Cloud Providers – Addressing Security Concerns

Cloud providers often get a bad rap; IT professionals sometimes see the cloud as an insecure means of having applications and data residing outside their own data centers. Security should absolutely be a concern whenever sensitive data is involved, and that concern can be heightened when considering cloud services that operate outside your corporate firewall.  EarthLink Business wants you to be assured that these concerns are all taken care of with our services, and give you questions to ask while considering any provider.

Companies have been outsourcing services and technology for years. Just because companies may give up some control to the hosting provider when moving to a cloud environment, it does not mean they have to compromise on security. By asking the simple questions below, your company can build a trusting relationship with the cloud provider you are considering working with.

  1. How is data encrypted when stored in the cloud infrastructure?
  2. What logical and physical access controls are in place?
  3. Is the cloud infrastructure fully redundant?
  4. How well are cloud applications protected?

Ask these questions so you can understand the complexity of where your data may live. Consider only moving a couple less critical applications to the Cloud first, so you can start building that trusting relationship with the Cloud provider before deciding to go all in.

Also to help, The National Institute for Standards and Technology (NIST) has released a set of guidelines to help you manage security in the cloud. Use these guidelines to help compile a list of requirement questions before selecting a Cloud provider:

  • Carefully plan the security and privacy aspects of cloud computing solutions before implementing them.
  • Understand the public cloud computing environment offered by the cloud provider.
  • Ensure that a cloud computing solution—both cloud resources and cloud-based applications—satisfy organizational security and privacy requirements.
  • Maintain accountability over the privacy and security of data and applications implemented and deployed in public cloud computing environments.

The benefits of Cloud computing can help you cut IT infrastructure costs, provide new services to customers and streamline business processes, so don’t hesitate to take advantage due to security concerns. Contact your EarthLink representative today and start asking the right questions!



EarthLink Nationwide Hosted Voice Services: Disaster Recovery and Business Continuity

This particular article strikes me close at home. It has now been three days since Hurricane Sandy ripped through my local area and we are all still feeling the effects of it. Half of Manhattan is still without power or public transportation and the highly populated town of Hoboken, NJ in still underwater. I was lucky enough to have bought a generator before the masses of people stormed the local hardware stores but many residents of the tri-state area are still without electricity and hot water. In the midst of recovery, we have to ask ourselves, “How will this impact local businesses?” I mentioned a statistic in a previous article which states that 50% of businesses that go without a telephone system for more than two weeks, simply don’t recover. By law everyone is required to have insurance for their cars. As a corporate leader that is responsible for providing regular income for a staff of employees, should similar precautions not be taken to ensure the survival of the business? EarthLink’s Hosted Voice Services are here to help!

Since the heart of the phone system exists in the cloud (our secure, weatherproof, collocated data centers strategically located throughout the country) they are protected.  In the event that inclement weather has a negative impact on a company’s physical building, they will still not miss a single phone call. If the building has no power, the calls will still be able to reach an auto attendant or voicemail box (since they are protected in the cloud). Most users will have FindMe/FollowMe set up so that they will still receive the calls on their mobile device regardless of the state of their desk phone. Many of the companies’ offices in Hoboken are now under six feet of water…but those that have EarthLink Hosted Voice Services, they are still getting their calls and are able to keep their business moving forward. Let’s not forget, that if any of those companies asked their employees to take their office phones home with them, they would all be able to work from home with the same features and capabilities and not skip a beat.

I have been without power for four days now, and I expect to be for another four days, but I have been able to keep up with all of my work thanks to features like FindMe/FollowMe, IPCommunicator (EarthLink’s softphone client), and my Commportal (my hosted admin portal with which I can granular-ly handle all of my calls). After you experience the advantages of our hosted products you will think back and wonder how people ever kept such important hardware just sitting in an office IT closet.

