Cloud Source

SaaS: Security Considerations

by

SaaSAcross homes, schools, and a growing majority of businesses, Software as a Service (SaaS) applications are moving closer to the center of everyday life. But in business contexts, this move to cloud-based software such as Google’s G Suite or Microsoft’s Office 365 may open up security challenges that businesses aren’t equipped to address.

The Popularity of SaaS

Businesses have a number of reasons for switching to SaaS architecture, including cost effectiveness, centralization of files and work processes, and a degree of standardization and support for bring your own device (BYOD) workplaces. And the convenience of cloud-based architecture is convincing: according to a report by BetterCloud, a significant proportion (25% to over 50%) of businesses that already use the G Suite or Office 365 plan to migrate to entirely cloud-based software environments by the end of the decade.

However, that same report revealed that over 60% of businesses running SaaS applications consider themselves underfunded for addressing cloud security – and many of those businesses simply don’t recognize cloud security in their budgets at all.

Security and SaaS

Several factors may be responsible for this discrepancy, including poor understanding of what SaaS security entails on the business end. Server security, for example, falls under the auspices of the service provider. However, companies are responsible for a number of critical security topics, including:

  • Managing employee authentication and access, including requiring strong passwords, limiting the creation of accounts, and disabling account access when employees leave the company. Employees should also have access only to the files and applications they need in order to perform their jobs – access should never be granted across the board.
  • Mandating secure access points, using (for example) VPNs or secure web gateway applications, and requiring all connected devices to have passwords and idle screen locking. Employees who take advantage of BYOD policies should be prepared to keep their devices up to date and configured to the standards developed by their company’s IT security team.
  • Thorough knowledge of emerging cloud security standards, as well as work done by groups such as the Cloud Security Alliance, and insistence that SaaS applications meet security standards as a prerequisite for adoption. As SaaS is more and more widely adopted, these standards will become more finely-tuned.
  • Thorough knowledge of security implementations on the part of the SaaS provider. While IT security managers may have little or no ability to affect the security profile of a SaaS application, they should nevertheless know the details of the cloud’s security. This will enable them to judge whether or not the implementation is in compliance with security standards, and whether or not it’s in compliance with company- or industry-specific regulations.

While SaaS removes a number of concerns from the IT team’s wheelhouse, security can never be entirely outsourced. For some years, security has been a highly-cited reason for discouraging adoption of cloud technologies, but with appropriate funding and attention to detail, companies can enjoy the convenience of cloud sourcing as well as rigorous security.

BYOD in Government Agencies: Clear Policies Protect Critical Data

by

Bring your own device (BYOD) has the benefit of allowing businesses to cut costs on providing devices to employees, but it also creates a number of security issues. This is an especially important factor to consider for government agencies, which often handle very sensitive data but may not have a focused, detailed policy for employees to follow. Employees aren’t necessarily creating security holes on purpose, but agencies should still have a firm policy in place — or make the decision not to allow employees to bring their own devices at all.

Implementing a BYOD Program

If the decision is made to implement a BYOD program, there are a few basics to keep in mind:

  • Create clear policies that outline exactly how employees are allowed to use their devices for work-related data like email and documents
  • Only allow approved application stores, and ensure that employees know they cannot root or jailbreak their devices
  • Use software that allows for work data to be kept separate from personal data and ensures the work data can be easily removed

BYOD and Security

Both potential security problems and their solutions must be spelled out clearly in a BYOD policy. This is especially important for government agencies that need to strike a balance between keeping data safe and avoiding infringement on employee rights. This can involve:

  • Containerization
  • Connection via a secure third party
  • Lockout codes
  • Ensuring employees are up to date with security patches

Agencies should also keep in mind what sort of data they handle, including personal data like SSNs and data critical for infrastructure such as power grids. If the data is too sensitive, or could cause massive problems if it leaked, then it may not make sense to implement a BYOD policy at all.

Deciding Against a BYOD Policy

Even if the agency decides against allowing employees to bring their own devices, the agency should still ensure that all employees are aware of the restriction. Clarity is key to helping protect sensitive data; employees may not mean any harm by using their personal cell phone to check their email or look at a document, but the chance of a security breach is lessened if they know that they’re not allowed to do so.

Mobility is an ever-growing and ever-changing field. In order to keep up with the evolution of BYOD, agencies and businesses should be aware of where their sensitive data is and what it’s being used for. A policy that outlines exactly what is and isn’t allowed will keep all devices, whether personal or business, safe and secure.

BYOD: Improving Security by Educating End Users

by

With the explosion in affordable mobile devices like smartphones, tablets, personal laptops, and even smartwatches, many businesses have or are in the process of implementing a bring your own device (BYOD) policy. Software company Code 42 reveals in their 2016 Datastrophe Study that 67% of IT decision makers and 87% of CIOs and CISOs believe that they have a clear and comprehensive policy.

However, end users do not share that belief: 67% of employees find their BYOD policy is unclear. This divide between IT professionals and end users can have consequences within the organization, especially when it comes to security.

The Increase in Employee Endpoint Devices

In the past, employees used a single device, usually one that is stationary and connected to their organization’s IT-maintained firewall. Now, however, many employees use multiple mobile devices: 26% have a minimum of two devices from their employer, and 5% have five or more.

This means that businesses need a clear, concise BYOD policy that all employees must adhere to in order to maintain a level of security. According to the Institute for Critical Infrastructure Technology, unsecure mobile devices are especially susceptible to ransomware. Backup and recovery solutions will help with this, but a clear BYOD policy will help stop problems at the endpoint — before they happen.

