SaaS Security: 5 Ways to Keep Sensitive Data Secure

by Leave a Comment

shutterstock_132157016A majority of organizations–60% according to technology news site SiliconANGLE–are adopting a cloud-based model for business processes. Many of these businesses have joined the movement because Software-as-a-Service (SaaS) offers benefits to both small businesses and large. However, while most SaaS vendors have good security and compliance, businesses should always be aware of how their sensitive data is being kept safe.

To secure data in the cloud:

  • Carefully choose a vendor
  • Implement an access policy
  • Avoid sending sensitive data to the cloud
  • Employ standard security measures
  • Audit security controls

Choosing a SaaS Vendor

Good security starts with the vendor, your partner in protecting data.

When considering the right vendor, choose one who offers security features like password protection, user controls, and data encryption. Understand the vendor’s process, where your data is stored, how it’s backed up, and the process for data recovery. A reputable vendor will also be happy to provide a list of references to show that they’re reliable and committed to security.

Implement Access Policies

Put an access policy in place that limits who can access sensitive data and from which machines. Some businesses may find data easier to secure by allowing employees to access company resources only from their work computer rather than a personal device that may not be as up-to-date with antivirus software.

Don’t Send Sensitive Data

If data is important and very sensitive, it should be kept off the cloud completely, no matter how secure the SaaS model. One of the many benefits of cloud-based computing is integration that allows access to many functions from one access point. However, it isn’t necessary for all data to be available via the cloud. Store sensitive data locally for better security.

Employ Standard Security Measures At A Minimum

Keeping data secure is not only the job of the SaaS vendor and the IT department. Users of the system are also responsible. Employees should know how to create a strong password and help keep their machines up-to-date with antivirus software. A secure password recovery protocol will also help keep the system secure, especially for businesses with a mobile workforce.

Auditing

Finally, businesses should ensure that their security measures are regularly audited. While many SaaS vendors will use a third party to audit, businesses should also have an internal team or their own third party focused on regular audits.

In the past, companies shied away from cloud solutions for fear of data security. That risk has been greatly minimized today, allowing the benefits of cloud computing and SaaS to outweigh the risks. Still, cautious organizations can reduce risk even further using the tips above to keep data secure.

SMBs: Creating a Simple Cyber-Security Plan

by Leave a Comment

Cyber securitySome SMBs make the mistake of thinking that security breaches only happen to the big names. Despite all the attention that the Home Depot, Anthem, and Target data breaches are getting, cyber-attacks are an equal opportunity threat for every size of business. In 2013, approximately 44 percent of SMBs were the victims of a cyber-attack, according to the National Small Business Association.

Large enterprises are just as vulnerable to cyber threats as smaller companies, but some SMBs can’t afford the incredible cyber security measures that enterprises use to protect their data and customers. Instead, SMBs must stay sharp and focused when it comes to protecting themselves on a small scale against a broad range of cyber-threats– from phishing attempts to full-blown brute force.

The Basic Steps of a Cyber Security Plan

Although there are a wide variety of different tools and software available, the most important cyber-security tool is a good plan. The following outlines these three crucial steps toward strengthening a company’s cyber security without a detrimental effect on the bottom line or employee productivity:

  • Create a thorough inventory of both physical and digital assets. These physical assets include devices used on a daily basis to interact with and manipulate important data, especially that which is stored in the cloud. Companies also should inventory any valuable data that can be accessed by employees.
  • Develop a comprehensive computer privacy and security policy. Such policies can help strengthen company-wide efforts to promote cyber security on an employee-level basis. By carefully and comprehensively defining how, when, and where employees can be exposed to certain types of data, cyber-security experts can prevent thieves from making off with digital gold.
  • Always be on the lookout for unusual cyber activity. Eternal vigilance through monitoring IT systems on a 24-hour basis is a necessity for foiling most, if not all, cyber-attacks. However, hackers are just as vigilant, which is where the latest lines of anti-virus software and other countermeasures come in. These assets must be kept up-to-date in order to deal with ever-evolving threats.

What Else Can Be Done?

