Cloud Computing Won the Preakness!

Standard

preakness-stakes-cloud-computing

That’s right, a horse named Cloud Computing won the prestigious Preakness Stakes, the second of the coveted Triple Crown.  Why is this of interest to a technology blogger?  Because it certainly says that Cloud Computing has arrived in the popular vernacular.

My daughters rode horses for over a dozen years, competing in both the English and Western styles, not racing fortunately.  Too dangerous for a father.  It was hard enough watching them compete and occasionally fall.  My girls enjoyed great success in their riding careers, reaching national finals at the collegiate and public school levels.  Each finished in 7th place on the same day at respective national finals.  Over their careers they rode horses named Bond, Dancer, Itchy, Johnny and more, but never one named for a technology.

So, if a horse winning a race as prestigious and well known as the Preakness Stakes is named Cloud Computing, what’s your winning strategy for harnessing the Cloud in your business?  Yes, the pun was intentional.

The Cloud has received a lot of hype over the years, as I have often written about.  Hype aside, every business I work with uses the Cloud, even if they don’t know it.  What’s important is how you use the Cloud and is it optimized to help you reach your business goals.  There are three primary types of Cloud Computing, in addition to the horse type, Private Cloud, Public Cloud and Hybrid Cloud.  Here is a quick, basic summary of what each means:

  • Private Cloud is when you host your own servers in a data center and make them available to users across the Internet or a private connection like a VPN tunnel or a dark connection (one that exists only between your office sites and the data center).
  • Public Cloud is when you leverage a company like Amazon Web Services, Microsoft, Google or one of several other companies that specialize in hosting virtual servers in their data center for you.
  • Hybrid Cloud is a mixture of both private and public and may also integrate servers on-premise in your office.  Often this involves a robust business continuity plan that leverages the geographic diversity of these options to provide high availability, regardless of issues that may be impacting any one of these options.

Cloud Computing is one of the hottest buzzwords in the IT industry and most businesses, across all industries.  Companies are still trying to determine how to best use the Cloud to help them be more competitive and profitable.  Whether this involved moving entire systems to the Cloud or just certain types of services, the goal is to provide a better internal user and customer experience, to help the business achieve its goals.

One of the ongoing risks with Cloud Computing is cost.  There remains a large misperception that Cloud often means lower TCO (Total Cost of Ownership).  This is not always the case.  In my experience, only the smallest of customers are able to move their entire IT infrastructure to the Cloud and also realize cost savings.  Most businesses may see increased costs when introducing robust Cloud solutions.  This is because Cloud moves expenses from the Balance Sheet to the Profit & Loss, so most businesses see an increase in monthly expense.  This is where the finance team needs to be involved, as this may not necessarily be a bad thing, even though it may first appear to be.

Like any technology, don’t jump to the latest and greatest without a well thought out evaluation of the benefits you expect to realize.  You also want to be sure to employ proper management solutions for your Cloud systems, just as you would if it were on-premise.  Of specific concern with Cloud solutions, especially those in the public Cloud, is managing cost.  Public Cloud price models are one of the most complex in the market today.  You will hear terms like compute cycle, IOPS and more.  These all add to your costs and need to be proactively managed so you don’t get an unpleasant surprise with your next monthly billing statement.

I know of one company that learned they were spending $400,000.00 more annually, than they needed to be.  Don’t let that be you!  There are tools that will help you understand, manage and optimize your configurations and utilization so you are not spending more than you need to be.

Cloud Computing is a winner and businesses are leveraging the Cloud for impressive wins.  Are you?

And just for the record, even Fortune Magazine picked up on this story idea 😉

Reflections on Kaseya Connect 2017

Standard

As I’m sitting here in McCarran International Airport awaiting my jetBlue Red Eye back to Boston, I’ve been reflecting on my week here in Las Vegas at the Kaseya KaseyaConnectConnect conference.  Kaseya is one of several technology partners that we have at Internet & Telephone, LLC.  Specifically, we use the Kaseya Virtual System Administrator (VSA) IT management platform as well as AuthAnvil two-factor authentication.  Both are part of our stack of specialized tools that we use to manage our customer infrastructures.

