BYOD: Intensive Setup Ensures a Successful Implementation

by Leave a Comment

shutterstock_292636697The debate today isn’t whether or not to implement a bring your own device (BYOD) program — it’s how to best go about making the transition to BYOD as smooth as possible. Many businesses have learned that a BYOD program improves productivity and reduces costs. A 2014 survey by research firm Tech Pro found that 74% of businesses surveyed either had an existing BYOD program or were planning to create one.

Despite the popularity of BYOD programs, moving from work devices to employee-owned devices is not an instant switch. Businesses need to be mindful of the fact that planning and maintaining will be required until the transition is complete. There are four major steps that a business can follow to make this transition as smooth as possible.

1) Have a Clear Goal

A business with a clear vision for its BYOD program will be able to implement it smoothly and efficiently. Some benefits of determining a goal in advance include:

  • easier management,
  • higher productivity, and
  • happier employees.

With a clear end goal, everyone involved in the BYOD implementation process will know what they are trying to achieve and why.

2) Communicate with IT

Good communication with the IT department is key to successfully implementing a BYOD program. Businesses should answer two key questions before beginning the BYOD program:

  • What devices are supported?
  • Of those devices, what will the business allow to be used?

An employee could potentially use their cell phone, tablet, and/or laptop or other personal computer in a BYOD program. Businesses should know which devices their IT department can best handle. For more uniformity of devices used, businesses could also look into partnering with a vendor that will allow employees to buy devices at a discount. This will make for easier management and streamline any repair or troubleshooting processes.

3) Carefully Create the BYOD Policy

There are many factors to consider when creating a BYOD policy, including:

  • Participants in the program
  • Eligible devices
  • Levels of employee access to business data
  • Security considerations
  • Whether or not to install a monitoring program
  • What to do if a device is lost or damaged
  • How much control the business will have over installed and banned apps
  • The exit process for an employee who is leaving the business

4) Train Employees

Once setup is complete, it’s important to ensure that all employees who are a part of the program have been properly trained. Communication is again key here; a meeting should be scheduled in person and employees should be aware of the policy regarding BYOD. Initial training will likely take time and resources, but once training is complete and the program is in place, future updates should be quick and efficient.

A BYOD program may seem like a lot of work, but it will soon lead to increased productivity and decreased costs. By being prepared beforehand, a business can ensure that the transition is as smooth and streamlined as possible.

Big Data Security Measures: Learning from the Antivirus Industry to Keep Data Safe

by Leave a Comment

shutterstock_195687113In recent years, there have been security breaches at a number of large companies that resulted in the loss of personal data for thousands of people. All entities involved in big data – including both vendors and consumers – should be looking to create and use standard security measures to keep their data safe.

Big Data Protection Challenges

There are quite a few major challenges involved in the security of big data, not the least of which is that most current security measures are meant for the protection of small-scale, static data. Because big data comes in the millions of terabytes – as opposed to a much lower number of files saved to an individual hard drive – big data security must be quick, adaptable, and tailored towards multiple entry points. Security for big data has several areas of weakness.

Audits. If something does go wrong, businesses need to be able to determine how and why in order to improve their security. These audits should be detailed and easily scalable.

Data Mining. Customers or clients may not know what information is being gathered. With weak security, private information can be stolen, resulting in loss of both money and trust.

Data Storage. Because big data is too large to be moved manually by the IT department, a company has less control over how and where it moves. Auto-tiering can make this process much easier, but businesses should keep in mind that it requires extra security measures.

Encrypted Access. Security measures need to strike a balance between the encryption needed to keep big data safe and the need of users to access this data efficiently.

Input Validation. Collections of big data usually have millions of inputs from various access points. Any business collecting big data must ensure that all sources of input are validated and trusted.

Real-Time Monitoring. Although real-time monitoring is improving – and providing a way to see exactly what’s happening at any given moment – businesses should be aware that it can generate false positives.

