Helping clients manage their technology for over 30 years.

What Kind of Cloud Customer Are You?

When clients contemplating a move to the cloud ask for advice, we tell them to start by being realistic about what cloud computing actually offers.

Yes, the cloud frees budgets from constant investment in infrastructure, reducing CapEx expenditure.

But the cloud is a technology, not a solution that will automatically deliver benefits like faster time-to-market or streamlined methods or a fix for personnel or process issues within your enterprise.

Next, we advocate a know thyself approach. You’ll get the most out of a cloud implementation by understanding what you’re trying to accomplish. Be honest about your strengths and weaknesses.

If you’re certain about having access to the technical talent you’ll need to get from purchase to actual delivery of services, then go it alone.

If you’re less certain about what to do once you’ve ordered up servers and terabytes of data, you’ll want some help — which brings us to the last bit of advice: know thy cloud provider.

Cloud providers, like cloud computing itself, come in a dizzying array of options.

So don’t let a cloud provider tell you there’s only one way to get something done. Those vendors are trying to sell you their product rather than a solution that fits your business.

But you can in fact get exactly what you need without giving up the economies of scale the cloud promises. Ask a trusted technology advisor how.

When It Comes to Security, Know Thyself

Data Security & Data Loss Prevention (DLP)

“If you don’t understand the risks, you don’t understand the costs,” security guru Bruce Schneier advised during a TED talk.

He was discussing security in the abstract — but it got me thinking about IT security in particular and the difficulty many executives face trying to determine if their organizations are safe from cyberattack.

The problem is that these conversations nearly always turn technical. Soon, a flurry of technology acronyms — confounding but apparently reassuring — begin flying around the room.

And, reports Schneier, it works. People, he says, will “respond to the feeling of security and not the reality.”

So what can a CEO do to understand the reality of security risk and grasp what the actual cost of security failure might do to the organization?  Continue reading

When was the last time you reviewed your DR plan?

Data Availability Graph small

Last year, disasters in the United States caused more than $60 billion in damage. And the future promises plenty more of the same, says a recent report from Swiss reinsurer Munich Re — especially in North America, where weather-related loss events have quintupled in the last 30 years.

Now add in concerns about inadequate backup of the data on employees’ smartphones and tablets, wayward virtual machines, cyberattacks and other security incidents …

The challenge: Protect your essential business resources
It all makes now a good time to take another look at your company’s business continuity/disaster recovery plan, which ought to be reviewed and updated at least annually to keep your risk assessment current.

Continue reading

Essential SLA Element #1: Why specifying each service to be provided is critical

I see five essential elements that you absolutely need to pay attention to in your managed and cloud services SLAs. I’ll review each of them in my blog, starting with: Specifying each service to be provided.

This may seem obvious, and, in fact, it is. Yet too many service-level agreements are surprising vague about what exactly you’re buying.

Continue reading

Your SLA: Forgotten secret to getting the most from your cloud provider

To get the most out of your managed or cloud service, you need to invest the time in negotiating a good service-level agreement.

The SLA is a key part of the contract between you and your provider, since it describes the levels of service being provided and the metrics used to ensure your provider delivers full value. And the right SLA with the right service provider can mitigate cloud risks and help your business flourish.

Continue reading

Maximizing cloud computing for small business — securely

This Wednesday — October 12 — I’ll be participating in the Small Business Technology Tour that’s coming to Salt Lake City, UT, where I’ll be talking about how cloud computing can boost small business productivity and help keep your operations secure.

I’ll be joined by a couple of other experts, and together we’ll talk about the benefits of cloud computing for small businesses: why and how cloud computing can reduce your capital expenditures, help you spend less on IT operations, provide you access to the deep resources and skills of a reliable cloud services provider, and improve your IT security, privacy, and availability.

Continue reading

Why a SAS 70 Type II audit matters

Since the arrival in 2002 of the Sarbanes-Oxley Act (SOX) as well as other more stringent financial accountability standards, the role of SAS 70 Type II audit and certification has grown. My company takes SAS 70 Type II audits very seriously.

That’s because both SOX and SAS 70 Type II use the same model of controls — so a SAS 70 Type II certification is the best way third parties (like our customers) can be assured of acceptable, SOX-compliant service organization controls.

Developed by the American Institute of Certified Public Accountants (AICPA), SAS 70 Type II audits mean an independent third-party has verified that a service organization’s policies and procedures were correctly designed and operating effectively enough to achieve the specified control objectives.

Continue reading

Protecting the value of your business

I can’t emphasize this enough: All of the technology products and services an organization devotes to securing its data, applications, systems, and networks have but one aim — to protect the value of the business.

Conversely, every data breach reduces the value of the business — and there are more data breaches every year.
Continue reading

Beware the malware pandemic

About a year ago, a routine enterprise security analysis turned up 75 gigabytes of stolen data. Thus began the discovery of the ‘Kneber botnet’, which had hijacked 74,000 computers at more than 2,500 organizations around the world.

Operating undetected for a year, the Kneber botnet’s 74,000 ‘zombies’ stole 68,000 corporate logins to e-mail accounts, online banking accounts, and a variety of public email and social networking sites. It also grabbed nearly 2,000 SSL certificate files used to secure the likes of online banking transactions.

Continue reading

Infrastructure security and coping with cloud and social media: 9 key questions to ask

Our chief technical officer, Mike Dillon, estimates that the number of infected sites is growing by 20% to 25% a year. “If your company is shifting more toward cloud services and hasn’t addressed security, you will be attacked,” he says.

So here are the (non-technical) questions you need to ask and get answered to protect your business:
Continue reading