMeeting, Google Apps, Box.net, Dropbox. 

  • PLATFORM as a SERVICE or PaaS

Web application management, design, storage, security, and app development/ hosting - Examples: Google App Engine, Amazon Web Services Elastic Beanstalk, Windows Azure, Salesforce’s Force. com, Appistry’s CloudIQ, and Engine Yard. 

  • INFRASTRUCTURE as a SERVICE or IaaS

Outsources hardware needs by renting SMBs their own offsite server, storage, and dedicated network and hardware - Examples Rackspace, Red Hat, VMWare, Amazon Virtual Private Cloud, and Microsoft.

Basically, the cloud hosts an application for any type of work process needed by a SMB. 

WHY USE THE CLOUD? 

Reduction of Costs:  Significant savings can be achieved since the cloud’s mass scale computing minimizes onsite physical storage hardware and internal IT staffing. 

Anytime, Anywhere Access:  Since data access is no longer restricted to a solitary employee or physical device, users can access, share and collaborate in the cloud whenever and from wherever they please. Examples of cloud-based applications include Google Drive (Docs), Trello, Booker and PipeDrive. 

Better Collaboration:  The cloud is available on-demand to computers and other devices from any location at any point of time. This allows for better collaborative efforts among teams given today’s increasingly dispersed mobile workforce. Today’s SMB can share data and collaborate across their organization in a way that was once only possible with a highly competent System Administrator and Microsoft Sharepoint. 

Greater Scalability:  Cloud-based services offer SMBs greater flexibility to scale IT needs up or down as the varying business environment demands. 

Faster Deployment:  Cloud-based services can be deployed within just an hour or a few days rather than the weeks or months it often takes to strategically plan, buy, build and implement an internal IT infrastructure. 

Environmental Friendliness:  The cloud’s energy efficiency is attractive to any company conscientious about the environment and wanting to be “green.” The Berkeley Lab conducted a six-month study that determined that shifting 86 million U.S. office workers to the cloud reduced energy usage by 87 percent. That’s enough left over electricity to power the city of Los Angeles for one year. 

Improved Security:  Although many SMBs cite security concerns as the reason they’re reluctant to move to the cloud, there are actually very few data breaches involving cloud providers. Of the reported 404 data breaches in the U.S. in 2013, roughly 270 of them were due to lost, stolen, or discarded devices and paper records, rogue employees, payment fraud, and unintentional employee error. Data in the cloud may actually be more secure than data stored on computers, laptops, and company servers with an array of security vulnerabilities. Unlike a laptop, the cloud can’t be left behind in a hotel lobby. Most SMBs cannot secure their datacenter with the advanced tools, encryption methods, frequent testing, and third–party certifications used by cloud service providers.

Business Continuity:  Data storage and backup is one of the most frequently used cloud-based services amongst SMBs. Many cloud service providers offer SMBs unlimited storage capability, automated data sync and backup processes that reduce or eliminate downtime events. 

THE NEED FOR CLOUD MONITORING

SMBs who are still uneasy about a move to the cloud may want to consider cloud monitoring through a local managed services provider (MSP). Cloud monitoring helps SMBs deploy to the cloud with confidence. The idea of relinquishing control to a third-party service provider tends to make many SMBs understandably tense. Cloud monitoring offers the worried SMB owner or Chief Information Officer (CIO) aroundthe-clock end-to-end visibility into the performance of their cloud services and IT infrastructure. 

Cloud monitoring supports a hybrid deployment architecture by unifying servers deployed in multiple environments – whether it’s on-premise, in a data center, or in a public cloud such as Rackspace or Amazon - into one single dashboard to simplify 24/7 performance monitoring. This allows SMBs to oversee the performance of any servers and applications deployed to the cloud to maintain optimal uptime and ensure a positive end-user experience. 

Cloud monitoring services offer SMBs proactive monitoring, automated alerts, alert escalation, and full problem resolution support by way of a fully dedicated 24/7 network operations center (NOC). Cloud security is also carefully monitored with frequent audits to proactively identify and address possible breach vulnerabilities. 

SUMMARY

This isn’t a dark or ominous cloud hovering over us. It’s fluffy, white and full of possibilities. It’s a “happy little cloud” as famed PBS oil painter Bob Ross would say. The benefits of reduced costs and complexity, flexible scalability, and lower per-unit cost are simply too alluring to ignore. 

Concerns about security are valid but small businesses today may actually be exposing themselves to more breach vulnerabilities by not being in the cloud. The notion that data must be on-site to truly be secure is as misguided as the belief that money is safer tucked beneath a mattress than in a bank. Top cloudservice providers are capable of investing far more into their security than any SMB running their own technology.

Cloud monitoring services adequately address any perceived loss of visibility SMBs commonly fear by taking to the cloud. It also simplifies the adoption of cloud solutions for SMBs, setting them on a path to progressively forge ahead with business goals and objectives and leverage new technology with confidence. 

THE CLOUD AND PARTNERING WITH A MANAGED SERVICE PROVIDER

THE CLOUD AND PARTNERING WITH A MANAGED SERVICE PROVIDER

Overall, the cloud is likely a more secure data solution for small business. Any conception that the cloud isn’t safe is outdated. Most of 2013’s security breaches were the result of lost or stolen devices, printed documents falling into the wrong hands, and employee errors leading to unintended disclosures. It’s fair to speculate that many of these breaches wouldn’t have occurred had this information been stored in the cloud rather than computers, laptops, and vulnerable servers.

SMBs with limited budgets are actually enhancing their security by moving to the cloud. Since there is no way a SMB can match a large enterprise’s internal services, moving services like emails, backups, and collaborative file sharing to the cloud not only reduces total-cost-of ownership, but gives access to top-level security to better defend against internal and external threats.

Meanwhile, a Managed Service Provider (MSP) can assume responsibility for security measures like the administering of complex security devices, technical controls like firewalls, patching, antivirus software updates, intrusion-detection and log analysis systems.

MSPs are also capable of generating a branded risk report for any potential client or business partner reviewing your security measures. This third party manual assessment of your network security can in still confidence in prospective business partners by proving to them that any possible security risks or vulnerabilities will be properly managed and addressed.