Tag Archives: security

Four Steps to Be Sure Your Security Isn’t at Risk Because of Your Vendor

It seems like every day there’s a new security breach in the news. Some IT professionals have recurring nightmares of their company’s name splashed across the headlines and a pink slip in their mailbox. What isn’t often reported in these stories, however, is the vendor’s role in that security breach.

When you engage in a cloud provider/vendor relationship, you probably spend a lot of time making sure performance and contract compliance are priorities. For many companies, though, there’s not enough time spent on determining who is covering each aspect of security. Here’s what you need to know:

1. Put it in the contract. Your vendor contract should include specific and precise information about your responsibility and your vendor’s for security coverage. Include the following items:

  • Security reviews and periodic audits
  • Cyber insurance
  • Access controls
  • Incident response
  • Risk sharing

2. Schedule security audits on a regular basis. These can be questionnaire-based or they can include as much as an on-site audit, depending on the level of risk and investment you have with that vendor. You can also use a mix of approaches, with on-site visits occurring less frequently based on the responses you receive on the questionnaires.

3. Make SOC a requirement. While current System and Organization Controls (SOC) reports won’t provide you with insight about the risk level of your vendor’s security management protocols, there is a new SOC report framework — called the SOC for cybersecurity — that audits cyber risk security management. You should include provisions in your contract that require your vendor to perform a SOC audit each year or whenever there’s a significant change to their security structure.

4. Conduct access and security reviews:
 This should be a daily review by your team to determine whether there’s any unusual activity coming from your vendor. There are independent services that will conduct these reviews, and though you may generate some false positives at times, you do need to be regularly examining the activities of your vendor with your system.

Security isn’t likely to be the most exciting topic on your list when considering a migration to cloud solutions. If you’ve been through the implementation of a cloud application, though, you likely have seen the security-related problems that can come up.

Get out ahead of any security concerns by including specific provisions in your vendor contract. Decide who will cover each area of security and make sure that security is a prioritized part of the conversation, rather than an afterthought. You may assume that because a vendor offers the latest software available, that they also have a proactive security solution. As you’ve seen in the news, it’s your reputation on the line.

If you want to work with a partner that values your security, talk with MicroCorp. We take a proactive approach to our clients’ security and partner with you to make sure that your system and your data are protected. Make an appointment with us to talk about the right solutions for your company and the steps you need to take to protect them.

Security, SMB

SMBs Ready to Embrace Managed Security Services

Security, SMBSmall and mid-sized businesses (SMBs) have traditionally not been keen on outsourcing for a few reasons, but a sea change is occurring for SMBs when it comes to security and technology. Businesses using managed services to handle security needs have to hand over mission-critical control of their network infrastructures to service providers. A rising number of SMBs are electing to do this and more.


In-House Security Losing Steam

While managed security was initially popular with enterprises hoping to simplify and coordinate security across multiple locations, it is looking more and more attractive to one- and two-location business owners who realize these threats are indiscriminate in who they target.

With new security threats churning out at a fever pitch, it is almost impossible to stay relevant with security in-house. Even with just one location, adequate security needs to consider firewall management, intrusion detection, malware detection, compliance requirements, email encryption, user authentication, and, most importantly, active monitoring.

According to a study cited in CIO, 40% of businesses are using part time employees to manage their security. That is alarming. This setup compromises effective monitoring and cuts down on time to detect attacks from 24/7 to someone not even on the clock 9-5. The level of scrutiny and speed of reaction need to be looked at if you want to take your network security seriously. Outsource to a provider that guarantees around-the-clock monitoring in the service level agreement. Employees do not come with SLAs.


Security Specialization

The number and variety of security threats facing businesses today require true specialization to conquer. Although enterprise businesses led the charge for managed security, there is a multi-dimensional landscape of security concerns that affect businesses of all sizes. Skills and time are at a premium, and a greater number of business owners are finding security is not a piece of their business they want to gamble on.

What is your peace of mind worth? MicroCorp can connect you with a portfolio of managed security providers to find the right fit for your customer’s security vulnerabilities.

Hacker

Preparing for Today’s Generation of Ambitious Hackers

HackerOnline businesses are increasingly improving against their brick-and-mortar counterparts. With this success, however, has come a whole new threat: the rise of a cyber attacker who isn’t showing much restraint, even for the biggest targets.