Working with Employees

The convenience of BYOD is one of its biggest selling points, but it also means that the devices are not under the full control of IT professionals. IT professionals need to work with employees, which means not only training them to consider security alongside flexibility, but also taking into account the habits and needs of their end users. Monitoring and tracking employee behavior will help IT understand what apps are being accessed, how safe they are, and whether or not they should be allowed within the company environment. A clear policy will also help employees understand what personal data they can mix with their business data.

Education and Communication

Uneducated employees often have bad habits that can harm a business’s security, but because they haven’t had the proper training, they don’t know that these habits can compromise their devices. Education and open communication is key to changing bad habits and improving security at all levels. At the same time, IT professionals need to be flexible so that they can adapt to ever-changing technology and the working environment.

Although it may seem like a lot of work, especially for an already established business with multiple employees, a clear BYOD policy will ensure better security and less confusion. Educating and communicating with employees will reduce the risk of ransomware at the end point and help eradicate bad habits, without sacrificing flexibility.

Small and Medium-sized Businesses: Using Hosted PBX to Increase Agility

by

shutterstock_337335971smWith smaller budgets and fewer IT employees, small and medium-sized businesses (SMBs) have often had trouble keeping pace with larger companies when it comes to communications. Fortunately, that’s beginning to change with the increase in third-party, cloud-based providers offering hosted IP telephony and unified communications services.

Consulting firm Frost & Sullivan recently revealed that as of 2014, the number of installed users for the hosted private branch exchange (PBX) market had hit 8 million. They further predicted that by 2021, this number should increase to 41.9 million. Most of these users are SMBs outsourcing their communications infrastructure in order to boost productivity, save money, and increase scalability.

Increasing Productivity

Real-time communication tools — like videoconferencing and instant messaging — allow employees to connect to each other and to the business quickly and easily. With the use of virtual web-based meetings, employees no longer have to be in the same room to meet face-to-face, and a hosted system allows staff to connect even if they’re traveling.

A hosted PBX that offers a mobile client can also allow businesses to take advantage of the rising trend of bring your own device (BYOD), meaning an employee can use their own mobile device and connect from wherever they are.

Reducing Costs

One of the most important things to consider about a hosted PBX system is the money that can be saved. In a traditional telephony system hosted on-premises, businesses are paying for equipment rental plus extra fees such as long distance. With a hosted telephony system, all calls are made via the Internet — meaning the cost is the same whether it’s in the same neighborhood or halfway across the world. An IP phone line also offers more flexibility and can be combined with other communications tools to offer businesses an efficient and unique system targeted to their specific needs.

Scalability

Scalability is a crucial aspect of a hosted PBX, especially for SMBs. A traditional system requires physical wiring and the cost of labor. With a hosted system, new phone lines are not only easily added through the Internet, but existing phone lines can be quickly and easily transferred. And if the business is looking to expand outside of its local area, a hosted system allows for the same support and connections through just one interface, no matter where an individual branch is located.

A hosted PBX system allows businesses more agility in the market, while decreasing costs and increasing productivity. This enables SMBs to keep up with larger competitors without sacrificing their relationships with employees and customers.

Supporting BYOD: 6 Skills for the IT Department

by

shutterstock_310448519Before technology became the way of the world, enterprise IT had strict control over the network, devices, security measures, and software. However, many businesses are embracing the bring your own device (BYOD) trend and providing full support to employees who wish to use their own devices. The rise of BYOD culture means that the IT department needs to develop the following skills to provide optimal support.

 
Agility and Prioritization

Technology is constantly changing, and new devices are always coming on the market. The modern IT department must be able to adjust quickly and easily to new problems, no matter the device.

To facilitate this, the IT department should know how to prioritize support tickets. With many different devices running different apps, there is a much wider range of problems than there was with a more traditional IT-controlled network. Knowing the most important issues — and being able to prioritize them — is one of the most important skills the IT department can have.

App Development

Whether they’re at work or at home, most people now use apps for their technology needs. In order to keep up with modern skills, IT must to be able to develop and send out apps to the company’s employees.

Education

BYOD usually means less focus on training employees to use a device. But while employees may know what they’re doing, they don’t necessarily know why. The IT department’s responsibility then is to ensure that they continue to educate employees on proper security measures and company procedures. This will lessen the potential for security breaches and ensure that employees are able to solve minor issues themselves.

Flexibility

More devices means more ways of handling issues and more people who can bring their knowledge to bear on a problem. With a BYOD culture, IT must be able to show flexibility as well as the ability to handle a wide range of devices, issues, and solutions. In order to best serve the company, multiple approaches to a solution should be taken depending on the needs of different user groups.

Gatekeeping

While BYOD can lessen the IT department’s workload of minor problems, it can sometimes lead to the challenge of knowing when to say yes — and when to say no. The IT department is no longer completely in control, and needs to be able to decide between the benefits of allowing a user to work on an issue themselves and the need to put conditions and security measures in place to ensure data privacy.

Mobile Security

Because BYOD means that employees are using devices that may not have been subjected to strict security measures, the IT department must have a good handle on mobile security. IT should be aware of and kept up to date on all current security issues and potential problems. This will ensure that sensitive data is kept secure no matter what device an employee uses.

More and more regular users are becoming technology-savvy. While this means that the IT department is no longer overseeing the entire process, it also means that IT can turn its attention to more difficult challenges.

Contact

328 S. Jefferson St. Suite 603
Chicago, IL 60661
Ph: 312.753.7880
E: info@CloudSourceServices.com

Newsletter Signup

Stay up-to-date on Cloud Source's news.

↑ Top of Page