Client Data: Do you have the right answers?

Do your clients ask about how your firm handles data and security? More than ever, firms are expected to explain how they protect their clients’ private data—properly and securely. The correct answers can have major implications with your clientele and compliance obligations.

What we’ll cover:

  • What are the top steps to keep you compliant?
  • What type of training does your firm need?
  • Should you be doing a security audit?
  • What about updating your firm’s policies?
  • Understanding the difficult technical questions

4 awesome advancements in cloud computing

The technology behind cloud-based computing is advancing at a rapid rate. With improvements such as enhanced data integration, streamlined architecture, and multi-cloud environments, small and medium-sized businesses (SMBs) have exciting new options for harnessing the cloud to meet their business goals and growth objectives.

If you’re an SMB leader looking to run your operation more efficiently and take your cloud use to the next level in 2019, here’s what you need to know about this ever-evolving technology.

Hybrid cloud options

There’s no single cloud solution for every business out there, which is why there are so many hybrid cloud options emerging now. Among the available cloud setups including private and public clouds, many businesses need multi-cloud options.

Hybrid cloud options address problems faced by many businesses – efficiency, cost, and regulatory requirements. For example, businesses handling sensitive data can’t operate this workload from a public cloud. However, they may be ready to move some of the workload onto a private cloud and use public clouds or on-site servers to handle other operations.

Hybrid cloud computing gives businesses access to creative, customized cloud solutions that work specifically for their individual business needs. This technology continue to advance in coming years.

“Serverless” computing

Serverless computing is a relatively new concept that is still in its infancy. The revolutionary technology behind the concept, however, promises to deliver flexible, efficient computing for all businesses.

Although it’s called “serverless” computing, there is still a server involved – the difference is that the server is operated by a cloud provider, not an individual. There’s no need for users to manage the servers running their systems anymore, hence the term “serverless”.

What’s most exciting about this technology is that only the exact amount of computing resources needed for any given task are used at a time. This means that you only pay for the precise amount of resources you use – no more wasted costs!  

Detailed analysis

The cloud lets you analyze data like never before. Cloud-based analytics deliver insights, forecasts, and trend reports in real time from one convenient location. Users can then harness this information to best serve their business needs.

What’s impressive about this technology is that business leaders can embed it into their infrastructure at the right pace for their company. They can also pick and choose how to integrate the technology into their own workflow and operational processes – there’s no such thing as a “one-size-fits-all” solution, and advancements in cloud analytics reflect this reality.

For example, businesses or their IT providers can create analytical applications to support their specific end-user requirements. These applications collect, analyze, and process data to help identify and eliminate network and performance challenges so employees can work as efficiently as possible.

Put simply, cloud-based analytics advances take workplace efficiency to a whole new level.

Storage capacities

The storage capabilities offered by cloud computing are perhaps among the most exciting features for business leaders. Cloud-based storage lets you access your data anytime, anywhere without purchasing expensive remote storage equipment – off-site providers take care of the hardware requirements for you. What’s more, you only use as much storage as you require, and you can upgrade or downgrade your requirements depending on temporary or longer-term business fluctuations.

Cloud-based storage is a cost-effective, secure, and scalable solution for any growing business, and advances in cloud computing are increasing the variety and accessibility of storage options available.

Conclusion

Combined with a trend towards AI and improved cloud computing services, these cloud advancements significantly affect how companies of any size get the job done in 2019 and beyond. Cloud computing advancements help businesses streamline their processes and infrastructures, all while minimizing cost and limiting upfront capital investment. For more information on cloud-based technology and how it affects your business, contact us today.

The latest cloud trends you should know

Cloud computing has caused business leaders and organizations to completely re-imagine how they approach their IT resources. The cloud isn’t simply a cost to manage anymore. It’s a vital, strategic part of any business operation aiming to meet consumer and employee expectations.

What can we expect from the cloud in 2019 and beyond? Here are six trends you should know about.

Accelerating cloud adoption

Cloud services are growing exponentially. For example, KPMG estimates that platform-as-a-service (PaaS) adoption will take a substantial upturn in market share from around 32% in 2017 to 56% in 2020. PaaS lets customers launch, manage, and develop apps simply and effectively, and it’s estimated that PaaS will become the fastest-growing cloud service platform.

