Like any innovative technology, SD-WAN evolves rapidly. For businesses utilizing SD-WAN or evaluating its implementation, there are a few considerations to keep in mind for the coming year.
Enterprises often take a layered approach to security, deploying solutions for network, compute and application. With so many solutions increasingly being network-centered, such as Internet of Things components and cloud technology, many organizations are recognizing the need for a network-focused security strategy. In many cases, software-defined wide area network (SD-WAN) is able to address the challenges of network security.
Networks are the area to which there’s been the most change in recent years, so it makes sense that security is more advanced in this realm. Here are five recommendations for implementing secure SD-WAN:
- Add encryption to your WAN transport. When they choose SD-WAN, companies have access to low-cost broadband and can encrypt all Internet flow to each site without the need for administrators to make manual configuration changes to routers after each change to the network. It’s also important to note that SD-WAN is more secure than most private IP services because there can’t be a breach to the data even if the carrier network is threatened.
- Make sure your cloud connection is secure. It doesn’t matter how secure your client’s public cloud service is, whether they’re accessing Amazon or Salesforce. Every time they transfer sensitive data over the Internet to get to the cloud service, it’s an opportunity for a security breach. The SD-WAN provider may offer granular Internet breakout so that your client can distinguish between security mandates to move traffic through particular secure gateways. They’ll also have next-generation firewalls stationed at your branch or in the cloud or data storage center. All of the inherent risks associated with cloud solutions is mitigated by SD-WAN.
- Cover local branch security. Each of your client’s branch offices will require security, especially in cases where there is direct Internet access. The cost of buying and configuring physical appliances for each site can be prohibitive, and this method requires an engineer to travel to each site. SD-WAN allows your client to deploy VPNs, firewalls or WAN optimization from a central location by using network functions virtualization. This makes it convenient to provide security coverage for each branch location.
- Meeting requirements for compliance. The rules governing healthcare and financial services, including HIPAA or PCI data security fit perfectly with SD-WAN technology. SD-WAN allows the enterprise to create virtual overlays to segment applications traffic.
- Create secure segmentation. Segmentation allows the IT team to isolate applications traffic for security purposes or to work with specific performance requirements. While legacy networks could do this, it was time-consuming and challenging. Segmentation with SD-WAN allows for consistency of configurations and best practices defined and enforced through business intent policies.
With security becoming a growing IT cost, MicroCorp anticipates more customers selecting an SD-WAN technology to create a secure and manageable cloud-based environment. As the demand for more agile, cloud-based WAN-technologies accelerates, we continue to provide focus to the variety of WAN technologies available. Contact us today to find out the best solution for your business.
Do you have a bitcoin wallet? That’s not a question that was posed very often a few years back, but it’s becoming common lately as ransomware attacks have grown more prevalent. The question you may be asking yourself today is, “why should I pay a ransom?”
The reason most companies end up paying a ransom after they’ve been hit with a cyberattack is that they want to preserve their reputation, their data, and in turn, their clients. Businesses don’t have the luxury of not negotiating with malicious actors who demand payment in return for their own data. And whatever amount is paid will only be payable in bitcoin, because it’s untraceable.
One factor leading to the proliferation of ransomware attacks is that many IT organizations aren’t good at patching or updating their systems and keeping data backed up. This allows cybercriminals an easy way in, and since the organization has no backup, they’re left without access to their sensitive and valuable data.
Some IT organizations are good at backing up their data, yet that generally only corresponds to critical servers, not end user systems where much of the data resides. And this is where most of the attacks are aimed – at end user systems.
Even for organizations that excel in patching and backing up, there are serious challenges when it comes to managing identities and controlling access to systems. This allows the infected code to seep across the system, going unchecked because it utilizes real accounts to gain access.
For organizations that do not patch, back up, or control access, they create the perfect scenario for a ransomware attack. This is when it becomes critical to have established a bitcoin wallet in order to regain control of data.
Ransomware isn’t the only enemy – there’s also extortionware and a host of other wiper malware with the sole intent of erasing data.
At MicroCorp, our clients count on us to keep their systems up and running and safe from attack. We do our part while educating end users to make sure they’re doing theirs. Contact us today to learn more.
How secure is the cloud, and how much need is there to have a disaster recovery plan? These are valid questions as the Internet of Things (IoT) comes into full bloom and the world becomes increasingly digitized.
Recently, an outage of Amazon Web Services (AWS) brought some attention to cloud disaster recovery. For companies running critical systems in the public cloud, this outage made them more aware of the potential for problems. However, despite the human error that led to this outage, a public cloud infrastructure still has advantages to on-premise data centers. At the same time, cloud IT services aren’t impervious to issues, which is why it is critical to have a disaster recovery plan in place.