This was my first time attending Kaseya Connect and I’m impressed with the company and their roadmap for the future.  What’s significant about this is that a few years ago, it looked like the company was moving in the wrong direction and was no longer going to be a good partner for us.  That is no longer the case, at all.

We started the week off in the Customer Success Council meeting on Monday.  During this invitation only meeting, Kaseya executives shared details on upcoming product developments and new initiatives, including recent and planned acquisitions.  Following this meeting, Kaseya hosted a focused security symposium.

During the symposium, some interesting statistics were shared from the 2017 Verizon Data Breach Investigation Report.  This report has become the annual standard bearer for the state of cybersecurity in the commercial market space.

Some highlights from the report:

  • 62% of breaches involved hacking.
  • 81% of hacks used stolen or weak passwords.
  • 51% of hacks used malware to steal passwords.
  • Over 1 billion credentials were stolen in 2016.
  • It is recommended to deploy two-factor authentication to all users when feasible.

When considering two-factor authentication, consider that it meets these requirements:

  • HIPAA for healthcare organizations.
  • FFIEC for small banks and credit unions.
  • CJIS for law enforcement agencies.
  • The latest revision of the legal professional code of conduct requires it for remote access.

Following are some updated stats about data breaches, in terms of impact:

  • Every record breached costs a company $158.00, on average.
  • The average number of records breached, per data breach, is 3,000.
  • This is an average cost of $475,000 per data breach.
  • Short term impacts of a data breach are downtime, lost data and business interruption.
  • Long term impacts of a data breach include damage to the company’s reputation, customer loss and lost revenue.

On Tuesday morning, Kaseya CEO Fred Voccola kicked off the event with an engaging keynote that shared interesting stats that you may read more about in my post from Wednesday titled Small and Medium Size Business Stats from Kaseya Connect.

Fred also provided a comprehensive review of what Kaseya calls it’s IT Complete stack.  This includes the core feature set of the VSA platform that we use to manage our customers as well as new or updated modules focusing on network management, identity and access management, backup and disaster recovery, Office 365 management and backup and an impressive Cloud management module that will allow us to help our customers save money on their Cloud subscription costs.

I was also intrigued by some new initiatives around data analytics to help us manage our business better and deeper integration with our customer documentation system.

Kaseya did a very good job outlining the product roadmap and how we will be able to leverage these developments to help our technical team better manage our customers.

We have built our security offerings around the National Institute for Standards and Technology (NIST) Cybersecurity Framework.  I was very excited to see that Kaseya has built their security offerings around this same framework.  This will make aligning our security strategy with what Kaseya is and will be delivering to its partners a compelling benefit for our customers.

There was also a very interesting session on improving the user experience with IT.  Using something called persona modeling, it’s an intriguing model of better understanding the needs of IT users based on their role in the organization from an individual, departmental and overall company mission point of view.  I’m looking forward to testing this out to see what opportunities for improvement it may bring to the surface.

The conference wrapped up on Thursday with the entire Kaseya executive team sharing their thoughts on where the industry is moving, based on their individual areas of responsibility.  This touched on all aspects of the solutions that Kaseya brings to its partners.  I was particularly pleased to gain some insight into the companies Internet of Things (IoT) strategy.  These are the myriad of devices that now have an IP address and connect to the network.  As these devices become more prevalent and important to a company’s success, it is very important that they be managed, like every other device on the network and right now, there is no consistent model for accomplishing this and organizations need to be careful about deploying unmanaged devices onto their corporate networks.  As we saw several times in 2016, these devices, left unprotected and unmanaged, can be taken over and used to carry out a data breach or attacks on other organization.

We also had the opportunity to have a private meeting with several members of the senior team to discuss our business plans and the status of our partnership.  I was very pleased with the level of transparency and candor from everyone at this meeting and I am looking forward to working more closely with everyone at Kaseya to deepen our partnership for the benefit of our customers and our two companies.

 

 

Small and Medium Size Business Stats from Kaseya Connect

Standard

At this mornings keynote, Kaseya CEO Fred Voccola shared some interesting statistics connect-Las-Vegas-Board.pngabout how small and medium sized business (SMB) approach technology.