Improving Security

Despite the differences between big data and the data found on a general user’s computer, cloud experts believe that the antivirus industry may hold the key to better big data security. This is not only because antivirus vendors already have experience in battling viruses and other malware, but also because they share information on threats and how to defeat them.

Businesses often depend on secrets in order to keep ahead of their competitors, but in the antivirus industry, threat data is open and allows multiple industry leaders to work on a solution. This benefits everyone who uses a computer, no matter what antivirus they choose to use. Cloud experts believe that being open and seeking to share is what will enable big data security measures to be improved quickly and efficiently.

Security Breaches: How DLP and DAM Help Keep Critical Data Secure

by Leave a Comment

shutterstock_147262505With the current focus on detection and malware, many companies may be overlooking core data security as a front-line defense. While it’s important to prevent intrusion through detection tools, a safer and more balanced approach to security is to also focus on complementary protection solutions Data Loss Prevention (DLP) and Data Activity Monitoring (DAM).

Data Loss Prevention

DLP focuses on the effect of end users on security by ensuring that users cannot send critical data outside of the network. When DLP was becoming popular in 2009, many in the security industry thought it would be a single-step solution to securing data. However, it became apparent that DLP was not enough on its own and that it should be combined with DAM.

 

Data Activity Monitoring

While similar to DLP, DAM focuses on data that is moving through the system. This can include end users but also encompasses privileged users, access, applications, and usage. More importantly, DAM monitors and sends out alerts for suspicious activity and blocks this activity and/or the users responsible for it, halting any unauthorized access.

 
Using Both Technologies

Businesses will have better data security from the inside out by using both solutions as a complement to each other. This is especially important as current technology trends are moving more and more towards the use of the cloud, mobile data, and a mobile workforce. Because many DLP solutions haven’t improved at the same rate as these trends, DAM should be used concurrently to allow real-time monitoring of sensitive data all over the system and network.

Keeping up With the Trends

Technology is constantly growing and evolving on both sides of the security fence. A business should ensure that its security solution is current with the latest security techniques and compatible with DAM. When looking for DAM software, businesses should consider the following questions:

  • Is the DAM up to date with the latest trends?
  • Can it work in real time?
  • Can it be easily deployed?

DLP and DAM are best used together to provide a broader area of protection through the use of monitoring, alerts, and the ability to block suspicious users or activities. By knowing and keeping up with current trends and focusing on the security of core data, businesses will ensure their data is kept safe.

SaaS Security: 5 Ways to Keep Sensitive Data Secure

by Leave a Comment

shutterstock_132157016A majority of organizations–60% according to technology news site SiliconANGLE–are adopting a cloud-based model for business processes. Many of these businesses have joined the movement because Software-as-a-Service (SaaS) offers benefits to both small businesses and large. However, while most SaaS vendors have good security and compliance, businesses should always be aware of how their sensitive data is being kept safe.

To secure data in the cloud:

  • Carefully choose a vendor
  • Implement an access policy
  • Avoid sending sensitive data to the cloud
  • Employ standard security measures
  • Audit security controls

Choosing a SaaS Vendor

Good security starts with the vendor, your partner in protecting data.

When considering the right vendor, choose one who offers security features like password protection, user controls, and data encryption. Understand the vendor’s process, where your data is stored, how it’s backed up, and the process for data recovery. A reputable vendor will also be happy to provide a list of references to show that they’re reliable and committed to security.

Implement Access Policies

Put an access policy in place that limits who can access sensitive data and from which machines. Some businesses may find data easier to secure by allowing employees to access company resources only from their work computer rather than a personal device that may not be as up-to-date with antivirus software.

Don’t Send Sensitive Data

If data is important and very sensitive, it should be kept off the cloud completely, no matter how secure the SaaS model. One of the many benefits of cloud-based computing is integration that allows access to many functions from one access point. However, it isn’t necessary for all data to be available via the cloud. Store sensitive data locally for better security.