Naturally, as businesses turn to the cloud for their computing needs, solutions and services emerge to meet new challenges and consumer demands.

Quantum computing progress

Cloud technology is edging us ever closer to the ultimate quantum computer, according to experts. Quantum computing lets us store, manipulate, and process data in a whole new way. With quantum computing, we can solve complex medical problems, properly direct resources like emergency services, and answer previously unanswerable questions.

Experts see the cloud as a path into quantum processing. The growth in cloud computing, therefore, increases our chances of unlocking this incredible new technology. The race toward developing the ultimate quantum computer will continue.

Security compliance

Cloud computing is now so popular that many businesses adopt the model without fully appreciating the associated security challenges. Companies are moving their data to the cloud, and it’s estimated that around 83% of businesses will run their services from either public or hybrid cloud platforms by 2020.

Business leaders must understand how cloud computing makes their networks vulnerable to cyberattacks if they don’t establish, maintain and update effective security measures.

Furthermore, with the development of rigorous data protection laws, such as the EU’s General Data Protection Regulation (GDPR), businesses must ensure that they remain fully compliant with evolving standards and rules to avoid hefty fines and reputation damage.

Internet of Things (IoT)

The IoT principle relies on cloud computing more than ever before. IoT hardware, such as cars and household appliances, are increasingly using the cloud to store information, remember users, and communicate activity.

We estimate that, as these devices become more mainstream for multitasking and automation at home and work, cloud technology will evolve to respond to increased demand and integration requirements, as well as privacy concerns.

Inter-connectivity

Connecting clouds and cloud services makes it easier to manage security issues and find remote computing solutions that support your unique business goals. What’s more, interconnecting services encourages providers to work together and collaborate. This is how a landmark technology, like quantum computing, may be possible.

As cloud computing grows in popularity and complexity, we expect the technology and techniques for managing inter-connectivity to become more sophisticated and powerful.

Artificial Intelligence (AI)

There’s already a huge market now for AI development platforms. We can expect to see all cloud services becoming more sophisticated as a result, which is great news for developers, programmers, consumers, and businesses alike. Expect to see more productivity and service innovations such as chat-bots, voice-enabled technology, and automated delivery.

At the same time, demand for high-performance hardware capable of facilitating an AI environment will grow to support increased consumer and commercial applications.

Cloud computing in the future

The cloud has evolved from a simple storage solution into a strategic approach to technology delivery that organizations rely on for growth and competitive advantage. As cloud computing increasingly shapes the way we do business, company leaders need guidance to harness the seemingly endless potential of the cloud to meet operational goals and satisfy customers.

For more insight on how cloud computing trends may affect your business, contact us today.

4 top cloud security tools you should be using

When it comes to convenient data storage, clouds are infinitely convenient. They make remote working and file sharing easier, allowing most aspects of your business’s day-to-day transactions to become more fluid. In exchange for this convenience, you do face some risks. Failing to protect yourself using cloud security tools leaves you and your business open to vulnerabilities. With that in mind, here are four of the best cloud security tools you should be using.

Netskope for session monitoring and blind spot detection

Technology advances rapidly, and so do those who want to break down its barriers. Because of this, you need to prioritize cloud security tools that focus on blind spot detection. Netskope is one of those tools. While providing full data protection, it also runs real-time analytics that predict and eliminate threats. In doing so, itreduces your security blind spots, which means there are fewer opportunities for hackers to break in.

Netskope is also ideal for session monitoring, which means it delivers protection while your cloud’s users are using it. This will allow you to detect inappropriate use in the moment. This session monitoring also comes with analytics, which your IT teams can use to further reduce security holes. As a result,your cloud usage remains convenient while also staying safe.

Easetech for identification management

Using individual sign-ons for logging into your cloud is pragmatic, especially when you have different levels of access for different employees. However, it also presents an increased risk of identity theft, which could put both you and your company in jeopardy.

Easetech takes a multi-faceted approach toID management. With multi-factor authentication, there’s a reduced risk of unauthorized devices gaining access to your cloud. For the sake of remaining productive, single sign-on remains available in recognized device situations. Easetech also segues identification management with remote cloud access, making it possible to work away from the office while remaining both seamless and secure. Asthe average total cost of data loss in the United States was $7.91 million in 2018, this isn’t an area where security flaws should remain open.