First, it’s important to define what constitutes a small business and what constitutes a medium sized business.  It seems like whomever you ask, they will have a different answer from the last person you asked.  I was glad to hear Fred provide context for how Kaseya defines these market segments.

A small size business is one that has no internal IT staff and between 1 and 300 employees.  A medium size business is one that has internal IT staff and between 300 and 3,000 employees.  This sets the stage realistically.

On to the stats:

  1. SMB’s have increased their technology investments over 400% in the last 3 years.  Among surveyed SMB’s, they feel that investing in technology is key to becoming more profitable through technology driven efficiencies.
  2. 57% of SMB’s believe that investing in technology is their single best business investment opportunity for growth.
  3. The number of technology services that SMB’s are outsourcing has doubled and continues to grow.
  4. The number of SMB’s wanting to implement two factor authentication (2FA) has grown by 70%.  The increase is being drive by regulatory requirements that have moved down-market and the fact that weak or compromised passwords are the number one cause of data breaches.
  5. 88% of SMB’s believe that if they use a public Cloud solution like Amazon Web Services (AWS), Google Cloud, Microsoft Azure or Office 365, that the Cloud company is fully managing and supporting them.  They are not.
  6. As a result, 73% of SMB’s are overspending on their Cloud subscriptions.

All of these data points confirm the opportunity and risk that technology holds for SMB’s.  As these companies invest more in technology, it’s more important than ever to work with a Managed Service Provider (MSP) like Internet & Telephone, LLC to help ensure you spend your dollars effectively.  Next generation services like network management, identity and access management (IAM), Cloud management and Office 365 management are services that we have been at the forefront of, helping our customers achieve first mover advantage without being on the bleeding edge.  I’m proud of our team and our service offerings as we are moving where the market want to go and doing so in a timely manner, assuring our customers that we are the best partner for their infrastructure technology needs.

What About Corporate Password Managers?

Standard

Following up on Wednesday’s post Why You Need a Password Manager, let’s talk about corporate password managers.  These are systems designed for use within a company, to manage the passwords across the enterprise.

Some of the password managers I mentioned in my Wednesday post also offer a business version, that allows you to share and manage passwords across groups of users.  Corporate password managers are a little bit different as they are typically geared more toward the IT user, not the average business user.

I divide corporate password managers into two categories, those for use within corporate IT departments and those for use by Managed Service Providers (MSP’s).  These are organizations, like Internet & Telephone, LLC, who provide IT services to their customers.

The features are designed for these environments and include all the basics you would expect from a robust password manager.  When I evaluate products like this, I look for several key features, among them appropriate encryption, identity management, user assurance auditing, change tracking, secure deployment and discovery, compliance, access control, least privileged access, self-service password reset, automatic password rotation, automatic password injection and more.  It all depends on defining your requirements and finding the solution that meets your needs.

In terms of my business, the solution I prefer most is Passportal.  This was built from the ground up by an MSP who understood the requirements most other MSP’s would have.  It also allows MSP’s to offer the service to their customers.  I find the feature set of Passportal to stand above the competition.  Consider this list of features:

Passportal.jpg

  • 1-Click Website Logins
  • Drag & Drop Data Imports
  • PSA Integrations
  • Multi-Factor Authentication
  • Personal Password Vaults
  • Role-based Permissions
  • Active Directory 2-Way Sync
  • Password Generator
  • Mobile Optimized Access
  • Password Data Analytics
  • Prebuilt Reports
  • Global Search
  • Co-Managed IT Password Collaboration
  • Password History Retention
  • Technician Disable Workflow
  • Password Rotation Management
  • Client and Password Access Requests
  • Windows Directory Services Control
  • Custom Security Groups
  • Temporary Access Rights
  • Scheduled Automated Data Exports
  • White Labelled / Rebrandable

Other worthy corporate solutions include BeyondTrust, ManageEngine Password Manager Pro and Thycotic to name just a few.

