secure data center

Identity Management in the Cloud age

Your business, like many companies, have adopted several cloud services, where the price and convenience outweighed the higher cost of hosting the application on your own servers.  These services, be they email, documents, applications, databases or other collaboration tools, have broken the tightly guarded walled garden that your IT team has created behind your firewall and VPNs, allowing access to your company data via additional vectors with various security controls.

Most of these applications are only protected by one simple permission:  the password.

Data breaches are becoming more and more commonplace.  Lost and stolen data has exceeded six billion records in the past few year – an average of over 165,000 records compromised every hour!  The related damage is estimated to exceed $6 Trillion annually by 2021.  The recent Equifax breach, of a 143 million people (there are only 250 million or so adults in the US), highlights the vulnerability of weak passwords and open data portals.

In order to safeguard our important assets and reduce the risk of breaches, we need to rethink on how we approach organizational security

Access

New technologies, platforms and applications have accelerated the disintegration of the corporate security perimeter, creating a multitude of identities, user names and passwords.  This use of cloud computing has increased trends of enabling employees to access network servers and sensitive information from outside the enterprise.  Companies with static perimeter-based security methods (Firewalls, VPNS) will have a hard time managing both employee and partner access to critical data while maintaining any semblance of security.

Cyber criminals take aim at identities, from all types of users in your organization, from privileged users to vendors.  They focus on weak passwords and social engineering to achieve their aims.  Nearly two-thirds of all recently confirmed data breaches involved weak, default, or stolen passwords.   In the first quarter of 2016 alone, there were an estimated 6.3 million phishing emails and 93% of all phishing emails contained ransomware.

Consequenses

No one is safe.  In 2016, Yahoo revealed that the account information for over ONE BILLION consumers, including names, email addresses and encrypted passwords, were compromised by a data breach in 2013.

Dozens of companies experienced major outages when the DNS provider Dyn experienced a severe and extended Denial of Service attack (DDoS).  What was the cause?  Passwords.  Default passwords on millions of Internet of Things (IoT) devices that were hijacked and used together as the Mirai botnet.

Next Stop, Security

How do we protect against breaches in our organizations, with this porous, multi-vendor, cloud-based enterprise?  You must be able to adapt to new threats as they emerge.  You must be able to incorporate cloud, mobile, IoT and other technologies, into a seamless defense, following your users as they work across applications and tools – Wherever they are hosted.

Companies must adopt Identity and Access Management (IAM) solutions and practices that significantly reduce the likelihood of a data breach, by enabling secure access to your data from any device, for users inside and outside your organization.

How do we do this?

  • Consolidate identify stores into a single directory
  • Implementing single sign-on
  • Governing access through time-bound and temporary privileged access
  • Automating mobile application provisioning and deprovisioning of applications
  • Automatically deprovision privileged user access as they terminate from your organization
  • Eliminating the use of shared administrative accounts and centrally controlling access to shared service accounts
  • Recording all privileged sessions or commands
  • Automating role-based provisioning of applications and infrastructure

Forte can help your company ensure that identities are protected through an integrated solution across applications, devices and infrastructure.

http://www.forte-systems.com/trends/identity-management

Backup versus Business Continuity

Data protection solutions are essential for businesses of all sizes to implement, regardless of size, industry and geographic location. In this article we discuss the importance of business continuity rather than simply backup.

Introduction

Downtime is real and it’s costly. How costly exactly? Depending on the size of the organization, the cost per hour of downtime is anywhere from $9,000- $700,000.

On average, a business will lose around $164,000 per hour of downtime.

The numbers speak for themselves. What causes downtime?

  • Network outages and human error account for 50% and 45% of downtime, respectively.
  • Meanwhile, natural disasters account for just 10 percent of downtime.
  • When you look at the cause of downtime by data volume, the #1 culprit is, once again, human error, at 58%.