Hacker Ambition on the Rise

In just the last couple years, hackers have been seen going after targets that even five years ago might have been unthinkable. While retail store breaches were standard fare, new cyber attackers pursued online banks, and some evidence suggests that hackers may have even targeted the 2016 U.S. Presidential Election, though to what extent is unclear.

The growth of the Internet of Things (IoT) has emboldened some hackers, who in another incident used connected devices as part of a massive botnet of semi-autonomous connected devices to engage in distributed denial of service (DDoS) attacks that shut down websites.

Surprising Weaknesses Appear

Perhaps the good news in the current hacking-filled environment is that it reveals just how insecure networks really are. Stolen credentials are only the beginning, and lower-tech attacks do plenty of damage as well. Business email compromise–essentially just highly-targeted phishing operations–caused $3 billion in losses over three years, according to Symantec.

More Cloud, More Problems

Perhaps worst of all, companies are contributing to their own downfalls through everyday business processes. The growth of the IoT is putting more potential points of access into play, and many of these are poorly secured thanks to a faulty perception that a connected device is a low-value target. The device itself may be, but the network that it’s connected to is of much higher value.

Symantec’s reports were grim on this front as well; attacks on IoT devices doubled throughout 2016, and at the worst of it, there was one attack every two minutes on an IoT device. Increased movement to cloud-based systems was likewise bringing out fresh targets of opportunity for hackers.

Eternal Vigilance Is the Price of Liberty…Online

So what can be done? Proper security must be observed at every turn, even when doing so seems inconvenient or cumbersome. Furthermore, the tools to protect security must be improved; after all, tools that cause as many problems as they prevent aren’t worth using.

Tools like those found at MicroCorp can be a great start toward a process of continuous security improvement, helping users better protect systems against outside intrusion. It’s a project that requires everyone’s cooperation, from the end user to the security developer, and one that makes us all safer. For more information about how MicroCorp can help secure your business, contact us today.

Use #WannaCry to Your Advantage

The ransomware attack from early May that affected more than 200,000 people and computer networks in more than 150 countries is an opportunity for partners to have a conversation with their customers about security. While it may seem heartless to use a cyber attack as a sales tactic, this is more about protecting customers for the future, and making sure everyone has a backup plan.

The malware, dubbed WanaCrypt0r 2.0, or WannaCry, affected Europe the most. Companies from FedEx to Telefonica, universities to hospitals, were attacked. The pervasive nature of this most recent incident should be the kicker for partners to start checking on customers’ security strategies. Of course, there are obstacles, but there are ways to overcome them.

Something is better than nothing

More often than not, a company’s CTO will shrug off security solutions as too expensive. Small and medium-sized businesses cannot often afford the $25,000/month price tag for a soup-to-nuts solution. But partners should emphasize that customers do not need to go whole hog in order to protect themselves “just enough.” There are pieces of solutions that go for a fraction of the package price that will protect customers somewhat — and that could make or break their business.

The true cost of a breach

60% of small and medium-sized businesses are out of business within six months of a cyber attack. Further statistics show that companies spent an average of $879,582 in the aftermath of damage or theft of IT assets. And disruption to normal operations cost an average of $955,429.

Partners can show these quotes to their customers. Then they can ask the CTO if he really thinks that investing in a security solution today isn’t worth the money.

Take this most recent ransomware attack, the Target breach of 2013, and any one other of the myriad cyber attacks of the last couple of years, and present the case to customers. Now is not the time to shy away from protective technology. Emphasize that the true cost of a security breach is a customer’s entire business.

You don’t have to be the expert

Don’t let the daunting nature of security technology be the reason you leave your customers without solutions. Take the time to get with a couple of providers that have security products to find out about what the solutions are, and then you’ll be in a good place to talk to your customers about security. You can admit you are not the expert, but you work with experts, and can connect your customers. That’s where a program like MicroCorp’s Team Alliance Program comes in. The program is designed to connect partners with experts of all kinds in the channel — security is no exception.

At the very least, your customers should have a basic security assessment done. Discuss where they are vulnerable with them so they know where their risks are. From there, it is their decision about how robust they want to get with a security solution.

Putting your head in the sand isn’t going to make the risk go away. Talk to MicroCorp today about how to proceed with working with your customers on securing their businesses for the future.

Reasons Your Technology Will Never Be Exclusively in the Cloud

It’s a nice picture, imagining all your software needs handled by one neat cloud service. In that picture, your team works without the encumbrance of hardware and your updates never interrupt anyone’s processing. You pay your monthly support and subscriptions, but are never forced to face a board of directors in a tight, itchy suit to get approval for a monstrous new software implementation.