Unified Voicemail & Faxing – Make answering & Fax Machines Green with Envy

Comparing today’s unified messaging solutions to a bulky fax machine or a traditional voicemail system seems like an unfair fight. Even the new hardware in the market place with IP functionality doesn’t have much promise when paired against cloud-based services. Voice and fax communications have clearly moved to the next level, and the market is coming right along with it.

For starters, businesses that have hardware to support these functions typically have maintenance and functionality issues on a fairly regular basis. Who hasn’t stood by a fax machine waiting for an important document to be received only to be faced with a paper jam or send/receive error message? When it comes to voicemail and faxes, the name of the game is knowing when you have messages and having access to them when (and where) you need them. The solution: unified voicemail and faxing that use the cloud.

Unified voicemail/fax utilities deliver messages to network-based servers and distribute them to end users multiple ways, including smartphones, tablets or PCs as an email attachment or via a secure web-based portal. Users no longer have be confined to their office to know they have voicemail; messages can be delivered to their email account as well as their faxes, and faxes can be delivered via a private number and stored in a secure online environment for later reference (which also eliminates the need to print every fax…going green was never so easy!).

Lastly, mobile integration is a big draw for anyone who carries a mobile phone and has a desk phone. With some providers it is possible to integrate the mobile line with their office phone number to create a single message store for all their voicemail messages (see illustration). This allows simplicity of use by only having one place to receive and manage messages. So the buying decision for these service involves determining which solutions works best for your environment. The easiest way to test the waters is through the use of a service provider that uses a web based or client based application to begin with unless you have specific requirements for a CPE deployment. While there are many carriers that can supply network-based voicemail and fax, you need to find one that can provide as an integrated part of your telephony environment so everything works seamlessly. That’s where EarthLink Business comes in; we provide a Hosted Voice solution and the consultation and expertise to recommend the best mix for your business. Want to learn more?  Click HERE!

Mitigate Your Business’s Security Risk – 10 Ways How

Even with the most advanced technology, the most effective security systems, and best-planned preventative controls, a company’s data will still be at some risk. New and sophisticated cyber-attacks are created every day, with threats coming from profit-motivated criminals, hackers with various agendas, unscrupulous competitors, and even foreign governments.

So perfection is not a possible option. BUT…and here’s the good news: you can get very close.

But you have to approach your cyber-security in an intelligent and systematic way, implementing a strategic array of countermeasures that protect multiple points of vulnerability for your business (e.g., network, servers, desktops, and smartphones). Implemented correctly, you can greatly reduce your security risk to the point that you can feel confident that you can prevent security breaches.

For most organizations, this goal requires an increased level of dedication to security. After all, small and midsize companies typically have few or no resources dedicated to information security. Most of these organizations don’t even have a way of determining how much sensitive information is stored on their systems. And while most businesses do know they need anti-malware tools and a firewall, they don’t fully understand how comprehensive their security measures need to be.

There are 10 key areas that we advise businesses to focus on in order to mitigate information security risks:

1. Security Awareness Training

This is one of the areas companies ignore…at their peril. No, it’s not high-tech. No, it’s not sexy. But security awareness training has the greatest security ROI and highest security impact. It’s true.

Most security breaches actually originate inside companies by disgruntled or negligent employees.

So, what should you do? Educate everyone in your company so they can help identify a variety of security risks.

For example, employees should be able to spot and identify email phishing and spoofing attacks.  They should also be trained not to store, send or copy sensitive information that’s unencrypted. And they should know not to share sensitive information over the phone unless they are 100% sure of the audience.

Again, our #1 advice to mitigate your security risk: train employees on security policies and practices. And make sure to revisit the issues and retrain at least yearly (sooner if you can).

2. Anti-Virus & Anti-Malware Protection

Virus outbreaks make the news (like the recent Flame virus), so most people know they should have anti-virus and other malware protection for their personal computers. And most people assume businesses are protected. Often they are not. Or at least not adequately protected.