Just look at the recent Amazon AWS outtage: http://www.geekwire.com/2017/amazon-explains-massive-aws-outage-says-employee-error-took-servers-offline-promises-changes/

As it turns out, businesses should be more wary of their own employees and less of natural disasters. If you’ve been putting off data protection because your organization is located far from any inclement weather, be warned: the bigger threat to your data is inside of your company, not the great outdoors.

What’s at stake?

2.5 quintillion bytes of data are generated daily. And 90% of the total data in existence was created within the past few years, a significant portion of which has been generated by small businesses. Considering all the servers, desktops, and laptops that the typical SMBs manage, it adds up to a lot of data to protect. Yet nearly 75% of SMBs operate without a disaster recovery plan and only 25% are “extremely confident” that they can restore data if it was compromised.

Only 50% of SMBs back up less than 60% of their data. The remaining 40%? No protection for it whatsoever.

How much does this cost? Over the past few years, 35% of SMBs lost as much as $500K due to downtime. An unlucky 3% lost over $1 million.

 

What to look for in a business continuity solution

To sum up what we’ve learned today, here are some key things to look for when seeking a business continuity solution:

  • Hybrid cloud backup—A hybrid approach fixes the vulnerabilities that a cloud-only or local-only possess.
  • Superior RTO and RPO—Think in terms of business continuity rather than simply backup, and calculate how much downtime your business can endure and still survive (RTO) as well as how much data you can afford to lose (RPO).
  • Image-based backup—Make sure that the backup solution takes images of all data and systems rather than simply copying the files.

Forte, in conjunction with our business continuity partner, Datto, can help your company meet it’s disaster recovery targets. No matter if your downtime was caused by a hardware failure, ransomware or the inadvertent keystroke of a well meaning employee.

Microsoft will be ending support for Office 2013 at the end of February.

Microsoft has made an announcement, informing Office 365 users, that the 2013 version of Office will no longer be supported as of February 28th, 2017.

Users who are running the 2013 versions of Office 365 client applications after February 28, 2017 will have to upgrade to the latest version of Office 365 client applications to continue to receive support from Microsoft. The following is a list of products for which support will end:

  • Office 365 ProPlus (2013)
  • Office 365 Small Business Premium (2013)
  • Office 365 Business (2013)
  • Project Pro for Office 365 (2013)
  • Visio Pro for Office 365 (2013)

After February 28, 2017 the following apply:

  • All 2013 versions of Office 365 client applications (32 and 64-bit) and all language packs will no longer be available for installation from the Office 365 Admin Center.
  • An updated 2013 version of the Office Deployment Tool will be released that will no longer support the installation of Office 365 client applications.
  • Microsoft will not release any feature updates for these versions of the products.
  • Microsoft will no longer provide support for these versions of the products through Customer Service and Support (CSS) or Microsoft Premier Support.
  • Microsoft will continue to release critical and important security updates for these versions of the products until April 10, 2018. See the following Microsoft website: Security Bulletin Severity Rating System.
  • Microsoft will not provide notification before implementing potentially disruptive changes that may result in a service interruption for users of the 2013 versions of Office 365 client applications. See the following Microsoft website: Microsoft Online Services support lifecycle policy.

If your company needs support in updating your volume license for Microsoft Office, or migrating to Microsoft Office 365, please contact us, at sales@forte-systems.com .Cloud Computing Lab Top

Thunderstorm

The Public Cloud Can be a Thunderstorm of Hidden Costs

Technology has reached a point of subservient adaptability. Where businesses once had to worry endlessly about the costs and maintenance of hosting their data, the cloud has created an ethereal, floating universe of data and computing resources.. There is still a struggle in the clouds as businesses find themselves torn between the private and public cloud spaces. Read more

The Dollars-and-Cents Rationale for Moving to the Private Cloud

As enterprise cloud computing continues to grow in popularity, you’ve likely heard some compelling reasons why companies are making the move to a private cloud. Read more