Yes, your data is safer in the cloud

September 21st, 2021

Executive Summary:
Many businesses are bad at security. The chances of something catastrophic happening to your data are greater if you keep it on-prem. Play the percentages.

Occasionally, I run into a business owner who’s afraid of the cloud. They don’t have nephophobia–they just like to keep their data on-site. Their argument often goes something like this:

“I like to know where it’s at.”

“The cloud has breaches all the time!”

“What if my data gets deleted?”

Or, my personal favorite:

“”I don’t want the Chinese to hack into my system.”

There are various levels of validity to these concerns. They often come up during well-meaning security presentations oscillating somewhere between “prudent” and “FUD” (good old “fear, uncertainty, and doubt”!).

Often overlooked, however, is the fact that the risk of keeping your data on-prem is likely greater than your risk of it suffering a cloud-based disaster.

When it comes to security, maintaining your own IT infrastructure is a big risk factor. Security firm Imperva concluded “46 % of On-Prem Databases Contain Vulnerabilities”. MyTechDecisions is reporting recent vulnerabilities in on-prem systems have highlighted the security advantages of the cloud. In both cases, a big part of the problem is insufficiently patched resources at individual companies. Many organizations are simply unable or unwilling to pay for the IT security expertise and labor required to keep everything fully patched. These vulnerabilities are an attractive target for bad actors.

In addition to the risks inherent to on-prem solutions, the cloud providers are incentivized to continuously improve their services. In a round-table discussion published by the Albany Business review, Lauren Groff discusses how a cloud subscription model gives vendors a higher ROI for enhancements than the legacy model used for many on-prem products.

While human nature tempts us to “keep our data where we can see it”, the realities of the market and scarce resources tell a different story. Move your data to the cloud, so you can sleep better at night!

Next Steps:
Share With — 
CTO, CIO, CISO

Action Items — 
• Review your current security posture with your in-house IT, staff or your managed services provider.
• Pay close attention to where your hardware and software are at in their patching cycle.
• How many outstanding patches do you have?
• What are the potential consequences if the remaining vulnerabilities are exploited?
• What is the potential cost of continuing to do what you’ve always done?

Brian S. Pauls is the founder and vCTO of Cloudessy. He likes to keep the dice for his table-top role-playing games on-prem, and his data in the cloud.

HelloID: Risk management for major financial and security threats

October 6th, 2020

Executive Summary:

Manual provisioning/deprovisioning, multiple sign-ons, and a lack of automation are responsible for lost time and money, as well as major security risks, at a multitude of companies–including yours, most likely. A unified identity platform like HelloID can prevent losses you can’t afford.

I want to tell you a story for Halloween. It’s a scary story, of course–about time, effort, and money wasted. And the worst part is, it didn’t have to happen. It was entirely preventable.

During my IT career, I have worked for large companies and small companies, private companies and public companies, my own companies and other peoples’ companies. This is a story that could have happened at any of them. But what’s most important is, it could be happening at YOUR company. Right now.

The time you don’t get back

I was starting a new job, working for a national company, which was subcontracted to another national company, which was contracted to a national retailer. The contracting company and the retailer each had their own security, of course, and I had to be set up in both their systems–first at the contracting company, then at the retailer. Getting access (so I could do my job) took TWO WEEKS. That’s two weeks at full salary, during which I could do nothing of any substance to contribute to the mission of the organization (other than some training–which I exhausted within a few days.) The rest of the time, I showed up at the office and waited for the on-boarding team at the contracting company to assign me the access I needed to work.

Are you scared yet? Are you adding-up the costs of this sort of inefficiency?

It gets worse.

The same thing happened to basically every member of our team–twenty-some people sitting around, waiting for access so they could start providing value. How long did it take us to dig our way out of that hole?

The worst part is, it doesn’t stop there.

Something similar to this, on some scale, has happened to me at every company where I have ever worked–including my own. It occurs nearly everywhere, all over the country, all around the world.

Think it doesn’t happen at your company? Are you sure?

The old way doesn’t work any more

The IT field has grown-up, but the IT departments at many companies haven’t matured with it. Even at the largest and most sophisticated organizations, there can be key processes that occur manually–because no one knows how to automate them, because no one wants to take the time, or maybe just because “we’ve always done it that way.” In my case, my access request sat in a queue for two weeks, waiting for a particular IT person to complete it. And the same thing happened when individuals left our team–in some cases, their accounts stayed active for weeks.

The problem is, companies can no longer afford these lapses. The market is too competitive, the potential fallout from a security breach too grave. Provisioning and deprovisioning have to move at the speed of hardware and software, not at the speed of the operator.

“A” is for answer, and the answer is automation

This issue is frustrating, because IT solved it a long time ago. We already have the platforms to fully automate provisioning and deprovisioning, to create a “single sign-on” (SSO) experience, to make on-boarding fast and painless, to secure organizations against the misuse of stale accounts. All that’s required is the will to do it.

Hello, HelloID

One possible solution is HelloID from TOOLS4EVER, which combines broad capabilities in the areas of provisioning/deprovisioning, SSO, and automation, along with deep subject-matter expertise in identity/access management, security, and integration. HelloID is a platform that can significantly limit time spent waiting for access, the hassle of multiple sets of credentials, the potential for error caused by manual administration, and the security risks inherent in off-boarding team-members.

There is no one-size fits all solution, so HelloID is designed to be tailored to your environment, your requirements, and your processes.

These issues aren’t going away, and the gap between the capabilities of legacy approaches and the requirements of the current IT landscape will only continue to grow. Eventually, every company will need the capabilities of something like HelloID. The longer we wait, the greater the risk.

Next Steps:

Share With — 

CTO, CISO, IT Director

Action Items — 

• Audit your on-boarding process to determine how much money you’re wasting during the first two weeks of a new-hire’s tenure.

• Audit your off-boarding process to determine how long user credentials remain an active threat.

• Review the RTO of a solution like HelloID, which can help mitigate or eliminate these risks.

• Migrate from wasteful and risky legacy processes to a system that can assign and revoke privileges automatically, at machine speed.

Brian S. Pauls is the founder and vCTO of Cloudessy. He invites you to say hello to the future, and the future looks like HelloID. Brian blogs about cloud computing and organizational culture at cloudessy.com.

Monitoring network connections in Google Cloud Platform gets easier

August 21st, 2020

Google has deployed GKE Dataplane V2, enabling Kubernetes Network Policy logging in GKE, making it possible to “…see all allowed and denied network connections directly in the Cloud Logging console…”

Hackers are targeting Microsoft 365

August 17th, 2020

Remote work has increased significantly during the COVID-19 pandemic, and along with it, the adoption of remote-work tools like Microsoft 365. Hackers are adjusting their target sets accordingly.