Employ Standard Security Measures At A Minimum

Keeping data secure is not only the job of the SaaS vendor and the IT department. Users of the system are also responsible. Employees should know how to create a strong password and help keep their machines up-to-date with antivirus software. A secure password recovery protocol will also help keep the system secure, especially for businesses with a mobile workforce.

Auditing

Finally, businesses should ensure that their security measures are regularly audited. While many SaaS vendors will use a third party to audit, businesses should also have an internal team or their own third party focused on regular audits.

In the past, companies shied away from cloud solutions for fear of data security. That risk has been greatly minimized today, allowing the benefits of cloud computing and SaaS to outweigh the risks. Still, cautious organizations can reduce risk even further using the tips above to keep data secure.

Configuration Management: A Lifeline for IT Security?

by Leave a Comment

shutterstock_199360082It’s amazing how cloud computing has come to take over a growing number of critical tasks normally handled by IT departments. Unfortunately, it’s not so amazing to IT security workers, who are in great danger of being left in the dust. For computer security professionals, cloud computing could be the one thing that puts them out of a job.

There’s still hope however. IT security professionals may have to live with some of the ongoing changes presented by the cloud, but they can remain in control by reevaluating how their organization uses its technology.

 

A Savior in Configuration Management

Configuration management could be the very thing that saves IT security personnel. The need to keep employer data safe is something that is understood by cloud providers, but the overall practice still leaves plenty to be desired in a variety of areas.

Whereas cloud providers take a somewhat distanced approach to security, configuration management means taking a more hands-on approach, namely by keeping tabs on the software and hardware used throughout the organization. IT security professionals are also tasked with monitoring application use on each employee’s computer.

At first glance, configuration management seems like a hard pill to swallow due to the deep level of understanding required of the enterprise’s operations, choices in technology procurement, and personnel.

On the outset, it seems much easier to let cloud providers take the reins when it comes to security issues. However, this leaves the door open to data breaches and other security setbacks that could prove time-consuming and expensive to resolve.

Proving Worth

As with any sort of change, the hardest part is stating an effective and compelling business case for configuration management. That means demonstrating to business executives how effective it can be when compared to putting cloud providers in the driver’s seat.

For starters, a move towards configuration management can help enterprises better manage their vulnerabilities and prevent catastrophic oversights and mistakes from happening. One such example involves understanding software choices and usage habits among employees. This can help IT security professionals pin-point and flag activities that are out of the ordinary.

Showcasing the potential cost savings offered by configuration management can also help drive the point home and garner interest from top management. For instance, mentioning the potential costs of cleaning up malware on computers left exposed by a lack of a configuration management plan can help bring the benefits into focus.

In the end, configuration management means that IT security personnel can maintain a non-trivial level of control over their infrastructure and perhaps even reduce overhead costs in the process.

Implement a Successful Unified Communications System in 4 Simple Steps

by Leave a Comment

shutterstock_108055643The benefit of Unified Communications (UC) is that it combines a number of different communication methods into one portal, which is increasingly attractive to businesses.

UC is still a relatively new technology and businesses may be worried about the cost, but UC can actually save a business money once they’re past the initial investment. One of the biggest benefits to UC is that employees can use their own devices and can connect from any location, which also reduces travel expenses.

There are four simple ways that a business can make their transition to UC a success:

  • Security requirements
  • Testing the technology
  • Training employees
  • Bring Your Own Device (BYOD)

Security Requirements

Knowing the security requirements first will allow a business to make an informed choice about what services they need. An organization that deals with sensitive data, for example, will have to make the choice between the three types of cloud services: public, private, and hybrid. Security needs will also continue after the UC system is implemented. For example, it’s important to always use strong passwords and pay close attention to call logs.

Testing the Technology

Before making a purchase, businesses should be sure to test out the technology. If a provider won’t allow this, businesses should look for a more reputable vendor.

Employee Training

Once a vendor is chosen and the unified communications system is purchased, employees will need to be trained on the technology. Employees that know what they’re doing are essential to keeping the system running without any hitches, and to ease the transition businesses should inform their employees about the change before it happens.