The picture is nice, but it’s likely a corporate fairy tale. There are plenty of reasons why the idea of a cloud-only software environment is probably never going to be a reality:

Getting access: One of the key barriers to an exclusively cloud environment is the need for employees to be able to access applications. Even if every application is housed in the cloud, you’ll still need a way to get to your software and a way for your IT team to govern which team members are authorized to access each application.

Lifecycles of certain products: If you work in an industry in which products have a short lifecycle, it may seem that it’s just a matter of time before everything is in the cloud. On the other hand, when you consider a product like insurance, for example, you can see that on-site systems will be necessary for a policy that was created decades ago in an on-premises mainframe.

Security: The security of cloud software is often debated, but some aspects of the security issue aren’t related to whether cloud technology can protect your data. Some security discussions are about the possession of information and its legal, physical and virtual location according to regulations. IT professionals in the financial, banking, and legal industries must tread carefully when they consider cloud-based applications. There’s good reason to believe that some industries will never embrace cloud solutions because it would compromise legality.

Lock-in: Enterprises are often wary of the idea of locking in with a particular provider of cloud services. Even though cloud technology comes with agility and flexibility, it still requires an investment of time and money to implement a new application. As a result, companies are reluctant to partner with a single cloud services provider in a way that may prevent them from adopting other software that they need to optimize productivity or reduce costs.

To determine how to implement the best possible mix of cloud and on-site software for your company, talk with our consultants at MicroCorp. We can help you identify the applications that are a good initial choice for cloud software to improve efficiency and reduce costs.

Preparing for the Next Generation of Security Intelligence

Are you familiar with security intelligence? If not, you should be. Here’s what you need to know about this growing data-gathering activity that will protect your digital assets from cyber criminals.

Introducing a New Kind of Intelligence

Since cyber threats continue to increase regardless of how sophisticated cybersecurity software gets, governments and businesses are turning to the next phase of defense — intelligence gathering. This solution involves collecting huge amounts of actionable information on cyber threats, then using big data tools to protect organizations from outside threats.

Time and Cost Efficiency Factors

IT teams should not go overboard chasing intelligence if it’s not helping the company. Security intelligence is meant to enhance security systems, not replace them. If a company devotes too much time and money to this data collection process, they may lose focus on what the business is really about — which is making money, not spending money. The key is to synchronize big data tools when necessary to guard against dangerous attacks.

Modern malware can hide for many weeks in a network before it initiates damage. It can be prevented using machine learning strategies that predict disasters. Detailed intelligence will help companies determine the safety of their existing protection.

Cyber Myths

Before venturing into big data collection, you should be aware that many myths surround intelligence gathering in the digital world. It’s not designed to predict presidential elections, military outcomes, or the stock market. Many people may assume too much from the word “prediction.” What this intelligence does is bring together the most relevant data on cyber threats so that analysts can quickly make determinations on avoiding disasters.

In recent years, a majority of North American and European businesses have been victimized by cyber crime in some form. As much as the government is working to crack down on cyber criminals, all it takes is one attack to wipe out a business. The Internet of Things and expanding interconnectivity of devices are creating increased vulnerabilities.

Perhaps the biggest cyber-myth of all is when companies believe that simply installing firewalls and doing routine screening for bugs will be sufficient protection against cyber threats. Adding security intelligence will help businesses gain more confidence in their protection from cyber crime moving forward.

Conclusion

Firewalls, ransomware protection, and other security solutions can be maximized when using data collection and analysis software that predicts cyber attacks. The reason governments and corporations are adding security intelligence to their systems is because they anticipate cyber crime to escalate in the coming years. Contact us to learn more about how MicroCorp can strengthen your defense against cyber crime and improve profitability.

SD-WAN: Panacea or Pandora?

SD-WAN is getting a great deal of air play in the industry right now, promising to solve every network challenge that embattled network architects and operators are experiencing today from insatiable bandwidth requirements and costs through simple network resiliency and management. But what is marketing fluff, and what is real? What are the real drivers behind this latest “transformational” technology, and what problems does it really solve?

More Affordable Network Needed

With increasing workloads and performance requirements, especially with the proliferation of cloud-based applications, the need for predictable, high-speed, secure, and diversified networks is escalating. It simply isn’t always financially feasible to deploy diverse MPLS links to multiple distributed offices.