If you want to be absolutely, positively certain as to who accessed what password when and who used what password when and where, a corporate password management solution is a must.  Otherwise, you are simply leaving it to chance and trust that none of your employees will misuse a password or worse.  In today’s world of nearly daily breaches and cyber security issues, I believe these systems are a must in order to keep your passwords safe and in control.

Why a Hybrid Cloud Strategy is Critical

Standard

I thought I would share a real world example of why hybrid Cloud is the right strategy for almost any business.  For years, backup and disaster recovery has been the buzz, but what if something accidental happens, that could knock one of your most important people offline for a day or more?  How would you deal with the interruption?  Would you be OK with one of your company’s key people being idle without warning?  Consider the following, which has happened to me over the last 24 hours.

Hybrid Cloud

Yesterday, Webroot, one of the leading anti-virus/anti-malware software companies inadvertently released an update that caused havoc with some of their customers.  To make a long and complicated story short, the updated flagged legitimate Windows operating system files as malware and quarantined or potentially deleted them.  Needless to say, this caused a lot of disruption for millions of users yesterday.  Webroot identified the issue within 15 minutes and immediately pulled the problem update.  While their response was rapid and appropriate, some users picked up the update, with catastrophic consequences in some instances.

Here is what I experienced yesterday.  I was working along and suddenly, I could no longer open a spreadsheet I was working on.  Within minutes, my PC, a Microsoft SurfaceBook running the latest pre-release Windows 10 update, started to crash.  Every reboot resulted in a blank screen and an eventual “Green Screen of Death” (the latest successor to the infamous “Blue Screen of Death”).  This has been the most reliable PC I have ever owned, so I knew this was not a normal issue.

Enter our hybrid Cloud infrastructure to the rescue.  I was able to jump on an available computer and work in multiple web browser windows like nothing happened.  I was in Outlook Online, part of Office 365.  I was able to open and work with Word files, my Excel spreadsheet and others, all from the browser.  I rely heavily on OneNote to organize my day.  Enter OneNote Online in the browser and was working away with my most updated notes as they sync to OneDrive almost as soon as I have updated whatever notebook I am working in.

Our Line of Business applications, those pieces of software that are specific to the work we do, all run from our data center, which is also geographically redundant and backed up.  In short, with about 8 browser tabs in use at any point in time, I was back to work in no time, while recovering my damaged SurfaceBook without losing any productivity.

I had access to everything I needed, because my entire world, personal and professional, is made up of Cloud hosted applications along with applications hosted in our corporate data centers.  I lost nothing and was easily able to reload the operating system, application software and data while I busily continued on with my day.

One personal hint I will share, is that I maintain a list of all my current software applications and registration information, which makes it easy to reload everything, by stepping through my list.  Amazon Drive is my go-to Cloud storage for my personal data and I use GoodSync to keep it synchronized in real time.  My corporate data is all in my Office 365 email and our corporate databases and file shares.  I lost absolutely nothing, no data, no settings and customizations.  Everything worked exactly as designed.

I hope this little unexpected real-world business continuity exercise will help you understand the value of a hybrid Cloud infrastructure for your personal and corporate applications and data.  It’s always nice to have a well designed strategy.  It’s incredibly rewarding when it works as designed and allows you to deal with an unexpected event that could have had a catastrophic impact.

Amazon Echo’s Red Ring of Shame

Standard

In follow up to my post last week titled Alexa, Should I be Worried about You?, I wanted to share a few updates that may be helpful.

In my house, we’ve had a few more issues of Alexa coming to life when she shouldn’t have.  This has some of my family members very worried that Alexa is listening and recording us when she shouldn’t be.

Amazon is very explicit that the Echo only comes to life and records when you say theAlexa Settings.png word “Alexa” or an alternate “wake word” that you may have set.  When Alexa is wrong, you can easily figure out what happened by using the Alexa app on your smartphone or tablet.  In the app, go to Settings and then General, then History.  Here you will find a list of everything that woke Alexa up.  You can see the words that woke Alexa and when you click on an entry, you can also play back the phrase that woke Alexa up.  From here you can delete the recording of the phrase.  Echo only records what it hears after the wake word.  You also have the option to tell Amazon if Alexa got it right or more importantly, got it wrong.  If Alexa got it wrong, you can send a note to Amazon and even ask to have them contact you to learn more.  Anything you send in will be used to tune Alexa to make the device more accurate and reliable.