Businesses should also follow three basic steps when training employees on the unified communications system. The first step is to introduce the technology and show the employees exactly what they’ll be working with. The second step is to thoroughly explain the technology, so that employees know how to use it and what it can do. As a refresher, the technology should then be reviewed again once some time has passed. That way, anyone who missed anything during the first explanation can ensure their questions are answered.

BYOD

Once training is complete, allowing employees to bring their own devices can help simplify the UC process. This will allow businesses to support devices not issued by them and cut down on costs because they are personal devices. BYOD programs are becoming more and more common in the workplace and benefit both employees and the business.

Although a UC system may seem complicated to learn and expensive for the initial investment, it can become a benefit to most businesses. Knowing the security requirements, testing the technology, embracing BYOD, and providing proper training are a few ways to successfully implement a UC system with minimum hassle.

SMBs: Creating a Simple Cyber-Security Plan

by Leave a Comment

Cyber securitySome SMBs make the mistake of thinking that security breaches only happen to the big names. Despite all the attention that the Home Depot, Anthem, and Target data breaches are getting, cyber-attacks are an equal opportunity threat for every size of business. In 2013, approximately 44 percent of SMBs were the victims of a cyber-attack, according to the National Small Business Association.

Large enterprises are just as vulnerable to cyber threats as smaller companies, but some SMBs can’t afford the incredible cyber security measures that enterprises use to protect their data and customers. Instead, SMBs must stay sharp and focused when it comes to protecting themselves on a small scale against a broad range of cyber-threats– from phishing attempts to full-blown brute force.

The Basic Steps of a Cyber Security Plan

Although there are a wide variety of different tools and software available, the most important cyber-security tool is a good plan. The following outlines these three crucial steps toward strengthening a company’s cyber security without a detrimental effect on the bottom line or employee productivity:

  • Create a thorough inventory of both physical and digital assets. These physical assets include devices used on a daily basis to interact with and manipulate important data, especially that which is stored in the cloud. Companies also should inventory any valuable data that can be accessed by employees.
  • Develop a comprehensive computer privacy and security policy. Such policies can help strengthen company-wide efforts to promote cyber security on an employee-level basis. By carefully and comprehensively defining how, when, and where employees can be exposed to certain types of data, cyber-security experts can prevent thieves from making off with digital gold.
  • Always be on the lookout for unusual cyber activity. Eternal vigilance through monitoring IT systems on a 24-hour basis is a necessity for foiling most, if not all, cyber-attacks. However, hackers are just as vigilant, which is where the latest lines of anti-virus software and other countermeasures come in. These assets must be kept up-to-date in order to deal with ever-evolving threats.

What Else Can Be Done?

Training employees to be more vigilant when it comes to cyber security is an excellent idea. Unfortunately, many SMBs simply cannot afford the time and effort that in-house training entails; in addition, these companies often lack the experience that is necessary for comprehensive training.

As a result, SMBs meet their cyber security needs by contracting with third-party experts and managed network security services. These outside service providers represent an added expense, but the costs are minimal compared to the tremendous costs that a security breach can have on a business.

Creating a concrete cyber-security plan can mean the difference between a successful company and one that is hobbled by a lack of basic cyber-security protections. The former is, of course, the more appealing option.

Why Businesses Should Utilize MDM

by Leave a Comment

Mobile devicesTouchscreen smartphones and tablets are making waves in the world of corporate IT. Many companies are eager to utilize the technology despite the fact that many of these devices don’t meet all security needs. However, cloud technology has made security and device management relatively easy.

The innovation of Bring Your Own Device (BYOD) policies has made security a primary concern for companies. InformationWeek’s 2013 State of Mobile Security discovered that 20 percent of responding companies were developing BYOD policies while 68 percent already had them in place. This means that 88 percent of those respondents are or will soon be implementing BYOD.