SD-WAN enables companies to take advantage of less expensive internet access rather than managed private networks while still getting the benefit of the types of capabilities provided by an MPLS network. In many areas, tier one direct internet access actually (and maybe surprisingly) provides lower latency, lower jitter, and lower packet loss than its expensive MPLS counterpart, so companies with a large number of distributed offices can expect to see real cost benefits with an SD-WAN network versus a traditional MPLS network.

Simpler and Faster Deployment

MPLS circuits can take months to provision and turn up. The underlying internet access types that SD-WAN can take advantage of can be faster and easier to deploy. However, don’t be misled by the myth that SD-WAN is simple to deploy.  There is still a substantial amount of planning and configuration to be done. Beware of the “plug and play” misconception and investigate how each solution is deployed, as they are all different.

Management

Not all SD-WAN solutions are as easy to manage as you might think, and not all management portals provide the same functionality. Whether you are looking at a service provider-managed solution, your own “book end” managed solution, or are using a dedicated SD-WAN network provider, look carefully at what priorities you can set and what monitoring you can do. Are these to device level (MAC address) or location level (essentially just network aggregation and optimization solutions)?

And, most importantly, don’t forget about how software updates are applied and managed and how template policies are set and administered — the very things you would think about when managing routers in your network.

Security

There are claims made that MPLS is more secure than SD-WAN. In reality, an MPLS network is only as secure as the accuracy of the MPLS provider’s switching. The use of IPSec connectivity and additional service chaining in an SD-WAN environment should be more than sufficient to address most security concerns.

 

Vendor Maturity

You can’t simply turn to Gartner’s magic quadrant and pick a leader. The industry is too young, with many new market entrants. Whatever deployment method you are going to use, be sure to check the underlying equipment vendor’s track record.  Financial stability and investors are important. Ask for references and don’t forget to look under the hood at the vendor roadmap to understand future solution enhancements such as scalability.

MicroCorp was a pioneer when MPLS came along. We have over 30 years of experience delivering complex network solutions and helping businesses discover the right technology for their operations. Contact us to learn more about a partnership in adding SD-WAN and related technologies to your portfolio of solutions.

SD-WAN: Get Past the Hype

While SD-WAN officially flew past the hype stage of Gartner’s emerging technologies cycle in 2015, but it is still in that stage for many a partner, agent, and CIO.

It’s important to step back and recognize what SD-WAN can and cannot do for businesses. With all the noise out there, SD-WAN is still in its “wild west” phase. How do we cut past the industry buzz and get to the heart of what SD-WAN is all about?

Examine how its benefits apply to your customer’s business.

Not everyone needs SD-WAN, contrary to what you’ve been hearing. Additionally, some SD-WAN providers have crafted marketing to make it seem like their solutions apply to everyone, but they can’t look at each business’s network. Partners should look at what applications their customers are running to determine if SD-WAN is for them.

If your customer is primarily a mid-market account that’s not doing much other than running voice across a WAN and their apps are in-house, that is a perfect case for SD-WAN. But if you’ve got an organization that is highly regulated (such as banking, healthcare, or government), they are going to be slower to adopt, and it might hamper their business instead of bolstering it. Remember: they were also slow to adopt MPLS.

Oh yeah, what about MPLS?

Great question. MPLS is not going away — it’s a proven technology. There are likely to be some improvements to MPLS because the SD-WAN market is forcing the hand of the providers to change the way they deal with MPLS from a customer standpoint.

Some carriers are urging not to sell SD-WAN against MPLS, but instead, with it. This is an important point considering that not all businesses need SD-WAN, and some are going to continue to do just fine with their MPLS solutions.

So, if some verticals aren’t suited best to SD-WAN, which ones are?

Retail is a great example of a market that will benefit. With dispersed malls, various stores, and large footprints, those outlets are running on slim margins, so they want good bang for their buck.

Where does security fit in?

This is tied to the vertical point. Banks need high-level security, and some SD-WAN solutions aren’t there yet. While every business needs top-shelf security (including retail), those businesses that consistently deal with classified or confidential information might need something stronger than what many SD-WAN solutions can offer right now. This is why partnering with the proper provider, can help layer on additional services that SD-WAN does not solve.

SD-WAN is on the incline that’s getting ready to peak, but there are a lot of things left to prove with this technology. Security is one of them.

As SD-WAN entrenches itself in the networking world, education will be a consistent requirement for partners. Contact us today to learn more about how the latest changes to the software-defined world affect how partners can succeed with new technologies.

SD-WAN: Will This Be the Year Security and Networking Become One and the Same?