Training employees to be more vigilant when it comes to cyber security is an excellent idea. Unfortunately, many SMBs simply cannot afford the time and effort that in-house training entails; in addition, these companies often lack the experience that is necessary for comprehensive training.

As a result, SMBs meet their cyber security needs by contracting with third-party experts and managed network security services. These outside service providers represent an added expense, but the costs are minimal compared to the tremendous costs that a security breach can have on a business.

Creating a concrete cyber-security plan can mean the difference between a successful company and one that is hobbled by a lack of basic cyber-security protections. The former is, of course, the more appealing option.

Why Businesses Should Utilize MDM

by Leave a Comment

Mobile devicesTouchscreen smartphones and tablets are making waves in the world of corporate IT. Many companies are eager to utilize the technology despite the fact that many of these devices don’t meet all security needs. However, cloud technology has made security and device management relatively easy.

The innovation of Bring Your Own Device (BYOD) policies has made security a primary concern for companies. InformationWeek’s 2013 State of Mobile Security discovered that 20 percent of responding companies were developing BYOD policies while 68 percent already had them in place. This means that 88 percent of those respondents are or will soon be implementing BYOD.

As a result of the growing popularity of business mobilization, mobile device management (MDM) solutions were recently developed so companies can use this beneficial technology without compromised security. Another name for mobile device management that has been used is “enterprise mobility management” (EMM). This name refers to MDM’s focus beyond simply mobile device management in an enterprise.

There are many advantages to using cloud technology to manage mobile devices.

Why Choose Cloud MDM/EMM?

Many businesses aren’t sure whether to use on-premises MDM/EMM or make it cloud-based. If it is offered, cloud-based MDM/EMM is ideal for a variety of reasons. One of the main reasons to use MDM/EMM in the cloud is because of the eliminated costs associated with using a new server. Another benefit is that the service provider will normally be responsible for any updates that are released, keeping your systems up to date at all times.

In addition, there is no functionality lost when using cloud-based MDM/EMM. Cloud technology offers the same capabilities as on-site applications.

A Reliable Mobility Policy Is Everything

A solid mobility policy should be a primary concern in cloud-based MDM/EMM. It should cover all pertinent devices and address proper use and security responsibilities. This policy should be thorough in a number of ways, covering:

  • All mobile devices, including the specific models and operating systems that will be offered
  • The types of employees who will receive devices from the company vs. those involved in BYOD
  • Implementation procedures and steps for retiring devices once employees leave
  • Specific security steps to avoid stealing of information and data

There are many other factors that a policy should cover as well, leaving no room for outdated information or exploitable loopholes.

How MDM/EMM Is Being Used

Businesses that are particularly trusting can rely on employees to follow the strict policy associated with mobile devices, or they can choose to let a mobile device management (MDM) system ensure that there is no violation.

MDM used to be exclusively for BlackBerry devices, but has since been developed to cover iPhones and many other types of devices used in the workplace. Some of the aspects of MDM/EMM that have carried over to newer devices include:

  • Security – MDM ensures that all data is encrypted and password protected, and prevents both rooting and jailbreaking.
  • Application Management – Certain mobile apps can be either blacklisted or whitelisted, depending on a company’s preferences.
  • Containerization – A secure container is created to store all company data and personal data as well.

Choosing MDM/EMM Providers

Using cloud-based MDM/EMM for company mobile devices and BYOD will help improve a company’s efficiency as well as reduce the costs of on-premises solutions. In addition, security measures are expanded, with a wide range of devices employing the same level of security. Overall, using an MDM/EMM provider helps ensure that IT personnel can effectively keep systems secure.

Adopting VoIP Doesn’t Prevent Toll Fraud

by Leave a Comment

SecurityWhile there are several security concerns when implementing voice-over Internet protocol (VoIP) services at a business, one that rarely receives attention is the potential for toll fraud. Some businesses even mistakenly believe that a switch to VoIP will prevent fraud. If anything, VoIP makes the business more susceptible to toll fraud.