As a result of the growing popularity of business mobilization, mobile device management (MDM) solutions were recently developed so companies can use this beneficial technology without compromised security. Another name for mobile device management that has been used is “enterprise mobility management” (EMM). This name refers to MDM’s focus beyond simply mobile device management in an enterprise.

There are many advantages to using cloud technology to manage mobile devices.

Why Choose Cloud MDM/EMM?

Many businesses aren’t sure whether to use on-premises MDM/EMM or make it cloud-based. If it is offered, cloud-based MDM/EMM is ideal for a variety of reasons. One of the main reasons to use MDM/EMM in the cloud is because of the eliminated costs associated with using a new server. Another benefit is that the service provider will normally be responsible for any updates that are released, keeping your systems up to date at all times.

In addition, there is no functionality lost when using cloud-based MDM/EMM. Cloud technology offers the same capabilities as on-site applications.

A Reliable Mobility Policy Is Everything

A solid mobility policy should be a primary concern in cloud-based MDM/EMM. It should cover all pertinent devices and address proper use and security responsibilities. This policy should be thorough in a number of ways, covering:

  • All mobile devices, including the specific models and operating systems that will be offered
  • The types of employees who will receive devices from the company vs. those involved in BYOD
  • Implementation procedures and steps for retiring devices once employees leave
  • Specific security steps to avoid stealing of information and data

There are many other factors that a policy should cover as well, leaving no room for outdated information or exploitable loopholes.

How MDM/EMM Is Being Used

Businesses that are particularly trusting can rely on employees to follow the strict policy associated with mobile devices, or they can choose to let a mobile device management (MDM) system ensure that there is no violation.

MDM used to be exclusively for BlackBerry devices, but has since been developed to cover iPhones and many other types of devices used in the workplace. Some of the aspects of MDM/EMM that have carried over to newer devices include:

  • Security – MDM ensures that all data is encrypted and password protected, and prevents both rooting and jailbreaking.
  • Application Management – Certain mobile apps can be either blacklisted or whitelisted, depending on a company’s preferences.
  • Containerization – A secure container is created to store all company data and personal data as well.

Choosing MDM/EMM Providers

Using cloud-based MDM/EMM for company mobile devices and BYOD will help improve a company’s efficiency as well as reduce the costs of on-premises solutions. In addition, security measures are expanded, with a wide range of devices employing the same level of security. Overall, using an MDM/EMM provider helps ensure that IT personnel can effectively keep systems secure.

State of the Cloud – 2015

by Leave a Comment

State of the CloudAt some point in the year 2015, there will be more than 2.5 billion people accessing the Internet with over 10 billion devices. Being able to stream and transmit all that data will require a billion virtual servers connected to a cloud infrastructure.

It is apparent that cloud computing is not just here to stay, but is expanding every day. Below is an analysis of the state of the cloud and its future projections.

The Reviews Are In

A recent survey, the 2014-2015 Cloud-Based Contact Center Infrastructure Market Report published by DMG Consulting, analyzed eight industry leaders in the field of cloud vending. They discovered that a 61.5 percent majority received marks of “highly satisfied” in the following dozen major categories:

  • Overall satisfaction level
  • Professional services
  • Product
  • Up-time/System availability
  • Training
  • Implementation
  • Product innovation
  • Communication
  • Ongoing support and service
  • Product pricing
  • System upgrades
  • Responsiveness to request for product enhancement

Those numbers indicate a reassuring confidence and comfort level among end users who now leverage their cloud computing solutions in contact centers as opposed to former on-site locations.

Growing Steadily
The momentum just keeps going. DMG Consulting reports gains of 12.8 percent in 2013 in the market of cloud-based contact center infrastructure. Even though this rate has sloughed off from the previous year’s jump to 32.5 percent, it indicates a stabilization in the market that allows vendors to track their sales more precisely. It’s obvious that consumer awareness of the many benefits of the cloud has increased and shows no signs of slowing.