The IT space has been abuzz with whispers that security and networking could soon be headed for a convergence, with networking taking over security needs (or vice-versa). Some pundits are predicting this shift could take place as early as this year, with SD-WAN technologies drawing particular attention due to two main factors: their popularity, and their perceived vulnerability.

As a result, IT experts are predicting SD-WAN will have a strong influence on both networking and security trends in 2017. Here are five specific ways in which this could influence the near future of enterprise IT:

 
SD-WAN Networks Have Heightened Security Needs

SD-WAN technologies, by their very nature, require a great deal of direct Internet access (DIA) expansion. This, in turn, brings about a major increase in the amount of digital assets that are exposed to security vulnerabilities.

Most businesses still aren’t paying enough attention to their security needs, with a recent survey sponsored by Versa Networks through Dimension Data finding that 40 percent of enterprise branch networks don’t even deploy basic firewall technologies, and that as many as half of these networks don’t use more advanced firewall security solutions.

When SD-WAN is used to power DIA, businesses open themselves up to two types of threats. SD-WAN increases the amount of attackable surface elements, while DIA means enterprises have a larger number of potential threat entry points to secure.

 
Vendors Are Taking Several Different Approaches to SD-WAN Security

Fortunately, experts in the SD-WAN space are fully cognizant of the security risks, and several solutions have emerged. Network segmentation and stateful firewalls are leading the charge, but there are still significant challenges at the application level. Vendors are working to meet these challenges by putting together customized mix-and-match solutions that combine as many as four security technologies.

 
Security Through Service Chaining

When paired with deep packet inspection (DPI), service chaining provides an effective means of securing SD-WAN networks. DPI works by collecting traffic from the edges of the network, and service chaining supports it by merging multiple security functions into a single, centralized hub that analyzes that traffic and identifies threats.

While this strategy is generally effective, it is still developing. One of its shortcomings is that security and the analytics specific to networking are separate. This can result in slower IT responses to security threats when they happen.

 
Integration Issues

Because enterprises are trending towards reducing the amount of on-premises resources they maintain, a growing number of vendors are integrating SD-WAN networks with security solutions prior to implementation.

While this does offer key advantages, including improved analytics and reduced costs, it also comes with some drawbacks. One of the biggest downsides relates to industry-leading security providers, many of which aren’t fully integrated with SD-WAN networking solutions as of yet.

 
Security and Networking Will Converge

Even though the industry isn’t quite there yet, experts expect that security and networking will converge as the aforementioned technologies continue to mature. SD-WAN is noted for its ability to support collaboration, which bodes well for

IT teams working to secure these networks.

MicroCorp is a leading agency and distributor of advanced enterprise telecommunications solutions. Prospective partners interested in adding SD-WAN and related security technologies to their service suites are invited to contact MicroCorp to learn more.

How to Start the Security Discussion

It’s the last thing most partners want to talk about because it’s the topic they are the least familiar with, but as security evolves, it becomes impossible to avoid.

Customers want to discuss security, and for good reason. The cyber landscape is changing for individual users, giant corporations, and governments alike. Partners need to understand why customers are interested in security and be able to have a discussion with them about protecting networks. But how do you talk to your customer about a topic outside your wheelhouse? There are a few tactics to take.

Don’t try to onboard it all.
For partners to be relevant in the year (and years) ahead, they need to transform their main expertise into new areas, and you cannot train your way there. The landscape is changing so quickly — by the time you’ve trained yourself and your team on something like security, it’s evolved further. It is more worth partners’ time to connect with experts in order to broaden their own expertise.

Partner with purpose.
Our Team Alliance Program (TAP) was designed with these problems in mind: partners want to be able to speak to all customer issues, but don’t have the time or resources to become experts in every field. TAP allows partners to connect with experts in cloud, security, SD-WAN, and other technologies to get in on the knowledge while maintaining relationships with customers. The program is an ecosystem for education and partnership that will help you stay successful as technologies change.

In the end, it’s about trust.
You are your customer’s trusted advisor, so it’s important to maintain that level of credence. Acquiring a customer is the largest cost your business incurs — better to keep the ones you have. Partnerships with experts can help you stay relevant for your customers and devote time to maintaining your relationships with them. And that means that the future of the partner will be more about customer service than anything else.

These themes can apply to not just security, but multiple other technologies and systems that befuddle the partner. Take advantage of TAP and the MicroCorp’s ecosystem of experts to be the partner your customers want to keep.