Whether you’re a company as large as Amazon, or a mom and pop startup operating in the cloud, you need to focus on business continuity and disaster recovery options. These strategies, when properly implemented, will help you protect your data.
Your strategy should center around backing up data at multiple, geographically disparate locations. Should a natural disaster occur and several data centers are wiped out, the data will still be available from a location that is far removed from that natural disaster.
The loss of data can come at a great expense for your company. Take British Airways as an example. The company experienced a computer failure that resulted in losses estimated around $200 million. The damage to the British Airways brand was significant as passengers around the world were left stranded. While the company continues to blame a power surge for the problem, it’s rumored that the fault was actually with a back-up system that was supposed to provide uninterrupted power to the computer system.
While cloud-based systems are most often a better choice than on-premise solutions, it’s not always the right answer in every situation. Cost for long-term use can be prohibitive for some organizations. Also, due to a shortfall in qualified individuals working in cloud infrastructure, security is sometimes suspect. While it’s true that some cloud types offer better security than others, organizations give up control over too much of their data in many cases.
At MicroCorp, we are a master agent that takes cloud security and disaster recovery very seriously. With many years of experience in offering multi-layer support services, we have our agents and their clients covered. Contact us today and let’s discuss how you will maintain control over your data while experiencing top-notch business continuity and disaster recovery efforts.
A multi-cloud approach works well for a large number of enterprises who’ve made a digital transformation. RightScale’s 2017 State of the Cloud Report found that 85 percent have a multi-cloud strategy. That is up from 2016 where 82 percent reported a multi-cloud approach.
There are several benefits to implementing a multi-cloud solution:
- Disaster recovery: A cloud outage serves to demonstrate the potential pitfalls of a single cloud solution. Many companies haven’t fully thought through their disaster-recovery procedures, but multi-cloud does offer protection compared to a single point failure.
- Prevention of lock-in: Enterprises are reluctant to lock in with only one vendor, and multi-cloud approach allows them the flexibility to switch vendors or take advantage of the benefits of each of a variety of vendors.
- Workload performance: Enterprises like the ability to match the workload with the cloud provider that makes the most sense. For instance, Windows applications workloads match best with Microsoft Azure.
- Cloud hydration: One of the challenges of digital transformation is the movement of data from traditional storage to cloud storage. A multi-cloud environment makes it easier to concurrently move data to new cloud platforms.
A couple of major, multi-hour cloud outages that occurred this year provided some guidelines for establishing an even better, more secure multi-cloud solution:
Store data in two locations. In case of a cloud outage, it’s a good idea to store data in two places so that you are never fully compromised on your ability to access data. There are several approaches to this, such as storing data both in a cloud storage solution and an on-premises server, or you can use a single-cloud solution with multiple access points.
Choose redundancy architecture: Duplicate your major applications in multiple locations. Whether you are employing public or private cloud, a hybrid solution or an on-site system, consider implementing redundancy policies so that you avoid lock-in with one provider or the risk of not being able to access your key software during an outage.
Check out the competition: Check out their competition, not yours. The increase in cloud providers means that you can use a multi-cloud solution to choose the applications that make the most sense for you, based on both cost and security features of the provider.
Choose native storage options: This means that you want to choose providers and storage solutions in which storage is a core feature, not an additional feature that’s “bolted on” to another application.
At MicroCorp, we come alongside you to help you design a secure multi-cloud environment that matches providers to your specific business needs. Call us today for more information.
It seems like every day there’s a new security breach in the news. Some IT professionals have recurring nightmares of their company’s name splashed across the headlines and a pink slip in their mailbox. What isn’t often reported in these stories, however, is the vendor’s role in that security breach.
When you engage in a cloud provider/vendor relationship, you probably spend a lot of time making sure performance and contract compliance are priorities. For many companies, though, there’s not enough time spent on determining who is covering each aspect of security. Here’s what you need to know:
1. Put it in the contract. Your vendor contract should include specific and precise information about your responsibility and your vendor’s for security coverage. Include the following items:
- Security reviews and periodic audits
- Cyber insurance
- Access controls
- Incident response
- Risk sharing
2. Schedule security audits on a regular basis. These can be questionnaire-based or they can include as much as an on-site audit, depending on the level of risk and investment you have with that vendor. You can also use a mix of approaches, with on-site visits occurring less frequently based on the responses you receive on the questionnaires.