If growth continues at the projected rate, DMG is predicting that cloud-based contact center infrastructure solutions will grow an additional 20 percent this year, followed by a growth rate of 18 percent in the following two years, and by a still steady 16 percent in 2018. This paradigm shift from on-site to cloud-based data storage is extremely significant for the industry, as evidenced by DMG’s recent observation, “Never before have we witnessed an all-out rebirth of an entire industry due solely to a new delivery model.”

Beyond 2015

The market has not yet reached its zenith regarding the growth of cloud computing. As customers clamor for more business solutions to overcome any challenges, the industry will continue to respond.

Federated systems have emerged, allowing data, services and communications to shift across infrastructures with ease. At some future point, technological advances may evolve to allow data to safely scale into both private and public clouds; to clients, vendors and partners; and between service providers, without involving data centers.

One challenge the industry will face is how to increase efficiency yet still keep the cloud use straightforward enough to satisfy end users. As the complexity of systems will only increase in the future, a workable solution will have to be discovered.

When moving data outside of the physical parameters of on-premise locations, maintaining security is paramount. Any vulnerabilities must be protected to avoid privacy breaches while apps migrate to cloud platforms. As the industry evolves, best practices for software and hardware, solutions, integration, and processes will likely emerge.

Thanks to cloud computing advances, the interaction between contact centers and customers has changed profoundly. Now, even small centers are able to provide clients with state-of-the-art technologies they could never before afford. All have access to the same host of benefits — scalability, flexibility, savings, and usage ease — to meet their customers’ individualized needs.

As the industry continues its evolution, its full potential will be realized through customer feedback as IT providers focus on meeting their demands.

Adopting VoIP Doesn’t Prevent Toll Fraud

by Leave a Comment

SecurityWhile there are several security concerns when implementing voice-over Internet protocol (VoIP) services at a business, one that rarely receives attention is the potential for toll fraud. Some businesses even mistakenly believe that a switch to VoIP will prevent fraud. If anything, VoIP makes the business more susceptible to toll fraud.

If businesses host their own PBX system, converting VoIP to copper and back, it creates a tempting honeypot for hackers.  If the hackers gain access to the system, they have nearly unlimited ability to place phone calls at will.

These are not cheap intrusions.  The average cost of a toll-fraud VoIP attack is about $36,000.  Given that some PBX units are cheap enough that even SMBs can afford them, that’s a potentially ruinous (and entirely avoidable) cost.

How VoIP Toll Fraud Works

The basic premise is relatively simple.  VoIP fraud occurs almost exclusively in third-world countries whose local telephone grids charge huge rates for access.  Hackers collaborate with unscrupulous phone grid operators to hook first-world VoIP systems into the grid, so that the business can be charged astronomical prices for phone calls to nowhere.  Then, they split the profits.

Since these fees are charged directly to the victims’ phone company and numerous laws/treaties require their prompt payment, the victim is virtually always left on the hook for the charges.

In some cases, particularly enterprising hackers may even establish their own “dark” phone company, selling services to local users at low rates while running the calls through hijacked first-world computers.  However, this aspect of the practice is becoming less common as cell phones and consumer VoIP lower the costs of voice communication.

Law enforcement is rarely an option in these cases.  The local police or government entity might be part of the deal, and U.S. law enforcement won’t touch such cases.  An active defense truly is the only option for preventing VoIP fraud.

The Deeper Dangers Of VoIP Fraud for SMBs

In most larger business networks, VoIP is kept separate from the overall data network.  This means that if an intruder gains access to their PBX or other phone-switching hardware, that intruder can’t get access to anything else.

However, many smaller businesses don’t segregate their networks in this fashion.  For them, a PBX attack could be the first hole poked in their security by a phalanx aimed at taking over the network.  Poorly defended VoIP systems make excellent staging grounds for larger attacks.

Besides keeping these networks entirely separated, the solution here is an active, always-on security system.  VoIP and cloud systems security cannot be left to chance.  A network needs an active security system that’s consistently monitoring for intrusions and reporting any irregularities as soon as they occur.

Without this, a business is leaving itself open to attack, fraud, or potential systems disruption.