I tried this over this past weekend, when Alexa picked up an inaccurate phrase that did not include our wake word, which is Alexa.  Amazon got back to me almost immediately and I had the option to call or chat with the Echo support team, to explain in detail what went wrong, so they could work to improve the overall accuracy.  The reason I had to call or chat is that Amazon does not allow access to anything recorded from your device.  They have to “speak” with you to learn more.  They can digitally review what took place to tune the Echo, but they cannot directly access anything that the Echo has recorded in your home.  I’m impressed with Amazon’s responsiveness and commitment to make Echo better and not intrusive.

All of this said, if you want a fool proof assurance that Alexa is not listening to you when you don’t want her to, simply press the microphone button on the top of your Echo device.  The button will turn red and the ring that glows blue when Alexa is actively listening, also turns red.  I’m calling this the Echo’s Red Ring of Shame.  When you want the Echo to listen, press the button again and the red ring goes away.  I’m betting when I’m not home, the Echo will be dejectedly showing it’s red ring of shame.Small-winking-face

EchoRedRing

Maintain Your Sanity with SaneBox

Standard

If you’re like me, you get a LOT of email every day.  For most people, this also means a lot of email to multiple email addresses.  The volume can be overwhelming.

In my work, I see clients all the time, who have massive email boxes.  While it was never intended to be a digital filing cabinet, email has evolved to be a primary storage mechanism for many people.

SanBoxAdd to this the myriad of email subscriptions most people have and it’s not uncommon to see mailboxes with thousands of unread messages.  In the productivity world, Inbox Zero is a hot buzz word.  I only know one person who actually achieves this on a regular basis.  For me, less that 300 email messages in my Inbox is a near miracle.

The concept of Inbox Zero is that you touch each new email only once, reading, responding, scheduling or deleting the message so it’s not sitting in your Inbox reminding you that you need to take action on it.  Those who follow the Getting Things Done, or GTD, philosophy of time management and personal productivity are quite familiar with this concept.

SaneBox is a great email utility that helps you achieve Inbox Zero and more efficient management of your email.  It works with all major email services like Gmail, Office 365, Yahoo Mail and corporate email systems.

When you subscribe to SaneBox, you assign training rules to your mail flow.  Most of this is automatic, what SaneBox does well.  Along with the automated training, you have the ability to create custom training rules and override trainings that may not work for you.  Instead of using lots of rules to move incoming email to other folders, SaneBox does this for you.

In my own mailbox, I have come to relay on folders such as SaneBulk, SaneLater, SaneNews and SaneNoReplies.  SaneNoReplies is my favorite.  When I send an email to someone that needs a reply, SaneBox automagically places that message into my SaneNoReplies folder.  I scan that folder each day and delete the messages that I have received a response to or no longer need to.  The rest remind me to reach out to the person I am waiting for and ask them to reply.  A simple and highly effective little trick.  The other “Sane” folders are fairly self explanatory.  Those messages that can wait to be reviewed are moved to the Later folder, subscriptions and news broadcasts flow to the News folder and bulk email finds it way to the Bulk folder.

I subscribe to the Lunch plan for $99 per year.  This covers my work and personal email addresses and I’ve found the increased focus of my Inbox well worth the cost.  For $99 a year, I have an automagic assistant that reviews every email message I receive, which number close to 500 some days, and organizes the messages so that I only see those messages that are important and/or actionable in my Inbox.  The rest filter out to the various folders that I review either daily or every few days.  It’s an excellent tool that I highly recommend.

If you’re interested, you can get a 14 day free trial by clicking here.

Disclaimer: If you sign up after clicking this link, I will get credit.  If enough people I know subscribe, the cost of my annual subscription will be reduced.  You may then share your experience and if people you know subscribe, you will enjoy a similar discount.  Smart marketing from a smart company that is making email a lot more sane for me.