3. Make SOC a requirement. While current System and Organization Controls (SOC) reports won’t provide you with insight about the risk level of your vendor’s security management protocols, there is a new SOC report framework — called the SOC for cybersecurity — that audits cyber risk security management. You should include provisions in your contract that require your vendor to perform a SOC audit each year or whenever there’s a significant change to their security structure.
4. Conduct access and security reviews: This should be a daily review by your team to determine whether there’s any unusual activity coming from your vendor. There are independent services that will conduct these reviews, and though you may generate some false positives at times, you do need to be regularly examining the activities of your vendor with your system.
Security isn’t likely to be the most exciting topic on your list when considering a migration to cloud solutions. If you’ve been through the implementation of a cloud application, though, you likely have seen the security-related problems that can come up.
Get out ahead of any security concerns by including specific provisions in your vendor contract. Decide who will cover each area of security and make sure that security is a prioritized part of the conversation, rather than an afterthought. You may assume that because a vendor offers the latest software available, that they also have a proactive security solution. As you’ve seen in the news, it’s your reputation on the line.
If you want to work with a partner that values your security, talk with MicroCorp. We take a proactive approach to our clients’ security and partner with you to make sure that your system and your data are protected. Make an appointment with us to talk about the right solutions for your company and the steps you need to take to protect them.
Small and mid-sized businesses (SMBs) have traditionally not been keen on outsourcing for a few reasons, but a sea change is occurring for SMBs when it comes to security and technology. Businesses using managed services to handle security needs have to hand over mission-critical control of their network infrastructures to service providers. A rising number of SMBs are electing to do this and more.
In-House Security Losing Steam
While managed security was initially popular with enterprises hoping to simplify and coordinate security across multiple locations, it is looking more and more attractive to one- and two-location business owners who realize these threats are indiscriminate in who they target.
With new security threats churning out at a fever pitch, it is almost impossible to stay relevant with security in-house. Even with just one location, adequate security needs to consider firewall management, intrusion detection, malware detection, compliance requirements, email encryption, user authentication, and, most importantly, active monitoring.
According to a study cited in CIO, 40% of businesses are using part time employees to manage their security. That is alarming. This setup compromises effective monitoring and cuts down on time to detect attacks from 24/7 to someone not even on the clock 9-5. The level of scrutiny and speed of reaction need to be looked at if you want to take your network security seriously. Outsource to a provider that guarantees around-the-clock monitoring in the service level agreement. Employees do not come with SLAs.
The number and variety of security threats facing businesses today require true specialization to conquer. Although enterprise businesses led the charge for managed security, there is a multi-dimensional landscape of security concerns that affect businesses of all sizes. Skills and time are at a premium, and a greater number of business owners are finding security is not a piece of their business they want to gamble on.
What is your peace of mind worth? MicroCorp can connect you with a portfolio of managed security providers to find the right fit for your customer’s security vulnerabilities.
Online businesses are increasingly improving against their brick-and-mortar counterparts. With this success, however, has come a whole new threat: the rise of a cyber attacker who isn’t showing much restraint, even for the biggest targets.
Hacker Ambition on the Rise
In just the last couple years, hackers have been seen going after targets that even five years ago might have been unthinkable. While retail store breaches were standard fare, new cyber attackers pursued online banks, and some evidence suggests that hackers may have even targeted the 2016 U.S. Presidential Election, though to what extent is unclear.
The growth of the Internet of Things (IoT) has emboldened some hackers, who in another incident used connected devices as part of a massive botnet of semi-autonomous connected devices to engage in distributed denial of service (DDoS) attacks that shut down websites.
Surprising Weaknesses Appear
Perhaps the good news in the current hacking-filled environment is that it reveals just how insecure networks really are. Stolen credentials are only the beginning, and lower-tech attacks do plenty of damage as well. Business email compromise–essentially just highly-targeted phishing operations–caused $3 billion in losses over three years, according to Symantec.
More Cloud, More Problems
Perhaps worst of all, companies are contributing to their own downtime through everyday business processes. The growth of the IoT is putting more potential points of access into play, and many of these are poorly secured thanks to a faulty perception that a connected device is a low-value target. The device itself may be, but the network that it’s connected to is of much higher value.
Symantec’s reports were grim on this front as well; attacks on IoT devices doubled throughout 2016, and at the worst of it, there was one attack every two minutes on an IoT device. Increased movement to cloud-based systems was likewise bringing out fresh targets of opportunity for hackers.