High-end vulnerability management from Balbix

Vulnerability management is far from a new concept in the world of cloud security tools. But Balbix manages to take its approach one step further with high-end tactics that prevent cloud security from slowing down business processes.

While identifying vulnerabilities in real time, Balbix assesses its type, whether it’s public facing, the type of data that remains vulnerable, how many people interact with it, and numerous other factors. From there, it can make smart decisions about how to prevent the information held in your cloudfalling into the wrong hands as a result.

Phishing defenses from Cofense Triage

While intersecting with the email program your business uses, Cofense Triage acts as a defense against phishing. Having a dedicated phishing defense system for your cloud storage facility is pretty much crucial these days. Those who roll out phishing scams are becoming increasingly more advanced with their approaches. Even more worrying still,around 97% of people can’t accurately identify a phishing event. This means your employees could accidentally allow attackers to penetrate your cloud.

Cofense Triage can filter out those emails that don’t pose a real threat, while bringing those that are harmful to your attention. With this approach, it’s possible to prioritize the attacks that could breach your cloud security without focusing too heavily on unimportant events. As a result, youwon’t slow your cloud usage down.

With a robust approach to using cloud security tools, you can keep your company’s information safe. As new tools are always emerging, don’t forget to keep yourself up-to-date with industry trends.

4 reasons data encryption should be part of your cybersecurity strategy

The birth of the Internet has enabled an unparalleled level of information exchange across the world. Not only has it changed how we communicate and access information on a daily basis, but it has also fundamentally changed how the world does business.

The safe transmission, reception, and storage of data is an issue for all businesses, with data encryption playing an important role in every robust cybersecurity strategy.

What is data encryption?

Data encryption is the process of encoding a message in order to limit its access to authorized parties. In order to prevent prying eyes, a secret code is applied during data storage or transmission to scramble the data and make it unintelligible. At the other end when the data is received, a code key is applied to reverse the process. Data breaches have become normal today, so high-tech encryption is used to secure sensitive data and ensure privacy and compliance.

According to the latest Transparency Report from Google, data encryption for Google products and services has risen from just 48 percent coverage in late 2013 to 93 percent in 2019. Unfortunately, many cloud business services are well below this level. In separate data by the Ponemon Institute and nCipher Security, just 74 percent of businesses have partial or extensive public cloud encryption.

Let’s look at four key reasons why data encryption should form an important part of your cybersecurity strategy.

1. Compliance obligations

There are a wealth of government regulations and industry compliance standards around data security, especially for sensitive industries like healthcare and financial services. For example, healthcare providers must follow the Health Insurance Portability and Accountability Act (HIPAA) requirements for protection of sensitive patient information.

Similarly, education institutions must adhere to the Family Education Rights and Privacy Act (FERPA), and retailers are required to follow the Fair Credit Practices Act (FCPA). While community and compliance standards vary by countries and industries, data encryption often plays an important role in data protection and compliance coverage.

2. Cybercrime concerns

Whether it’s malware, phishing, or disruptive computer viruses, cybercrime is more prevalent than ever before. Data encryption is one the best ways to prevent hacking and keep your valuable information safe and secure. No industry or company size is immune to criminal activity, with hackers alwasy searching for sensitive financial information, health records, and trade secrets among other data.

End-to-end encryption is one of the best ways to safeguard against identity theft and other malicious activity, including public key infrastructure (PKI) encryption, homomorphic encryption, and other robust security measures.

3. Protecting user privacy

When you run a business, you are responsible for the personal data of your customers and employees. From financial and healthcare information, such as credit card numbers and insurance data, to staff names, addresses and birthdays, keeping internal user data private should always be a priority.

While encrypting user data will require extra system overhead, it is necessary to improve transparency and maintain customer satisfaction. The use of comprehensive data encryption is one of the major issues that define professional organizations, with a number of recent large-scale data breaches bringing this fundamental privacy issue into public focus.

4. Seamless performance

There are significant network management and system resource issues related to data encryption, with specific measures needed to ensure maximum performance. This concern is one of the main reasons so many businesses avoid data encryption. For example, complexities often arise around archiving, where data is difficult to encrypt due to existing indexing and search protocols. Similar issues exist with mobile devices, edge inspection, and authorized third-party access.