Malware infections can hit your bottom line hard. They can cause fraud, loss of data, identity theft, or decreased companywide productivity due to slow or unusable computers.

Businesses are increasingly adopting an “endpoint security” strategy to combat malware threats. Endpoint security is an information security concept that means that each device (or endpoint) on a network should be responsible for and capable of providing for it’s own security.

Whatever your anti-malware solution, it should scan email for attached viruses, monitor files in real time for infections, and perform thorough scans of every file.

3. Data Encryption

Encrypted data isn’t any less likely to be stolen by hackers or other intruders. But data encryption is still a powerful part of your business’s information security. Encryption protects your data even after it has been accessed. Once it is encrypted, your business data is worthless to the bad guys and remains protected. They would need the encryption key to read your data. So we advise all businesses to encrypt data in case it is compromised or lost (employees leaving unencrypted laptops at airports or coffee shops has caused some serious data breaches).

4. Access Controls

Your business should not be a free-for-all for your employees. When everyone has access to everything, your information security is at risk. For increased security, only give employees (and partners) access to the data they need. This includes both physical and logical access. A good strategy is to start by granting the least privilege. You can then escalate privileges to allow access to unauthorized data on an as-needed basis.

5. Patching

Patching is essential to minimizing the risk to your computer systems. Patches are often released to fix security holes in systems and applications. Make sure you keep all operating systems and applications you run patched. Install the latest firmware updates on all network devices.

6. Mobile Devices

Laptops, smartphones, and tablets have increased the productivity and mobility of today’s workforce. But along with that productivity comes vulnerability. Lost or stolen laptops and other mobile devices are the top cause of data breaches. We recommend you manage endpoints centrally to allow your security policies to be easily deployed. You should also enable auto-lock or require a password to access all devices.

EarthLink Business offers managed laptop security services to address these risks.

7. Monitoring

Knowledge is power. In the security realm, monitoring is the knowledge you need to be confident you have powerful protection. Make sure your business is set up to monitor systems and network devices for any abnormalities.

Deploy a SIEM (security incident & event management) that correlates logs form all levels of infrastructure – network, systems, and user activity. Don’t just block activity at a firewall or IPS. Log it, review it and learn from it. Attackers are finding new ways to expose networks. Know what is happening so you can continue to address it.

You should also install content filtering to monitor user activity from within your business. The most common form of employee misuse of the Internet is to surf porn. Another co-worker witnessing this misuse of your company resources can result in legal action and a monetary judgment against your company. Employees also often download or email viruses, causing security breaches. So it is imperative that you need to monitor what your users are doing on the Web.

8. Firewall

A firewall is the first line of defense against any attack (network or host). It acts a barrier between a public network and a private network.

EarthLink offers managed firewalls that are designed to allow good traffic in and to keep malicious traffic out. A majority of firewall breaches are caused by the misconfiguration of firewall rules and policies.

9. Remote Backup

Backup is one of the most neglected areas of computing and therefore typically one of the biggest opportunities your business has to mitigate risk. Why? Because stuff happens. All the time.

Theft, floods, fires, tornadoes, hurricanes, and other unforeseen occurrences can cause large amounts of data loss that can cripple your business.

Often, businesses invest in securing data from hackers or malware, but then the data is physically destroyed by natural causes. If the data doesn’t exist, securing it from outside threats doesn’t matter.

That’s why it’s so important to backup your company’s data to an remote location so data will be retained in the event of a disaster at your main location.

10. Security Assessments & Penetration Testing

To secure your business you must stay vigilant. There are always bad guys looking for the next way to compromise your business’s information. So you have to perform annual or, better, quarterly vulnerability assessments to identify new risks. The ever-changing security environment is always creating new risks. Identify the new risks that apply to your business and fix them before someone else finds them.

We also recommend that all businesses have a formal Information Security Risk Assessment done every three years, which is the life cycle of most products these days.

If you need more information on security for your business, contact us and one of our IT experts can help you ensure your data is as secure as possible.