Eternal Vigilance Is the Price of Liberty…Online
So what can be done? Proper security must be observed at every turn, even when doing so seems inconvenient or cumbersome. Furthermore, the tools to protect security must be improved; after all, tools that cause as many problems as they prevent aren’t worth using.
Tools like those found at MicroCorp can be a great start toward a process of continuous security improvement, helping users better protect systems against outside intrusion. It’s a project that requires everyone’s cooperation, from the end user to the security developer, and one that makes us all safer. For more information about how MicroCorp can help secure your business, contact us today.
The ransomware attack from early May that affected more than 200,000 people and computer networks in more than 150 countries is an opportunity for partners to have a conversation with their customers about security. While it may seem heartless to use a cyber attack as a sales tactic, this is more about protecting customers for the future, and making sure everyone has a backup plan.
The malware, dubbed WanaCrypt0r 2.0, or WannaCry, affected Europe the most. Companies from FedEx to Telefonica, universities to hospitals, were attacked. The pervasive nature of this most recent incident should be the kicker for partners to start checking on customers’ security strategies. Of course, there are obstacles, but there are ways to overcome them.
Something is better than nothing
More often than not, a company’s CTO will shrug off security solutions as too expensive. Small and medium-sized businesses cannot often afford the $25,000/month price tag for a soup-to-nuts solution. But partners should emphasize that customers do not need to go whole hog in order to protect themselves “just enough.” There are pieces of solutions that go for a fraction of the package price that will protect customers somewhat — and that could make or break their business.
The true cost of a breach
60% of small and medium-sized businesses are out of business within six months of a cyber attack. Further statistics show that companies spent an average of $879,582 in the aftermath of damage or theft of IT assets. And disruption to normal operations cost an average of $955,429.
Partners can show these quotes to their customers. Then they can ask the CTO if he really thinks that investing in a security solution today isn’t worth the money.
Take this most recent ransomware attack, the Target breach of 2013, and any one other of the myriad cyber attacks of the last couple of years, and present the case to customers. Now is not the time to shy away from protective technology. Emphasize that the true cost of a security breach is a customer’s entire business.
You don’t have to be the expert
Don’t let the daunting nature of security technology be the reason you leave your customers without solutions. Take the time to get with a couple of providers that have security products to find out about what the solutions are, and then you’ll be in a good place to talk to your customers about security. You can admit you are not the expert, but you work with experts, and can connect your customers. That’s where a program like MicroCorp’s Team Alliance Program comes in. The program is designed to connect partners with experts of all kinds in the channel — security is no exception.
At the very least, your customers should have a basic security assessment done. Discuss where they are vulnerable with them so they know where their risks are. From there, it is their decision about how robust they want to get with a security solution.
Putting your head in the sand isn’t going to make the risk go away. Talk to MicroCorp today about how to proceed with working with your customers on securing their businesses for the future.
It’s a nice picture, imagining all your software needs handled by one neat cloud service. In that picture, your team works without the encumbrance of hardware and your updates never interrupt anyone’s processing. You pay your monthly support and subscriptions, but are never forced to face a board of directors in a tight, itchy suit to get approval for a monstrous new software implementation.
The picture is nice, but it’s likely a corporate fairy tale. There are plenty of reasons why the idea of a cloud-only software environment is probably never going to be a reality:
Getting access: One of the key barriers to an exclusively cloud environment is the need for employees to be able to access applications. Even if every application is housed in the cloud, you’ll still need a way to get to your software and a way for your IT team to govern which team members are authorized to access each application.
Lifecycles of certain products: If you work in an industry in which products have a short lifecycle, it may seem that it’s just a matter of time before everything is in the cloud. On the other hand, when you consider a product like insurance, for example, you can see that on-site systems will be necessary for a policy that was created decades ago in an on-premises mainframe.
Security: The security of cloud software is often debated, but some aspects of the security issue aren’t related to whether cloud technology can protect your data. Some security discussions are about the possession of information and its legal, physical and virtual location according to regulations. IT professionals in the financial, banking, and legal industries must tread carefully when they consider cloud-based applications. There’s good reason to believe that some industries will never embrace cloud solutions because it would compromise legality.
Lock-in: Enterprises are often wary of the idea of locking in with a particular provider of cloud services. Even though cloud technology comes with agility and flexibility, it still requires an investment of time and money to implement a new application. As a result, companies are reluctant to partner with a single cloud services provider in a way that may prevent them from adopting other software that they need to optimize productivity or reduce costs.
To determine how to implement the best possible mix of cloud and on-site software for your company, talk with our consultants at MicroCorp. We can help you identify the applications that are a good initial choice for cloud software to improve efficiency and reduce costs.