Despite the unintended consequences of data encryption, however, it doesn’t have to negatively affect performance. Successful data encryption often involves the use of cloud-based services, with simple website encryption protocols like secure sockets layer (SSL) combined with robust server-side encryption solutions.

Working with your managed IT services partner to add the right level of encryption to your data protection strategy can enhance your compliance and your peace of mind. Ease Tech is ready to advise you on where it makes sense to implement data encryption measures to further secure your cloud environment.

Office 365 vs. G Suite – pros and cons

As internet speeds increase and networks become more reliable, cloud-based software packages continue to grow in popularity and business value. Moving beyond the limitations of on-site storage and isolated applications, cloud-based productivity tools deliver additional benefits with unlimited storage and integrated collaboration tools.

According to the 2017 BDO Technology Outlook Survey, 74 percent of technology CFOs said cloud computing had the most measurable impact on their business in 2017. A few names have emerged as productivity front-runners, with Microsoft Office 365 and Google G Suite offering advantages and disadvantages for your team.

Pros of Office 365

Microsoft Office 365 is the most robust and best-known office software suite in the world. Produced by the biggest name in business technology, this productivity software package includes a wide selection of the most familiar document applications Word, Excel and PowerPoint and newer collaboration tools like SharePoint and Microsoft Teams.

Office 365 subscriptions are customizable to some degree with available Business, Enterprise and Education versions. Besides the depth of applications and configurations available, Office 365 keeps your work current and consistent with regular automatic updates, OneDrive cloud access, and clever integration with all of your mobile, home and office devices.

Cons of Office 365

Microsoft Office 365 is not the right package for everyone, especially with confusing product variations and a complicated pricing structure putting some people off.

Unexpected service limitations of Office 365 include a 24-hour cap on the number of email recipients, which restricts list-based communication. In addition, end-user support is lacking with no direct phone support and online help limited to articles and community forums. Some Office 365 subscribers have also been affected by downtime on the Microsoft servers.

Office 365 offers limited control over your data for individuals and smaller organizations. To receive the full set of highly advanced security features, you need the more expensive Enterprise for maximum control of your data.

Pros of G Suite

G Suite is powered by the Google cloud. This comprehensive SaaS package includes a range of productivity and collaboration tools. While Google’s applications are not as pervasive as those created by Microsoft, G Suite includes cloud-based word processing, accounting, presentation and much more. Security features are also tight since G Suite uses the same cloud infrastructure as Google itself.

Unlike the 1 TB storage limitation of Office 365, G Suite offers unlimited cloud storage for Business and Enterprise plans that include five or more users. This may be a significant advantage to large companies, creative service agencies or media organizations with extensive data storage needs. G Suite also offers seamless integration with its conferencing applications, including free local calls using Google Hangouts and Google Voice.

Cons of G Suite

Google G Suite offers a comprehensive and increasingly popular range of tools, including Gmail, Google Drive, Google Docs, Sheets, Slides and Hangouts. However, Microsoft applications are still much more popular in business environments where PCs are still the dominant user device. When migrating to the cloud, some businesses may be unwilling to invest in training and support for Google apps while their staff learns a new platform.  

G Suite doesn’t have comparable desktop apps that you can use on your computer, which makes it more challenging to maintain productivity when you’re offline. This can be a significant disadvantage to some businesses with frequent travel or meetings in areas with limited internet access. While G Suite storage is better when there are more than five users under the Enterprise plan, individual users are limited to 30 GB rather than the standard 1 TB available from Office 365.

The winner is … your business

According to Deloitte Technology, Media and Telecommunications Predictions, 2017, IT as a service will represent more than half of all IT spending by 2021. When investing in your business, it’s important to do your homework and find the best solution for your needs.

Regardless of what productivity platform you choose, Office 365 and G Suite both highlight the many advantages of working in the cloud. The power, scope, and collaborative potential of these packages can help your business to become more efficient and productive. Who knows, once you’ve experienced the wonders of the cloud, you may want to transform your entire operation into a turnkey virtualized office.

As a managed IT service provider experienced in cloud technologies, Ease Tech is ready to help you evaluate all your options to deliver maximum value to meet your business goals.