If businesses host their own PBX system, converting VoIP to copper and back, it creates a tempting honeypot for hackers.  If the hackers gain access to the system, they have nearly unlimited ability to place phone calls at will.

These are not cheap intrusions.  The average cost of a toll-fraud VoIP attack is about $36,000.  Given that some PBX units are cheap enough that even SMBs can afford them, that’s a potentially ruinous (and entirely avoidable) cost.

How VoIP Toll Fraud Works

The basic premise is relatively simple.  VoIP fraud occurs almost exclusively in third-world countries whose local telephone grids charge huge rates for access.  Hackers collaborate with unscrupulous phone grid operators to hook first-world VoIP systems into the grid, so that the business can be charged astronomical prices for phone calls to nowhere.  Then, they split the profits.

Since these fees are charged directly to the victims’ phone company and numerous laws/treaties require their prompt payment, the victim is virtually always left on the hook for the charges.

In some cases, particularly enterprising hackers may even establish their own “dark” phone company, selling services to local users at low rates while running the calls through hijacked first-world computers.  However, this aspect of the practice is becoming less common as cell phones and consumer VoIP lower the costs of voice communication.

Law enforcement is rarely an option in these cases.  The local police or government entity might be part of the deal, and U.S. law enforcement won’t touch such cases.  An active defense truly is the only option for preventing VoIP fraud.

The Deeper Dangers Of VoIP Fraud for SMBs

In most larger business networks, VoIP is kept separate from the overall data network.  This means that if an intruder gains access to their PBX or other phone-switching hardware, that intruder can’t get access to anything else.

However, many smaller businesses don’t segregate their networks in this fashion.  For them, a PBX attack could be the first hole poked in their security by a phalanx aimed at taking over the network.  Poorly defended VoIP systems make excellent staging grounds for larger attacks.

Besides keeping these networks entirely separated, the solution here is an active, always-on security system.  VoIP and cloud systems security cannot be left to chance.  A network needs an active security system that’s consistently monitoring for intrusions and reporting any irregularities as soon as they occur.

Without this, a business is leaving itself open to attack, fraud, or potential systems disruption.

Cloud Data Security: Know the Risks

by Leave a Comment

xtranet1212bMoving to the cloud is the next step in a data revolution, that is changing the way things are done. Along with the cloud’s exciting possibilities, there are new risks to consider. Understanding those risks is the best way to choose the right provider to allow businesses to reap the benefits of cloud computing.

Security

The same security concerns that existed with traditional communication options are still valid when it comes to cloud storage and networking. However, the cloud is relatively young for these hazards so solutions are yet evolving. Public clouds are more threatened than private or managed networks, but no matter the system, cloud communication makes hacking and viruses easier for thieves. On the upside, a good data center can provide high security to lower and alleviate the risk.

Multi-Tenants

Another danger with cloud solutions is the susceptibility of software to fail in a multi-tenant situation.  Hypothetically, one server may harm another if it’s infiltrated or damaged. This creates a network of data accuracy problems including lost or damaged data that cannot be retrieved. A reputable cloud solution provider is the best way to protect information from being interrupted or stolen from a third party.

Privacy Protection

Using the cloud for business requires trusting employees with delicate information. This adds a third risk: dealing with data access authorization. A poorly conceived cloud network risks insecure authorization that can be accessed by competition or unauthorized employees. This issue opens up businesses to liability from consumers who are protected under a 1986 U.S. privacy act.

European electronic privacy laws are an additional problem for American companies who store data with providers who have servers in the European Union. American businesses in this case are liable, even if the business does not deal with European consumers. Well trusted cloud solution providers must be chosen to control access to precious data.

Third Party Reliance

There are a few other possible risks to be aware of when crossing over to the cloud. These include the danger of relying on a third party to create an entire infrastructure and its platforms. Providers also oversee the installation and maintenance so they must be dependable and quick to respond to problems. Slow service on the cloud hampers productivity.

It’s important to know the risks of cloud solutions in order to choose a provider that will effectively handle the issues. Done safely, utilizing the cloud allows businesses to save money and increase productivity. Choose wisely.