Choose your cloud provider carefully: A discussion about uptime

Uptime is a crucial part of running a successful business, especially as companies focus more and more on cloud applications. Losing access to their cloud functionality effectively shuts down the business and can cost thousands of dollars if it happens regularly. Businesses must ensure that they’re partnering with high-quality cloud service providers to ensure long-term success.

When searching for cloud service providers, follow these tips to find the highest uptime rates.

Understand the cost of downtime

All too often, companies think about their business connections in terms of downtime: we all notice when systems aren’t available and how inconvenient that is. But instead of focusing on how often a network might go down, it’s important for companies to shift the focus and start asking cloud providers about uptime – the amount of time cloud services are fully functional and available.  

The first step in discussing the necessity of uptime is to understand the cost of downtime. According to a survey reported by TechRepublic, 80% of businesses insist on 99.99% uptime from their service providers, and 15% of businesses are pushing further to demand 99.999% uptime. This high availability uptime (sometimes called “five nines”) means that systems will be available for all but 5 minutes a year, saving a company several hundred thousand dollars annually. Small and medium-sized companies are often working with a fairly limited budget so few can afford to lose that kind of money.

Look for transparency

Potential cloud service providers should be willing to share information with you. For example, the way the company computes downtime may not be as simple as you think. For example, a company might calculate downtime by minutes available per user. In a system with 100 users, for example, 99.99% uptime could mean that a system is down for several hours before a company receives service credit.  

Cloud service providers should be using monitoring software to track issues and problems with their service. They should be willing to share that information with their partner companies, giving – at the bare minimum – the ability to run reports.  

Consider the contract terms

In general, it’s a good idea to partner with any vendor long enough to establish a solid knowledge base and get a feel for their service. Standard service contract periods are designed to ensure that provider companies can properly budget resources and that client businesses can budget for recurring costs.

That said, knowing the conditions for exiting your contract is important. Being trapped for too long with a service provider who cannot satisfy your needs, delivers inconsistently or costs the company time and money can be a disaster for any business.

Ask the provider what terms allow either party to cancel the agreement. Also, always read the Ts and Cs (terms and conditions) of any contract signed. If the provider promises something different, get that in writing as an addendum or change order. Contact your managed IT services provider for help finding and implementing the right cloud solution for your business.

How to minimize downtime in the cloud

Sometimes downtime happens and there’s nothing you can do to control it. However, with some forethought, you can set yourself up for success and minimize whatever downtime does occur.

Here are a few points to consider when configuring your cloud infrastructure.

Stay on top of security

One case of downtime that can be catastrophic is a security breach. Not only are you losing productivity time but you could also be losing data.

This includes aspects like making sure your firewall settings are current, changing passwords periodically, updating software regularly, and training employees to follow good security practices.

Make sure your network security is up to snuff and you will be eliminating several vectors for sudden downtime.

Backup and disaster recovery

If you don’t have a backup and disaster recovery plan (BDR plan) in place already, then it should become your top priority. In the event of catastrophic failure, irreparable hardware damage, or even natural disasters, an effective BDR plan can save your organization a lot of pain and loss.

It should include how you back up your data, where the data is stored, and how to bring it back to a point where it can be utilized again as quickly as possible. If you prepare it ahead of time, you’ll be glad that you have it when you need it.

This ties into our next point but should operate independently.

Related reading on data integrity: How to avoid downtime and disruption when moving data

Multiple copies

Most effective cloud storage solutions should be organized so that your data exists in multiple copies stored in multiple locations. This policy should be in addition to your backups maintained for your BDR plan. This extra measure is to cover your bases in the event of things like a power outage temporarily preventing full network access or someone accidentally deleting something that they shouldn’t have.

In either case, you still have a significant dataset to work with and can use it to restore any other copies that are necessary. Your data is intact and available because you planned ahead. It’s a quick and easy solution that doesn’t require you to go into emergency recovery mode.

Some solutions even go so far as to split files up into smaller chunks and store them in different locations. This is to improve both security and redundancy. If a subset of data is lost, you only have to replace that subset. Similarly, if only a subset of data is stolen, the attacker can’t make much out of it.

Redundant hardware

Another critical component of effective cloud infrastructure is hardware redundancy. Generally, cloud solutions involve some degree of systems running in parallel and sharing capabilities already. Ideally, you should have redundant systems warmed up and ready to relieve the strain that a failed machine will place on the network.

This way if one component goes down or needs repair, it won’t bring down the entire ecosystem. In fact, the impact will be relatively minor and the malfunctioning part can be replaced without issue.

Related reading about redundancy practices: 4 ways to avoid cloud outages and improve system performance

Keep thinking ahead

It’s always best to plan ahead when you have the opportunity. Think about things like what would happen in specific situations and how you would respond to those challenges.

And don’t hesitate to call the experts if you have any questions. We can help set up your network reliably or, at the very least, provide you with guidance.

Your guide to setting up a HIPAA-compliant cloud

When you put your healthcare organization’s patient data on the cloud, you enjoy a range of benefits like having to worry about computer files being erased accidentally. Furthermore, it’s simple to organize all of your data and use analytics to make the most accurate decisions possible.

At the same time, you must make sure that your cloud complies with HIPAA, the Health Insurance Portability and Accountability Act, which Congress passed in 1996. It sets forth complex rules for keeping, transmitting and using protected health information (PHI) or electronic protected health information (ePHI).

Here is an overview of things you should be doing in order to ensure HIPAA compliance.

Step 1: Finding the right cloud provider

To start, it’s helpful to obtain a copy of the online HIPAA guidelines that the Department of Health and Human Services’ Office of Civil Rights (OCR) offers. You can review them with your attorney and your IT team members.

As soon as you’re clear on those rules, you can conduct – perhaps with the help of an IT managed service provider – a thorough risk assessment. During this process, you’ll examine various cloud service providers (CSPs) to find one that guarantees every reasonable safeguard, including encryption, for your PHI. You might inspect a CSP’s headquarters yourself, or you could rely on expert security audits.

Once you’ve found a CSP you can trust, your attorney can draw up a business associate agreement (BAA). This agreement will hold your company and your CSP, which the law terms your “business associate,” to all HIPAA regulations.

You must also create a service level agreement (SLA), one that details the quality of service that your CSP will provide. For instance, how will it attempt to recover lost data? How much downtime, if any, can you expect? (The answer should be virtually none.)

Step 2: Securing your data

Under HIPAA, you’ll have to take every practicable measure to keep track of your patient data and prevent it from falling into the wrong hands.

HIPAA permits healthcare professionals to use mobile devices to access data. However, each mobile device, along with each computer and other endpoints, must be protected by multiple layers of security. Those measures should include:

  • Randomized and unique passwords
  • A powerful firewall
  • Sessions that time out
  • Two-factor authentication
  • Data encryption that meets or exceeds industry standards
  • An intrusion detection program

Likewise, you should provide regular training sessions to ensure employees are using best practices and are able to recognize the warning signs of hacks or phishing scams.

Moreover, everyone should be on a need-to-know basis. It’s illegal to share a patient’s ePHI with anyone outside of your business unless the person who’s requesting it has a HIPAA release form. (That document must include the patient’s signature.) Your cloud should also have a principle of least privilege (PoLP) security model to make sure each user only has the authority to access the information necessary for his or her job.

An automatic alert system is valuable here. You’ll receive a warning if an unauthorized person accesses your cloud data or if an authorized person does something in the cloud they’re not supposed to do.

Step 3: Reporting breaches

What happens if an unauthorized person gains access to someone’s ePHI? This could occur due to employee error or hacking.

You must tell the affected patient about the transgression within 60 days. Plus, on an annual basis, you must let the Department of Health and Human Services know about every PHI breach that happened during the past year.

If more than 500 records are breached at one time, you’re obligated to send out a press release and to tell the HHS at once. The OCR will follow up, seeking more detailed information.

Finally, as you work your way toward full HIPAA compliance, it’s wise to partner with outside IT specialists. These experienced professionals can advise and support all of your data storage efforts.

In addition to conducting the initial risk analysis, those security experts can identify and eliminate potential vulnerabilities in your network. They can also help you craft an IT budget that accounts for all security measures. As cloud technologies evolve and improve, they’ll ensure that you always stay within the law and always protect your patients.